View Full Version : Win32.Load Money and Yandex removal advice please
wendyseana
2014-03-30, 00:11
:greeting: It is with great relief - I suspect and hope - that I have found the Malware Removal community and forums hosted by Spybot. This is my first post and although I have read up on the general before you post 'To do's and don'ts' it may yet happen that I make a mistake for which I ask your patient indulgence - I will try to do my best to learn and evolve.
So my problems are 2 :
The first is the high level threat of the title Win.32 Load Money which Spybot identifies but can only temporarily remove.
The second is the hijacking browser Yandex which, was I believe, behind a crashing of my computer about a week ago. Spybot however did not identify Yandex probably because I created a 'whitelist' after receiving my computer back from one of our town's computer service technicians with the expectation that Yandex had been removed though, as I subsequently discovered he had not, or not thoroughly enough.
As per your general instructions in 'Before you post ' I attach the DDS and aswMBR logs.
I await your response with new confidence that I have finally found the IT equivalent of an :angel: ie., a resource for my computer ailments that will not only suggest the right fix but really help me learn more about this brave new world of IT.
Yours faithfully, Wendy
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.16521
Run by gokarna at 23:48:48 on 2014-03-29
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3062.1911 [GMT 2:00]
.
AV: Spybot - Search and Destroy *Enabled/Updated* {20A26C15-1AF0-7CA3-9380-FAB824A7EE0D}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Bluetooth Suite\adminservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Winamp\winampa.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Bluetooth Suite\BtvStack.exe
C:\Program Files\Bluetooth Suite\AthBtTray.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Bluetooth Suite\Ath_CoexAgent.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = about:blank
mSearch Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1394956558&from=cor&uid=ST9500325AS_5VEJD9L0XXXX5VEJD9L0&q={searchTerms}
mDefault_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1394956558&from=cor&uid=ST9500325AS_5VEJD9L0XXXX5VEJD9L0&q={searchTerms}
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - c:\program files\mcafee security scan\3.8.141\McAfeeMSS_IE.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: {8984B388-A5BB-4DF7-B274-77B879E179DB} - <orphaned>
BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - c:\program files\bluetooth suite\IEPlugIn.dll
BHO: {D5FEC983-01DB-414a-9456-AF95AC9ED7B5} - <orphaned>
uRun: [Spybot-S&D Cleaning] "c:\program files\spybot - search & destroy 2\SDCleaner.exe" /autoclean
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [LGODDFU] "c:\program files\lg_fwupdate\fwupdate.exe" blrun
mRun: [PLFSetI] c:\windows\PLFSetI.exe
mRun: [AtherosBtStack] "c:\program files\bluetooth suite\btvstack.exe"
mRun: [AthBtTray] "c:\program files\bluetooth suite\athbttray.exe"
mRun: [SDTray] "c:\program files\spybot - search & destroy 2\SDTray.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRunOnce: [SPReview] "c:\windows\system32\spreview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
StartupFolder: c:\users\gokarna\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.8.141\SSScheduler.exe
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_03\bin\npjpi150_03.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - c:\program files\bluetooth suite\IEPlugIn.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{733E2F48-96DF-4D1F-8B3A-CF5DC96FDA40} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{733E2F48-96DF-4D1F-8B3A-CF5DC96FDA40}\14A5A554 : DHCPNameServer = 195.175.39.40 195.175.39.39 192.168.2.10
TCP: Interfaces\{733E2F48-96DF-4D1F-8B3A-CF5DC96FDA40}\742716E646028416C696360284F64756C6 : DHCPNameServer = 10.11.128.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\gokarna\appdata\roaming\mozilla\firefox\profiles\hullhm7j.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx browser plug-in\npdivx32.dll
FF - plugin: c:\program files\mcafee security scan\3.8.141\npMcAfeeMSS.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_12_0_0_77.dll
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorA;iaStorA;c:\windows\system32\drivers\iaStorA.sys [2014-3-21 541680]
R0 iaStorF;iaStorF;c:\windows\system32\drivers\iaStorF.sys [2014-3-21 26608]
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\drivers\iusb3hcs.sys [2014-3-21 16880]
R1 SDHookDriver;Hook Test Driver;c:\program files\spybot - search & destroy 2\SDHookDrv32.sys [2014-3-15 46248]
R2 AtherosSvc;AtherosSvc;c:\program files\bluetooth suite\AdminService.exe [2012-5-30 97920]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2014-3-15 3921880]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2014-3-15 1042272]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\spybot - search & destroy 2\SDWSCSvc.exe [2014-3-15 171416]
R2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;c:\program files\bluetooth suite\Ath_CoexAgent.exe [2012-5-30 327296]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\drivers\btath_flt.sys [2012-5-30 35968]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2014-3-21 302920]
R3 btath_avdt;Qualcomm Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys [2014-3-21 101192]
R3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;c:\windows\system32\drivers\btath_bus.sys [2014-3-21 27976]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\drivers\btath_hcrp.sys [2014-3-21 158688]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\drivers\btath_lwflt.sys [2014-3-21 66448]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\drivers\btath_rcp.sys [2014-3-21 119624]
R3 BtFilter;BtFilter;c:\windows\system32\drivers\btfilter.sys [2014-3-21 496456]
R3 MEI;Intel(R) Management Engine Interface ;c:\windows\system32\drivers\TeeDriver.sys [2014-3-21 85976]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\drivers\RtsPStor.sys [2014-3-21 258704]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2014-3-21 643656]
R3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2007-8-3 9344]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 Update Mega Browse;Update Mega Browse;"c:\program files\mega browse\updatemegabrowse.exe" --> c:\program files\mega browse\updateMegaBrowse.exe [?]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2014-3-22 108032]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.8.141\McCHSvc.exe [2014-1-16 235696]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2014-3-13 15872]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2014-3-19 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2014-3-15 1343400]
S3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\drivers\ZTEusbvoice.sys [2014-3-4 107776]
.
=============== Created Last 30 ================
.
2014-03-29 14:13:08 -------- d-----w- c:\users\gokarna\appdata\roaming\uTorrent
2014-03-28 20:04:42 62576 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{f0354568-d455-4741-96a9-201fa625da5f}\offreg.dll
2014-03-27 06:56:05 -------- d-sh--w- C:\$RECYCLE.BIN
2014-03-26 15:45:44 7969936 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{f0354568-d455-4741-96a9-201fa625da5f}\mpengine.dll
2014-03-23 01:00:36 454656 ----a-w- c:\windows\system32\vbscript.dll
2014-03-21 14:47:36 16880 ----a-w- c:\windows\system32\drivers\iusb3hcs.sys
2014-03-21 14:46:47 3109888 ----a-w- c:\windows\system32\drivers\athr.sys
2014-03-21 14:45:37 634144 ----a-w- c:\windows\system32\nvvsvc.exe
2014-03-21 14:45:37 62752 ----a-w- c:\windows\system32\nvshext.dll
2014-03-21 14:45:37 4119328 ----a-w- c:\windows\system32\nvcpl.dll
2014-03-21 14:45:37 3014432 ----a-w- c:\windows\system32\nvsvc.dll
2014-03-21 14:45:37 2555168 ----a-w- c:\windows\system32\nvsvcr.dll
2014-03-21 14:45:37 223008 ----a-w- c:\windows\system32\nvmctray.dll
2014-03-21 14:45:11 53024 ----a-w- c:\windows\system32\OpenCL.dll
2014-03-21 14:44:33 -------- d-----w- c:\programdata\NVIDIA Corporation
2014-03-21 14:44:28 -------- d-----w- c:\program files\NVIDIA Corporation
2014-03-21 14:44:03 8952608 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2014-03-21 14:43:59 13088000 ----a-w- c:\windows\system32\nvwgf2um.dll
2014-03-21 14:43:58 6271872 ----a-w- c:\windows\system32\nvopencl.dll
2014-03-21 14:43:54 20542752 ----a-w- c:\windows\system32\nvoglv32.dll
2014-03-21 14:43:49 2728736 ----a-w- c:\windows\system32\nvcuvid.dll
2014-03-21 14:43:49 15042928 ----a-w- c:\windows\system32\nvd3dum.dll
2014-03-21 14:43:46 1995552 ----a-w- c:\windows\system32\nvcuvenc.dll
2014-03-21 14:43:45 7959000 ----a-w- c:\windows\system32\nvcuda.dll
2014-03-21 14:43:42 17560352 ----a-w- c:\windows\system32\nvcompiler.dll
2014-03-21 14:43:39 2539128 ----a-w- c:\windows\system32\nvapi.dll
2014-03-21 14:43:25 892704 ----a-w- c:\windows\system32\nvdispgenco3231422.dll
2014-03-21 14:43:25 1012512 ----a-w- c:\windows\system32\nvdispco3231422.dll
2014-03-21 14:42:40 -------- d-----w- c:\program files\CONEXANT
2014-03-21 14:42:28 1293440 ----a-w- c:\windows\system32\drivers\CHDRT32.sys
2014-03-21 14:42:26 352256 ----a-w- c:\windows\system32\UCI32A80.dll
2014-03-21 14:42:24 90752 ----a-w- c:\windows\system32\FMPropPageExt.dll
2014-03-21 14:42:20 1475200 ----a-w- c:\windows\system32\CX32AP51.dll
2014-03-21 14:40:10 892704 ----a-w- c:\windows\system32\nvhdagenco3220103.dll
2014-03-21 14:40:10 28448 ----a-w- c:\windows\system32\nvhdap32.dll
2014-03-21 14:40:10 154400 ----a-w- c:\windows\system32\drivers\nvhda32v.sys
2014-03-21 14:39:47 541680 ----a-w- c:\windows\system32\drivers\iaStorA.sys
2014-03-21 14:39:47 26608 ----a-w- c:\windows\system32\drivers\iaStorF.sys
2014-03-21 14:39:06 643656 ----a-w- c:\windows\system32\drivers\Rt86win7.sys
2014-03-21 14:39:03 85064 ----a-w- c:\windows\system32\RtNicProp32.dll
2014-03-21 14:36:38 85976 ----a-w- c:\windows\system32\drivers\TeeDriver.sys
2014-03-21 14:36:38 1629040 ----a-w- c:\windows\system32\WdfCoInstaller01011.dll
2014-03-21 14:36:12 258704 ----a-w- c:\windows\system32\drivers\RtsPStor.sys
2014-03-21 14:36:10 9888400 ----a-w- c:\windows\system32\RtsPStorIcon.dll
2014-03-21 14:34:04 158688 ----a-w- c:\windows\system32\drivers\btath_hcrp.sys
2014-03-21 14:32:48 27976 ----a-w- c:\windows\system32\drivers\btath_bus.sys
2014-03-21 14:31:24 496456 ----a-w- c:\windows\system32\drivers\btfilter.sys
2014-03-21 14:27:24 66448 ----a-w- c:\windows\system32\drivers\btath_lwflt.sys
2014-03-21 14:27:16 302920 ----a-w- c:\windows\system32\drivers\btath_a2dp.sys
2014-03-21 14:27:16 119624 ----a-w- c:\windows\system32\drivers\btath_rcp.sys
2014-03-21 14:27:16 101192 ----a-w- c:\windows\system32\drivers\btath_avdt.sys
2014-03-21 09:51:51 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2014-03-21 09:51:51 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2014-03-21 09:51:51 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2014-03-21 09:51:51 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2014-03-21 09:51:51 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2014-03-21 07:48:21 417792 ----a-w- c:\windows\system32\WMPhoto.dll
2014-03-21 07:48:17 317440 ----a-w- c:\windows\system32\spoolsv.exe
2014-03-21 07:48:13 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-03-21 07:48:09 2616320 ----a-w- c:\windows\explorer.exe
2014-03-21 07:48:08 3419136 ----a-w- c:\windows\system32\d2d1.dll
2014-03-21 07:48:08 1987584 ----a-w- c:\windows\system32\d3d10warp.dll
2014-03-21 01:21:06 -------- d-----w- c:\windows\Migration
2014-03-21 01:10:58 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2014-03-21 01:10:57 164864 ----a-w- c:\program files\windows media player\wmplayer.exe
2014-03-21 01:02:14 1505280 ----a-w- c:\windows\system32\d3d11.dll
2014-03-20 08:31:56 369848 ----a-w- c:\windows\system32\drivers\cng.sys
2014-03-20 08:30:58 1620992 ----a-w- c:\windows\system32\WMVDECOD.DLL
2014-03-20 08:25:20 918528 ----a-w- c:\windows\system32\rdpcorets.dll
2014-03-20 08:25:20 31232 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
2014-03-20 08:25:04 101720 ----a-w- c:\windows\system32\consent.exe
2014-03-20 08:25:03 47104 ----a-w- c:\windows\system32\appinfo.dll
2014-03-20 01:02:57 -------- d-----w- c:\windows\system32\SPReview
2014-03-20 01:02:32 -------- d-----w- c:\windows\system32\EventProviders
2014-03-20 01:00:39 -------- d-----w- c:\windows\system32\MRT
2014-03-19 14:16:08 1130824 ----a-w- c:\windows\system32\dfshim.dll
2014-03-19 14:16:05 53760 ----a-w- c:\windows\system32\LSCSHostPolicy.dll
2014-03-19 14:16:05 52224 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys
2014-03-19 14:16:05 11776 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-03-19 14:16:02 954752 ----a-w- c:\windows\system32\mfc40.dll
2014-03-19 14:16:02 954288 ----a-w- c:\windows\system32\mfc40u.dll
2014-03-19 14:16:02 80896 ----a-w- c:\windows\system32\RDVGHelper.exe
2014-03-19 14:16:02 120320 ----a-w- c:\windows\system32\tssrvlic.dll
2014-03-19 14:16:01 1159168 ----a-w- c:\windows\system32\sysmain.dll
2014-03-19 14:14:59 9728 ----a-w- c:\windows\system32\sscore.dll
2014-03-19 13:17:54 -------- d-----w- c:\program files\McAfee Security Scan
2014-03-16 08:04:39 -------- d-----w- c:\windows\system32\appmgmt
2014-03-16 07:58:25 -------- d-----w- c:\users\gokarna\appdata\roaming\AnySend
2014-03-16 07:58:12 -------- d-----w- c:\programdata\AnySend
2014-03-16 07:56:10 -------- d-----w- c:\users\gokarna\appdata\roaming\sweet-page
2014-03-16 07:55:39 -------- d-----w- c:\users\gokarna\appdata\roaming\systweak
2014-03-16 07:48:41 128000 ----a-w- c:\program files\uninstall information\97\4258\uninstall.exe
2014-03-16 07:35:56 -------- d-----w- c:\programdata\Guard.Mail.Ru
2014-03-16 07:34:48 -------- d-----w- c:\users\gokarna\appdata\local\Yandex
2014-03-16 07:34:45 -------- d-----w- c:\users\gokarna\appdata\roaming\Opera Software
2014-03-16 07:34:45 -------- d-----w- c:\users\gokarna\appdata\local\Opera
2014-03-16 07:34:41 -------- d-----w- c:\users\gokarna\appdata\local\Chromium
2014-03-16 07:34:38 -------- d-----w- c:\users\gokarna\appdata\roaming\Yandex
2014-03-16 07:33:53 -------- d-----w- c:\users\gokarna\appdata\roaming\PerformerSoft
2014-03-16 07:33:51 -------- d-----w- c:\users\gokarna\appdata\roaming\freegames111
2014-03-16 07:31:22 -------- d-----w- c:\users\gokarna\appdata\roaming\DRPSu
2014-03-16 07:30:39 -------- d-----w- c:\program files\Mail.Ru
2014-03-16 07:30:20 101448 ----a-w- c:\windows\system32\RTNUninst32.dll
2014-03-16 07:17:08 -------- d-----w- c:\windows\system32\wbem\framework\root\OpenHardwareMonitor
2014-03-16 07:17:08 -------- d-----w- c:\windows\system32\wbem\framework\root
2014-03-16 07:17:08 -------- d-----w- c:\windows\system32\wbem\Framework
2014-03-16 07:15:06 -------- d-----w- c:\users\gokarna\appdata\roaming\OpenCandy
2014-03-16 00:48:28 1699328 ----a-w- c:\windows\system32\esent.dll
2014-03-16 00:48:28 143744 ----a-w- c:\windows\system32\drivers\nvstor.sys
2014-03-16 00:48:27 80256 ----a-w- c:\windows\system32\drivers\amdsata.sys
2014-03-16 00:48:27 74240 ----a-w- c:\windows\system32\fsutil.exe
2014-03-16 00:48:27 332160 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2014-03-16 00:48:27 22400 ----a-w- c:\windows\system32\drivers\amdxata.sys
2014-03-16 00:48:27 148864 ----a-w- c:\windows\system32\drivers\storport.sys
2014-03-16 00:48:27 117120 ----a-w- c:\windows\system32\drivers\nvraid.sys
2014-03-16 00:48:23 60416 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS
2014-03-16 00:48:23 393728 ----a-w- c:\windows\system32\drivers\bthport.sys
2014-03-16 00:48:23 219648 ----a-w- c:\windows\system32\fsquirt.exe
2014-03-15 21:36:30 -------- d-----w- c:\users\gokarna\appdata\local\Macromedia
2014-03-15 21:29:26 -------- d-----w- c:\programdata\McAfee Security Scan
2014-03-15 21:28:58 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-03-15 21:28:58 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-03-15 21:24:26 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-03-15 12:38:01 -------- d-sh--w- c:\windows\system32\%APPDATA%
2014-03-15 12:23:05 -------- d-----w- c:\users\gokarna\appdata\local\Apple Computer
2014-03-15 12:22:51 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2014-03-15 12:22:04 -------- d-----w- c:\program files\iPod
2014-03-15 12:22:03 -------- d-----w- c:\program files\iTunes
2014-03-15 12:02:59 -------- d-----w- c:\users\gokarna\appdata\local\Apple
2014-03-15 12:02:25 -------- d-----w- c:\program files\Bonjour
2014-03-15 11:08:15 18968 ----a-w- c:\windows\system32\sdnclean.exe
2014-03-15 11:08:14 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2014-03-15 11:06:43 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2014-03-15 11:06:16 -------- d-----w- c:\users\gokarna\appdata\local\Programs
2014-03-15 08:17:53 -------- d-----w- c:\users\gokarna\appdata\local\ElevatedDiagnostics
2014-03-15 07:43:38 -------- d-----w- c:\users\gokarna\appdata\local\Diagnostics
2014-03-15 07:30:05 -------- d-----w- c:\windows\system32\Wat
2014-03-15 05:35:41 9728 ----a-w- c:\windows\system32\Wdfres.dll
2014-03-15 05:35:41 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2014-03-15 05:35:01 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2014-03-15 05:35:01 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2014-03-15 05:35:00 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
2014-03-15 05:35:00 613888 ----a-w- c:\windows\system32\WUDFx.dll
2014-03-15 05:35:00 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2014-03-15 05:35:00 196608 ----a-w- c:\windows\system32\WUDFHost.exe
2014-03-15 05:35:00 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
2014-03-15 05:33:56 5120 ----a-w- c:\windows\system32\wmi.dll
2014-03-15 05:33:56 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2014-03-13 07:05:11 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys
2014-03-13 07:05:08 626688 ----a-w- c:\windows\system32\usp10.dll
2014-03-13 07:05:07 311808 ----a-w- c:\windows\system32\drivers\srv.sys
2014-03-13 07:05:07 310272 ----a-w- c:\windows\system32\drivers\srv2.sys
2014-03-13 07:05:07 114688 ----a-w- c:\windows\system32\drivers\srvnet.sys
2014-03-13 07:05:03 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
2014-03-13 07:04:43 376832 ----a-w- c:\windows\system32\dpnet.dll
2014-03-13 07:04:43 31232 ----a-w- c:\windows\system32\prevhost.exe
2014-03-13 07:04:43 2560 ----a-w- c:\windows\system32\dpnaddr.dll
2014-03-13 07:04:09 196328 ----a-w- c:\windows\system32\drivers\fvevol.sys
2014-03-13 07:04:07 708608 ----a-w- c:\program files\common files\system\wab32.dll
2014-03-13 07:04:07 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
2014-03-13 07:04:07 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
2014-03-13 07:04:05 69632 ----a-w- c:\windows\system32\smss.exe
2014-03-13 07:04:05 38912 ----a-w- c:\windows\system32\csrsrv.dll
2014-03-13 07:03:10 478720 ----a-w- c:\windows\system32\timedate.cpl
2014-03-13 07:03:09 75776 ----a-w- c:\windows\system32\psisrndr.ax
2014-03-13 07:03:09 72704 ----a-w- c:\windows\system32\Mpeg2Data.ax
2014-03-13 07:03:09 59904 ----a-w- c:\windows\system32\MSDvbNP.ax
2014-03-13 07:03:09 465408 ----a-w- c:\windows\system32\psisdecd.dll
2014-03-13 07:03:09 204288 ----a-w- c:\windows\system32\MSNP.ax
2014-03-13 07:03:08 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2014-03-13 07:03:08 15872 ----a-w- c:\windows\system32\drivers\rdpvideominiport.sys
2014-03-13 07:03:08 134656 ----a-w- c:\windows\system32\rdpudd.dll
2014-03-13 07:03:01 293376 ----a-w- c:\windows\system32\umpnpmgr.dll
2014-03-13 07:03:01 145920 ----a-w- c:\windows\system32\cfgmgr32.dll
2014-03-13 07:02:40 96768 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2014-03-13 07:02:40 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2014-03-13 07:02:40 123904 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2014-03-13 07:02:39 571904 ----a-w- c:\windows\system32\oleaut32.dll
2014-03-13 07:02:39 233472 ----a-w- c:\windows\system32\oleacc.dll
2014-03-13 07:02:28 1785344 ----a-w- c:\program files\windows journal\Journal.exe
2014-03-13 07:02:25 36864 ----a-w- c:\windows\system32\tsgqec.dll
2014-03-13 07:02:25 3217408 ----a-w- c:\windows\system32\mstscax.dll
2014-03-13 07:02:25 131584 ----a-w- c:\windows\system32\aaclient.dll
2014-03-13 07:02:11 1389568 ----a-w- c:\windows\system32\msxml6.dll
2014-03-13 07:02:10 741376 ----a-w- c:\windows\system32\inetcomm.dll
2014-03-13 07:01:12 187752 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2014-03-13 07:01:10 67072 ----a-w- c:\windows\system32\packager.dll
2014-03-13 06:59:42 642048 ----a-w- c:\windows\system32\CPFilters.dll
2014-03-13 06:58:52 314880 ----a-w- c:\windows\system32\webio.dll
2014-03-13 06:57:55 1137664 ----a-w- c:\windows\system32\mfc42.dll
2014-03-13 06:57:54 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2014-03-13 06:57:50 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2014-03-13 06:57:43 123904 ----a-w- c:\windows\system32\poqexec.exe
2014-03-13 06:57:42 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2014-03-13 06:56:15 107520 ----a-w- c:\windows\system32\cdd.dll
2014-03-13 06:19:56 7969936 ----a-w- c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll
2014-03-13 06:15:08 826880 ----a-w- c:\windows\system32\rdpcore.dll
2014-03-13 06:15:08 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2014-03-13 06:15:08 18432 ----a-w- c:\windows\system32\drivers\tdpipe.sys
2014-03-10 08:50:31 2422272 ----a-w- c:\windows\system32\wucltux.dll
2014-03-10 08:50:25 88576 ----a-w- c:\windows\system32\wudriver.dll
2014-03-10 08:50:20 33792 ----a-w- c:\windows\system32\wuapp.exe
2014-03-10 08:50:20 171904 ----a-w- c:\windows\system32\wuwebv.dll
2014-03-09 18:54:15 -------- d-----w- c:\users\gokarna\appdata\local\CrashDumps
2014-03-08 08:09:52 -------- d-----w- c:\users\gokarna\appdata\local\Microsoft Games
2014-03-07 18:50:13 231584 ------w- c:\windows\system32\MpSigStub.exe
2014-03-07 14:08:09 -------- d-----w- c:\program files\Mozilla Maintenance Service
2014-03-04 20:42:41 -------- d-----w- c:\windows\Panther
2014-03-04 11:40:25 -------- d-----r- c:\program files\Skype
2014-03-04 11:28:40 -------- d-----w- c:\users\gokarna\appdata\local\BMExplorer
2014-03-04 11:28:35 -------- d-----w- c:\programdata\Atheros
2014-03-04 11:25:16 -------- d-----w- c:\users\gokarna\appdata\roaming\Atheros
2014-03-04 11:24:55 -------- d-----w- c:\program files\common files\Atheros
2014-03-04 11:24:49 -------- d-----w- c:\program files\Bluetooth Suite
2014-03-04 11:20:57 2231808 ----a-w- c:\windows\system32\athr.sys
2014-03-04 11:20:56 -------- d-----w- c:\program files\Qualcomm Atheros WiFi Driver Installation
2014-03-04 11:20:29 -------- d-----w- c:\programdata\Qualcomm Atheros
2014-03-04 11:15:05 6416928 ----a-w- c:\windows\system\DriveIcon.dll
2014-03-04 11:15:05 62976 ----a-w- c:\windows\system32\drivers\RTSTOR.sys
2014-03-04 11:14:22 -------- d-----w- c:\program files\Broadcom
2014-03-04 11:12:41 485920 ----a-w- c:\windows\system32\NVUNINST.EXE
2014-03-04 11:09:29 13312 ------w- c:\windows\system32\agrscoin.dll
2014-03-04 11:09:21 -------- d-----w- c:\windows\Options
2014-03-04 10:59:26 6318 ----a-w- c:\windows\Suyin.reg
2014-03-04 10:59:26 626688 ----a-w- c:\windows\Image.dll
2014-03-04 10:59:26 20480 ----a-w- c:\windows\USB_VIDEO_REG.exe
2014-03-04 10:59:26 200704 ----a-w- c:\windows\PLFSetI.exe
2014-03-04 10:59:26 1380352 ----a-w- c:\windows\Acer Crystal Eye webcam.EXE
2014-03-04 10:57:50 106496 ----a-w- c:\windows\FixUVC.exe
2014-03-04 10:57:50 -------- d-----w- c:\program files\Acer
2014-03-04 09:55:23 107776 ----a-w- c:\windows\system32\drivers\ZTEusbvoice.sys
2014-03-04 09:55:23 107776 ----a-w- c:\windows\system32\drivers\ZTEusbser6k.sys
2014-03-04 09:55:23 107776 ----a-w- c:\windows\system32\drivers\ZTEusbnmea.sys
2014-03-04 09:55:23 107776 ----a-w- c:\windows\system32\drivers\ZTEusbmdm6k.sys
2014-03-04 09:55:16 -------- d-----w- c:\windows\system32\SupportAppXL
2014-03-04 09:55:14 -------- d-----w- c:\program files\Beetel Connection Manager
2014-03-04 09:37:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2014-03-04 09:30:46 -------- d-----w- C:\Intel
2014-03-04 09:18:59 -------- d-----w- c:\users\gokarna\appdata\local\Adobe
2014-03-04 09:17:32 59904 ----a-w- c:\windows\system32\wbemdisp.tlb
2014-03-04 09:17:32 16384 ----a-w- c:\windows\system32\lgfwunis.exe
2014-03-04 09:17:32 115016 ----a-w- c:\windows\system32\MSINET.OCX
2014-03-04 09:17:32 102912 ----a-w- c:\windows\system32\Vb6stkit.dll
2014-03-04 09:17:32 102160 ----a-w- c:\windows\system32\VB6KO.DLL
2014-03-04 09:17:31 -------- d-----w- c:\program files\lg_fwupdate
2014-03-04 09:17:27 77824 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ctor.dll
2014-03-04 09:17:27 32768 ------w- c:\program files\common files\installshield\engine\6\intel 32\objectps.dll
2014-03-04 09:17:27 225280 ------w- c:\program files\common files\installshield\iscript\iscript.dll
2014-03-04 09:17:27 176128 ------w- c:\program files\common files\installshield\engine\6\intel 32\iuser.dll
2014-03-04 09:00:29 175616 ----a-w- c:\windows\system32\unrar.dll
2014-03-04 09:00:28 839680 ----a-w- c:\windows\system32\lameACM.acm
2014-03-04 09:00:28 650752 ----a-w- c:\windows\system32\xvidcore.dll
2014-03-04 09:00:28 243200 ----a-w- c:\windows\system32\xvidvfw.dll
2014-03-04 09:00:28 151552 ----a-w- c:\windows\system32\ac3acm.acm
2014-03-04 09:00:27 79360 ----a-w- c:\windows\system32\ff_vfw.dll
2014-03-04 09:00:26 -------- d-----w- c:\program files\K-Lite Codec Pack
2014-03-04 08:59:19 -------- d-----w- c:\program files\Winamp Detect
2014-03-04 08:59:16 -------- d-----w- c:\program files\common files\PX Storage Engine
2014-03-04 08:39:20 -------- d-----w- c:\program files\DivX
2014-03-04 08:37:32 -------- d-----w- c:\users\gokarna\appdata\local\Mozilla
2014-03-04 08:32:51 306688 ----a-w- c:\windows\IsUninst.exe
2014-03-04 08:31:13 -------- d-----w- c:\program files\VideoLAN
2014-03-04 08:28:33 -------- d-----w- c:\users\gokarna\appdata\local\Google
2014-03-04 08:23:00 49265 ----a-w- c:\windows\system32\jpicpl32.cpl
2014-03-04 08:20:55 -------- d-----w- c:\users\gokarna\appdata\local\{32A3A4F2-B792-11D6-A78A-00B0D0150030}
2014-03-04 07:49:33 33104 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\msonpppr.dll
2014-03-04 07:49:32 32592 ----a-w- c:\windows\system32\msonpmon.dll
2014-03-04 07:48:38 -------- d-----w- c:\windows\PCHEALTH
2014-03-04 07:47:38 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2014-03-04 07:47:06 -------- d-----w- c:\users\gokarna\appdata\local\Microsoft Help
2014-03-04 07:44:17 -------- d-sh--w- c:\windows\Installer
2014-03-04 07:25:54 -------- d-----w- c:\windows\system32\wbem\Performance
2014-03-04 07:19:00 -------- d-sh--w- C:\Recovery
.
==================== Find3M ====================
.
2014-03-21 01:03:49 49152 ----a-w- c:\windows\system32\taskhost.exe
2014-03-20 01:07:41 152576 ----a-w- c:\windows\system32\msclmd.dll
2014-03-04 11:25:17 246804 ----a-w- c:\windows\system32\drivers\AtherosBt.bin
2014-03-01 04:11:20 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-03-01 04:10:48 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-03-01 03:52:43 61952 ----a-w- c:\windows\system32\iesetup.dll
2014-03-01 03:51:53 51200 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-03-01 03:38:26 112128 ----a-w- c:\windows\system32\ieUnatt.exe
2014-03-01 03:38:23 108032 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-03-01 03:37:35 553472 ----a-w- c:\windows\system32\jscript9diag.dll
2014-03-01 03:31:30 646144 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-03-01 03:14:15 4244480 ----a-w- c:\windows\system32\jscript9.dll
2014-03-01 03:00:08 1964032 ----a-w- c:\windows\system32\inetcpl.cpl
2014-03-01 02:32:16 1820160 ----a-w- c:\windows\system32\wininet.dll
2014-02-07 01:07:56 2349056 ----a-w- c:\windows\system32\win32k.sys
2014-02-04 02:04:11 509440 ----a-w- c:\windows\system32\qedit.dll
2014-01-29 02:06:47 381440 ----a-w- c:\windows\system32\wer.dll
2014-01-28 02:07:07 185344 ----a-w- c:\windows\system32\wwansvc.dll
2014-01-17 14:24:12 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2014-01-17 14:24:12 69632 ----a-w- c:\windows\system32\QuickTime.qts
.
============= FINISH: 23:59:06.62 ===============
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2014-03-29 23:51:54
-----------------------------
23:51:54.915 OS Version: Windows 6.1.7601 Service Pack 1
23:51:54.915 Number of processors: 4 586 0x2A07
23:51:54.917 ComputerName: GOKARNA-PC UserName: gokarna
23:51:57.590 Initialize success
23:54:56.627 AVAST engine defs: 14032902
00:04:44.551 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000069
00:04:44.551 Disk 0 Vendor: ATA_____ SDM2 Size: 476940MB BusType: 11
00:04:44.691 Disk 0 MBR read successfully
00:04:44.691 Disk 0 MBR scan
00:04:44.707 Disk 0 Windows 7 default MBR code
00:04:44.722 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
00:04:44.722 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 279896 MB offset 206848
00:04:44.738 Disk 0 Partition - 00 0F Extended LBA 196941 MB offset 573435904
00:04:44.769 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 196940 MB offset 573437952
00:04:44.769 Disk 0 scanning sectors +976771072
00:04:44.941 Disk 0 scanning C:\Windows\system32\drivers
00:04:58.263 Service scanning
00:05:25.828 Modules scanning
00:05:33.956 Disk 0 trace - called modules:
00:05:33.971 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStorF.sys storport.sys halmacpi.dll iaStorA.sys
00:05:33.987 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x88278288]
00:05:33.987 3 CLASSPNP.SYS[8bbb259e] -> nt!IofCallDriver -> [0x882787e0]
00:05:33.987 5 iaStorF.sys[8bdd5850] -> nt!IofCallDriver -> \Device\00000069[0x87131030]
00:05:35.516 AVAST engine scan C:\Windows
00:05:38.948 AVAST engine scan C:\Windows\system32
00:08:33.046 AVAST engine scan C:\Windows\system32\drivers
00:08:50.191 AVAST engine scan C:\Users\gokarna
00:15:40.176 File: C:\Users\gokarna\Downloads\FreeCodecPackSetup.exe **INFECTED** Win32:Malware-gen
00:15:59.444 AVAST engine scan C:\ProgramData
00:16:20.738 Scan finished successfully
00:28:09.366 Disk 0 MBR has been saved successfully to "C:\Users\gokarna\Documents\Spybot Docs\MBR.dat"
00:28:09.366 The log file has been saved successfully to "C:\Users\gokarna\Documents\Spybot Docs\aswMBR.txt"
Hi and welcome
Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 6 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click and choose Run as Admin
You only need to get one of them to run, not all of them.
rkill.exe (http://download.bleepingcomputer.com/grinler/rkill.exe)
rkill.com (http://download.bleepingcomputer.com/grinler/rkill.com)
rkill.scr (http://download.bleepingcomputer.com/grinler/rkill.scr)
rkill.pif (http://download.bleepingcomputer.com/grinler/rkill.pif)
WiNlOgOn.exe (http://download.bleepingcomputer.com/grinler/WiNlOgOn.exe)
uSeRiNiT.exe (http://download.bleepingcomputer.com/grinler/uSeRiNiT.exe)
***************
Please download Farbar Recovery Scan Tool (http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/)
(use correct version for your system.....Which system am I using? (http://support.microsoft.com/kb/827218))
and Tutorial http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
Press Scan button.
It will produce a log called FRST.txt in the same directory the tool is run from.
Please copy and paste log back here.
The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
wendyseana
2014-04-01, 11:36
Hello Juliet, and thanks for your so prompt attention to my problems. I have done as you suggested below however some things were a bit different than as specified:
1. Right clicking on the rkill.exe did not respond to a right click so I used a left.
2. The scan that resulted using Spybot came up with a message saying "out of memory"
Copy and pasted are the two logs from the Farbar tool :
First notepad:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014 01
Ran by gokarna (administrator) on GOKARNA-PC on 01-04-2014 12:19:33
Running from C:\Users\gokarna\Downloads
Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Atheros Commnucations) C:\Program Files\Bluetooth Suite\adminservice.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Nullsoft, Inc.) C:\Program Files\Winamp\winampa.exe
(Atheros Commnucations) C:\Program Files\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files\Bluetooth Suite\AthBtTray.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
(Atheros) C:\Program Files\Bluetooth Suite\Ath_CoexAgent.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWelcome.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-26] (Microsoft Corporation)
HKLM\...\Run: [WinampAgent] - C:\Program Files\Winamp\winampa.exe [74752 2011-07-12] (Nullsoft, Inc.)
HKLM\...\Run: [LGODDFU] - C:\Program Files\lg_fwupdate\fwupdate.exe [548864 2008-10-01] (BL)
HKLM\...\Run: [PLFSetI] - C:\Windows\PLFSetI.exe [200704 2008-07-29] ()
HKLM\...\Run: [AtherosBtStack] - C:\Program Files\Bluetooth Suite\btvstack.exe [878208 2012-05-30] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] - C:\Program Files\Bluetooth Suite\athbttray.exe [696448 2012-05-30] (Atheros Commnucations)
HKLM\...\Run: [SDTray] - C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM\...\Run: - C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [280576 2014-03-20] (Microsoft Corporation)
HKU\S-1-5-21-3506391524-3815322815-2224249592-1000\...\Run: [Spybot-S&D Cleaning] - C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe [3666224 2013-09-20] (Safer-Networking Ltd.)
HKU\S-1-5-21-3506391524-3815322815-2224249592-1000\...\MountPoints2: {eafd7e00-a37c-11e3-814c-e614c28d7e75} - G:\AutoRun.exe
Startup: C:\Users\gokarna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
ShortcutTarget: ERUNT AutoBackup.lnk -> C:\Program Files\ERUNT\AUTOBACK.EXE ()
==================== Internet (Whitelisted) ====================
Addition Notepad
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-03-2014 01
Ran by gokarna at 2014-04-01 12:20:15
Running from C:\Users\gokarna\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Spybot - Search and Destroy (Enabled - Up to date) {20A26C15-1AF0-7CA3-9380-FAB824A7EE0D}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
==================== Installed Programs ======================
Acer Crystal Eye Webcam (HKLM\...\{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}) (Version: 5.0.7.1 - Suyin Optronics Corp)
Acer Crystal Eye webcam Ver:1.1.74.216 (HKLM\...\{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}) (Version: 1.1.74.216 - Chicony Electronics Co.,Ltd.)
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.0.4990 - Adobe Systems Inc.)
Adobe AIR (Version: 1.0.8.4990 - Adobe Systems Inc.) Hidden
Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Photoshop 7.0 (HKLM\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.)
Adobe Reader XI (11.0.06) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Bluetooth Suite (HKLM\...\{101A497C-7EF6-4001-834D-E5FA1C70FEFA}) (Version: 7.4.0.140 - Atheros)
Beetel Connection Manager (HKLM\...\{93D34EE3-99B3-4DB1-8B0A-0A657466F90D}) (Version: 1.0.0.1 - )
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom Gigabit NetLink Controller (HKLM\...\{9AF0B106-56F1-461B-A270-95BC1682E282}) (Version: 11.34.02 - Broadcom Corporation)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.18.51 - Conexant)
DivX Browser Plug-In (HKLM\...\{B7050CBDB2504B34BC2A9CA0A692CC29}) (Version: 0.9.1 - DivXNetworks, Inc.)
ERUNT 1.1j (HKLM\...\ERUNT_is1) (Version: - Lars Hederer)
ffdshow v1.2.4422 [2012-04-09] (HKLM\...\ffdshow_is1) (Version: 1.2.4422.0 - FreeCodecPack)
Google Chrome (HKCU\...\Google Chrome) (Version: 2.0.172.37 - Google Inc.)
Haali Media Splitter (HKLM\...\HaaliMkx) (Version: - FreeCodecPack)
iTunes (HKLM\...\{2F21564D-DE05-4C6D-B21E-08B9D313FAB3}) (Version: 11.1.5.5 - Apple Inc.)
J2SE Development Kit 5.0 Update 3 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0150030}) (Version: 1.5.0.30 - Sun Microsystems, Inc.)
J2SE Runtime Environment 5.0 Update 3 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0150030}) (Version: 1.5.0.30 - Sun Microsystems, Inc.)
K-Lite Codec Pack 7.8.0 (Full) (HKLM\...\KLiteCodecPack_is1) (Version: 7.8.0 - )
LG ODD Auto Firmware Update (HKLM\...\{6179550A-3E7C-499E-BCC9-9E8113E0A285}) (Version: 8.01.1209.01 - )
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.141.11 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Mozilla Firefox 28.0 (x86 en-US) (HKLM\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
NVIDIA Control Panel 314.22 (Version: 314.22 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 314.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 314.22 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.115.743 - NVIDIA Corporation) Hidden
NVIDIA Update 1.12.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.12.12 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.12.12 - NVIDIA Corporation) Hidden
Qualcomm Atheros WiFi Driver Installation (HKLM\...\{7D916FA5-DAE9-4A25-B089-655C70EAF607}) (Version: 3.0 - Qualcomm Atheros)
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek USB 2.0 Card Reader (HKLM\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version: 6.0.6000.20113 - Realtek Semiconductor Corp.)
RICOH R5U241 / R5C847 Media Driver ver.2.04.01.00 (HKLM\...\{2B818257-E6C7-4841-8C29-C5C9A982BCE5}) (Version: 2.04.01.00 - RICOH)
Skype™ 4.0 (HKLM\...\{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}) (Version: 4.0.227 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.2.25 - Safer-Networking Ltd.)
VLC media player 1.0.3 (HKLM\...\VLC media player) (Version: 1.0.3 - VideoLAN Team)
Winamp (HKLM\...\Winamp) (Version: 5.621 - Nullsoft, Inc)
Winamp Detector Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Driver Package - Realtek (RTL8167) Net (08/20/2009 7.006.0820.2009) (HKLM\...\5C3C6E4376259861E39CB54075002B714220026C) (Version: 08/20/2009 7.006.0820.2009 - Realtek)
Windows Driver Package - Realtek Net (08/20/2009 7.006.0820.2009) (HKLM\...\CD0E34A952350DC3169BCA897106C995BFD430AE) (Version: 08/20/2009 7.006.0820.2009 - Realtek)
WPM17.8.0.3442 (HKLM\...\WPM) (Version: 17.8.0.3442 - Cherished Technololgy LIMITED) <==== ATTENTION
Yandex (HKCU\...\YandexBrowser) (Version: 30.0.1599.13014 - YANDEX)
==================== Restore Points =========================
21-03-2014 01:00:23 Windows Update
21-03-2014 09:50:19 Installed QuickTime 7
21-03-2014 12:01:10 Windows Update
21-03-2014 14:28:16 Device Driver Package Install: Qualcomm Atheros Communications Bluetooth Virtual Devices
21-03-2014 14:29:09 Device Driver Package Install: Qualcomm Atheros Communications Human Interface Devices
21-03-2014 14:30:09 Device Driver Package Install: Qualcomm Atheros Communications Sound, video and game controllers
21-03-2014 14:31:30 Device Driver Package Install: Qualcomm Atheros Communications Bluetooth Radios
21-03-2014 14:33:09 Device Driver Package Install: Qualcomm Atheros Communications System devices
21-03-2014 14:35:46 Device Driver Package Install: Qualcomm Atheros Communications Universal Serial Bus controllers
21-03-2014 14:41:48 Device Driver Package Install: NVIDIA Corporation Sound, video and game controllers
23-03-2014 01:00:20 Windows Update
26-03-2014 15:44:25 Windows Update
==================== Hosts content: ==========================
2009-07-14 05:04 - 2014-03-28 23:09 - 00450709 ___RA C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
There are 1000 more lines.
==================== Scheduled Tasks (whitelisted) =============
Task: {1FA538BD-E74C-4167-A98B-01ECD2C8D972} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {3CB31C28-0C5A-45AD-9A8F-8BF1D9D4CC59} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-19] (Adobe Systems Incorporated)
Task: {9FABBF89-AD1F-454E-B8B5-E46DE5B90CEB} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3506391524-3815322815-2224249592-1000
Task: {ABA54CA7-186D-413A-ACC3-C71538136C4C} - System32\Tasks\Everyday scan => Spybot
Task: {B21C0119-4D02-4951-83C7-65BCD2FA474B} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan most recently used file in the background => C:\Program Files\Spybot - Search & Destroy 2\SDOnAccess.exe
Task: {C470ECAE-43A9-43C0-8BBF-A6A92B3737D5} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {E59163AB-34D6-4B6C-BC84-AC0F7D051FBB} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {EDC315B8-4E4F-4F12-8218-A687C7DF824E} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) =============
2014-03-21 17:45 - 2013-03-15 05:59 - 00078624 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2014-02-12 21:58 - 2014-02-12 21:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 21:58 - 2014-02-12 21:58 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-03-15 14:08 - 2012-08-23 11:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2014-03-15 14:08 - 2013-05-16 11:55 - 00113496 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-03-15 14:08 - 2013-05-16 11:55 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2014-03-15 14:08 - 2013-05-16 11:55 - 00161112 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-03-15 14:08 - 2012-04-03 18:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-03-29 17:55 - 2014-03-29 17:55 - 03642480 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
==================== Disabled items from MSCONFIG ==============
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (04/01/2014 11:05:02 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.
Error: (04/01/2014 09:45:17 AM) (Source: Application Error) (User: )
Description: Faulting application name: nvtray.exe, version: 7.17.13.1422, time stamp: 0x5142857f
Faulting module name: NvUI.dll, version: 8.17.13.1422, time stamp: 0x51427c1d
Exception code: 0xc00000fd
Fault offset: 0x00029732
Faulting process id: 0x86c
Faulting application start time: 0xnvtray.exe0
Faulting application path: nvtray.exe1
Faulting module path: nvtray.exe2
Report Id: nvtray.exe3
Error: (03/30/2014 09:36:45 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2106
Error: (03/30/2014 09:36:45 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2106
Error: (03/30/2014 09:36:45 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (03/30/2014 09:36:44 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1030
Error: (03/30/2014 09:36:44 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1030
Error: (03/30/2014 09:36:44 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (03/30/2014 01:40:46 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3089
Error: (03/30/2014 01:40:46 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3089
System errors:
=============
Error: (04/01/2014 09:44:35 AM) (Source: Service Control Manager) (User: )
Description: The Update Mega Browse service failed to start due to the following error:
%%2
Error: (03/31/2014 03:33:56 AM) (Source: DCOM) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
Error: (03/30/2014 00:32:24 PM) (Source: Service Control Manager) (User: )
Description: The Update Mega Browse service failed to start due to the following error:
%%2
Error: (03/29/2014 03:43:58 PM) (Source: Service Control Manager) (User: )
Description: The Update Mega Browse service failed to start due to the following error:
%%2
Error: (03/29/2014 05:33:39 AM) (Source: DCOM) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
Error: (03/28/2014 00:10:43 PM) (Source: Service Control Manager) (User: )
Description: The Update Mega Browse service failed to start due to the following error:
%%2
Error: (03/27/2014 04:02:02 PM) (Source: Service Control Manager) (User: )
Description: The Update Mega Browse service failed to start due to the following error:
%%2
Error: (03/27/2014 09:56:22 AM) (Source: Service Control Manager) (User: )
Description: The Update Mega Browse service failed to start due to the following error:
%%2
Error: (03/26/2014 06:38:15 PM) (Source: Service Control Manager) (User: )
Description: The Update Mega Browse service failed to start due to the following error:
%%2
Error: (03/22/2014 11:15:38 PM) (Source: Service Control Manager) (User: )
Description: The Update Mega Browse service failed to start due to the following error:
%%2
Microsoft Office Sessions:
=========================
CodeIntegrity Errors:
===================================
Date: 2014-04-01 12:18:45.776
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Spybot - Search & Destroy 2\SDHook32.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-04-01 11:40:53.358
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Spybot - Search & Destroy 2\SDHook32.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-04-01 11:26:33.472
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Spybot - Search & Destroy 2\SDHook32.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-04-01 11:17:29.351
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Spybot - Search & Destroy 2\SDHook32.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-04-01 10:47:19.922
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Spybot - Search & Destroy 2\SDHook32.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-04-01 10:36:09.408
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Spybot - Search & Destroy 2\SDHook32.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-04-01 10:27:36.608
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Spybot - Search & Destroy 2\SDHook32.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-04-01 10:18:25.445
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Spybot - Search & Destroy 2\SDHook32.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-04-01 10:06:43.440
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Spybot - Search & Destroy 2\SDHook32.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-04-01 09:56:47.488
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Spybot - Search & Destroy 2\SDHook32.dll because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Percentage of memory in use: 41%
Total physical RAM: 3061.86 MB
Available physical RAM: 1795.25 MB
Total Pagefile: 6122.01 MB
Available Pagefile: 3028.8 MB
Total Virtual: 2047.88 MB
Available Virtual: 1904.97 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:273.34 GB) (Free:239.14 GB) NTFS
Drive d: (New Volume) (Fixed) (Total:192.32 GB) (Free:192.2 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 887BD72F)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=273 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=192 GB) - (Type=OF Extended)
==================== End Of Log ============================
Hoping to hear from you again soon,
Kindest regards, Wendy
Hi and welcome
Please download and run the following tool to help allow other programs to run. [i](courtesy of BleepingComputer.com)
There are 6 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click and choose Run as Admin
You only need to get one of them to run, not all of them.
rkill.exe (http://download.bleepingcomputer.com/grinler/rkill.exe)
rkill.com (http://download.bleepingcomputer.com/grinler/rkill.com)
rkill.scr (http://download.bleepingcomputer.com/grinler/rkill.scr)
rkill.pif (http://download.bleepingcomputer.com/grinler/rkill.pif)
WiNlOgOn.exe (http://download.bleepingcomputer.com/grinler/WiNlOgOn.exe)
uSeRiNiT.exe (http://download.bleepingcomputer.com/grinler/uSeRiNiT.exe)
***************
Please download Farbar Recovery Scan Tool (http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/)
(use correct version for your system.....Which system am I using? (http://support.microsoft.com/kb/827218))
and Tutorial http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
Press Scan button.
It will produce a log called FRST.txt in the same directory the tool is run from.
Please copy and paste log back here.
The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
What antivirus software do you have on the computer?
Please download Malwarebytes Anti-Malware (http://www.malwarebytes.org/update/)to your desktop
(If uninstalling and doing a reinstall the link is below)
http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/
Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits
https://dl.dropboxusercontent.com/u/73555776/MBAMsettings.JPG
Go back to the Dashboard and select Scan Now
https://dl.dropboxusercontent.com/u/73555776/MBAMScan.JPG
If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.
https://dl.dropboxusercontent.com/u/73555776/MBAMReboot.JPG
https://dl.dropboxusercontent.com/u/73555776/MBAMLog.JPG
On completion of the scan (or after the reboot) select View Detailed Log
Select Export > Select text file and save to the desktop.
Please Post this log
**********************
please download Shortcut Cleaner from the following web page and save it to your Windows desktop.
Shortcut Cleaner Download Link - http://www.bleepingcomputer.com/download/shortcut-cleaner/
Once the file is downloaded, double-click on the ss-cleaner.exe file that should now be on your desktop.
If you are using Windows Vista, 7, or 8 you will need to allow it to run when the prompt appears.
Shortcut Cleaner will now start and scan your computer for hijacked Windows shortcuts and if any are found it will automatically clean them for you.
When it is done, it will show you a log that contains a list of shortcuts that were cleaned.
When you have finished reviewing the log file, please close it and continue with the rest of the steps.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
We now need to reset the home page for Internet Explorer, Firefox, Chrome, and any other browsers you may have installed. Please perform the following steps for each of the installed browsers.
Internet Explorer - Internet Explorer should already be reset. If not, then open IE and click on the Tools menu and then select Internet Options. On the General tab, change your home page to your desired home page and then close the options screen.
Firefox- To reset Firefox click on the Tools menu and then select Option. When the settings screen opens, click on the General tab and change your home page to your desired site.
Chrome - To reset Chome click on the menu button (Chrome Menu). When the menu appears, click on the Settings menu option. When the Settings screen opens, click on the Set Pages link under the On Startup category to specify the pages that should start automatically when Chrome opens.
As many malware and unwanted programs are installed through vulnerabilities found in out-dated and insecure programs, it is strongly suggested that you use Secunia PSI to scan for vulnerable programs on your computer. A tutorial on how to use Secunia PSI to scan for vulnerable programs can be found here:
How to detect vulnerable and out-dated programs using Secunia Personal Software Inspector (PSI)
http://www.bleepingcomputer.com/tutorials/detect-vulnerable-programs-with-secunia-psi/
wendyseana
2014-04-02, 19:43
Hi Juliet, At the moment I don't run any antivirus software beyond Windows defender and Spybot SandD - which I think is not what you mean by antivirus - right ? I used to have a VAIO ie. Sony system in place but when my computer crashed in India in February the technician I consulted completely cleaned it out and reinstalled Windows 7 but not anything from VAIO.
Here is the antiwalware log you requested:
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 4/2/2014
Scan Time: 8:09:29 PM
Logfile: anti malware log.txt
Administrator: Yes
Version: 2.00.0.1000
Malware Database: v2014.04.02.05
Rootkit Database: v2014.03.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled
OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: gokarna
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 249405
Time Elapsed: 11 min, 22 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 0
(No malicious items detected)
Physical Sectors: 0
(No malicious items detected)
(end)
I have also done the shortcut cleaner download and run it. I enclose its results below although I know you didn't ask for it.
I appreciate your help very much, thanks again, Wendy
wendyseana
2014-04-02, 21:33
Hi Juliet,
Just a query about Yandex as it is till on my computer and seems determined to stay and it did look as if it was responsible for the computer crash I mentioned in my last post which occured in India in February, when everything was cleaned out and Windows 7 was reinstalledut none of the Sony/VAIO protection, enhancement and managment software. Were the things you got me to do involved in trying to remove it ?
Thanks again, Wendy
You need an antivirus software on your computer or you'll soon be reinfected.
Secure My Computer: A Layered Approach (http://www.dslreports.com/faq/8463)
Free Antivirus-AntiSpyware-Firewall Software (http://www.geekstogo.com/forum/Free-Antivirus-Antispyware-Software-t38.html)
~~~~~~~~~~~~~
AdwCleaner by Xplode
Click on this link to download : ADWCleaner (http://www.bleepingcomputer.com/download/adwcleaner/)
Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.
Do not click on any links in the top Advertisment.
Close all open windows and browsers.
Right click the AdwCleaner icon http://i1059.photobucket.com/albums/t432/cinjo23/RightClickonAdwCleanerIcon.jpg on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
*****
https://dl.dropbox.com/u/73555776/AdwCleaner.GIF
Click the Scan button and wait for the scan to finish.
After the Scan has finished the window may or may not show what it found and above the progress bar you will see Pending. Please uncheck elements you don't want to remove. Please don't delete anything at this time.
Click the Report button to get the log
Copy and Paste it into your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[R0].txt.
Click the X in the upper right corner of the program or click the File menu and click Exit to close the program.
NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why (http://www.im-infected.com/hijacker/isearch-avg-comsearch-hijacker.html) and Here (http://nojesusnopeas.blogspot.com/2012/08/sorry-but-avg-secure-search-is-malware.html). You can always Reinstall (http://www.avg.com/us-en/secure-search) it.
****************
http://imageshack.us/a/img841/7292/thisisujrt.gif
Please download Junkware Removal Tool (http://www.bleepingcomputer.com/download/junkware-removal-tool/) to your desktop.
Shut down your protection software now to avoid potential conflicts. Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator". The tool will open and start scanning your system. Please be patient as this can take a while to complete depending on your system's specifications. On completion, a log (JRT.txt) is saved to your desktop and will automatically open. Post the contents of JRT.txt into your next message.
Please post these 2 logs when finished.
Please use the reply to thread button, it will make it easier to read.
After you finish the above scans mentioned please do this:
Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)
start
Yandex (HKCU\...\YandexBrowser) (Version: 30.0.1599.13014 - YANDEX)
Reboot:
end
Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system
wendyseana
2014-04-05, 21:10
Still need help?
Hello Juliet,
I have followed your instructions to the point of c and p the anti Adware log :
# AdwCleaner v3.023 - Report created 05/04/2014 at 21:53:30
# Updated 01/04/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (32 bits)
# Username : gokarna - GOKARNA-PC
# Running from : C:\Users\gokarna\Downloads\AdwCleaner.exe
# Option : Scan
***** [ Services ] *****
***** [ Files / Folders ] *****
File Found : C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\hullhm7j.default\.autoreg
File Found : C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\hullhm7j.default\user.js
Folder Found : C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\hullhm7j.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
Folder Found C:\Program Files\Mail.Ru
Folder Found C:\Users\gokarna\AppData\Local\Temp\Mega Browse
Folder Found C:\Users\gokarna\AppData\Local\Yandex
Folder Found C:\Users\gokarna\AppData\LocalLow\Yandex
Folder Found C:\Users\gokarna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Yandex
Folder Found C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\hullhm7j.default\Yandex
Folder Found C:\Users\gokarna\AppData\Roaming\PerformerSoft
Folder Found C:\Users\gokarna\AppData\Roaming\Systweak
Folder Found C:\Users\gokarna\AppData\Roaming\Yandex
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\systweak
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\systweakasp_rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\systweakasp_rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wpm
Key Found : HKLM\Software\systweak
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.16521
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://www.sweet-page.com/web/?type=ds&ts=1394956558&from=cor&uid=ST9500325AS_5VEJD9L0XXXX5VEJD9L0&q={searchTerms}
-\\ Mozilla Firefox v28.0 (en-US)
[ File : C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\hullhm7j.default\prefs.js ]
Line Found : user_pref("extensions.vb@yandex.ru.description", "Keep all your favorite sites in one place with Visual Bookmarks. Simply click on one of the mini-webpages to visit a site. You can customize the numbe[...]
-\\ Google Chrome v33.0.1750.154
[ File : C:\Users\gokarna\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [3070 octets] - [05/04/2014 21:53:30]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [3130 octets] ##########
Now turning to the second part of your recommendations re : anti- junkware
Stay tuned for second report log,
Salute, Wendy
wendyseana
2014-04-05, 22:56
Hello again,
So I carried out to the best of my perceptions your instructions but have to admit a bit of confusion as to operations and implementation.
I am not getting a save to my desktop
as per advice viz :
"On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message."
Nevertheless it did save and I c and p it here :
================================================================
[ ]
[ Junkware Removal Tool (JRT) by Thisisu ]
[ Version 6.1.3 (03.23.2014:1) ]
[ Information about this tool can be found at ]
[ www.thisisudax.org ]
[ ]
[ ]
[ Please save any work in your browsers before proceeding. ]
[ Your desktop may temporarily disappear during this scan. ]
[ A Windows Explorer window may also open. ]
[ These actions are normal. Don't panic. ]
[ ]
[ ** DISCLAIMER ** ]
[ ]
[ This software is provided "as is" without ]
[ warranty of any kind. You may use this software ]
[ at your own risk. ]
[ ]
[ Click the [X] in the top-right corner of this window ]
[ if you wish to exit. Otherwise, ]
================================================================
Press any key to continue . . .
Creating a registry backup
Checking Startup
Checking Modules
A bad module has been detected!
A reboot is required to remove modules.
Press 'y' to reboot now
Press 'n' to reboot later
Reboot now? [y,n] N
Checking Processes
Checking Services
I have not executed its instructions to reboot as you did not mention that I should, should I ? And given that I must go to bed now and await your reply, will I be able to just pick up where i left off here ?
Best regards, Wendy.
Ps. I shall also have to look at the obtaining an antivirus program tomorrow, reading before hand the text links you suggested.
To save files to desktop
Firefox
you press the orange Firefox button in the top left corner >> Options
Beneath where it shows homepage, click on save files to desktop
Chrome --
Press the Customize and Control Google button (three horizontal lines in top right corner of screen) >> Settings >> Show Advanced Settings >> Downloads, Download location, click on save to desktop
~~~~~~~~~~~~~~~~~~~~~~~
Did you run the fixlist.txt I created?
~~~~~~~~~~~~~~~~~~~~~~~~~~~`
Sounds like the download for JRT corrupted.
If you would, delete the one you have now.
Download again and then boot into safe mode to try and run it again.
~~~~~~~~~~~~~~~~~~~~~
As for AdwCleaner
Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Scan.
After the scan is complete click on "Clean"
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[R0].txt as well.
wendyseana
2014-04-09, 12:51
Hi Juliet,
Life has been busy and its been a few days since I could attend to this problem.
You say that the JRT process looks corrupted and to run it again out of safe mode but I am not sure how to do this ?
I have however I carried out the other 2 operations. I tried first to c and p both but the post failed due to there being too many text characters on my first attempt. The second, the Fixlog failed both as an attachment and as a c and p again because of too many characters. What do you suggest I do ?
I attach the AdwearCleaner only.
Hoping to hear from you soon, many thanks Wendy
I think whats happened is the log is very long.
What you can do is copy and paste the log in multiple replies.
If you should need to boot into safe mode:
http://pcsupport.about.com/od/fixtheproblem/ss/safe-mode-windows-7.htm
wendyseana
2014-04-13, 17:33
Hi Juliet, Here is part one of he fixlist.txt log :
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014 01 (ATTENTION: ====> FRST version is 27 days old and could be outdated)
Ran by gokarna (administrator) on GOKARNA-PC on 09-04-2014 13:02:22
Running from C:\Users\gokarna\Downloads
Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.23.9\GoogleCrashHandler.exe
(Atheros Commnucations) C:\Program Files\Bluetooth Suite\adminservice.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Nullsoft, Inc.) C:\Program Files\Winamp\winampa.exe
() C:\Windows\PLFSetI.exe
(Atheros Commnucations) C:\Program Files\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files\Bluetooth Suite\AthBtTray.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Spotify Ltd) C:\Users\gokarna\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
(Secunia) C:\Program Files\Secunia\PSI\psi_tray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Secunia) C:\Program Files\Secunia\PSI\PSIA.exe
(Atheros) C:\Program Files\Bluetooth Suite\Ath_CoexAgent.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Secunia) C:\Program Files\Secunia\PSI\sua.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Farbar) C:\Users\gokarna\Downloads\FRST(1).exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-26] (Microsoft Corporation)
HKLM\...\Run: [WinampAgent] - C:\Program Files\Winamp\winampa.exe [74752 2011-07-12] (Nullsoft, Inc.)
HKLM\...\Run: [LGODDFU] - C:\Program Files\lg_fwupdate\fwupdate.exe [548864 2008-10-01] (BL)
HKLM\...\Run: [PLFSetI] - C:\Windows\PLFSetI.exe [200704 2008-07-29] ()
HKLM\...\Run: [AtherosBtStack] - C:\Program Files\Bluetooth Suite\btvstack.exe [878208 2012-05-30] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] - C:\Program Files\Bluetooth Suite\athbttray.exe [696448 2012-05-30] (Atheros Commnucations)
HKLM\...\Run: [SDTray] - C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [280576 2014-03-20] (Microsoft Corporation)
HKU\S-1-5-21-3506391524-3815322815-2224249592-1000\...\Run: [Spybot-S&D Cleaning] - C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe [3666224 2013-09-20] (Safer-Networking Ltd.)
HKU\S-1-5-21-3506391524-3815322815-2224249592-1000\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [20924576 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-3506391524-3815322815-2224249592-1000\...\Run: [Spotify Web Helper] - C:\Users\gokarna\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171968 2014-04-03] (Spotify Ltd)
HKU\S-1-5-21-3506391524-3815322815-2224249592-1000\...\MountPoints2: {eafd7e00-a37c-11e3-814c-e614c28d7e75} - G:\AutoRun.exe
Startup: C:\Users\gokarna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
ShortcutTarget: ERUNT AutoBackup.lnk -> C:\Program Files\ERUNT\AUTOBACK.EXE ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xE87ACF3A353ACF01
SearchScopes: HKLM - DefaultScope value is missing.
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: No Name - {8984B388-A5BB-4DF7-B274-77B879E179DB} - No File
BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO: No Name - {D5FEC983-01DB-414a-9456-AF95AC9ED7B5} - No File
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 06 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\hullhm7j.default
FF SelectedSearchEngine: Yahoo!7
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=0.9.1 - C:\Program Files\DivX\DivX Browser Plug-In\npdivx32.dll (DivX,Inc.)
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdivx32.dll (DivX,Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF SearchPlugin: C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\hullhm7j.default\searchplugins\yqs-barff-yandex.xml
FF Extension: Візуальныя закладкі - C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\hullhm7j.default\Extensions\vb@yandex.ru [2014-03-22]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-03-03]
Chrome:
=======
CHR Extension: (Google Docs) - C:\Users\gokarna\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-02]
CHR Extension: (Google Drive) - C:\Users\gokarna\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-02]
CHR Extension: (YouTube) - C:\Users\gokarna\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-02]
CHR Extension: (McAfee Security Scan+) - C:\Users\gokarna\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh [2014-04-02]
CHR Extension: (Google Search) - C:\Users\gokarna\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-02]
CHR Extension: (Google Wallet) - C:\Users\gokarna\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-02]
CHR Extension: (Gmail) - C:\Users\gokarna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-02]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-03-03]
========================== Services (Whitelisted) =================
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1363584 2014-03-03] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1748608 2014-03-03] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [235696 2014-01-16] (McAfee, Inc.)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files\Bluetooth Suite\Ath_CoexAgent.exe [327296 2012-05-30] (Atheros)
==================== Drivers (Whitelisted) ====================
R3 AthBTPort; C:\Windows\System32\DRIVERS\btath_flt.sys [35968 2012-05-30] (Atheros)
R3 athr; C:\Windows\System32\DRIVERS\athr.sys [3109888 2013-02-19] (Qualcomm Atheros Communications, Inc.)
R3 BTATH_A2DP; C:\Windows\System32\drivers\btath_a2dp.sys [302920 2013-03-27] (Qualcomm Atheros)
R3 btath_avdt; C:\Windows\System32\drivers\btath_avdt.sys [101192 2013-03-27] (Qualcomm Atheros)
R3 BTATH_BUS; C:\Windows\System32\DRIVERS\btath_bus.sys [27976 2013-03-27] (Qualcomm Atheros)
R3 BTATH_HCRP; C:\Windows\System32\DRIVERS\btath_hcrp.sys [158688 2013-03-27] (Qualcomm Atheros)
R3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [66448 2013-03-27] (Qualcomm Atheros)
R3 BTATH_RCP; C:\Windows\System32\DRIVERS\btath_rcp.sys [119624 2013-03-27] (Qualcomm Atheros)
R3 BtFilter; C:\Windows\System32\DRIVERS\btfilter.sys [496456 2013-03-27] (Qualcomm Atheros)
R0 iaStorA; C:\Windows\System32\DRIVERS\iaStorA.sys [541680 2013-03-18] (Intel Corporation)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [26608 2013-03-18] (Intel Corporation)
R0 iusb3hcs; C:\Windows\System32\DRIVERS\iusb3hcs.sys [16880 2013-02-22] (Intel Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-04-03] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [107736 2014-04-09] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51416 2014-04-03] (Malwarebytes Corporation)
R3 MEI; C:\Windows\System32\DRIVERS\TeeDriver.sys [85976 2013-03-20] (Intel Corporation)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_x86.sys [16024 2013-12-06] (Secunia)
R3 RSPCIESTOR; C:\Windows\System32\DRIVERS\RtsPStor.sys [258704 2012-10-18] (Realtek Semiconductor Corp.)
R1 SDHookDriver; C:\Program Files\Spybot - Search & Destroy 2\SDHookDrv32.sys [46248 2013-10-10] ()
S3 ZTEusbvoice; C:\Windows\System32\DRIVERS\ZTEusbvoice.sys [107776 2011-03-26] (ZTE Incorporated)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-04-09 11:41 - 2014-04-09 11:41 - 00000000 ____D () C:\Users\gokarna\AppData\Roaming\Yandex
2014-04-09 11:40 - 2014-04-09 11:40 - 00003287 _____ () C:\Users\gokarna\Desktop\AdwCleaner[S0].txt
2014-04-09 11:38 - 2014-04-09 11:38 - 00000000 ___RD () C:\Users\gokarna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-04-09 10:40 - 2014-04-09 10:40 - 01016261 _____ (Thisisu) C:\Users\gokarna\Downloads\JRT.exe
2014-04-09 10:23 - 2014-04-06 00:00 - 00000180 _____ () C:\Users\gokarna\Documents\filetext.txt
2014-04-09 09:54 - 2014-04-09 09:55 - 01145856 _____ (Farbar) C:\Users\gokarna\Downloads\FRST(1).exe
2014-04-06 00:00 - 2014-04-06 00:00 - 00000180 _____ () C:\Users\gokarna\Desktop\filetext.txt
2014-04-05 22:16 - 2014-04-05 22:16 - 00000000 ____D () C:\Windows\ERUNT
2014-04-05 21:21 - 2014-04-09 11:34 - 00000000 ____D () C:\AdwCleaner
2014-04-05 21:19 - 2014-04-05 21:19 - 01426178 _____ () C:\Users\gokarna\Downloads\AdwCleaner.exe
2014-04-03 12:23 - 2014-04-03 12:23 - 00127080 _____ (Spotify Ltd) C:\Users\gokarna\Downloads\SpotifySetup(1).exe
2014-04-03 12:10 - 2014-04-03 12:19 - 00001817 _____ () C:\Users\gokarna\Desktop\Spotify.lnk
2014-04-03 12:10 - 2014-04-03 12:19 - 00001803 _____ () C:\Users\gokarna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2014-04-03 12:10 - 2014-04-03 12:10 - 00000000 ____D () C:\Users\gokarna\AppData\Local\Spotify
2014-04-03 12:09 - 2014-04-08 08:54 - 00000000 ____D () C:\Users\gokarna\AppData\Roaming\Spotify
2014-04-03 12:07 - 2014-04-03 12:07 - 00127080 _____ (Spotify Ltd) C:\Users\gokarna\Downloads\SpotifySetup.exe
2014-04-02 22:09 - 2014-04-02 22:11 - 00000000 ___RD () C:\Program Files\Skype
2014-04-02 22:09 - 2014-04-02 22:09 - 00000000 ____D () C:\Users\gokarna\AppData\Local\Skype
2014-04-02 22:09 - 2014-04-02 22:09 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-04-02 22:08 - 2014-04-02 22:08 - 00362029 _____ () C:\Users\gokarna\Downloads\sqlite3.dll
2014-04-02 21:57 - 2014-04-02 21:58 - 34829472 _____ (Skype Technologies S.A.) C:\Users\gokarna\Downloads\SkypeSetupFull.exe
2014-04-02 21:39 - 2014-04-02 21:39 - 00002205 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-04-02 21:37 - 2014-04-09 12:42 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-02 21:37 - 2014-04-09 11:38 - 00000884 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-02 21:37 - 2014-04-02 21:39 - 00000000 ____D () C:\Program Files\Google
2014-04-02 21:37 - 2014-04-02 21:37 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-02 21:35 - 2014-04-02 21:35 - 00884712 _____ (Google Inc.) C:\Users\gokarna\Downloads\ChromeSetup.exe
2014-04-02 21:11 - 2014-04-02 21:11 - 00000000 ____D () C:\ProgramData\Sun
2014-04-02 21:10 - 2014-04-02 21:10 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-04-02 21:10 - 2014-04-02 21:10 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-04-02 21:10 - 2014-04-02 21:10 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-04-02 21:10 - 2014-04-02 21:10 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-04-02 21:06 - 2014-04-02 21:06 - 00921000 _____ (Oracle Corporation) C:\Users\gokarna\Downloads\jxpiinstall.exe
2014-04-02 21:06 - 2014-04-02 21:06 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2014-04-02 21:06 - 2014-04-02 21:06 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2014-04-02 21:04 - 2014-04-02 21:05 - 00000000 ____D () C:\Program Files\MPC-HC
2014-04-02 21:00 - 2014-04-02 21:00 - 00000000 ____D () C:\Users\gokarna\AppData\Local\Secunia PSI
2014-04-02 20:58 - 2014-04-02 20:58 - 00000000 ____D () C:\Program Files\Secunia
2014-04-02 20:49 - 2014-04-02 20:50 - 05329480 _____ (Secunia) C:\Users\gokarna\Downloads\PSISetup.exe
2014-04-02 20:27 - 2014-04-02 20:28 - 00001800 _____ () C:\sc-cleaner.txt
2014-04-02 20:26 - 2014-04-02 20:26 - 00406264 _____ (Bleeping Computer, LLC) C:\Users\gokarna\Downloads\sc-cleaner.exe
2014-04-02 19:06 - 2014-04-09 12:47 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-02 19:05 - 2014-04-05 15:13 - 00001064 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-02 19:05 - 2014-04-05 15:13 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-04-02 19:05 - 2014-04-03 09:51 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-02 19:05 - 2014-04-03 09:51 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-02 19:05 - 2014-04-03 09:50 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-02 19:05 - 2014-04-02 19:05 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-02 18:43 - 2014-04-02 18:44 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\gokarna\Downloads\mbam-setup-2.0.0.1000.exe
2014-04-01 12:20 - 2014-04-01 12:20 - 00020845 _____ () C:\Users\gokarna\Downloads\Addition.txt
2014-04-01 12:19 - 2014-04-09 13:02 - 00015298 _____ () C:\Users\gokarna\Downloads\FRST.txt
2014-04-01 12:19 - 2014-04-09 13:02 - 00000000 ____D () C:\FRST
2014-04-01 11:28 - 2014-04-01 11:29 - 01145856 _____ (Farbar) C:\Users\gokarna\Downloads\FRST.exe
2014-04-01 10:35 - 2014-04-01 10:36 - 00003618 _____ () C:\Users\gokarna\Desktop\Rkill.txt
2014-04-01 10:34 - 2014-04-01 10:34 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\gokarna\Downloads\rkill.exe
2014-03-30 18:15 - 2014-04-02 21:11 - 00000000 ____D () C:\Users\gokarna\Downloads\Sinead O'Connor So Far... The Best Of
2014-03-30 17:41 - 2014-03-30 17:47 - 107907946 _____ () C:\Users\gokarna\Downloads\The Rolling Stones - GRRR! (Deluxe Version) CD2.zip
2014-03-30 01:27 - 2014-03-30 01:59 - 00000000 ____D () C:\Users\gokarna\Documents\Spybot Docs
2014-03-30 00:51 - 2014-03-30 00:51 - 04745728 _____ (AVAST Software) C:\Users\gokarna\Downloads\aswMBR.exe
2014-03-30 00:47 - 2014-03-30 00:48 - 00688992 ____R (Swearware) C:\Users\gokarna\Downloads\dds.scr
2014-03-30 00:45 - 2014-03-30 00:46 - 00000000 ____D () C:\Program Files\ERUNT
2014-03-30 00:45 - 2014-03-30 00:45 - 00000898 _____ () C:\Users\UpdatusUser\Desktop\NTREGOPT.lnk
2014-03-30 00:45 - 2014-03-30 00:45 - 00000898 _____ () C:\Users\gokarna\Desktop\NTREGOPT.lnk
2014-03-30 00:45 - 2014-03-30 00:45 - 00000879 _____ () C:\Users\UpdatusUser\Desktop\ERUNT.lnk
2014-03-30 00:45 - 2014-03-30 00:45 - 00000879 _____ () C:\Users\gokarna\Desktop\ERUNT.lnk
2014-03-30 00:42 - 2014-03-30 00:42 - 00791393 _____ (Lars Hederer ) C:\Users\gokarna\Downloads\erunt-setup.exe
2014-03-29 17:55 - 2014-03-29 17:55 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-29 17:13 - 2014-03-29 17:13 - 00000000 ____D () C:\Users\gokarna\AppData\Roaming\uTorrent
2014-03-28 23:10 - 2014-03-28 23:10 - 00001989 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-03-28 23:09 - 2014-03-28 22:57 - 00450709 ____R () C:\Windows\system32\Drivers\etc\hosts.20140328-220935.backup
2014-03-28 22:57 - 2014-03-28 22:55 - 00450709 ____R () C:\Windows\system32\Drivers\etc\hosts.20140328-215753.backup
2014-03-28 22:55 - 2014-03-28 22:55 - 00450709 ____R () C:\Windows\system32\Drivers\etc\hosts.20140328-215542.backup
2014-03-26 19:09 - 2014-03-26 19:09 - 00000000 ____D () C:\Qoobox
2014-03-26 19:05 - 2014-03-30 12:32 - 00000000 ____D () C:\Windows\erdnt
2014-03-26 19:05 - 2014-03-26 19:13 - 00000000 ___SD () C:\32788R22FWJFW
2014-03-23 04:00 - 2013-12-21 11:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-03-22 23:25 - 2014-03-01 07:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-22 23:25 - 2014-03-01 07:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-22 23:25 - 2014-03-01 07:10 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-22 23:25 - 2014-03-01 06:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-22 23:25 - 2014-03-01 06:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-22 23:25 - 2014-03-01 06:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-22 23:25 - 2014-03-01 06:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-22 23:25 - 2014-03-01 06:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-22 23:25 - 2014-03-01 06:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-22 23:25 - 2014-03-01 06:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-22 23:25 - 2014-03-01 06:38 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-22 23:25 - 2014-03-01 06:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-22 23:25 - 2014-03-01 06:31 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-22 23:25 - 2014-03-01 06:25 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-22 23:25 - 2014-03-01 06:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-22 23:25 - 2014-03-01 06:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-22 23:25 - 2014-03-01 06:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-22 23:25 - 2014-03-01 06:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-22 23:25 - 2014-03-01 05:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-22 23:25 - 2014-03-01 05:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-22 23:25 - 2014-03-01 05:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-22 23:25 - 2014-03-01 05:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-21 17:47 - 2014-03-21 17:47 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_iusb3hcs_01009.Wdf
2014-03-21 17:47 - 2013-02-22 04:40 - 00016880 _____ (Intel Corporation) C:\Windows\system32\Drivers\iusb3hcs.sys
2014-03-21 17:46 - 2014-03-21 17:56 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-03-21 17:46 - 2014-03-21 17:46 - 00000020 ___SH () C:\Users\UpdatusUser\ntuser.ini
2014-03-21 17:46 - 2013-02-19 02:17 - 03109888 _____ (Qualcomm Atheros Communications, Inc.) C:\Windows\system32\Drivers\athr.sys
2014-03-21 17:46 - 2009-07-14 07:42 - 00000000 ___RD () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-03-21 17:46 - 2009-07-14 07:37 - 00000000 ___RD () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-03-21 17:45 - 2013-03-15 08:46 - 00053024 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2014-03-21 17:45 - 2013-03-15 05:59 - 04119328 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2014-03-21 17:45 - 2013-03-15 05:59 - 03014432 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc.dll
2014-03-21 17:45 - 2013-03-15 05:59 - 02555168 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2014-03-21 17:45 - 2013-03-15 05:59 - 00634144 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2014-03-21 17:45 - 2013-03-15 05:59 - 00223008 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2014-03-21 17:45 - 2013-03-15 05:59 - 00062752 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2014-03-21 17:44 - 2014-03-21 17:45 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-03-21 17:44 - 2014-03-21 17:44 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-03-21 17:44 - 2013-03-15 08:46 - 08952608 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-03-21 17:44 - 2013-03-15 08:46 - 00013625 _____ () C:\Windows\system32\nvinfo.pb
2014-03-21 17:43 - 2013-03-15 08:46 - 20542752 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv32.dll
2014-03-21 17:43 - 2013-03-15 08:46 - 17560352 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-03-21 17:43 - 2013-03-15 08:46 - 15042928 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dum.dll
2014-03-21 17:43 - 2013-03-15 08:46 - 13088000 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2um.dll
2014-03-21 17:43 - 2013-03-15 08:46 - 07959000 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-03-21 17:43 - 2013-03-15 08:46 - 06271872 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-03-21 17:43 - 2013-03-15 08:46 - 02728736 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-03-21 17:43 - 2013-03-15 08:46 - 02539128 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi.dll
2014-03-21 17:43 - 2013-03-15 08:46 - 01995552 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-03-21 17:43 - 2013-03-15 08:46 - 01012512 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco3231422.dll
2014-03-21 17:43 - 2013-03-15 08:46 - 00892704 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco3231422.dll
2014-03-21 17:42 - 2014-03-21 17:42 - 00000000 ____D () C:\Program Files\CONEXANT
2014-03-21 17:42 - 2011-08-08 06:30 - 01475200 _____ (Conexant Systems Inc.) C:\Windows\system32\CX32AP51.dll
2014-03-21 17:42 - 2011-08-08 06:30 - 01293440 _____ (Conexant Systems Inc.) C:\Windows\system32\Drivers\CHDRT32.sys
2014-03-21 17:42 - 2011-08-08 06:30 - 00352256 _____ (Conexant Systems, Inc.) C:\Windows\system32\UCI32A80.dll
2014-03-21 17:42 - 2011-08-08 06:30 - 00090752 _____ (Conexant Systems, Inc.) C:\Windows\system32\FMPropPageExt.dll
2014-03-21 17:42 - 2011-08-08 06:30 - 00030873 _____ () C:\Windows\system32\Drivers\Mixer.ini
2014-03-21 17:40 - 2013-02-25 08:27 - 00154400 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda32v.sys
2014-03-21 17:40 - 2013-02-25 08:27 - 00028448 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap32.dll
2014-03-21 17:40 - 2013-01-29 11:35 - 00892704 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco3220103.dll
2014-03-21 17:39 - 2013-03-18 15:37 - 00541680 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorA.sys
2014-03-21 17:39 - 2013-03-18 15:37 - 00026608 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorF.sys
2014-03-21 17:39 - 2013-03-04 14:35 - 00643656 _____ (Realtek ) C:\Windows\system32\Drivers\Rt86win7.sys
2014-03-21 17:39 - 2013-03-04 14:35 - 00085064 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp32.dll
2014-03-21 17:38 - 2014-03-21 17:38 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_TeeDriver_01011.Wdf
2014-03-21 17:36 - 2013-03-20 18:45 - 01629040 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01011.dll
2014-03-21 17:36 - 2013-03-20 18:45 - 00085976 _____ (Intel Corporation) C:\Windows\system32\Drivers\TeeDriver.sys
2014-03-21 17:36 - 2012-10-18 12:05 - 09888400 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtsPStorIcon.dll
2014-03-21 17:36 - 2012-10-18 12:05 - 00258704 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RtsPStor.sys
2014-03-21 17:34 - 2013-03-27 10:16 - 00158688 _____ (Qualcomm Atheros) C:\Windows\system32\Drivers\btath_hcrp.sys
2014-03-21 17:32 - 2013-03-27 10:16 - 00027976 _____ (Qualcomm Atheros) C:\Windows\system32\Drivers\btath_bus.sys
2014-03-21 17:31 - 2013-03-27 10:16 - 00496456 _____ (Qualcomm Atheros) C:\Windows\system32\Drivers\btfilter.sys
2014-03-21 17:27 - 2013-03-27 10:16 - 00302920 _____ (Qualcomm Atheros) C:\Windows\system32\Drivers\btath_a2dp.sys
2014-03-21 17:27 - 2013-03-27 10:16 - 00119624 _____ (Qualcomm Atheros) C:\Windows\system32\Drivers\btath_rcp.sys
2014-03-21 17:27 - 2013-03-27 10:16 - 00101192 _____ (Qualcomm Atheros) C:\Windows\system32\Drivers\btath_avdt.sys
2014-03-21 17:27 - 2013-03-27 10:16 - 00066448 _____ (Qualcomm Atheros) C:\Windows\system32\Drivers\btath_lwflt.sys
2014-03-21 15:02 - 2014-03-21 15:02 - 01051136 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-03-21 15:02 - 2014-03-21 15:02 - 00645120 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-03-21 15:02 - 2014-03-21 15:02 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-03-21 15:02 - 2014-03-21 15:02 - 00610304 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-03-21 15:02 - 2014-03-21 15:02 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-03-21 15:02 - 2014-03-21 15:02 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-03-21 15:02 - 2014-03-21 15:02 - 00244736 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-03-21 15:02 - 2014-03-21 15:02 - 00238288 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-03-21 15:02 - 2014-03-21 15:02 - 00233472 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-03-21 15:02 - 2014-03-21 15:02 - 00208384 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-03-21 15:02 - 2014-03-21 15:02 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-03-21 15:02 - 2014-03-21 15:02 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-03-21 15:02 - 2014-03-21 15:02 - 00151552 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-03-21 15:02 - 2014-03-21 15:02 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-03-21 15:02 - 2014-03-21 15:02 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-03-21 15:02 - 2014-03-21 15:02 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-03-21 15:02 - 2014-03-21 15:02 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-03-21 15:02 - 2014-03-21 15:02 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-03-21 15:02 - 2014-03-21 15:02 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-03-21 15:02 - 2014-03-21 15:02 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-03-21 15:02 - 2014-03-21 15:02 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-03-21 15:02 - 2014-03-21 15:02 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-03-21 15:02 - 2014-03-21 15:02 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-03-21 15:02 - 2014-03-21 15:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-03-21 15:02 - 2014-03-21 15:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-03-21 15:02 - 2014-03-21 15:02 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-03-21 15:02 - 2014-03-21 15:02 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-03-21 15:02 - 2014-03-21 15:02 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-03-21 15:02 - 2014-03-21 15:02 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-03-21 15:02 - 2014-03-21 15:02 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-03-21 15:02 - 2014-03-21 15:02 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-03-21 15:02 - 2014-03-21 15:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-03-21 15:02 - 2014-03-21 15:02 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-03-21 12:51 - 2014-03-21 12:51 - 00001815 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-03-21 12:51 - 2014-03-21 12:51 - 00000000 ____D () C:\Program Files\QuickTime
2014-03-21 12:37 - 2014-03-21 12:38 - 41945432 _____ (Apple Inc.) C:\Users\gokarna\Downloads\QuickTimeInstaller.exe
2014-03-21 10:48 - 2014-02-04 05:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-21 10:48 - 2013-12-25 02:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-03-21 10:48 - 2013-11-26 11:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-03-21 10:48 - 2013-11-23 21:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2014-03-21 10:48 - 2012-02-11 08:37 - 00317440 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
2014-03-21 10:48 - 2011-02-25 08:30 - 02616320 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2014-03-21 04:10 - 2013-05-10 07:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-03-21 04:10 - 2013-05-10 07:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-03-21 04:08 - 2014-03-21 15:03 - 00014518 _____ () C:\Windows\IE11_main.log
2014-03-21 04:03 - 2014-03-21 04:03 - 02284544 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-03-21 04:03 - 2014-03-21 04:03 - 01247744 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2014-03-21 04:03 - 2014-03-21 04:03 - 01158144 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2014-03-21 04:03 - 2014-03-21 04:03 - 01080832 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2014-03-21 04:03 - 2014-03-21 04:03 - 00906240 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2014-03-21 04:03 - 2014-03-21 04:03 - 00604160 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2014-03-21 04:03 - 2014-03-21 04:03 - 00364544 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2014-03-21 04:03 - 2014-03-21 04:03 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2014-03-21 04:03 - 2014-03-21 04:03 - 00249856 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2014-03-21 04:03 - 2014-03-21 04:03 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2014-03-21 04:03 - 2014-03-21 04:03 - 00207872 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2014-03-21 04:03 - 2014-03-21 04:03 - 00187392 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2014-03-21 04:03 - 2014-03-21 04:03 - 00161792 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2014-03-21 04:03 - 2014-03-21 04:03 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\taskhost.exe
2014-03-21 04:03 - 2014-03-21 04:03 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2014-03-21 04:03 - 2014-03-21 04:03 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-03-21 04:03 - 2014-03-21 04:03 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-03-21 04:03 - 2014-03-21 04:03 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-03-21 04:03 - 2014-03-21 04:03 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2014-03-21 04:03 - 2014-03-21 04:03 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-03-21 04:03 - 2014-03-21 04:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2014-03-21 04:03 - 2014-03-21 04:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-03-21 04:03 - 2014-03-21 04:03 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-03-21 04:02 - 2014-03-21 04:02 - 01505280 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2014-03-21 04:01 - 2014-03-21 04:05 - 00009285 _____ () C:\Windows\IE10_main.log
2014-03-20 11:32 - 2014-02-04 05:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-20 11:32 - 2013-10-30 05:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2014-03-20 11:32 - 2013-10-04 04:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2014-03-20 11:32 - 2013-10-04 04:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-03-20 11:32 - 2013-10-04 04:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2014-03-20 11:32 - 2013-09-14 03:48 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-03-20 11:32 - 2013-09-08 05:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2014-03-20 11:32 - 2013-07-09 07:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-03-20 11:32 - 2013-07-09 07:50 - 00652800 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-03-20 11:32 - 2013-07-04 14:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2014-03-20 11:32 - 2013-07-03 06:36 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2014-03-20 11:32 - 2013-07-03 06:36 - 00025728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2014-03-20 11:32 - 2012-08-22 20:16 - 00712048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2014-03-20 11:32 - 2012-07-04 22:45 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RNDISMP.sys
2014-03-20 11:31 - 2014-02-07 04:07 - 02349056 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-20 11:31 - 2014-01-28 05:07 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-20 11:31 - 2014-01-01 02:05 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-03-20 11:31 - 2013-12-06 05:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-03-20 11:31 - 2013-12-06 05:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-03-20 11:31 - 2013-11-12 05:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-03-20 11:31 - 2013-10-19 04:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2014-03-20 11:31 - 2013-10-12 05:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2014-03-20 11:31 - 2013-10-12 05:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2014-03-20 11:31 - 2013-10-12 04:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2014-03-20 11:31 - 2013-10-12 04:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2014-03-20 11:31 - 2013-09-25 05:01 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-03-20 11:31 - 2013-09-25 05:01 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-03-20 11:31 - 2013-09-25 04:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-03-20 11:31 - 2013-09-25 04:57 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-03-20 11:31 - 2013-09-25 04:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-03-20 11:31 - 2013-09-25 04:56 - 01038848 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-03-20 11:31 - 2013-09-25 04:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-03-20 11:31 - 2013-09-25 03:49 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-03-20 11:31 - 2013-09-25 03:49 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-03-20 11:31 - 2013-08-29 04:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2014-03-20 11:31 - 2013-08-29 04:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-03-20 11:31 - 2013-08-29 04:50 - 01289096 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-03-20 11:31 - 2013-08-29 04:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2014-03-20 11:31 - 2013-08-29 04:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2014-03-20 11:31 - 2013-08-28 03:57 - 00434688 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2014-03-20 11:31 - 2013-08-01 14:03 - 00729024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-03-20 11:31 - 2013-07-20 13:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2014-03-20 11:31 - 2013-07-04 15:16 - 00369848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2014-03-20 11:31 - 2013-06-06 07:52 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2014-03-20 11:31 - 2013-06-06 07:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2014-03-20 11:31 - 2013-06-06 07:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2014-03-20 11:31 - 2013-06-06 06:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2014-03-20 11:31 - 2013-06-06 06:01 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2014-03-20 11:31 - 2013-05-13 06:08 - 00903168 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2014-03-20 11:31 - 2013-05-13 06:08 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll
2014-03-20 11:31 - 2013-05-10 06:20 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
2014-03-20 11:31 - 2013-04-26 07:55 - 00492544 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2014-03-20 11:31 - 2013-04-10 08:18 - 00218984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2014-03-20 11:31 - 2013-03-19 06:33 - 00040960 _____ (Microsoft Corporation) C:\Windows\system32\wwanprotdim.dll
2014-03-20 11:31 - 2012-10-03 19:42 - 00242176 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2014-03-20 11:31 - 2012-10-03 19:42 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\netcorehc.dll
2014-03-20 11:31 - 2012-10-03 19:42 - 00156672 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2014-03-20 11:31 - 2012-10-03 19:42 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2014-03-20 11:31 - 2012-10-03 19:42 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\netevent.dll
2014-03-20 11:31 - 2012-10-03 19:40 - 00499712 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
2014-03-20 11:31 - 2012-10-03 18:21 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
2014-03-20 11:31 - 2012-08-21 23:12 - 00245760 _____ (Microsoft Corporation) C:\Windows\system32\OxpsConverter.exe
2014-03-20 11:30 - 2014-01-29 05:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-20 11:30 - 2013-12-04 05:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-03-20 11:30 - 2013-12-04 05:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-03-20 11:30 - 2013-12-04 05:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-03-20 11:30 - 2013-12-04 05:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-03-20 11:30 - 2013-12-04 05:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-03-20 11:30 - 2013-12-04 04:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-03-20 11:30 - 2013-12-04 04:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-03-20 11:30 - 2013-12-04 04:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-03-20 11:30 - 2013-12-04 04:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-03-20 11:30 - 2013-11-27 04:14 - 00258560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-03-20 11:30 - 2013-11-27 04:13 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-03-20 11:30 - 2013-11-27 04:13 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-03-20 11:30 - 2013-11-27 04:13 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-03-20 11:30 - 2013-11-27 04:13 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-03-20 11:30 - 2013-11-27 04:13 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-03-20 11:30 - 2013-11-27 04:13 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-03-20 11:30 - 2013-11-26 14:11 - 00240576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-03-20 11:30 - 2013-10-12 05:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2014-03-20 11:30 - 2013-10-12 05:01 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2014-03-20 11:30 - 2013-10-12 05:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2014-03-20 11:30 - 2013-10-05 22:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-03-20 11:30 - 2013-10-04 04:49 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2014-03-20 11:30 - 2013-10-04 04:17 - 00177152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2014-03-20 11:30 - 2013-10-03 04:58 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-03-20 11:30 - 2013-09-08 05:07 - 01294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-03-20 11:30 - 2013-08-05 04:56 - 00133056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2014-03-20 11:30 - 2013-08-02 04:50 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2014-03-20 11:30 - 2013-08-02 04:49 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-03-20 11:30 - 2013-08-02 04:49 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-03-20 11:30 - 2013-08-02 04:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2014-03-20 11:30 - 2013-08-02 04:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2014-03-20 11:30 - 2013-08-02 04:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2014-03-20 11:30 - 2013-08-02 04:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2014-03-20 11:30 - 2013-08-02 04:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2014-03-20 11:30 - 2013-08-02 04:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2014-03-20 11:30 - 2013-08-02 04:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2014-03-20 11:30 - 2013-08-02 04:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2014-03-20 11:30 - 2013-08-02 04:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2014-03-20 11:30 - 2013-08-02 04:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2014-03-20 11:30 - 2013-08-02 04:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2014-03-20 11:30 - 2013-08-02 04:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2014-03-20 11:30 - 2013-08-02 04:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2014-03-20 11:30 - 2013-08-02 04:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2014-03-20 11:30 - 2013-08-02 04:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2014-03-20 11:30 - 2013-08-02 04:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2014-03-20 11:30 - 2013-08-02 04:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2014-03-20 11:30 - 2013-08-02 04:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2014-03-20 11:30 - 2013-08-02 04:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2014-03-20 11:30 - 2013-08-02 04:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2014-03-20 11:30 - 2013-08-02 04:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2014-03-20 11:30 - 2013-08-02 04:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2014-03-20 11:30 - 2013-08-02 04:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2014-03-20 11:30 - 2013-08-02 04:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2014-03-20 11:30 - 2013-08-02 03:52 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2014-03-20 11:30 - 2013-08-02 03:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2014-03-20 11:30 - 2013-08-02 03:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2014-03-20 11:30 - 2013-08-02 03:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2014-03-20 11:30 - 2013-08-02 03:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2014-03-20 11:30 - 2013-07-26 04:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-03-20 11:30 - 2013-07-26 04:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2014-03-20 11:30 - 2013-07-25 11:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2014-03-20 11:30 - 2013-07-12 13:08 - 00146816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2014-03-20 11:30 - 2013-07-12 13:07 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2014-03-20 11:30 - 2013-07-12 13:07 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys
2014-03-20 11:30 - 2013-07-09 07:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-03-20 11:30 - 2013-07-09 07:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2014-03-20 11:30 - 2013-07-04 14:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2014-03-20 11:30 - 2013-07-04 14:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2014-03-20 11:30 - 2013-07-04 12:48 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2014-03-20 11:30 - 2013-06-26 01:56 - 00527064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2014-03-20 11:30 - 2012-10-09 20:40 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore6.dll
2014-03-20 11:30 - 2012-10-09 20:40 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc6.dll
2014-03-20 11:25 - 2013-06-15 06:40 - 00918528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-03-20 11:25 - 2013-06-15 06:38 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-03-20 11:25 - 2013-02-27 08:05 - 00101720 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-03-20 11:25 - 2013-02-27 07:49 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2014-03-20 04:02 - 2014-03-20 04:02 - 00000000 ____D () C:\Windows\system32\SPReview
2014-03-20 04:02 - 2014-03-20 04:02 - 00000000 ____D () C:\Windows\system32\EventProviders
2014-03-20 04:00 - 2014-03-20 04:02 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-20 04:00 - 2014-03-02 15:03 - 87350280 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
wendyseana
2014-04-13, 17:46
2014-03-19 23:54 - 2014-03-19 23:54 - 00000000 ____D () C:\Users\gokarna\AppData\Roaming\Media Player Classic
2014-03-19 17:56 - 2014-03-29 18:46 - 00000298 _____ () C:\Windows\wininit.ini
2014-03-19 17:16 - 2010-11-20 15:21 - 01159168 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2014-03-19 17:16 - 2010-11-20 15:21 - 00120320 _____ (Microsoft Corporation) C:\Windows\system32\tssrvlic.dll
2014-03-19 17:16 - 2010-11-20 15:21 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-03-19 17:16 - 2010-11-20 15:19 - 00954752 _____ (Microsoft Corporation) C:\Windows\system32\mfc40.dll
2014-03-19 17:16 - 2010-11-20 15:19 - 00954288 _____ (Microsoft Corporation) C:\Windows\system32\mfc40u.dll
2014-03-19 17:16 - 2010-11-20 15:19 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\LSCSHostPolicy.dll
2014-03-19 17:16 - 2010-11-20 15:17 - 00080896 _____ () C:\Windows\system32\RDVGHelper.exe
2014-03-19 17:16 - 2010-11-20 13:24 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-03-19 17:16 - 2010-11-05 04:58 - 01130824 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-03-19 17:15 - 2010-11-20 15:36 - 01077248 _____ (Microsoft Corporation) C:\Windows\system32\Narrator.exe
2014-03-19 17:15 - 2010-11-20 15:36 - 00107008 _____ (Microsoft Corporation) C:\Windows\system32\NAPHLPR.DLL
2014-03-19 17:15 - 2010-11-20 15:36 - 00046080 _____ (Microsoft Corporation) C:\Windows\system32\NAPCRYPT.DLL
2014-03-19 17:15 - 2010-11-20 15:32 - 05066752 _____ (Microsoft Corporation) C:\Windows\system32\AuthFWSnapin.dll
2014-03-19 17:15 - 2010-11-20 15:30 - 00245632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys
2014-03-19 17:15 - 2010-11-20 15:30 - 00233344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-03-19 17:15 - 2010-11-20 15:30 - 00175360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vmbus.sys
2014-03-19 17:15 - 2010-11-20 15:30 - 00173440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdyboost.sys
2014-03-19 17:15 - 2010-11-20 15:30 - 00160128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys
2014-03-19 17:15 - 2010-11-20 15:30 - 00153984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys
2014-03-19 17:15 - 2010-11-20 15:30 - 00140160 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\scsiport.sys
2014-03-19 17:15 - 2010-11-20 15:30 - 00130432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpio.sys
2014-03-19 17:15 - 2010-11-20 15:30 - 00116096 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msdsm.sys
2014-03-19 17:15 - 2010-11-20 15:30 - 00085376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sbp2port.sys
2014-03-19 17:15 - 2010-11-20 15:30 - 00078208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2014-03-19 17:15 - 2010-11-20 15:30 - 00053120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgr.sys
2014-03-19 17:15 - 2010-11-20 15:30 - 00053120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\termdd.sys
2014-03-19 17:15 - 2010-11-20 15:30 - 00040704 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vmstorfl.sys
2014-03-19 17:15 - 2010-11-20 15:30 - 00028032 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storvsc.sys
2014-03-19 17:15 - 2010-11-20 15:30 - 00028032 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msahci.sys
2014-03-19 17:15 - 2010-11-20 15:29 - 02217856 _____ (Microsoft Corporation) C:\Windows\system32\bootres.dll
2014-03-19 17:15 - 2010-11-20 15:29 - 00520064 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll
2014-03-19 17:15 - 2010-11-20 15:29 - 00274304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\acpi.sys
2014-03-19 17:15 - 2010-11-20 15:29 - 00194432 _____ (Microsoft Corporation) C:\Windows\system32\halmacpi.dll
2014-03-19 17:15 - 2010-11-20 15:29 - 00194432 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2014-03-19 17:15 - 2010-11-20 15:29 - 00137088 _____ (Microsoft Corporation) C:\Windows\system32\halacpi.dll
2014-03-19 17:15 - 2010-11-20 15:29 - 00043392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\winhv.sys
2014-03-19 17:15 - 2010-11-20 15:29 - 00014208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hwpolicy.sys
2014-03-19 17:15 - 2010-11-20 15:24 - 00690680 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2014-03-19 17:15 - 2010-11-20 15:24 - 00508904 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-03-19 17:15 - 2010-11-20 15:24 - 00442720 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2014-03-19 17:15 - 2010-11-20 15:24 - 00271664 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll
2014-03-19 17:15 - 2010-11-20 15:23 - 00144768 _____ (Microsoft Corporation) C:\Windows\system32\basecsp.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 02983424 _____ (Microsoft Corporation) C:\Windows\system32\UIRibbon.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 02755072 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 02311168 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 02202624 _____ (Microsoft Corporation) C:\Windows\system32\SensorsCpl.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 02157568 _____ (Microsoft Corporation) C:\Windows\system32\themecpl.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 02146304 _____ (Microsoft Corporation) C:\Windows\system32\SyncCenter.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 01712640 _____ (Microsoft Corporation) C:\Windows\system32\xpsservices.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 01667584 _____ (Microsoft Corporation) C:\Windows\system32\setupapi.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 01624064 _____ (Microsoft Corporation) C:\Windows\system32\WMPEncEn.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 01363456 _____ (Microsoft Corporation) C:\Windows\system32\Query.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 01326592 _____ (Microsoft Corporation) C:\Windows\system32\wlanpref.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 01227776 _____ (Microsoft Corporation) C:\Windows\system32\wdc.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 01175040 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 01128448 _____ (Microsoft Corporation) C:\Windows\system32\vssapi.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 01115136 _____ (Microsoft Corporation) C:\Windows\system32\RacEngn.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 01086976 _____ (Microsoft Corporation) C:\Windows\system32\wevtsvc.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 01063936 _____ (Microsoft Corporation) C:\Windows\system32\werconcpl.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 01003008 _____ (Microsoft Corporation) C:\Windows\system32\WMNetMgr.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00974336 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00933376 _____ (Microsoft Corporation) C:\Windows\system32\Vault.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00907776 _____ (Microsoft Corporation) C:\Windows\system32\sdengin2.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00902656 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL
2014-03-19 17:15 - 2010-11-20 15:21 - 00811520 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00782336 _____ (Microsoft Corporation) C:\Windows\system32\webservices.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00778240 _____ (Microsoft Corporation) C:\Windows\system32\sqlsrv32.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00766464 _____ (Microsoft Corporation) C:\Windows\system32\wpccpl.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00755200 _____ (Microsoft Corporation) C:\Windows\system32\sud.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00750592 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00750080 _____ (Microsoft Corporation) C:\Windows\system32\sdcpl.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00739328 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL
2014-03-19 17:15 - 2010-11-20 15:21 - 00738816 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00697344 _____ (Microsoft Corporation) C:\Windows\system32\SmiEngine.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\SearchFolder.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00638976 _____ (Microsoft Corporation) C:\Windows\system32\VAN.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00616960 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00600064 _____ (Microsoft Corporation) C:\Windows\system32\usercpl.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00577024 _____ (Microsoft Corporation) C:\Windows\system32\wpd_ci.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00551424 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00541184 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL
2014-03-19 17:15 - 2010-11-20 15:21 - 00521216 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmdev.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00505856 _____ (Microsoft Corporation) C:\Windows\system32\taskschd.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00473600 _____ (Microsoft Corporation) C:\Windows\system32\riched20.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00464896 _____ (Microsoft Corporation) C:\Windows\system32\scrptadm.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00463360 _____ (Microsoft Corporation) C:\Windows\system32\wiaservc.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00458752 _____ (Microsoft Corporation) C:\Windows\system32\WSDApi.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00444928 _____ (Microsoft Corporation) C:\Windows\system32\wvc.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00436736 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmnet.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00428544 _____ (Microsoft Corporation) C:\Windows\system32\shwebsvc.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00428032 _____ (Microsoft Corporation) C:\Windows\system32\wlanmsm.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00416768 _____ (Microsoft Corporation) C:\Windows\system32\wiadefui.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00412160 _____ (Microsoft Corporation) C:\Windows\system32\sppwinob.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00411648 _____ (Microsoft Corporation) C:\Windows\system32\wlangpui.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00410624 _____ (Microsoft Corporation) C:\Windows\system32\systemcpl.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00410112 _____ (Microsoft Corporation) C:\Windows\system32\wlanui.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\wimgapi.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00380416 _____ (Microsoft Corporation) C:\Windows\system32\sxs.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00376832 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00372224 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00363520 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00352768 _____ (Microsoft Corporation) C:\Windows\system32\termmgr.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00352768 _____ (Microsoft Corporation) C:\Windows\system32\spwizeng.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00352256 _____ (Microsoft Corporation) C:\Windows\system32\wmpeffects.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00351232 _____ (Microsoft Corporation) C:\Windows\system32\wmicmiplugin.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00351232 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00350720 _____ (Microsoft Corporation) C:\Windows\system32\WPDSp.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00350208 _____ (Microsoft Corporation) C:\Windows\system32\shlwapi.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\untfs.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00335872 _____ (Microsoft Corporation) C:\Windows\system32\WinSATAPI.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00328192 _____ (Microsoft Corporation) C:\Windows\system32\shsvcs.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00327680 _____ (Microsoft Corporation) C:\Windows\system32\zipfldr.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00318976 _____ (Microsoft Corporation) C:\Windows\system32\raschap.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\sharemediacpl.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\sqlcese30.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00307712 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\taskcomp.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00301568 _____ (Microsoft Corporation) C:\Windows\system32\srchadmin.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00299520 _____ (Microsoft Corporation) C:\Windows\system32\wmpdxm.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00286208 _____ (Microsoft Corporation) C:\Windows\system32\rasmans.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00276992 _____ (Microsoft Corporation) C:\Windows\system32\wcncsvc.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00270848 _____ (Microsoft Corporation) C:\Windows\system32\tsmf.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00269824 _____ (Microsoft Corporation) C:\Windows\system32\Wldap32.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00257024 _____ (Microsoft Corporation) C:\Windows\system32\srrstr.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00253952 _____ (Microsoft Corporation) C:\Windows\system32\spwizui.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\ReAgent.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00246272 _____ (Microsoft Corporation) C:\Windows\system32\scansetting.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00242176 _____ (Microsoft Corporation) C:\Windows\system32\vpnike.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00242176 _____ (Microsoft Corporation) C:\Windows\system32\tapisrv.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00233472 _____ (Microsoft Corporation) C:\Windows\system32\taskbarcpl.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00228352 _____ (Microsoft Corporation) C:\Windows\system32\stobject.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00222208 _____ (Microsoft Corporation) C:\Windows\system32\wavemsp.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\SndVolSSO.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\ws2_32.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\upnp.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00202240 _____ (Microsoft Corporation) C:\Windows\system32\unattend.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00198144 _____ (Microsoft Corporation) C:\Windows\system32\wpdwcn.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00198144 _____ (Microsoft Corporation) C:\Windows\system32\sysclass.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00196608 _____ (Microsoft Corporation) C:\Windows\system32\wwanconn.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00196096 _____ (Microsoft Corporation) C:\Windows\system32\vaultsvc.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\winmm.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\sppcomapi.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00186368 _____ (Microsoft Corporation) C:\Windows\system32\rdpencom.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\wmpsrcwp.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00181760 _____ (Microsoft Corporation) C:\Windows\system32\tcpipcfg.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\rasppp.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00175616 _____ (Microsoft Corporation) C:\Windows\system32\scecli.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\spp.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00171008 _____ (Microsoft Corporation) C:\Windows\system32\umrdp.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00160256 _____ (Microsoft Corporation) C:\Windows\system32\vdsbas.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\syncui.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00156672 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00154624 _____ (Microsoft Corporation) C:\Windows\system32\tscfgwmi.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00151040 _____ (Microsoft Corporation) C:\Windows\system32\vdsutil.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\remotepg.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\twext.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\wmpps.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\recovery.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\XpsRasterService.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00134656 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00133632 _____ (Microsoft Corporation) C:\Windows\system32\tspubwmi.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\sdrsvc.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00119808 _____ (Microsoft Corporation) C:\Windows\system32\umpo.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00118784 _____ (Microsoft Corporation) C:\Windows\system32\uxlib.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\sppnp.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\setupcln.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\SessEnv.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00111104 _____ (Microsoft Corporation) C:\Windows\system32\shsetup.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00109568 _____ (Microsoft Corporation) C:\Windows\system32\wiavideo.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\shacct.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\WPDShServiceObj.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00105472 _____ (Microsoft Corporation) C:\Windows\system32\wmpshell.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\sppinst.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\srvcli.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\wpdbusenum.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\wkssvc.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\thumbcache.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\userenv.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\QUTIL.DLL
2014-03-19 17:15 - 2010-11-20 15:21 - 00078848 _____ (Microsoft Corporation) C:\Windows\system32\UserAccountControlSettings.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\TabSvc.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\regapi.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00071168 _____ (Microsoft Corporation) C:\Windows\system32\resutils.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\tlscsp.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\rastapi.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\spbcd.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\unimdmat.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\vfwwdm32.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\sppuinotify.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\rdpd3d.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\wsnmp32.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\wscapi.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00051200 _____ (Twain Working Group) C:\Windows\twain_32.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\samcli.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\umb.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\wkscli.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\WavDest.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00046080 _____ (Microsoft Corporation) C:\Windows\system32\RpcRtRemote.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wtsapi32.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\rtutils.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\wshbth.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\shimgvw.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\wiarpc.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\wdiasqmmodule.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\utildll.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\vpnikeapi.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00021504 _____ (Microsoft Corporation) C:\Windows\system32\TRAPI.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00021504 _____ (Microsoft Corporation) C:\Windows\system32\rdprefdrvapi.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\spopk.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\sisbkup.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\schedcli.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\syssetup.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\slwga.dll
2014-03-19 17:15 - 2010-11-20 15:21 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\tsbyuv.dll
2014-03-19 17:15 - 2010-11-20 15:20 - 02504192 _____ (Microsoft Corporation) C:\Windows\system32\WMVCORE.DLL
2014-03-19 17:15 - 2010-11-20 15:20 - 02494464 _____ (Microsoft Corporation) C:\Windows\system32\netshell.dll
2014-03-19 17:15 - 2010-11-20 15:20 - 02130944 _____ (Microsoft Corporation) C:\Windows\system32\networkmap.dll
2014-03-19 17:15 - 2010-11-20 15:20 - 01750528 _____ (Microsoft Corporation) C:\Windows\system32\pnidui.dll
2014-03-19 17:15 - 2010-11-20 15:20 - 01661440 _____ (Microsoft Corporation) C:\Windows\system32\networkexplorer.dll
2014-03-19 17:15 - 2010-11-20 15:20 - 01644032 _____ (Microsoft Corporation) C:\Windows\system32\netcenter.dll
2014-03-19 17:15 - 2010-11-20 15:20 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\pla.dll
2014-03-19 17:15 - 2010-11-20 15:20 - 01414144 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2014-03-19 17:15 - 2010-11-20 15:20 - 01160192 _____ (Microsoft Corporation) C:\Windows\system32\OpcServices.dll
2014-03-19 17:15 - 2010-11-20 15:20 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\onexui.dll
2014-03-19 17:15 - 2010-11-20 15:20 - 00988160 _____ (Microsoft Corporation) C:\Windows\system32\propsys.dll
2014-03-19 17:15 - 2010-11-20 15:20 - 00932352 _____ (Microsoft Corporation) C:\Windows\system32\printui.dll
2014-03-19 17:15 - 2010-11-20 15:20 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\OobeFldr.dll
2014-03-19 17:15 - 2010-11-20 15:20 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\NaturalLanguage6.dll
2014-03-19 17:15 - 2010-11-20 15:20 - 00600576 _____ (Microsoft Corporation) C:\Windows\system32\PerfCenterCPL.dll
2014-03-19 17:15 - 2010-11-20 15:20 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\qmgr.dll
2014-03-19 17:15 - 2010-11-20 15:20 - 00573440 _____ (Microsoft Corporation) C:\Windows\system32\odbc32.dll
2014-03-19 17:15 - 2010-11-20 15:20 - 00563712 _____ (Microsoft Corporation) C:\Windows\system32\netlogon.dll
2014-03-19 17:15 - 2010-11-20 15:20 - 00547840 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceApi.dll
2014-03-19 17:15 - 2010-11-20 15:20 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\powercpl.dll
2014-03-19 17:15 - 2010-11-20 15:20 - 00427520 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceStatus.dll
2014-03-19 17:15 - 2010-11-20 15:20 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\netcfgx.dll
2014-03-19 17:15 - 2010-11-20 15:20 - 00395264 _____ (Microsoft Corporation) C:\Windows\system32\prnfldr.dll
2014-03-19 17:15 - 2010-11-20 15:20 - 00346112 _____ (Microsoft Corporation) C:\Windows\system32\nshipsec.dll
2014-03-19 17:15 - 2010-11-20 15:20 - 00330240 _____ (Microsoft Corporation) C:\Windows\system32\QAGENTRT.DLL
2014-03-19 17:15 - 2010-11-20 15:20 - 00324608 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2014-03-19 17:15 - 2010-11-20 15:20 - 00297472 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.dll
2014-03-19 17:15 - 2010-11-20 15:20 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\photowiz.dll
2014-03-19 17:15 - 2010-11-20 15:20 - 00283136 _____ (Microsoft Corporation) C:\Windows\system32\qdv.dll
2014-03-19 17:15 - 2010-11-20 15:20 - 00236544 _____ (Microsoft Corporation) C:\Windows\system32\pdh.dll
2014-03-19 17:15 - 2010-11-20 15:20 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\netdiagfx.dll
2014-03-19 17:15 - 2010-11-20 15:20 - 00218112 _____ (Microsoft Corporation) C:\Windows\system32\OnLineIDCpl.dll
2014-03-19 17:15 - 2010-11-20 15:20 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\qasf.dll
2014-03-19 17:15 - 2010-11-20 15:20 - 00199168 _____ (Microsoft Corporation) C:\Windows\system32\onex.dll
2014-03-19 17:15 - 2010-11-20 15:20 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\qcap.dll
2014-03-19 17:15 - 2010-11-20 15:20 - 00183296 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceSyncProvider.dll
2014-03-19 17:15 - 2010-11-20 15:20 - 00175616 _____ (Microsoft Corporation) C:\Windows\system32\netplwiz.dll
2014-03-19 17:15 - 2010-11-20 15:20 - 00174592 _____ (Microsoft Corporation) C:\Windows\system32\ocsetapi.dll
2014-03-19 17:15 - 2010-11-20 15:20 - 00171520 _____ (Microsoft Corporation) C:\Windows\system32\QAGENT.DLL
2014-03-19 17:15 - 2010-11-20 15:20 - 00167936 _____ (Microsoft Corporation) C:\Windows\system32\QSHVHOST.DLL
2014-03-19 17:15 - 2010-11-20 15:20 - 00166400 _____ (Microsoft Corporation) C:\Windows\system32\netiohlp.dll
2014-03-19 17:15 - 2010-11-20 15:20 - 00165376 _____ (Microsoft Corporation) C:\Windows\system32\provsvc.dll
2014-03-19 17:15 - 2010-11-20 15:20 - 00161792 _____ (Microsoft Corporation) C:\Windows\system32\netjoin.dll
2014-03-19 17:15 - 2010-11-20 15:20 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\mydocs.dll
2014-03-19 17:15 - 2010-11-20 15:20 - 00121344 _____ (Microsoft Corporation) C:\Windows\system32\sppc.dll
2014-03-19 17:15 - 2010-11-20 15:20 - 00120320 _____ (Microsoft Corporation) C:\Windows\system32\prntvpt.dll
2014-03-19 17:15 - 2010-11-20 15:20 - 00117248 _____ (Microsoft Corporation) C:\Windows\system32\netid.dll
2014-03-19 17:15 - 2010-11-20 15:20 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\prncache.dll
2014-03-19 17:15 - 2010-11-20 15:20 - 00099328 _____ (Microsoft Corporation) C:\Windows\system32\QSVRMGMT.DLL
2014-03-19 17:15 - 2010-11-20 15:20 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\olepro32.dll
2014-03-19 17:15 - 2010-11-20 15:20 - 00078848 _____ (Microsoft Corporation) C:\Windows\system32\nci.dll
2014-03-19 17:15 - 2010-11-20 15:20 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\olethk32.dll
2014-03-19 17:15 - 2010-11-20 15:20 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\QCLIPROV.DLL
2014-03-19 17:15 - 2010-11-20 15:20 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\ntlanman.dll
2014-03-19 17:15 - 2010-11-20 15:20 - 00068096 _____ (Microsoft Corporation) C:\Windows\system32\napdsnap.dll
2014-03-19 17:15 - 2010-11-20 15:20 - 00060928 _____ (Microsoft Corporation) C:\Windows\system32\ncryptui.dll
2014-03-19 17:15 - 2010-11-20 15:20 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\pdhui.dll
2014-03-19 17:15 - 2010-11-20 15:20 - 00040960 _____ (Microsoft Corporation) C:\Windows\system32\odbcconf.dll
2014-03-19 17:15 - 2010-11-20 15:20 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\PrintIsolationProxy.dll
2014-03-19 17:15 - 2010-11-20 15:20 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\netutils.dll
2014-03-19 17:15 - 2010-11-20 15:20 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\perfts.dll
2014-03-19 17:15 - 2010-11-20 15:20 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\nrpsrv.dll
2014-03-19 17:15 - 2010-11-20 15:19 - 03207680 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-03-19 17:15 - 2010-11-20 15:19 - 02291712 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
2014-03-19 17:15 - 2010-11-20 15:19 - 02151936 _____ (Microsoft Corporation) C:\Windows\system32\mmcndmgr.dll
2014-03-19 17:15 - 2010-11-20 15:19 - 01493504 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2014-03-19 17:15 - 2010-11-20 15:19 - 01066496 _____ (Microsoft Corporation) C:\Windows\system32\msdtctm.dll
2014-03-19 17:15 - 2010-11-20 15:19 - 00856576 _____ (Microsoft Corporation) C:\Windows\system32\FirewallControlPanel.dll
2014-03-19 17:15 - 2010-11-20 15:19 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2ENC.DLL
2014-03-19 17:15 - 2010-11-20 15:19 - 00828928 _____ (Microsoft Corporation) C:\Windows\system32\fontext.dll
2014-03-19 17:15 - 2010-11-20 15:19 - 00732160 _____ (Microsoft Corporation) C:\Windows\system32\imapi2fs.dll
2014-03-19 17:15 - 2010-11-20 15:19 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\mcmde.dll
2014-03-19 17:15 - 2010-11-20 15:19 - 00593408 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
2014-03-19 17:15 - 2010-11-20 15:19 - 00592384 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2014-03-19 17:15 - 2010-11-20 15:19 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\gpprefcl.dll
2014-03-19 17:15 - 2010-11-20 15:19 - 00566272 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
2014-03-19 17:15 - 2010-11-20 15:19 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2014-03-19 17:15 - 2010-11-20 15:19 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2014-03-19 17:15 - 2010-11-20 15:19 - 00481792 _____ (Microsoft Corporation) C:\Windows\system32\mscms.dll
2014-03-19 17:15 - 2010-11-20 15:19 - 00430080 _____ (Microsoft Corporation) C:\Windows\system32\FXSTIFF.dll
2014-03-19 17:15 - 2010-11-20 15:19 - 00429056 _____ (Microsoft Corporation) C:\Windows\system32\localsec.dll
2014-03-19 17:15 - 2010-11-20 15:19 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\msdri.dll
2014-03-19 17:15 - 2010-11-20 15:19 - 00414208 _____ (Microsoft Corporation) C:\Windows\system32\mspbda.dll
2014-03-19 17:15 - 2010-11-20 15:19 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\ipsmsnap.dll
2014-03-19 17:15 - 2010-11-20 15:19 - 00392192 _____ (Microsoft Corporation) C:\Windows\system32\imapi2.dll
2014-03-19 17:15 - 2010-11-20 15:19 - 00350208 _____ (Microsoft Corporation) C:\Windows\system32\IPSECSVC.DLL
2014-03-19 17:15 - 2010-11-20 15:19 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-03-19 17:15 - 2010-11-20 15:19 - 00320512 _____ (Microsoft Corporation) C:\Windows\system32\mtxclu.dll
2014-03-19 17:15 - 2010-11-20 15:19 - 00320512 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
2014-03-19 17:15 - 2010-11-20 15:19 - 00312832 _____ (Microsoft Corporation) C:\Windows\system32\hgcpl.dll
2014-03-19 17:15 - 2010-11-20 15:19 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\mfds.dll
2014-03-19 17:15 - 2010-11-20 15:19 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\iprtrmgr.dll
2014-03-19 17:15 - 2010-11-20 15:19 - 00268800 _____ (Microsoft Corporation) C:\Windows\system32\mprddm.dll
2014-03-19 17:15 - 2010-11-20 15:19 - 00266752 _____ (Microsoft Corporation) C:\Windows\system32\MediaMetadataHandler.dll
2014-03-19 17:15 - 2010-11-20 15:19 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2014-03-19 17:15 - 2010-11-20 15:19 - 00257024 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-03-19 17:15 - 2010-11-20 15:19 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\MSAC3ENC.DLL
2014-03-19 17:15 - 2010-11-20 15:19 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\iTVData.dll
2014-03-19 17:15 - 2010-11-20 15:19 - 00213504 _____ (Microsoft Corporation) C:\Windows\system32\MMDevAPI.dll
2014-03-19 17:15 - 2010-11-20 15:19 - 00209920 _____ (Microsoft Corporation) C:\Windows\system32\mstask.dll
2014-03-19 17:15 - 2010-11-20 15:19 - 00206336 _____ (Microsoft Corporation) C:\Windows\system32\framedynos.dll
2014-03-19 17:15 - 2010-11-20 15:19 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\framedyn.dll
2014-03-19 17:15 - 2010-11-20 15:19 - 00202240 _____ (Microsoft Corporation) C:\Windows\system32\input.dll
2014-03-19 17:15 - 2010-11-20 15:19 - 00196608 _____ (Microsoft Corporation) C:\Windows\system32\mfreadwrite.dll
2014-03-19 17:15 - 2010-11-20 15:19 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\ListSvc.dll
2014-03-19 17:15 - 2010-11-20 15:19 - 00176128 _____ (Microsoft Corporation) C:\Windows\system32\msorcl32.dll
2014-03-19 17:15 - 2010-11-20 15:19 - 00176128 _____ (Microsoft Corporation) C:\Windows\system32\MFPlay.dll
2014-03-19 17:15 - 2010-11-20 15:19 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\fvecpl.dll
2014-03-19 17:15 - 2010-11-20 15:19 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\iasrad.dll
2014-03-19 17:15 - 2010-11-20 15:19 - 00167936 _____ (Microsoft Corporation) C:\Windows\system32\msutb.dll
2014-03-19 17:15 - 2010-11-20 15:19 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\mprapi.dll
2014-03-19 17:15 - 2010-11-20 15:19 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\itircl.dll
2014-03-19 17:15 - 2010-11-20 15:19 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\hgprint.dll
2014-03-19 17:15 - 2010-11-20 15:19 - 00148992 _____ (Microsoft Corporation) C:\Windows\system32\ifsutil.dll
2014-03-19 17:15 - 2010-11-20 15:19 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\logoncli.dll
2014-03-19 17:15 - 2010-11-20 15:19 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\inetpp.dll
2014-03-19 17:15 - 2010-11-20 15:19 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\fde.dll
2014-03-19 17:15 - 2010-11-20 15:19 - 00122880 _____ (Microsoft Corporation) C:\Windows\system32\iasrecst.dll
2014-03-19 17:15 - 2010-11-20 15:19 - 00120320 _____ (Microsoft Corporation) C:\Windows\system32\msvfw32.dll
2014-03-19 17:15 - 2010-11-20 15:19 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\imm32.dll
2014-03-19 17:15 - 2010-11-20 15:19 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\IPHLPAPI.DLL
2014-03-19 17:15 - 2010-11-20 15:19 - 00101888 _____ (Microsoft Corporation) C:\Windows\system32\migisol.dll
2014-03-19 17:15 - 2010-11-20 15:19 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\fphc.dll
2014-03-19 17:15 - 2010-11-20 15:19 - 00093696 _____ (Windows (R) Codename Longhorn DDK provider) C:\Windows\system32\fms.dll
2014-03-19 17:15 - 2010-11-20 15:19 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\mciavi32.dll
2014-03-19 17:15 - 2010-11-20 15:19 - 00082944 _____ (Radius Inc.) C:\Windows\system32\iccvid.dll
2014-03-19 17:15 - 2010-11-20 15:19 - 00078848 _____ (Microsoft Corporation) C:\Windows\system32\iasacct.dll
2014-03-19 17:15 - 2010-11-20 15:19 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\mapistub.dll
2014-03-19 17:15 - 2010-11-20 15:19 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\mapi32.dll
2014-03-19 17:15 - 2010-11-20 15:19 - 00071168 _____ (Microsoft Corporation) C:\Windows\system32\KMSVC.DLL
2014-03-19 17:15 - 2010-11-20 15:19 - 00068096 _____ (Microsoft Corporation) C:\Windows\system32\Mcx2Svc.dll
2014-03-19 17:15 - 2010-11-20 15:19 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\hbaapi.dll
2014-03-19 17:15 - 2010-11-20 15:19 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\fdeploy.dll
2014-03-19 17:15 - 2010-11-20 15:19 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\inetmib1.dll
2014-03-19 17:15 - 2010-11-20 15:19 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\iyuv_32.dll
2014-03-19 17:15 - 2010-11-20 15:19 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\mimefilt.dll
2014-03-19 17:15 - 2010-11-20 15:19 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\luainstall.dll
2014-03-19 17:15 - 2010-11-20 15:19 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\FXSMON.dll
2014-03-19 17:15 - 2010-11-20 15:19 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\mciqtz32.dll
2014-03-19 17:15 - 2010-11-20 15:19 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\httpapi.dll
2014-03-19 17:15 - 2010-11-20 15:19 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\msasn1.dll
2014-03-19 17:15 - 2010-11-20 15:19 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\msvidc32.dll
2014-03-19 17:15 - 2010-11-20 15:19 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\msdmo.dll
2014-03-19 17:15 - 2010-11-20 15:19 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\iscsium.dll
2014-03-19 17:15 - 2010-11-20 15:19 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\msyuv.dll
2014-03-19 17:15 - 2010-11-20 15:19 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\HotStartUserAgent.dll
2014-03-19 17:15 - 2010-11-20 15:19 - 00021504 _____ (Microsoft Corporation) C:\Windows\system32\lsmproxy.dll
2014-03-19 17:15 - 2010-11-20 15:19 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll
2014-03-19 17:15 - 2010-11-20 15:19 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\muifontsetup.dll
2014-03-19 17:15 - 2010-11-20 15:19 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msrle32.dll
2014-03-19 17:15 - 2010-11-20 15:18 - 03727872 _____ (Microsoft Corporation) C:\Windows\system32\accessibilitycpl.dll
2014-03-19 17:15 - 2010-11-20 15:18 - 02522624 _____ (Microsoft Corporation) C:\Windows\system32\dbgeng.dll
2014-03-19 17:15 - 2010-11-20 15:18 - 01828352 _____ (Microsoft Corporation) C:\Windows\system32\d3d9.dll
2014-03-19 17:15 - 2010-11-20 15:18 - 01555456 _____ (Microsoft Corporation) C:\Windows\system32\certmgr.dll
2014-03-19 17:15 - 2010-11-20 15:18 - 01400320 _____ (Microsoft Corporation) C:\Windows\system32\DxpTaskSync.dll
2014-03-19 17:15 - 2010-11-20 15:18 - 01371136 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2014-03-19 17:15 - 2010-11-20 15:18 - 01334272 _____ (Microsoft Corporation) C:\Windows\system32\CertEnroll.dll
2014-03-19 17:15 - 2010-11-20 15:18 - 01188864 _____ (Microsoft Corporation) C:\Windows\system32\DiagCpl.dll
2014-03-19 17:15 - 2010-11-20 15:18 - 01040384 _____ (Microsoft Corporation) C:\Windows\system32\Display.dll
2014-03-19 17:15 - 2010-11-20 15:18 - 01003520 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2014-03-19 17:15 - 2010-11-20 15:18 - 00863744 _____ (Microsoft Corporation) C:\Windows\system32\diagperf.dll
2014-03-19 17:15 - 2010-11-20 15:18 - 00854016 _____ (Microsoft Corporation) C:\Windows\system32\dbghelp.dll
2014-03-19 17:15 - 2010-11-20 15:18 - 00762880 _____ (Microsoft Corporation) C:\Windows\system32\azroles.dll
2014-03-19 17:15 - 2010-11-20 15:18 - 00744448 _____ (Microsoft Corporation) C:\Windows\system32\ActionCenter.dll
2014-03-19 17:15 - 2010-11-20 15:18 - 00743424 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2014-03-19 17:15 - 2010-11-20 15:18 - 00740864 _____ (Microsoft Corporation) C:\Windows\system32\batmeter.dll
2014-03-19 17:15 - 2010-11-20 15:18 - 00685056 _____ (Microsoft Corporation) C:\Windows\system32\dsuiext.dll
2014-03-19 17:15 - 2010-11-20 15:18 - 00665600 _____ (Microsoft Corporation) C:\Windows\system32\AuxiliaryDisplayCpl.dll
2014-03-19 17:15 - 2010-11-20 15:18 - 00630784 _____ (Microsoft Corporation) C:\Windows\system32\DXPTaskRingtone.dll
2014-03-19 17:15 - 2010-11-20 15:18 - 00546304 _____ (Microsoft Corporation) C:\Windows\system32\cscsvc.dll
2014-03-19 17:15 - 2010-11-20 15:18 - 00537600 _____ (Microsoft Corporation) C:\Windows\system32\ActionCenterCPL.dll
2014-03-19 17:15 - 2010-11-20 15:18 - 00494592 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2014-03-19 17:15 - 2010-11-20 15:18 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\comdlg32.dll
2014-03-19 17:15 - 2010-11-20 15:18 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\DeviceCenter.dll
2014-03-19 17:15 - 2010-11-20 15:18 - 00473600 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-03-19 17:15 - 2010-11-20 15:18 - 00438272 _____ (Microsoft Corporation) C:\Windows\system32\AdmTmpl.dll
2014-03-19 17:15 - 2010-11-20 15:18 - 00428032 _____ (Microsoft Corporation) C:\Windows\system32\biocpl.dll
2014-03-19 17:15 - 2010-11-20 15:18 - 00418816 _____ (Microsoft Corporation) C:\Windows\system32\cscui.dll
2014-03-19 17:15 - 2010-11-20 15:18 - 00402944 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2014-03-19 17:15 - 2010-11-20 15:18 - 00399872 _____ (Microsoft Corporation) C:\Windows\system32\DXP.dll
2014-03-19 17:15 - 2010-11-20 15:18 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2014-03-19 17:15 - 2010-11-20 15:18 - 00339968 _____ (Microsoft Corporation) C:\Windows\system32\appmgr.dll
2014-03-19 17:15 - 2010-11-20 15:18 - 00333824 _____ (Microsoft Corporation) C:\Windows\system32\dot3ui.dll
2014-03-19 17:15 - 2010-11-20 15:18 - 00323072 _____ (Microsoft Corporation) C:\Windows\system32\drvstore.dll
2014-03-19 17:15 - 2010-11-20 15:18 - 00321536 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-03-19 17:15 - 2010-11-20 15:18 - 00314368 _____ (Microsoft Corporation) C:\Windows\system32\azroleui.dll
2014-03-19 17:15 - 2010-11-20 15:18 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2014-03-19 17:15 - 2010-11-20 15:18 - 00295936 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2014-03-19 17:15 - 2010-11-20 15:18 - 00257024 _____ (Microsoft Corporation) C:\Windows\system32\dpx.dll
2014-03-19 17:15 - 2010-11-20 15:18 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore.dll
2014-03-19 17:15 - 2010-11-20 15:18 - 00252928 _____ (Microsoft) C:\Windows\system32\DShowRdpFilter.dll
2014-03-19 17:15 - 2010-11-20 15:18 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\audiodev.dll
2014-03-19 17:15 - 2010-11-20 15:18 - 00242176 _____ (Microsoft Corporation) C:\Windows\system32\eapp3hst.dll
2014-03-19 17:15 - 2010-11-20 15:18 - 00230912 _____ (Microsoft Corporation) C:\Windows\system32\clusapi.dll
2014-03-19 17:15 - 2010-11-20 15:18 - 00222208 _____ (Microsoft Corporation) C:\Windows\system32\eapphost.dll
2014-03-19 17:15 - 2010-11-20 15:18 - 00220672 _____ (Microsoft Corporation) C:\Windows\system32\defaultlocationcpl.dll
2014-03-19 17:15 - 2010-11-20 15:18 - 00214016 _____ (Microsoft Corporation) C:\Windows\system32\dot3svc.dll
2014-03-19 17:15 - 2010-11-20 15:18 - 00211456 _____ (Microsoft Corporation) C:\Windows\system32\DevicePairingFolder.dll
2014-03-19 17:15 - 2010-11-20 15:18 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\dxdiagn.dll
2014-03-19 17:15 - 2010-11-20 15:18 - 00205312 _____ (Microsoft Corporation) C:\Windows\system32\efscore.dll
2014-03-19 17:15 - 2010-11-20 15:18 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\activeds.dll
2014-03-19 17:15 - 2010-11-20 15:18 - 00196608 _____ (Microsoft Corporation) C:\Windows\system32\dskquoui.dll
2014-03-19 17:15 - 2010-11-20 15:18 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-03-19 17:15 - 2010-11-20 15:18 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\adsldp.dll
2014-03-19 17:15 - 2010-11-20 15:18 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\ActionQueue.dll
2014-03-19 17:15 - 2010-11-20 15:18 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\autoplay.dll
2014-03-19 17:15 - 2010-11-20 15:18 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\dps.dll
2014-03-19 17:15 - 2010-11-20 15:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\cscobj.dll
2014-03-19 17:15 - 2010-11-20 15:18 - 00133632 _____ (Microsoft Corporation) C:\Windows\system32\bcdsrv.dll
2014-03-19 17:15 - 2010-11-20 15:18 - 00132608 _____ (Microsoft Corporation) C:\Windows\system32\cabview.dll
2014-03-19 17:15 - 2010-11-20 15:18 - 00128512 _____ (Microsoft Corporation) C:\Windows\system32\EhStorAPI.dll
2014-03-19 17:15 - 2010-11-20 15:18 - 00115200 _____ (Microsoft Corporation) C:\Windows\system32\dot3msm.dll
2014-03-19 17:15 - 2010-11-20 15:18 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\AuxiliaryDisplayServices.dll
2014-03-19 17:15 - 2010-11-20 15:18 - 00109568 _____ (Microsoft Corporation) C:\Windows\system32\CscMig.dll
2014-03-19 17:15 - 2010-11-20 15:18 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\dnscmmc.dll
2014-03-19 17:15 - 2010-11-20 15:18 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\dwmredir.dll
2014-03-19 17:15 - 2010-11-20 15:18 - 00094208 _____ (Microsoft Corporation) C:\Windows\system32\eappgnui.dll
2014-03-19 17:15 - 2010-11-20 15:18 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\avifil32.dll
2014-03-19 17:15 - 2010-11-20 15:18 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\dot3api.dll
2014-03-19 17:15 - 2010-11-20 15:18 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\AxInstSv.dll
2014-03-19 17:15 - 2010-11-20 15:18 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\dot3cfg.dll
2014-03-19 17:15 - 2010-11-20 15:18 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\cabinet.dll
2014-03-19 17:15 - 2010-11-20 15:18 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\amstream.dll
2014-03-19 17:15 - 2010-11-20 15:18 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\certprop.dll
2014-03-19 17:15 - 2010-11-20 15:18 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2014-03-19 17:15 - 2010-11-20 15:18 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\cca.dll
2014-03-19 17:15 - 2010-11-20 15:18 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\CertPolEng.dll
2014-03-19 17:15 - 2010-11-20 15:18 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\acppage.dll
2014-03-19 17:15 - 2010-11-20 15:18 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2014-03-19 17:15 - 2010-11-20 15:18 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\cscapi.dll
2014-03-19 17:15 - 2010-11-20 15:18 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\dsauth.dll
2014-03-19 17:15 - 2010-11-20 15:18 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\AzSqlExt.dll
2014-03-19 17:15 - 2010-11-20 15:18 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\cscdll.dll
2014-03-19 17:15 - 2010-11-20 15:18 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\elsTrans.dll
2014-03-19 17:15 - 2010-11-20 15:18 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\bitsperf.dll
2014-03-19 17:15 - 2010-11-20 15:18 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-03-19 17:15 - 2010-11-20 15:17 - 03367424 _____ (Microsoft Corporation) C:\Windows\system32\WinSAT.exe
2014-03-19 17:15 - 2010-11-20 15:17 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe
2014-03-19 17:15 - 2010-11-20 15:17 - 01203200 _____ (Microsoft Corporation) C:\Windows\system32\wbengine.exe
2014-03-19 17:15 - 2010-11-20 15:17 - 01131008 _____ (Microsoft Corporation) C:\Windows\system32\sdclt.exe
2014-03-19 17:15 - 2010-11-20 15:17 - 01049600 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-03-19 17:15 - 2010-11-20 15:17 - 01025536 _____ (Microsoft Corporation) C:\Windows\system32\VSSVC.exe
2014-03-19 17:15 - 2010-11-20 15:17 - 00941568 _____ (Microsoft Corporation) C:\Windows\system32\mblctr.exe
2014-03-19 17:15 - 2010-11-20 15:17 - 00586752 _____ (Microsoft Corporation) C:\Windows\system32\dfrgui.exe
2014-03-19 17:15 - 2010-11-20 15:17 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\FXSSVC.exe
2014-03-19 17:15 - 2010-11-20 15:17 - 00477696 _____ (Microsoft Corporation) C:\Windows\system32\lpksetup.exe
2014-03-19 17:15 - 2010-11-20 15:17 - 00456192 _____ (Microsoft Corporation) C:\Windows\system32\spinstall.exe
2014-03-19 17:15 - 2010-11-20 15:17 - 00453632 _____ (Microsoft Corporation) C:\Windows\system32\vds.exe
2014-03-19 17:15 - 2010-11-20 15:17 - 00334336 _____ (Microsoft Corporation) C:\Windows\system32\wisptis.exe
2014-03-19 17:15 - 2010-11-20 15:17 - 00327680 _____ (Microsoft Corporation) C:\Windows\system32\wimserv.exe
2014-03-19 17:15 - 2010-11-20 15:17 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\nltest.exe
2014-03-19 17:15 - 2010-11-20 15:17 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\slui.exe
2014-03-19 17:15 - 2010-11-20 15:17 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\wusa.exe
2014-03-19 17:15 - 2010-11-20 15:17 - 00314368 _____ (Microsoft Corporation) C:\Windows\system32\SndVol.exe
2014-03-19 17:15 - 2010-11-20 15:17 - 00303104 _____ (Microsoft Corporation) C:\Windows\system32\msinfo32.exe
2014-03-19 17:15 - 2010-11-20 15:17 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\cmd.exe
2014-03-19 17:15 - 2010-11-20 15:17 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\WindowsAnytimeUpgradeResults.exe
2014-03-19 17:15 - 2010-11-20 15:17 - 00288256 _____ (Microsoft Corporation) C:\Windows\system32\eudcedit.exe
2014-03-19 17:15 - 2010-11-20 15:17 - 00286720 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-03-19 17:15 - 2010-11-20 15:17 - 00280576 _____ (Microsoft Corporation) C:\Windows\system32\spreview.exe
2014-03-19 17:15 - 2010-11-20 15:17 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\diskraid.exe
2014-03-19 17:15 - 2010-11-20 15:17 - 00270336 _____ (Microsoft Corporation) C:\Windows\system32\sethc.exe
2014-03-19 17:15 - 2010-11-20 15:17 - 00267776 _____ (Microsoft Corporation) C:\Windows\system32\lsm.exe
2014-03-19 17:15 - 2010-11-20 15:17 - 00260608 _____ (Microsoft Corporation) C:\Windows\system32\rdpshell.exe
2014-03-19 17:15 - 2010-11-20 15:17 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\wsqmcons.exe
2014-03-19 17:15 - 2010-11-20 15:17 - 00233984 _____ (Microsoft Corporation) C:\Windows\system32\msconfig.exe
2014-03-19 17:15 - 2010-11-20 15:17 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\taskmgr.exe
2014-03-19 17:15 - 2010-11-20 15:17 - 00220672 _____ (Microsoft Corporation) C:\Windows\system32\mcbuilder.exe
2014-03-19 17:15 - 2010-11-20 15:17 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\recdisc.exe
2014-03-19 17:15 - 2010-11-20 15:17 - 00209920 _____ (Microsoft Corporation) C:\Windows\system32\PkgMgr.exe
2014-03-19 17:15 - 2010-11-20 15:17 - 00197632 _____ (Microsoft Corporation) C:\Windows\system32\ocsetup.exe
2014-03-19 17:15 - 2010-11-20 15:17 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\taskeng.exe
2014-03-19 17:15 - 2010-11-20 15:17 - 00182784 _____ (Microsoft Corporation) C:\Windows\system32\RelPost.exe
2014-03-19 17:15 - 2010-11-20 15:17 - 00179712 _____ (Microsoft Corporation) C:\Windows\system32\schtasks.exe
2014-03-19 17:15 - 2010-11-20 15:17 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\rdpclip.exe
2014-03-19 17:15 - 2010-11-20 15:17 - 00170496 _____ (Microsoft Corporation) C:\Windows\system32\PresentationSettings.exe
2014-03-19 17:15 - 2010-11-20 15:17 - 00161280 _____ (Microsoft Corporation) C:\Windows\system32\rdpinit.exe
2014-03-19 17:15 - 2010-11-20 15:17 - 00157184 _____ (Microsoft Corporation) C:\Windows\system32\perfmon.exe
2014-03-19 17:15 - 2010-11-20 15:17 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\iscsicli.exe
2014-03-19 17:15 - 2010-11-20 15:17 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\net1.exe
2014-03-19 17:15 - 2010-11-20 15:17 - 00133632 _____ (Microsoft Corporation) C:\Windows\system32\diskpart.exe
2014-03-19 17:15 - 2010-11-20 15:17 - 00132608 _____ (Microsoft Corporation) C:\Windows\system32\MdSched.exe
2014-03-19 17:15 - 2010-11-20 15:17 - 00113152 _____ (Microsoft Corporation) C:\Windows\system32\setupugc.exe
2014-03-19 17:15 - 2010-11-20 15:17 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\setupcl.exe
2014-03-19 17:15 - 2010-11-20 15:17 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\mobsync.exe
2014-03-19 17:15 - 2010-11-20 15:17 - 00098816 _____ (Microsoft) C:\Windows\system32\Robocopy.exe
2014-03-19 17:15 - 2010-11-20 15:17 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\nslookup.exe
2014-03-19 17:15 - 2010-11-20 15:17 - 00095232 _____ (Microsoft Corporation) C:\Windows\system32\logagent.exe
2014-03-19 17:15 - 2010-11-20 15:17 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\isoburn.exe
2014-03-19 17:15 - 2010-11-20 15:17 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\cmstp.exe
2014-03-19 17:15 - 2010-11-20 15:17 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2014-03-19 17:15 - 2010-11-20 15:17 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\tabcal.exe
2014-03-19 17:15 - 2010-11-20 15:17 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2014-03-19 17:15 - 2010-11-20 15:17 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\MuiUnattend.exe
2014-03-19 17:15 - 2010-11-20 15:17 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\w32tm.exe
2014-03-19 17:15 - 2010-11-20 15:17 - 00066048 _____ () C:\Windows\system32\PrintBrmUi.exe
2014-03-19 17:15 - 2010-11-20 15:17 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\findstr.exe
2
I'm making a revision of my reply.
wendyseana
2014-04-13, 18:28
2014-03-19 17:15 - 2010-11-20 15:17 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\manage-bde.exe
2014-03-19 17:15 - 2010-11-20 15:17 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\lpremove.exe
2014-03-19 17:15 - 2010-11-20 15:17 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\PnPUnattend.exe
2014-03-19 17:15 - 2010-11-20 15:17 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\djoin.exe
2014-03-19 17:15 - 2010-11-20 15:17 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\repair-bde.exe
2014-03-19 17:15 - 2010-11-20 15:17 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\rdpsign.exe
2014-03-19 17:15 - 2010-11-20 15:17 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\MultiDigiMon.exe
2014-03-19 17:15 - 2010-11-20 15:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\takeown.exe
2014-03-19 17:15 - 2010-11-20 15:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\PushPrinterConnections.exe
2014-03-19 17:15 - 2010-11-20 15:17 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\runonce.exe
2014-03-19 17:15 - 2010-11-20 15:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\tzutil.exe
2014-03-19 17:15 - 2010-11-20 15:17 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ftp.exe
2014-03-19 17:15 - 2010-11-20 15:17 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2014-03-19 17:15 - 2010-11-20 15:17 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\unlodctr.exe
2014-03-19 17:15 - 2010-11-20 15:17 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe
2014-03-19 17:15 - 2010-11-20 15:17 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\proquota.exe
2014-03-19 17:15 - 2010-11-20 15:17 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\userinit.exe
2014-03-19 17:15 - 2010-11-20 15:17 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\qwinsta.exe
2014-03-19 17:15 - 2010-11-20 15:17 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\netiougc.exe
2014-03-19 17:15 - 2010-11-20 15:17 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\netcfg.exe
2014-03-19 17:15 - 2010-11-20 15:17 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\qprocess.exe
2014-03-19 17:15 - 2010-11-20 15:17 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\msg.exe
2014-03-19 17:15 - 2010-11-20 15:17 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\netbtugc.exe
2014-03-19 17:15 - 2010-11-20 15:17 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\quser.exe
2014-03-19 17:15 - 2010-11-20 15:17 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\tskill.exe
2014-03-19 17:15 - 2010-11-20 15:17 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\tsdiscon.exe
2014-03-19 17:15 - 2010-11-20 15:17 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\ReAgentc.exe
2014-03-19 17:15 - 2010-11-20 15:17 - 00021504 _____ (Microsoft Corporation) C:\Windows\system32\tscon.exe
2014-03-19 17:15 - 2010-11-20 15:17 - 00021504 _____ (Microsoft Corporation) C:\Windows\system32\qappsrv.exe
2014-03-19 17:15 - 2010-11-20 15:17 - 00021504 _____ (Microsoft Corporation) C:\Windows\system32\logoff.exe
2014-03-19 17:15 - 2010-11-20 15:17 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\shadow.exe
2014-03-19 17:15 - 2010-11-20 15:17 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\rwinsta.exe
2014-03-19 17:15 - 2010-11-20 15:17 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\reset.exe
2014-03-19 17:15 - 2010-11-20 15:17 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\query.exe
2014-03-19 17:15 - 2010-11-20 15:17 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\LogonUI.exe
2014-03-19 17:15 - 2010-11-20 15:17 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-03-19 17:15 - 2010-11-20 15:16 - 00905216 _____ (Microsoft Corporation) C:\Windows\system32\mmsys.cpl
2014-03-19 17:15 - 2010-11-20 15:16 - 00878592 _____ (Microsoft Corporation) C:\Windows\system32\Bubbles.scr
2014-03-19 17:15 - 2010-11-20 15:16 - 00776192 _____ (Microsoft Corporation) C:\Windows\system32\calc.exe
2014-03-19 17:15 - 2010-11-20 15:16 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\bthprops.cpl
2014-03-19 17:15 - 2010-11-20 15:16 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\autoconv.exe
2014-03-19 17:15 - 2010-11-20 15:16 - 00668160 _____ (Microsoft Corporation) C:\Windows\system32\autochk.exe
2014-03-19 17:15 - 2010-11-20 15:16 - 00658944 _____ (Microsoft Corporation) C:\Windows\system32\autofmt.exe
2014-03-19 17:15 - 2010-11-20 15:16 - 00649216 _____ (Microsoft Corporation) C:\Windows\system32\appwiz.cpl
2014-03-19 17:15 - 2010-11-20 15:16 - 00600576 _____ (Microsoft Corporation) C:\Windows\system32\TabletPC.cpl
2014-03-19 17:15 - 2010-11-20 15:16 - 00516096 _____ (Microsoft Corporation) C:\Windows\system32\main.cpl
2014-03-19 17:15 - 2010-11-20 15:16 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\PhotoScreensaver.scr
2014-03-19 17:15 - 2010-11-20 15:16 - 00389632 _____ (Microsoft Corporation) C:\Windows\system32\sysmon.ocx
2014-03-19 17:15 - 2010-11-20 15:16 - 00345088 _____ (Microsoft Corporation) C:\Windows\system32\intl.cpl
2014-03-19 17:15 - 2010-11-20 15:16 - 00326656 _____ (Microsoft Corporation) C:\Windows\system32\sysdm.cpl
2014-03-19 17:15 - 2010-11-20 15:16 - 00320000 _____ (Microsoft Corporation) C:\Windows\system32\winspool.drv
2014-03-19 17:15 - 2010-11-20 15:16 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\bcdedit.exe
2014-03-19 17:15 - 2010-11-20 15:16 - 00293888 _____ (Microsoft Corporation) C:\Windows\system32\ssText3d.scr
2014-03-19 17:15 - 2010-11-20 15:16 - 00281088 _____ (Microsoft Corporation) C:\Windows\system32\unimdm.tsp
2014-03-19 17:15 - 2010-11-20 15:16 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\Mystify.scr
2014-03-19 17:15 - 2010-11-20 15:16 - 00220672 _____ (Microsoft Corporation) C:\Windows\system32\Ribbons.scr
2014-03-19 17:15 - 2010-11-20 15:16 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax
2014-03-19 17:15 - 2010-11-20 15:16 - 00186368 _____ (Microsoft Corporation) C:\Windows\system32\bitsadmin.exe
2014-03-19 17:15 - 2010-11-20 15:16 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdmaud.drv
2014-03-19 17:15 - 2010-11-20 15:16 - 00153600 _____ (Microsoft Corporation) C:\Windows\system32\VBICodec.ax
2014-03-19 17:15 - 2010-11-20 15:16 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\bcdboot.exe
2014-03-19 17:15 - 2010-11-20 15:16 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\powercfg.cpl
2014-03-19 17:15 - 2010-11-20 15:16 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\desk.cpl
2014-03-19 17:15 - 2010-11-20 15:16 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\BdeHdCfg.exe
2014-03-19 17:15 - 2010-11-20 15:16 - 00119808 _____ (Microsoft Corporation) C:\Windows\system32\aitagent.exe
2014-03-19 17:15 - 2010-11-20 15:16 - 00107008 _____ (Microsoft Corporation) C:\Windows\system32\Kswdmcap.ax
2014-03-19 17:15 - 2010-11-20 15:16 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2014-03-19 17:15 - 2010-11-20 15:16 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\kstvtune.ax
2014-03-19 17:15 - 2010-11-20 15:16 - 00068608 _____ (Microsoft Corporation) C:\Windows\system32\WSTPager.ax
2014-03-19 17:15 - 2010-11-20 15:16 - 00065024 _____ (Microsoft Corporation) C:\Windows\bfsvc.exe
2014-03-19 17:15 - 2010-11-20 15:16 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ksxbar.ax
2014-03-19 17:15 - 2010-11-20 15:16 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\g711codc.ax
2014-03-19 17:15 - 2010-11-20 15:16 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\vbisurf.ax
2014-03-19 17:15 - 2010-11-20 15:16 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\chgport.exe
2014-03-19 17:15 - 2010-11-20 15:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\chglogon.exe
2014-03-19 17:15 - 2010-11-20 15:16 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\chgusr.exe
2014-03-19 17:15 - 2010-11-20 15:16 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\change.exe
2014-03-19 17:15 - 2010-11-20 15:07 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\UIRibbonRes.dll
2014-03-19 17:15 - 2010-11-20 15:05 - 00121856 _____ (Microsoft Corporation) C:\Windows\system32\RDPENCDD.dll
2014-03-19 17:15 - 2010-11-20 15:03 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\vmicres.dll
2014-03-19 17:15 - 2010-11-20 15:03 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\vmbusres.dll
2014-03-19 17:15 - 2010-11-20 15:03 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\vmstorfltres.dll
2014-03-19 17:15 - 2010-11-20 15:00 - 01027584 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10.IME
2014-03-19 17:15 - 2010-11-20 14:54 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-03-19 17:15 - 2010-11-20 13:52 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbrpm.sys
2014-03-19 17:15 - 2010-11-20 13:24 - 00133632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpdr.sys
2014-03-19 17:15 - 2010-11-20 13:22 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-03-19 17:15 - 2010-11-20 13:22 - 00213504 _____ (Microsoft Corporation) C:\Windows\system32\rdpdd.dll
2014-03-19 17:15 - 2010-11-20 13:07 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndproxy.sys
2014-03-19 17:15 - 2010-11-20 13:06 - 00117760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys
2014-03-19 17:15 - 2010-11-20 13:06 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tunnel.sys
2014-03-19 17:15 - 2010-11-20 13:06 - 00046080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndisuio.sys
2014-03-19 17:15 - 2010-11-20 13:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\1394ohci.sys
2014-03-19 17:15 - 2010-11-20 12:50 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ks.sys
2014-03-19 17:15 - 2010-11-20 12:50 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\CompositeBus.sys
2014-03-19 17:15 - 2010-11-20 12:14 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\vmicsvc.exe
2014-03-19 17:15 - 2010-11-20 11:47 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\acpipmi.sys
2014-03-19 17:15 - 2010-11-20 11:44 - 00388096 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\csc.sys
2014-03-19 17:15 - 2010-11-20 11:44 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys
2014-03-19 17:15 - 2010-11-20 11:42 - 00246784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\udfs.sys
2014-03-19 17:15 - 2010-11-20 11:42 - 00078336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2014-03-19 17:15 - 2010-11-20 11:40 - 00513536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2014-03-19 17:15 - 2010-11-20 11:39 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
2014-03-19 17:15 - 2010-11-20 11:39 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-03-19 17:15 - 2010-11-20 11:39 - 00021504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdi.sys
2014-03-19 17:15 - 2010-11-20 11:38 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cdrom.sys
2014-03-19 17:15 - 2010-11-20 08:23 - 00053600 _____ () C:\Windows\system32\dosx.exe
2014-03-19 17:15 - 2010-11-10 04:45 - 00010429 _____ () C:\Windows\system32\ScavengeSpace.xml
2014-03-19 17:15 - 2010-11-05 05:20 - 00146852 _____ () C:\Windows\system32\systemsf.ebd
2014-03-19 17:15 - 2010-11-05 05:11 - 00312168 _____ (Microsoft Corporation) C:\Windows\system32\MCEWMDRMNDBootstrap.dll
2014-03-19 17:15 - 2010-11-05 04:58 - 00297808 _____ (Microsoft Corporation) C:\Windows\system32\mscoree.dll
2014-03-19 17:15 - 2010-11-05 04:58 - 00155472 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-03-19 17:15 - 2010-11-05 04:58 - 00080720 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-03-19 17:15 - 2010-11-05 04:58 - 00049488 _____ (Microsoft Corporation) C:\Windows\system32\netfxperf.dll
2014-03-19 17:15 - 2010-11-05 04:53 - 00295264 _____ (Microsoft Corporation) C:\Windows\system32\PresentationHost.exe
2014-03-19 17:15 - 2010-11-05 04:53 - 00099176 _____ (Microsoft Corporation) C:\Windows\system32\PresentationHostProxy.dll
2014-03-19 17:14 - 2010-11-20 15:21 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\wbemcomn.dll
2014-03-19 17:14 - 2010-11-20 15:21 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\wdscore.dll
2014-03-19 17:14 - 2010-11-20 15:21 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\sqmapi.dll
2014-03-19 17:14 - 2010-11-20 15:21 - 00021504 _____ (Microsoft Corporation) C:\Windows\system32\wsdchngr.dll
2014-03-19 17:14 - 2010-11-20 15:21 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\shgina.dll
2014-03-19 17:14 - 2010-11-20 15:21 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\wshirda.dll
2014-03-19 17:14 - 2010-11-20 15:21 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\shunimpl.dll
2014-03-19 17:14 - 2010-11-20 15:21 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\sscore.dll
2014-03-19 17:14 - 2010-11-20 15:21 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\riched32.dll
2014-03-19 17:14 - 2010-11-20 15:21 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\rdpcfgex.dll
2014-03-19 17:14 - 2010-11-20 15:21 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2014-03-19 17:14 - 2010-11-20 15:21 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2014-03-19 17:14 - 2010-11-20 15:20 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2014-03-19 17:14 - 2010-11-20 15:18 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\C_ISCII.DLL
2014-03-19 17:14 - 2010-11-20 15:18 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\browseui.dll
2014-03-19 17:14 - 2010-11-20 15:07 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\spwizres.dll
2014-03-19 17:14 - 2010-11-20 15:06 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\nlsbres.dll
2014-03-19 17:14 - 2010-11-20 15:05 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\pifmgr.dll
2014-03-19 17:14 - 2010-11-20 15:00 - 00430080 _____ (Microsoft Corporation) C:\Windows\system32\imkr80.ime
2014-03-19 17:14 - 2010-11-20 15:00 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDSG.DLL
2014-03-19 17:14 - 2010-11-20 15:00 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\kbdlk41a.dll
2014-03-19 17:14 - 2010-11-20 15:00 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDCZ1.DLL
2014-03-19 17:14 - 2010-11-20 15:00 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDTUQ.DLL
2014-03-19 17:14 - 2010-11-20 15:00 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDTUF.DLL
2014-03-19 17:14 - 2010-11-20 15:00 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDSF.DLL
2014-03-19 17:14 - 2010-11-20 15:00 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDPO.DLL
2014-03-19 17:14 - 2010-11-20 15:00 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDNEPR.DLL
2014-03-19 17:14 - 2010-11-20 15:00 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDINBEN.DLL
2014-03-19 17:14 - 2010-11-20 15:00 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDGR1.DLL
2014-03-19 17:14 - 2010-11-20 15:00 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDGKL.DLL
2014-03-19 17:14 - 2010-11-20 15:00 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDUS.DLL
2014-03-19 17:14 - 2010-11-20 15:00 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDUGHR1.DLL
2014-03-19 17:14 - 2010-11-20 15:00 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDTURME.DLL
2014-03-19 17:14 - 2010-11-20 15:00 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAJIK.DLL
2014-03-19 17:14 - 2010-11-20 15:00 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDMON.DLL
2014-03-19 17:14 - 2010-11-20 15:00 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDMAORI.DLL
2014-03-19 17:14 - 2010-11-20 15:00 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDLT1.DLL
2014-03-19 17:14 - 2010-11-20 15:00 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDINTEL.DLL
2014-03-19 17:14 - 2010-11-20 15:00 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDINTAM.DLL
2014-03-19 17:14 - 2010-11-20 15:00 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDINORI.DLL
2014-03-19 17:14 - 2010-11-20 15:00 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDINMAR.DLL
2014-03-19 17:14 - 2010-11-20 15:00 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDINKAN.DLL
2014-03-19 17:14 - 2010-11-20 15:00 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDINHIN.DLL
2014-03-19 17:14 - 2010-11-20 15:00 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDBULG.DLL
2014-03-19 17:14 - 2010-11-20 15:00 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDBLR.DLL
2014-03-19 17:14 - 2010-11-20 15:00 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-03-19 17:14 - 2010-11-20 15:00 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\KBDGEO.DLL
2014-03-19 17:14 - 2010-11-20 14:56 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\BlbEvents.dll
2014-03-19 17:14 - 2010-11-20 13:22 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RDPCDD.sys
2014-03-19 17:14 - 2010-11-20 13:21 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\RDPREFDD.dll
2014-03-19 17:14 - 2010-11-20 13:07 - 00118784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndiswan.sys
2014-03-19 17:14 - 2010-11-20 13:07 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wanarp.sys
2014-03-19 17:14 - 2010-11-20 13:00 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\HdAudio.sys
2014-03-19 17:14 - 2010-11-20 13:00 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\umbus.sys
2014-03-19 17:14 - 2010-11-20 13:00 - 00025856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBCAMD2.sys
2014-03-19 17:14 - 2010-11-20 13:00 - 00025856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBCAMD.sys
2014-03-19 17:14 - 2010-11-20 12:59 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hdaudbus.sys
2014-03-19 17:14 - 2010-11-20 12:59 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidusb.sys
2014-03-19 17:14 - 2010-11-20 12:50 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\kbdhid.sys
2014-03-19 17:14 - 2010-11-20 12:50 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sffp_sd.sys
2014-03-19 17:14 - 2010-11-20 12:29 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2014-03-19 17:14 - 2010-11-20 12:24 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\scfilter.sys
2014-03-19 17:14 - 2010-11-20 12:19 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\IPMIDrv.sys
2014-03-19 17:14 - 2010-11-20 12:14 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\VmbusCoinstaller.dll
2014-03-19 17:14 - 2010-11-20 12:14 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\VmdCoinstall.dll
2014-03-19 17:14 - 2010-11-20 12:14 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\IcCoinstall.dll
2014-03-19 17:14 - 2010-11-20 12:14 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\vmictimeprovider.dll
2014-03-19 17:14 - 2010-11-20 12:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\VMBusHID.sys
2014-03-19 17:14 - 2010-11-20 12:14 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\vmbuspipe.dll
2014-03-19 17:14 - 2010-11-20 12:14 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vms3cap.sys
2014-03-19 17:14 - 2010-11-05 05:20 - 00105559 _____ () C:\Windows\system32\RacRules.xml
2014-03-19 16:52 - 2014-04-03 16:31 - 00011264 _____ () C:\Users\gokarna\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-03-19 16:17 - 2014-03-19 16:17 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-03-16 11:04 - 2014-03-16 11:04 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-03-16 10:58 - 2014-03-16 11:35 - 00000000 ____D () C:\ProgramData\AnySend
2014-03-16 10:58 - 2014-03-16 11:34 - 00000000 ____D () C:\Users\gokarna\AppData\Roaming\AnySend
2014-03-16 10:56 - 2014-03-16 11:15 - 00000000 ____D () C:\Users\gokarna\AppData\Roaming\sweet-page
2014-03-16 10:55 - 2014-03-16 10:54 - 01492336 _____ (Drivers For Free) C:\Users\gokarna\Downloads\DFFDriverDownloadManager.exe
2014-03-16 10:54 - 2014-03-16 10:54 - 00626056 _____ ( ) C:\Users\gokarna\Downloads\DriversForFreeSetup.exe
2014-03-16 10:35 - 2014-03-16 10:36 - 00000000 ____D () C:\ProgramData\Guard.Mail.Ru
2014-03-16 10:34 - 2014-03-16 10:34 - 00000000 ____D () C:\Users\gokarna\AppData\Roaming\Opera Software
2014-03-16 10:34 - 2014-03-16 10:34 - 00000000 ____D () C:\Users\gokarna\AppData\Roaming\Opera
2014-03-16 10:34 - 2014-03-16 10:34 - 00000000 ____D () C:\Users\gokarna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter
2014-03-16 10:34 - 2014-03-16 10:34 - 00000000 ____D () C:\Users\gokarna\AppData\Local\Opera
2014-03-16 10:34 - 2014-03-16 10:34 - 00000000 ____D () C:\Users\gokarna\AppData\Local\Chromium
2014-03-16 10:31 - 2014-03-16 10:58 - 00000000 ____D () C:\Users\gokarna\AppData\Roaming\DRPSu
2014-03-16 10:31 - 2014-03-16 10:31 - 00000000 ____D () C:\Program Files\DIFX
wendyseana
2014-04-13, 18:30
2014-03-19 17:15 - 2010-11-20 15:17 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\manage-bde.exe
2014-03-19 17:15 - 2010-11-20 15:17 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\lpremove.exe
2014-03-19 17:15 - 2010-11-20 15:17 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\PnPUnattend.exe
2014-03-19 17:15 - 2010-11-20 15:17 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\djoin.exe
2014-03-19 17:15 - 2010-11-20 15:17 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\repair-bde.exe
2014-03-19 17:15 - 2010-11-20 15:17 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\rdpsign.exe
2014-03-19 17:15 - 2010-11-20 15:17 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\MultiDigiMon.exe
2014-03-19 17:15 - 2010-11-20 15:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\takeown.exe
2014-03-19 17:15 - 2010-11-20 15:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\PushPrinterConnections.exe
2014-03-19 17:15 - 2010-11-20 15:17 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\runonce.exe
2014-03-19 17:15 - 2010-11-20 15:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\tzutil.exe
2014-03-19 17:15 - 2010-11-20 15:17 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ftp.exe
2014-03-19 17:15 - 2010-11-20 15:17 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2014-03-19 17:15 - 2010-11-20 15:17 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\unlodctr.exe
2014-03-19 17:15 - 2010-11-20 15:17 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe
2014-03-19 17:15 - 2010-11-20 15:17 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\proquota.exe
2014-03-19 17:15 - 2010-11-20 15:17 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\userinit.exe
2014-03-19 17:15 - 2010-11-20 15:17 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\qwinsta.exe
2014-03-19 17:15 - 2010-11-20 15:17 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\netiougc.exe
2014-03-19 17:15 - 2010-11-20 15:17 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\netcfg.exe
2014-03-19 17:15 - 2010-11-20 15:17 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\qprocess.exe
2014-03-19 17:15 - 2010-11-20 15:17 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\msg.exe
2014-03-19 17:15 - 2010-11-20 15:17 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\netbtugc.exe
2014-03-19 17:15 - 2010-11-20 15:17 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\quser.exe
2014-03-19 17:15 - 2010-11-20 15:17 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\tskill.exe
2014-03-19 17:15 - 2010-11-20 15:17 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\tsdiscon.exe
2014-03-19 17:15 - 2010-11-20 15:17 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\ReAgentc.exe
2014-03-19 17:15 - 2010-11-20 15:17 - 00021504 _____ (Microsoft Corporation) C:\Windows\system32\tscon.exe
2014-03-19 17:15 - 2010-11-20 15:17 - 00021504 _____ (Microsoft Corporation) C:\Windows\system32\qappsrv.exe
2014-03-19 17:15 - 2010-11-20 15:17 - 00021504 _____ (Microsoft Corporation) C:\Windows\system32\logoff.exe
2014-03-19 17:15 - 2010-11-20 15:17 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\shadow.exe
2014-03-19 17:15 - 2010-11-20 15:17 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\rwinsta.exe
2014-03-19 17:15 - 2010-11-20 15:17 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\reset.exe
2014-03-19 17:15 - 2010-11-20 15:17 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\query.exe
2014-03-19 17:15 - 2010-11-20 15:17 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\LogonUI.exe
2014-03-19 17:15 - 2010-11-20 15:17 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-03-19 17:15 - 2010-11-20 15:16 - 00905216 _____ (Microsoft Corporation) C:\Windows\system32\mmsys.cpl
2014-03-19 17:15 - 2010-11-20 15:16 - 00878592 _____ (Microsoft Corporation) C:\Windows\system32\Bubbles.scr
2014-03-19 17:15 - 2010-11-20 15:16 - 00776192 _____ (Microsoft Corporation) C:\Windows\system32\calc.exe
2014-03-19 17:15 - 2010-11-20 15:16 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\bthprops.cpl
2014-03-19 17:15 - 2010-11-20 15:16 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\autoconv.exe
2014-03-19 17:15 - 2010-11-20 15:16 - 00668160 _____ (Microsoft Corporation) C:\Windows\system32\autochk.exe
2014-03-19 17:15 - 2010-11-20 15:16 - 00658944 _____ (Microsoft Corporation) C:\Windows\system32\autofmt.exe
2014-03-19 17:15 - 2010-11-20 15:16 - 00649216 _____ (Microsoft Corporation) C:\Windows\system32\appwiz.cpl
2014-03-19 17:15 - 2010-11-20 15:16 - 00600576 _____ (Microsoft Corporation) C:\Windows\system32\TabletPC.cpl
2014-03-19 17:15 - 2010-11-20 15:16 - 00516096 _____ (Microsoft Corporation) C:\Windows\system32\main.cpl
2014-03-19 17:15 - 2010-11-20 15:16 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\PhotoScreensaver.scr
2014-03-19 17:15 - 2010-11-20 15:16 - 00389632 _____ (Microsoft Corporation) C:\Windows\system32\sysmon.ocx
2014-03-19 17:15 - 2010-11-20 15:16 - 00345088 _____ (Microsoft Corporation) C:\Windows\system32\intl.cpl
2014-03-19 17:15 - 2010-11-20 15:16 - 00326656 _____ (Microsoft Corporation) C:\Windows\system32\sysdm.cpl
2014-03-19 17:15 - 2010-11-20 15:16 - 00320000 _____ (Microsoft Corporation) C:\Windows\system32\winspool.drv
2014-03-19 17:15 - 2010-11-20 15:16 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\bcdedit.exe
2014-03-19 17:15 - 2010-11-20 15:16 - 00293888 _____ (Microsoft Corporation) C:\Windows\system32\ssText3d.scr
2014-03-19 17:15 - 2010-11-20 15:16 - 00281088 _____ (Microsoft Corporation) C:\Windows\system32\unimdm.tsp
2014-03-19 17:15 - 2010-11-20 15:16 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\Mystify.scr
2014-03-19 17:15 - 2010-11-20 15:16 - 00220672 _____ (Microsoft Corporation) C:\Windows\system32\Ribbons.scr
2014-03-19 17:15 - 2010-11-20 15:16 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax
2014-03-19 17:15 - 2010-11-20 15:16 - 00186368 _____ (Microsoft Corporation) C:\Windows\system32\bitsadmin.exe
2014-03-19 17:15 - 2010-11-20 15:16 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdmaud.drv
2014-03-19 17:15 - 2010-11-20 15:16 - 00153600 _____ (Microsoft Corporation) C:\Windows\system32\VBICodec.ax
2014-03-19 17:15 - 2010-11-20 15:16 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\bcdboot.exe
2014-03-19 17:15 - 2010-11-20 15:16 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\powercfg.cpl
2014-03-19 17:15 - 2010-11-20 15:16 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\desk.cpl
2014-03-19 17:15 - 2010-11-20 15:16 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\BdeHdCfg.exe
2014-03-19 17:15 - 2010-11-20 15:16 - 00119808 _____ (Microsoft Corporation) C:\Windows\system32\aitagent.exe
2014-03-19 17:15 - 2010-11-20 15:16 - 00107008 _____ (Microsoft Corporation) C:\Windows\system32\Kswdmcap.ax
2014-03-19 17:15 - 2010-11-20 15:16 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2014-03-19 17:15 - 2010-11-20 15:16 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\kstvtune.ax
2014-03-19 17:15 - 2010-11-20 15:16 - 00068608 _____ (Microsoft Corporation) C:\Windows\system32\WSTPager.ax
2014-03-19 17:15 - 2010-11-20 15:16 - 00065024 _____ (Microsoft Corporation) C:\Windows\bfsvc.exe
2014-03-19 17:15 - 2010-11-20 15:16 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ksxbar.ax
2014-03-19 17:15 - 2010-11-20 15:16 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\g711codc.ax
2014-03-19 17:15 - 2010-11-20 15:16 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\vbisurf.ax
2014-03-19 17:15 - 2010-11-20 15:16 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\chgport.exe
2014-03-19 17:15 - 2010-11-20 15:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\chglogon.exe
2014-03-19 17:15 - 2010-11-20 15:16 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\chgusr.exe
2014-03-19 17:15 - 2010-11-20 15:16 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\change.exe
2014-03-19 17:15 - 2010-11-20 15:07 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\UIRibbonRes.dll
2014-03-19 17:15 - 2010-11-20 15:05 - 00121856 _____ (Microsoft Corporation) C:\Windows\system32\RDPENCDD.dll
2014-03-19 17:15 - 2010-11-20 15:03 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\vmicres.dll
2014-03-19 17:15 - 2010-11-20 15:03 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\vmbusres.dll
2014-03-19 17:15 - 2010-11-20 15:03 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\vmstorfltres.dll
2014-03-19 17:15 - 2010-11-20 15:00 - 01027584 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10.IME
2014-03-19 17:15 - 2010-11-20 14:54 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-03-19 17:15 - 2010-11-20 13:52 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbrpm.sys
2014-03-19 17:15 - 2010-11-20 13:24 - 00133632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpdr.sys
2014-03-19 17:15 - 2010-11-20 13:22 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-03-19 17:15 - 2010-11-20 13:22 - 00213504 _____ (Microsoft Corporation) C:\Windows\system32\rdpdd.dll
2014-03-19 17:15 - 2010-11-20 13:07 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndproxy.sys
2014-03-19 17:15 - 2010-11-20 13:06 - 00117760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys
2014-03-19 17:15 - 2010-11-20 13:06 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tunnel.sys
2014-03-19 17:15 - 2010-11-20 13:06 - 00046080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndisuio.sys
2014-03-19 17:15 - 2010-11-20 13:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\1394ohci.sys
2014-03-19 17:15 - 2010-11-20 12:50 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ks.sys
2014-03-19 17:15 - 2010-11-20 12:50 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\CompositeBus.sys
2014-03-19 17:15 - 2010-11-20 12:14 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\vmicsvc.exe
2014-03-19 17:15 - 2010-11-20 11:47 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\acpipmi.sys
2014-03-19 17:15 - 2010-11-20 11:44 - 00388096 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\csc.sys
2014-03-19 17:15 - 2010-11-20 11:44 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys
2014-03-19 17:15 - 2010-11-20 11:42 - 00246784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\udfs.sys
2014-03-19 17:15 - 2010-11-20 11:42 - 00078336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2014-03-19 17:15 - 2010-11-20 11:40 - 00513536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2014-03-19 17:15 - 2010-11-20 11:39 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
2014-03-19 17:15 - 2010-11-20 11:39 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-03-19 17:15 - 2010-11-20 11:39 - 00021504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdi.sys
2014-03-19 17:15 - 2010-11-20 11:38 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cdrom.sys
2014-03-19 17:15 - 2010-11-20 08:23 - 00053600 _____ () C:\Windows\system32\dosx.exe
2014-03-19 17:15 - 2010-11-10 04:45 - 00010429 _____ () C:\Windows\system32\ScavengeSpace.xml
2014-03-19 17:15 - 2010-11-05 05:20 - 00146852 _____ () C:\Windows\system32\systemsf.ebd
2014-03-19 17:15 - 2010-11-05 05:11 - 00312168 _____ (Microsoft Corporation) C:\Windows\system32\MCEWMDRMNDBootstrap.dll
2014-03-19 17:15 - 2010-11-05 04:58 - 00297808 _____ (Microsoft Corporation) C:\Windows\system32\mscoree.dll
2014-03-19 17:15 - 2010-11-05 04:58 - 00155472 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-03-19 17:15 - 2010-11-05 04:58 - 00080720 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-03-19 17:15 - 2010-11-05 04:58 - 00049488 _____ (Microsoft Corporation) C:\Windows\system32\netfxperf.dll
2014-03-19 17:15 - 2010-11-05 04:53 - 00295264 _____ (Microsoft Corporation) C:\Windows\system32\PresentationHost.exe
2014-03-19 17:15 - 2010-11-05 04:53 - 00099176 _____ (Microsoft Corporation) C:\Windows\system32\PresentationHostProxy.dll
2014-03-19 17:14 - 2010-11-20 15:21 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\wbemcomn.dll
2014-03-19 17:14 - 2010-11-20 15:21 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\wdscore.dll
2014-03-19 17:14 - 2010-11-20 15:21 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\sqmapi.dll
2014-03-19 17:14 - 2010-11-20 15:21 - 00021504 _____ (Microsoft Corporation) C:\Windows\system32\wsdchngr.dll
2014-03-19 17:14 - 2010-11-20 15:21 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\shgina.dll
2014-03-19 17:14 - 2010-11-20 15:21 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\wshirda.dll
2014-03-19 17:14 - 2010-11-20 15:21 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\shunimpl.dll
2014-03-19 17:14 - 2010-11-20 15:21 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\sscore.dll
2014-03-19 17:14 - 2010-11-20 15:21 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\riched32.dll
2014-03-19 17:14 - 2010-11-20 15:21 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\rdpcfgex.dll
2014-03-19 17:14 - 2010-11-20 15:21 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2014-03-19 17:14 - 2010-11-20 15:21 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2014-03-19 17:14 - 2010-11-20 15:20 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2014-03-19 17:14 - 2010-11-20 15:18 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\C_ISCII.DLL
2014-03-19 17:14 - 2010-11-20 15:18 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\browseui.dll
2014-03-19 17:14 - 2010-11-20 15:07 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\spwizres.dll
2014-03-19 17:14 - 2010-11-20 15:06 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\nlsbres.dll
2014-03-19 17:14 - 2010-11-20 15:05 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\pifmgr.dll
2014-03-19 17:14 - 2010-11-20 15:00 - 00430080 _____ (Microsoft Corporation) C:\Windows\system32\imkr80.ime
2014-03-19 17:14 - 2010-11-20 15:00 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDSG.DLL
2014-03-19 17:14 - 2010-11-20 15:00 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\kbdlk41a.dll
2014-03-19 17:14 - 2010-11-20 15:00 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDCZ1.DLL
2014-03-19 17:14 - 2010-11-20 15:00 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDTUQ.DLL
2014-03-19 17:14 - 2010-11-20 15:00 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDTUF.DLL
2014-03-19 17:14 - 2010-11-20 15:00 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDSF.DLL
2014-03-19 17:14 - 2010-11-20 15:00 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDPO.DLL
2014-03-19 17:14 - 2010-11-20 15:00 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDNEPR.DLL
2014-03-19 17:14 - 2010-11-20 15:00 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDINBEN.DLL
2014-03-19 17:14 - 2010-11-20 15:00 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDGR1.DLL
2014-03-19 17:14 - 2010-11-20 15:00 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDGKL.DLL
2014-03-19 17:14 - 2010-11-20 15:00 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDUS.DLL
2014-03-19 17:14 - 2010-11-20 15:00 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDUGHR1.DLL
2014-03-19 17:14 - 2010-11-20 15:00 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDTURME.DLL
2014-03-19 17:14 - 2010-11-20 15:00 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAJIK.DLL
2014-03-19 17:14 - 2010-11-20 15:00 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDMON.DLL
2014-03-19 17:14 - 2010-11-20 15:00 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDMAORI.DLL
2014-03-19 17:14 - 2010-11-20 15:00 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDLT1.DLL
2014-03-19 17:14 - 2010-11-20 15:00 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDINTEL.DLL
2014-03-19 17:14 - 2010-11-20 15:00 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDINTAM.DLL
2014-03-19 17:14 - 2010-11-20 15:00 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDINORI.DLL
2014-03-19 17:14 - 2010-11-20 15:00 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDINMAR.DLL
2014-03-19 17:14 - 2010-11-20 15:00 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDINKAN.DLL
2014-03-19 17:14 - 2010-11-20 15:00 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDINHIN.DLL
2014-03-19 17:14 - 2010-11-20 15:00 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDBULG.DLL
2014-03-19 17:14 - 2010-11-20 15:00 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDBLR.DLL
2014-03-19 17:14 - 2010-11-20 15:00 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-03-19 17:14 - 2010-11-20 15:00 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\KBDGEO.DLL
2014-03-19 17:14 - 2010-11-20 14:56 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\BlbEvents.dll
2014-03-19 17:14 - 2010-11-20 13:22 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RDPCDD.sys
2014-03-19 17:14 - 2010-11-20 13:21 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\RDPREFDD.dll
2014-03-19 17:14 - 2010-11-20 13:07 - 00118784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndiswan.sys
2014-03-19 17:14 - 2010-11-20 13:07 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wanarp.sys
2014-03-19 17:14 - 2010-11-20 13:00 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\HdAudio.sys
2014-03-19 17:14 - 2010-11-20 13:00 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\umbus.sys
2014-03-19 17:14 - 2010-11-20 13:00 - 00025856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBCAMD2.sys
2014-03-19 17:14 - 2010-11-20 13:00 - 00025856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBCAMD.sys
2014-03-19 17:14 - 2010-11-20 12:59 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hdaudbus.sys
2014-03-19 17:14 - 2010-11-20 12:59 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidusb.sys
2014-03-19 17:14 - 2010-11-20 12:50 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\kbdhid.sys
2014-03-19 17:14 - 2010-11-20 12:50 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sffp_sd.sys
2014-03-19 17:14 - 2010-11-20 12:29 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2014-03-19 17:14 - 2010-11-20 12:24 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\scfilter.sys
2014-03-19 17:14 - 2010-11-20 12:19 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\IPMIDrv.sys
2014-03-19 17:14 - 2010-11-20 12:14 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\VmbusCoinstaller.dll
2014-03-19 17:14 - 2010-11-20 12:14 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\VmdCoinstall.dll
2014-03-19 17:14 - 2010-11-20 12:14 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\IcCoinstall.dll
2014-03-19 17:14 - 2010-11-20 12:14 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\vmictimeprovider.dll
2014-03-19 17:14 - 2010-11-20 12:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\VMBusHID.sys
2014-03-19 17:14 - 2010-11-20 12:14 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\vmbuspipe.dll
2014-03-19 17:14 - 2010-11-20 12:14 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vms3cap.sys
2014-03-19 17:14 - 2010-11-05 05:20 - 00105559 _____ () C:\Windows\system32\RacRules.xml
2014-03-19 16:52 - 2014-04-03 16:31 - 00011264 _____ () C:\Users\gokarna\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-03-19 16:17 - 2014-03-19 16:17 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-03-16 11:04 - 2014-03-16 11:04 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-03-16 10:58 - 2014-03-16 11:35 - 00000000 ____D () C:\ProgramData\AnySend
2014-03-16 10:58 - 2014-03-16 11:34 - 00000000 ____D () C:\Users\gokarna\AppData\Roaming\AnySend
2014-03-16 10:56 - 2014-03-16 11:15 - 00000000 ____D () C:\Users\gokarna\AppData\Roaming\sweet-page
2014-03-16 10:55 - 2014-03-16 10:54 - 01492336 _____ (Drivers For Free) C:\Users\gokarna\Downloads\DFFDriverDownloadManager.exe
2014-03-16 10:54 - 2014-03-16 10:54 - 00626056 _____ ( ) C:\Users\gokarna\Downloads\DriversForFreeSetup.exe
2014-03-16 10:35 - 2014-03-16 10:36 - 00000000 ____D () C:\ProgramData\Guard.Mail.Ru
2014-03-16 10:34 - 2014-03-16 10:34 - 00000000 ____D () C:\Users\gokarna\AppData\Roaming\Opera Software
2014-03-16 10:34 - 2014-03-16 10:34 - 00000000 ____D () C:\Users\gokarna\AppData\Roaming\Opera
2014-03-16 10:34 - 2014-03-16 10:34 - 00000000 ____D () C:\Users\gokarna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter
2014-03-16 10:34 - 2014-03-16 10:34 - 00000000 ____D () C:\Users\gokarna\AppData\Local\Opera
2014-03-16 10:34 - 2014-03-16 10:34 - 00000000 ____D () C:\Users\gokarna\AppData\Local\Chromium
2014-03-16 10:31 - 2014-03-16 10:58 - 00000000 ____D () C:\Users\gokarna\AppData\Roaming\DRPSu
2014-03-16 10:31 - 2014-03-16 10:31 - 00000000 ____D () C:\Program Files\DIFX
wendyseana
2014-04-13, 18:31
2014-03-16 10:30 - 2013-03-04 14:35 - 00101448 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RTNUninst32.dll
2014-03-16 10:27 - 2014-03-16 10:29 - 06782358 _____ (Kuzyakov Artur) C:\Users\gokarna\Downloads\2694_LAN_Win7-64_Win7_7006_.exe
2014-03-16 03:48 - 2012-07-06 22:23 - 00393728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthport.sys
2014-03-16 03:48 - 2011-04-28 06:15 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BTHUSB.SYS
2014-03-16 03:48 - 2011-03-11 08:39 - 00148864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-03-16 03:48 - 2011-03-11 08:39 - 00143744 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvstor.sys
2014-03-16 03:48 - 2011-03-11 08:39 - 00117120 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvraid.sys
2014-03-16 03:48 - 2011-03-11 08:38 - 00332160 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorV.sys
2014-03-16 03:48 - 2011-03-11 08:38 - 00080256 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdsata.sys
2014-03-16 03:48 - 2011-03-11 08:38 - 00022400 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdxata.sys
2014-03-16 03:48 - 2011-03-11 08:33 - 01699328 _____ (Microsoft Corporation) C:\Windows\system32\esent.dll
2014-03-16 03:48 - 2011-03-11 08:31 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\fsutil.exe
2014-03-16 03:48 - 2011-03-11 07:01 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2014-03-16 03:48 - 2010-11-20 15:17 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\fsquirt.exe
2014-03-16 00:36 - 2014-03-16 00:36 - 00000000 ____D () C:\Users\gokarna\AppData\Local\Macromedia
2014-03-16 00:29 - 2014-04-09 12:28 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-16 00:29 - 2014-03-19 16:18 - 00002012 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2014-03-16 00:29 - 2014-03-16 00:29 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-03-16 00:29 - 2014-03-16 00:29 - 00000000 ____D () C:\ProgramData\McAfee
2014-03-16 00:28 - 2014-03-19 16:29 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-03-16 00:28 - 2014-03-19 16:29 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-03-16 00:24 - 2014-03-16 00:24 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-03-15 21:25 - 2014-03-15 21:25 - 01069920 _____ (Solid State Networks) C:\Users\gokarna\Downloads\install_reader11_en_mssa_aaa_aih(1).exe
2014-03-15 20:40 - 2014-03-15 21:41 - 00000000 ____D () C:\Users\gokarna\Documents\Sexy Stockings and Smoking Girls_files
2014-03-15 20:40 - 2014-03-15 20:40 - 00101217 _____ () C:\Users\gokarna\Documents\Sexy Stockings and Smoking Girls.htm
2014-03-15 15:38 - 2014-03-15 15:38 - 00000000 __SHD () C:\Windows\system32\%APPDATA%
2014-03-15 15:27 - 2009-06-11 00:39 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20140315-142749.backup
2014-03-15 15:23 - 2014-03-21 12:22 - 00000000 ____D () C:\Users\gokarna\AppData\Roaming\Apple Computer
2014-03-15 15:23 - 2014-03-15 15:23 - 00000000 ____D () C:\Users\gokarna\AppData\Local\Apple Computer
2014-03-15 15:22 - 2014-03-16 00:24 - 00001753 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-03-15 15:22 - 2014-03-15 15:22 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-03-15 15:22 - 2014-03-15 15:22 - 00000000 ____D () C:\Program Files\iTunes
2014-03-15 15:22 - 2014-03-15 15:22 - 00000000 ____D () C:\Program Files\iPod
2014-03-15 15:22 - 2012-08-21 14:01 - 00026840 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2014-03-15 15:02 - 2014-03-15 15:22 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-03-15 15:02 - 2014-03-15 15:02 - 00000000 ____D () C:\Users\gokarna\AppData\Local\Apple
2014-03-15 15:02 - 2014-03-15 15:02 - 00000000 ____D () C:\ProgramData\Apple
2014-03-15 15:02 - 2014-03-15 15:02 - 00000000 ____D () C:\Program Files\Bonjour
2014-03-15 15:02 - 2014-03-15 15:02 - 00000000 ____D () C:\Program Files\Apple Software Update
2014-03-15 14:34 - 2014-03-15 14:39 - 137699152 _____ (Apple Inc.) C:\Users\gokarna\Downloads\iTunesSetup.exe
2014-03-15 14:33 - 2014-03-15 14:33 - 00559280 _____ (Safer-Networking Ltd. ) C:\Users\gokarna\Downloads\spybot2-license(1).exe
2014-03-15 14:08 - 2014-03-19 18:28 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-03-15 14:08 - 2014-03-15 14:08 - 00002123 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-03-15 14:08 - 2013-09-20 11:49 - 00018968 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean.exe
2014-03-15 14:06 - 2014-03-15 14:33 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-03-15 14:04 - 2014-03-15 14:04 - 00559280 _____ (Safer-Networking Ltd. ) C:\Users\gokarna\Downloads\spybot2-license.exe
2014-03-15 08:35 - 2012-07-26 06:39 - 00047720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys
2014-03-15 08:35 - 2012-07-26 06:21 - 00196608 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe
2014-03-15 08:35 - 2012-07-26 06:20 - 00613888 _____ (Microsoft Corporation) C:\Windows\system32\WUDFx.dll
2014-03-15 08:35 - 2012-07-26 06:20 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll
2014-03-15 08:35 - 2012-07-26 06:20 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll
2014-03-15 08:35 - 2012-07-26 06:20 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\WUDFCoinstaller.dll
2014-03-15 08:35 - 2012-07-26 05:46 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll
2014-03-15 08:35 - 2012-07-26 05:33 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys
2014-03-15 08:35 - 2012-07-26 05:32 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys
2014-03-15 08:35 - 2012-06-02 17:57 - 00000003 _____ () C:\Windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2014-03-15 08:35 - 2012-06-02 17:34 - 00000003 _____ () C:\Windows\system32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2014-03-15 08:33 - 2012-03-01 08:46 - 00019824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fs_rec.sys
2014-03-15 08:33 - 2012-03-01 08:29 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\wmi.dll
2014-03-15 08:31 - 2014-03-15 08:33 - 00003885 _____ () C:\Windows\IE9_main.log
2014-03-13 10:05 - 2013-04-12 16:45 - 01211752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-03-13 10:05 - 2013-02-12 06:32 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys
2014-03-13 10:05 - 2012-11-22 07:45 - 00626688 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-03-13 10:05 - 2011-04-29 05:46 - 00311808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2014-03-13 10:05 - 2011-04-29 05:46 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2014-03-13 10:05 - 2011-04-29 05:46 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2014-03-13 10:04 - 2013-03-19 07:48 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2014-03-13 10:04 - 2013-03-19 05:49 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2014-03-13 10:04 - 2013-01-24 07:47 - 00196328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2014-03-13 10:04 - 2012-11-02 08:11 - 00376832 _____ (Microsoft Corporation) C:\Windows\system32\dpnet.dll
2014-03-13 10:04 - 2011-06-16 07:33 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\xmllite.dll
2014-03-13 10:04 - 2011-03-03 08:38 - 00270336 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2014-03-13 10:04 - 2011-03-03 08:38 - 00132608 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll
2014-03-13 10:04 - 2011-03-03 08:36 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\dnscacheugc.exe
2014-03-13 10:04 - 2011-02-18 08:39 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\prevhost.exe
2014-03-13 10:04 - 2010-11-20 14:57 - 00002560 _____ (Microsoft Corporation) C:\Windows\system32\dpnaddr.dll
2014-03-13 10:03 - 2012-04-28 06:17 - 00183808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-03-13 10:03 - 2011-12-30 08:27 - 00478720 _____ (Microsoft Corporation) C:\Windows\system32\timedate.cpl
2014-03-13 10:03 - 2011-08-17 07:24 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\psisdecd.dll
2014-03-13 10:03 - 2011-08-17 07:19 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\psisrndr.ax
2014-03-13 10:03 - 2011-05-24 13:44 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\umpnpmgr.dll
2014-03-13 10:03 - 2010-11-20 15:18 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\cfgmgr32.dll
2014-03-13 10:03 - 2010-11-20 15:16 - 00204288 _____ (Microsoft Corporation) C:\Windows\system32\MSNP.ax
2014-03-13 10:03 - 2010-11-20 15:16 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\Mpeg2Data.ax
2014-03-13 10:03 - 2010-11-20 15:16 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\MSDvbNP.ax
2014-03-13 10:03 - 2010-11-20 13:24 - 00134656 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2014-03-13 10:03 - 2010-11-20 13:21 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2014-03-13 10:02 - 2013-02-15 07:37 - 03217408 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-03-13 10:02 - 2013-02-15 07:34 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2014-03-13 10:02 - 2013-02-15 06:25 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-03-13 10:02 - 2012-11-01 07:47 - 01389568 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-03-13 10:02 - 2011-08-27 07:26 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-03-13 10:02 - 2011-08-27 07:26 - 00233472 _____ (Microsoft Corporation) C:\Windows\system32\oleacc.dll
2014-03-13 10:02 - 2011-07-09 05:30 - 00223744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2014-03-13 10:02 - 2011-05-03 07:30 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2014-03-13 10:02 - 2011-04-27 05:17 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2014-03-13 10:02 - 2011-04-27 05:17 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2014-03-13 10:01 - 2013-01-03 08:04 - 00187752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-03-13 10:01 - 2011-11-19 17:01 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-03-13 10:00 - 2012-07-05 00:16 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\netapi32.dll
2014-03-13 10:00 - 2012-07-05 00:14 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\browser.dll
2014-03-13 10:00 - 2012-07-05 00:14 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\browcli.dll
2014-03-13 10:00 - 2012-06-06 08:03 - 00805376 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll
2014-03-13 10:00 - 2012-05-05 10:46 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2014-03-13 10:00 - 2011-10-15 08:38 - 00534528 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
2014-03-13 10:00 - 2011-05-04 07:34 - 01549312 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2014-03-13 10:00 - 2011-05-04 07:32 - 01401344 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2014-03-13 10:00 - 2011-05-04 07:32 - 00666624 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2014-03-13 10:00 - 2011-05-04 07:32 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2014-03-13 10:00 - 2011-05-04 07:32 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2014-03-13 10:00 - 2011-05-04 07:32 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2014-03-13 10:00 - 2011-05-04 07:28 - 00427520 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2014-03-13 10:00 - 2011-05-04 07:28 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2014-03-13 10:00 - 2011-05-04 07:28 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2014-03-13 10:00 - 2011-02-12 08:35 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\FXSCOVER.exe
2014-03-13 10:00 - 2010-11-20 15:17 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\WFS.exe
2014-03-13 10:00 - 2010-11-20 15:17 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2014-03-13 09:59 - 2012-12-07 15:26 - 00308736 _____ (Microsoft Corporation) C:\Windows\system32\Wpc.dll
2014-03-13 09:59 - 2012-12-07 15:20 - 02576384 _____ (Microsoft Corporation) C:\Windows\system32\gameux.dll
2014-03-13 09:59 - 2012-12-07 13:46 - 00055296 _____ (Microsoft) C:\Windows\system32\cero.rs
2014-03-13 09:59 - 2012-12-07 13:46 - 00051712 _____ (Microsoft) C:\Windows\system32\esrb.rs
2014-03-13 09:59 - 2012-12-07 13:46 - 00046592 _____ (Microsoft) C:\Windows\system32\fpb.rs
2014-03-13 09:59 - 2012-12-07 13:46 - 00045568 _____ (Microsoft) C:\Windows\system32\oflc-nz.rs
2014-03-13 09:59 - 2012-12-07 13:46 - 00044544 _____ (Microsoft) C:\Windows\system32\pegibbfc.rs
2014-03-13 09:59 - 2012-12-07 13:46 - 00043520 _____ (Microsoft) C:\Windows\system32\csrr.rs
2014-03-13 09:59 - 2012-12-07 13:46 - 00040960 _____ (Microsoft) C:\Windows\system32\cob-au.rs
2014-03-13 09:59 - 2012-12-07 13:46 - 00030720 _____ (Microsoft) C:\Windows\system32\usk.rs
2014-03-13 09:59 - 2012-12-07 13:46 - 00023552 _____ (Microsoft) C:\Windows\system32\oflc.rs
2014-03-13 09:59 - 2012-12-07 13:46 - 00021504 _____ (Microsoft) C:\Windows\system32\grb.rs
2014-03-13 09:59 - 2012-12-07 13:46 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-pt.rs
2014-03-13 09:59 - 2012-12-07 13:46 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-fi.rs
2014-03-13 09:59 - 2012-12-07 13:46 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi.rs
2014-03-13 09:59 - 2012-12-07 13:46 - 00015360 _____ (Microsoft) C:\Windows\system32\djctq.rs
2014-03-13 09:59 - 2012-08-11 02:56 - 00542208 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-03-13 09:59 - 2012-04-07 14:26 - 02342400 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-03-13 09:59 - 2011-10-26 07:32 - 01328128 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2014-03-13 09:59 - 2011-10-26 07:32 - 00514560 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-03-13 09:59 - 2010-12-23 08:54 - 00850944 _____ (Microsoft Corporation) C:\Windows\system32\sbe.dll
2014-03-13 09:59 - 2010-12-23 08:54 - 00642048 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
2014-03-13 09:59 - 2010-12-23 08:50 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\mpg2splt.ax
2014-03-13 09:58 - 2012-09-26 01:47 - 00078336 _____ (Microsoft Corporation) C:\Windows\system32\synceng.dll
2014-03-13 09:58 - 2012-05-14 07:33 - 00769024 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2014-03-13 09:58 - 2012-05-01 07:44 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2014-03-13 09:58 - 2012-04-26 07:45 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-03-13 09:58 - 2012-04-26 07:45 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\rdpwsx.dll
2014-03-13 09:58 - 2012-04-26 07:41 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\rdrmemptylst.exe
2014-03-13 09:58 - 2012-03-17 10:27 - 00056176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\partmgr.sys
2014-03-13 09:58 - 2012-01-04 11:58 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\ntshrui.dll
2014-03-13 09:58 - 2011-12-16 10:52 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\msvcrt.dll
2014-03-13 09:58 - 2011-11-17 08:35 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll
2014-03-13 09:58 - 2011-06-15 11:55 - 00319488 _____ (Microsoft Corporation) C:\Windows\system32\odbcjt32.dll
2014-03-13 09:58 - 2011-06-15 11:55 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\odbctrac.dll
2014-03-13 09:58 - 2011-06-15 11:55 - 00122880 _____ (Microsoft Corporation) C:\Windows\system32\odbccp32.dll
2014-03-13 09:58 - 2011-06-15 11:55 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\odbccu32.dll
2014-03-13 09:58 - 2011-06-15 11:55 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\odbccr32.dll
2014-03-13 09:58 - 2010-11-20 15:20 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\profprov.dll
2014-03-13 09:57 - 2011-04-22 22:14 - 00027008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-03-13 09:57 - 2011-04-09 08:56 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2014-03-13 09:57 - 2011-03-11 08:33 - 01164288 _____ (Microsoft Corporation) C:\Windows\system32\mfc42u.dll
2014-03-13 09:57 - 2011-03-11 08:33 - 01137664 _____ (Microsoft Corporation) C:\Windows\system32\mfc42.dll
2014-03-13 09:57 - 2011-02-23 07:47 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
2014-03-13 09:56 - 2010-11-20 14:56 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2014-03-13 09:15 - 2012-02-17 08:34 - 00826880 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll
2014-03-13 09:15 - 2012-02-17 07:13 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdtcp.sys
2014-03-13 09:15 - 2010-11-20 13:21 - 00018432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdpipe.sys
2014-03-10 11:50 - 2012-06-03 01:19 - 01933848 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-03-10 11:50 - 2012-06-03 01:19 - 00577048 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-03-10 11:50 - 2012-06-03 01:19 - 00053784 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-03-10 11:50 - 2012-06-03 01:19 - 00045080 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-03-10 11:50 - 2012-06-03 01:19 - 00035864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-03-10 11:50 - 2012-06-03 01:12 - 02422272 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-03-10 11:50 - 2012-06-03 01:12 - 00088576 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-03-10 11:50 - 2012-06-02 12:49 - 00171904 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-03-10 11:50 - 2012-06-02 12:42 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
==================== One Month Modified Files and Folders =======
2014-04-09 13:02 - 2014-04-01 12:19 - 00015298 _____ () C:\Users\gokarna\Downloads\FRST.txt
2014-04-09 13:02 - 2014-04-01 12:19 - 00000000 ____D () C:\FRST
2014-04-09 12:47 - 2014-04-02 19:06 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-09 12:42 - 2014-04-02 21:37 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-09 12:28 - 2014-03-16 00:29 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-09 11:44 - 2014-03-04 10:26 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-09 11:43 - 2009-07-14 07:34 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-09 11:43 - 2009-07-14 07:34 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-09 11:42 - 2014-03-04 10:18 - 01910277 _____ () C:\Windows\WindowsUpdate.log
2014-04-09 11:41 - 2014-04-09 11:41 - 00000000 ____D () C:\Users\gokarna\AppData\Roaming\Yandex
2014-04-09 11:40 - 2014-04-09 11:40 - 00003287 _____ () C:\Users\gokarna\Desktop\AdwCleaner[S0].txt
2014-04-09 11:38 - 2014-04-09 11:38 - 00000000 ___RD () C:\Users\gokarna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-04-09 11:38 - 2014-04-02 21:37 - 00000884 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-09 11:38 - 2009-07-14 07:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-09 11:37 - 2009-07-14 07:39 - 00027972 _____ () C:\Windows\setupact.log
2014-04-09 11:34 - 2014-04-05 21:21 - 00000000 ____D () C:\AdwCleaner
2014-04-09 10:40 - 2014-04-09 10:40 - 01016261 _____ (Thisisu) C:\Users\gokarna\Downloads\JRT.exe
2014-04-09 09:55 - 2014-04-09 09:54 - 01145856 _____ (Farbar) C:\Users\gokarna\Downloads\FRST(1).exe
2014-04-09 09:28 - 2014-03-09 21:54 - 00000000 ____D () C:\Users\gokarna\AppData\Local\CrashDumps
2014-04-09 02:59 - 2014-03-04 11:31 - 00000000 ____D () C:\Users\gokarna\AppData\Roaming\vlc
2014-04-09 02:47 - 2014-03-04 10:45 - 00000000 ____D () C:\Users\gokarna\AppData\Roaming\Adobe
2014-04-08 08:54 - 2014-04-03 12:09 - 00000000 ____D () C:\Users\gokarna\AppData\Roaming\Spotify
2014-04-07 20:04 - 2014-03-04 14:40 - 00000000 ____D () C:\Users\gokarna\AppData\Roaming\Skype
2014-04-06 00:00 - 2014-04-09 10:23 - 00000180 _____ () C:\Users\gokarna\Documents\filetext.txt
2014-04-06 00:00 - 2014-04-06 00:00 - 00000180 _____ () C:\Users\gokarna\Desktop\filetext.txt
2014-04-05 22:16 - 2014-04-05 22:16 - 00000000 ____D () C:\Windows\ERUNT
2014-04-05 21:19 - 2014-04-05 21:19 - 01426178 _____ () C:\Users\gokarna\Downloads\AdwCleaner.exe
2014-04-05 15:13 - 2014-04-02 19:05 - 00001064 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-05 15:13 - 2014-04-02 19:05 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-04-04 02:24 - 2014-03-04 11:24 - 00014386 _____ () C:\Windows\PFRO.log
2014-04-03 17:38 - 2009-07-14 05:37 - 00000000 ____D () C:\Windows\system32\LogFiles
2014-04-03 16:31 - 2014-03-19 16:52 - 00011264 _____ () C:\Users\gokarna\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-04-03 12:23 - 2014-04-03 12:23 - 00127080 _____ (Spotify Ltd) C:\Users\gokarna\Downloads\SpotifySetup(1).exe
2014-04-03 12:19 - 2014-04-03 12:10 - 00001817 _____ () C:\Users\gokarna\Desktop\Spotify.lnk
2014-04-03 12:19 - 2014-04-03 12:10 - 00001803 _____ () C:\Users\gokarna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2014-04-03 12:10 - 2014-04-03 12:10 - 00000000 ____D () C:\Users\gokarna\AppData\Local\Spotify
2014-04-03 12:07 - 2014-04-03 12:07 - 00127080 _____ (Spotify Ltd) C:\Users\gokarna\Downloads\SpotifySetup.exe
2014-04-03 11:46 - 2014-03-04 11:28 - 00002205 _____ () C:\Users\gokarna\Desktop\Google Chrome.lnk
2014-04-03 09:51 - 2014-04-02 19:05 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-02 19:05 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-02 19:05 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-03 03:35 - 2009-07-14 05:37 - 00000000 __RHD () C:\Users\Public\Libraries
2014-04-02 22:38 - 2014-03-04 11:59 - 00000000 ____D () C:\Program Files\Winamp
2014-04-02 22:11 - 2014-04-02 22:09 - 00000000 ___RD () C:\Program Files\Skype
2014-04-02 22:09 - 2014-04-02 22:09 - 00000000 ____D () C:\Users\gokarna\AppData\Local\Skype
2014-04-02 22:09 - 2014-04-02 22:09 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-04-02 22:09 - 2014-03-04 14:40 - 00002685 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-04-02 22:09 - 2014-03-04 14:40 - 00000000 ____D () C:\ProgramData\Skype
2014-04-02 22:08 - 2014-04-02 22:08 - 00362029 _____ () C:\Users\gokarna\Downloads\sqlite3.dll
2014-04-02 21:58 - 2014-04-02 21:57 - 34829472 _____ (Skype Technologies S.A.) C:\Users\gokarna\Downloads\SkypeSetupFull.exe
2014-04-02 21:39 - 2014-04-02 21:39 - 00002205 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-04-02 21:39 - 2014-04-02 21:37 - 00000000 ____D () C:\Program Files\Google
2014-04-02 21:37 - 2014-04-02 21:37 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-02 21:36 - 2014-03-04 11:28 - 00000000 ____D () C:\Users\gokarna\AppData\Local\Google
2014-04-02 21:35 - 2014-04-02 21:35 - 00884712 _____ (Google Inc.) C:\Users\gokarna\Downloads\ChromeSetup.exe
2014-04-02 21:11 - 2014-04-02 21:11 - 00000000 ____D () C:\ProgramData\Sun
2014-04-02 21:11 - 2014-03-30 18:15 - 00000000 ____D () C:\Users\gokarna\Downloads\Sinead O'Connor So Far... The Best Of
2014-04-02 21:11 - 2014-03-04 11:21 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-04-02 21:10 - 2014-04-02 21:10 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-04-02 21:10 - 2014-04-02 21:10 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-04-02 21:10 - 2014-04-02 21:10 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-04-02 21:10 - 2014-04-02 21:10 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-04-02 21:10 - 2014-03-04 11:21 - 00000000 ____D () C:\Program Files\Java
2014-04-02 21:06 - 2014-04-02 21:06 - 00921000 _____ (Oracle Corporation) C:\Users\gokarna\Downloads\jxpiinstall.exe
2014-04-02 21:06 - 2014-04-02 21:06 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2014-04-02 21:06 - 2014-04-02 21:06 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2014-04-02 21:06 - 2014-03-04 10:45 - 00000000 ____D () C:\Program Files\Common Files\Adobe AIR
2014-04-02 21:06 - 2014-03-04 10:44 - 00000000 ____D () C:\ProgramData\Adobe
2014-04-02 21:06 - 2014-03-04 10:44 - 00000000 ____D () C:\Program Files\Adobe
2014-04-02 21:05 - 2014-04-02 21:04 - 00000000 ____D () C:\Program Files\MPC-HC
2014-04-02 21:04 - 2014-03-04 11:31 - 00000952 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-04-02 21:00 - 2014-04-02 21:00 - 00000000 ____D () C:\Users\gokarna\AppData\Local\Secunia PSI
2014-04-02 20:58 - 2014-04-02 20:58 - 00000000 ____D () C:\Program Files\Secunia
2014-04-02 20:50 - 2014-04-02 20:49 - 05329480 _____ (Secunia) C:\Users\gokarna\Downloads\PSISetup.exe
2014-04-02 20:28 - 2014-04-02 20:27 - 00001800 _____ () C:\sc-cleaner.txt
2014-04-02 20:26 - 2014-04-02 20:26 - 00406264 _____ (Bleeping Computer, LLC) C:\Users\gokarna\Downloads\sc-cleaner.exe
2014-04-02 19:41 - 2009-07-14 05:37 - 00000000 ____D () C:\Windows\schemas
2014-04-02 19:05 - 2014-04-02 19:05 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-02 18:44 - 2014-04-02 18:43 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\gokarna\Downloads\mbam-setup-2.0.0.1000.exe
2014-04-01 12:20 - 2014-04-01 12:20 - 00020845 _____ () C:\Users\gokarna\Downloads\Addition.txt
2014-04-01 11:29 - 2014-04-01 11:28 - 01145856 _____ (Farbar) C:\Users\gokarna\Downloads\FRST.exe
2014-04-01 10:36 - 2014-04-01 10:35 - 00003618 _____ () C:\Users\gokarna\Desktop\Rkill.txt
2014-04-01 10:34 - 2014-04-01 10:34 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\gokarna\Downloads\rkill.exe
2014-04-01 09:44 - 2014-03-04 10:21 - 00000000 ____D () C:\Users\gokarna\AppData\Local\VirtualStore
2014-03-30 17:47 - 2014-03-30 17:41 - 107907946 _____ () C:\Users\gokarna\Downloads\The Rolling Stones - GRRR! (Deluxe Version) CD2.zip
2014-03-30 12:32 - 2014-03-26 19:05 - 00000000 ____D () C:\Windows\erdnt
2014-03-30 12:32 - 2014-03-04 12:17 - 00000265 _____ () C:\Windows\lgfwup.ini
2014-03-30 12:32 - 2014-03-04 12:17 - 00000000 ____D () C:\Program Files\lg_fwupdate
2014-03-30 12:31 - 2014-03-07 17:08 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-03-30 01:59 - 2014-03-30 01:27 - 00000000 ____D () C:\Users\gokarna\Documents\Spybot Docs
2014-03-30 00:51 - 2014-03-30 00:51 - 04745728 _____ (AVAST Software) C:\Users\gokarna\Downloads\aswMBR.exe
2014-03-30 00:48 - 2014-03-30 00:47 - 00688992 ____R (Swearware) C:\Users\gokarna\Downloads\dds.scr
2014-03-30 00:46 - 2014-03-30 00:45 - 00000000 ____D () C:\Program Files\ERUNT
2014-03-30 00:45 - 2014-03-30 00:45 - 00000898 _____ () C:\Users\UpdatusUser\Desktop\NTREGOPT.lnk
2014-03-30 00:45 - 2014-03-30 00:45 - 00000898 _____ () C:\Users\gokarna\Desktop\NTREGOPT.lnk
2014-03-30 00:45 - 2014-03-30 00:45 - 00000879 _____ () C:\Users\UpdatusUser\Desktop\ERUNT.lnk
2014-03-30 00:45 - 2014-03-30 00:45 - 00000879 _____ () C:\Users\gokarna\Desktop\ERUNT.lnk
2014-03-30 00:42 - 2014-03-30 00:42 - 00791393 _____ (Lars Hederer ) C:\Users\gokarna\Downloads\erunt-setup.exe
2014-03-29 18:46 - 2014-03-19 17:56 - 00000298 _____ () C:\Windows\wininit.ini
2014-03-29 17:55 - 2014-03-29 17:55 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-29 17:13 - 2014-03-29 17:13 - 00000000 ____D () C:\Users\gokarna\AppData\Roaming\uTorrent
2014-03-29 04:50 - 2014-03-04 11:59 - 00000000 ____D () C:\Users\gokarna\AppData\Roaming\Winamp
2014-03-28 23:12 - 2014-03-04 12:18 - 00000000 ____D () C:\Users\gokarna\AppData\Local\Adobe
2014-03-28 23:10 - 2014-03-28 23:10 - 00001989 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-03-28 23:10 - 2014-03-04 10:44 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-03-28 22:57 - 2014-03-28 23:09 - 00450709 ____R () C:\Windows\system32\Drivers\etc\hosts.20140328-220935.backup
2014-03-28 22:55 - 2014-03-28 22:57 - 00450709 ____R () C:\Windows\system32\Drivers\etc\hosts.20140328-215753.backup
2014-03-28 22:55 - 2014-03-28 22:55 - 00450709 ____R () C:\Windows\system32\Drivers\etc\hosts.20140328-215542.backup
2014-03-26 19:13 - 2014-03-26 19:05 - 00000000 ___SD () C:\32788R22FWJFW
2014-03-26 19:09 - 2014-03-26 19:09 - 00000000 ____D () C:\Qoobox
2014-03-22 01:02 - 2014-03-04 14:28 - 00000000 ____D () C:\ProgramData\Atheros
2014-03-21 19:09 - 2009-07-14 05:37 - 00000000 ____D () C:\Windows\rescache
2014-03-21 18:28 - 2009-07-14 05:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-03-21 17:56 - 2014-03-21 17:46 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-03-21 17:47 - 2014-03-21 17:47 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_iusb3hcs_01009.Wdf
2014-03-21 17:46 - 2014-03-21 17:46 - 00000020 ___SH () C:\Users\UpdatusUser\ntuser.ini
2014-03-21 17:45 - 2014-03-21 17:44 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-03-21 17:45 - 2009-07-14 05:37 - 00000000 ____D () C:\Windows\Help
2014-03-21 17:44 - 2014-03-21 17:44 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-03-21 17:42 - 2014-03-21 17:42 - 00000000 ____D () C:\Program Files\CONEXANT
2014-03-21 17:38 - 2014-03-21 17:38 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_TeeDriver_01011.Wdf
2014-03-21 17:38 - 2014-03-04 14:25 - 00000000 ____D () C:\Users\gokarna\Documents\Bluetooth Folder
2014-03-21 15:03 - 2014-03-21 04:08 - 00014518 _____ () C:\Windows\IE11_main.log
2014-03-21 15:02 - 2014-03-21 15:02 - 01051136 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-03-21 15:02 - 2014-03-21 15:02 - 00645120 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-03-21 15:02 - 2014-03-21 15:02 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-03-21 15:02 - 2014-03-21 15:02 - 00610304 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-03-21 15:02 - 2014-03-21 15:02 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-03-21 15:02 - 2014-03-21 15:02 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-03-21 15:02 - 2014-03-21 15:02 - 00244736 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-03-21 15:02 - 2014-03-21 15:02 - 00238288 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-03-21 15:02 - 2014-03-21 15:02 - 00233472 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-03-21 15:02 - 2014-03-21 15:02 - 00208384 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-03-21 15:02 - 2014-03-21 15:02 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-03-21 15:02 - 2014-03-21 15:02 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-03-21 15:02 - 2014-03-21 15:02 - 00151552 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-03-21 15:02 - 2014-03-21 15:02 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-03-21 15:02 - 2014-03-21 15:02 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-03-21 15:02 - 2014-03-21 15:02 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-03-21 15:02 - 2014-03-21 15:02 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-03-21 15:02 - 2014-03-21 15:02 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-03-21 15:02 - 2014-03-21 15:02 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-03-21 15:02 - 2014-03-21 15:02 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-03-21 15:02 - 2014-03-21 15:02 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-03-21 15:02 - 2014-03-21 15:02 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-03-21 15:02 - 2014-03-21 15:02 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-03-21 15:02 - 2014-03-21 15:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-03-21 15:02 - 2014-03-21 15:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-03-21 15:02 - 2014-03-21 15:02 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-03-21 15:02 - 2014-03-21 15:02 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-03-21 15:02 - 2014-03-21 15:02 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-03-21 15:02 - 2014-03-21 15:02 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-03-21 15:02 - 2014-03-21 15:02 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-03-21 15:02 - 2014-03-21 15:02 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-03-21 15:02 - 2014-03-21 15:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-03-21 15:02 - 2014-03-21 15:02 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-03-21 12:51 - 2014-03-21 12:51 - 00001815 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-03-21 12:51 - 2014-03-21 12:51 - 00000000 ____D () C:\Program Files\QuickTime
2014-03-21 12:38 - 2014-03-21 12:37 - 41945432 _____ (Apple Inc.) C:\Users\gokarna\Downloads\QuickTimeInstaller.exe
2014-03-21 12:22 - 2014-03-15 15:23 - 00000000 ____D () C:\Users\gokarna\AppData\Roaming\Apple Computer
2014-03-21 10:40 - 2009-07-14 07:33 - 00412432 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-21 04:34 - 2009-07-14 10:50 - 00000000 ____D () C:\Program Files\Windows Journal
2014-03-21 04:34 - 2009-07-14 07:52 - 00000000 ____D () C:\Program Files\Windows Defender
2014-03-21 04:34 - 2009-07-14 05:37 - 00000000 ____D () C:\Windows\system32\zh-TW
2014-03-21 04:34 - 2009-07-14 05:37 - 00000000 ____D () C:\Windows\system32\zh-HK
2014-03-21 04:34 - 2009-07-14 05:37 - 00000000 ____D () C:\Windows\system32\zh-CN
2014-03-21 04:34 - 2009-07-14 05:37 - 00000000 ____D () C:\Windows\system32\tr-TR
2014-03-21 04:34 - 2009-07-14 05:37 - 00000000 ____D () C:\Windows\system32\sv-SE
2014-03-21 04:34 - 2009-07-14 05:37 - 00000000 ____D () C:\Windows\system32\ru-RU
2014-03-21 04:34 - 2009-07-14 05:37 - 00000000 ____D () C:\Windows\system32\pt-PT
2014-03-21 04:34 - 2009-07-14 05:37 - 00000000 ____D () C:\Windows\system32\pt-BR
2014-03-21 04:34 - 2009-07-14 05:37 - 00000000 ____D () C:\Windows\system32\pl-PL
2014-03-21 04:34 - 2009-07-14 05:37 - 00000000 ____D () C:\Windows\system32\nl-NL
2014-03-21 04:34 - 2009-07-14 05:37 - 00000000 ____D () C:\Windows\system32\nb-NO
2014-03-21 04:34 - 2009-07-14 05:37 - 00000000 ____D () C:\Windows\system32\ko-KR
2014-03-21 04:34 - 2009-07-14 05:37 - 00000000 ____D () C:\Windows\system32\ja-JP
2014-03-21 04:34 - 2009-07-14 05:37 - 00000000 ____D () C:\Windows\system32\it-IT
2014-03-21 04:34 - 2009-07-14 05:37 - 00000000 ____D () C:\Windows\system32\hu-HU
2014-03-21 04:34 - 2009-07-14 05:37 - 00000000 ____D () C:\Windows\system32\fr-FR
2014-03-21 04:34 - 2009-07-14 05:37 - 00000000 ____D () C:\Windows\system32\fi-FI
2014-03-21 04:34 - 2009-07-14 05:37 - 00000000 ____D () C:\Windows\system32\el-GR
2014-03-21 04:34 - 2009-07-14 05:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-03-21 04:21 - 2014-03-04 10:48 - 00000000 ____D () C:\Program Files\Microsoft.NET
2014-03-21 04:05 - 2014-03-21 04:01 - 00009285 _____ () C:\Windows\IE10_main.log
wendyseana
2014-04-13, 18:34
2014-03-21 04:03 - 2014-03-21 04:03 - 02284544 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-03-21 04:03 - 2014-03-21 04:03 - 01247744 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2014-03-21 04:03 - 2014-03-21 04:03 - 01158144 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2014-03-21 04:03 - 2014-03-21 04:03 - 01080832 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2014-03-21 04:03 - 2014-03-21 04:03 - 00906240 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2014-03-21 04:03 - 2014-03-21 04:03 - 00604160 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2014-03-21 04:03 - 2014-03-21 04:03 - 00364544 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2014-03-21 04:03 - 2014-03-21 04:03 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2014-03-21 04:03 - 2014-03-21 04:03 - 00249856 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2014-03-21 04:03 - 2014-03-21 04:03 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2014-03-21 04:03 - 2014-03-21 04:03 - 00207872 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2014-03-21 04:03 - 2014-03-21 04:03 - 00187392 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2014-03-21 04:03 - 2014-03-21 04:03 - 00161792 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2014-03-21 04:03 - 2014-03-21 04:03 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\taskhost.exe
2014-03-21 04:03 - 2014-03-21 04:03 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2014-03-21 04:03 - 2014-03-21 04:03 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-03-21 04:03 - 2014-03-21 04:03 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-03-21 04:03 - 2014-03-21 04:03 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-03-21 04:03 - 2014-03-21 04:03 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2014-03-21 04:03 - 2014-03-21 04:03 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-03-21 04:03 - 2014-03-21 04:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2014-03-21 04:03 - 2014-03-21 04:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-03-21 04:03 - 2014-03-21 04:03 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-03-21 04:02 - 2014-03-21 04:02 - 01505280 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2014-03-20 04:25 - 2009-07-14 10:49 - 00000000 __SHD () C:\Windows\BitLockerDiscoveryVolumeContents
2014-03-20 04:25 - 2009-07-14 07:52 - 00000000 ____D () C:\Program Files\Windows Sidebar
2014-03-20 04:25 - 2009-07-14 07:52 - 00000000 ____D () C:\Program Files\Windows Portable Devices
2014-03-20 04:25 - 2009-07-14 07:52 - 00000000 ____D () C:\Program Files\Windows Photo Viewer
2014-03-20 04:25 - 2009-07-14 07:52 - 00000000 ____D () C:\Program Files\DVD Maker
2014-03-20 04:25 - 2009-07-14 05:37 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2014-03-20 04:25 - 2009-07-14 05:37 - 00000000 ____D () C:\Program Files\Common Files\System
2014-03-20 04:07 - 2009-07-14 05:05 - 00152576 _____ (Microsoft Corporation) C:\Windows\system32\msclmd.dll
2014-03-20 04:02 - 2014-03-20 04:02 - 00000000 ____D () C:\Windows\system32\SPReview
2014-03-20 04:02 - 2014-03-20 04:02 - 00000000 ____D () C:\Windows\system32\EventProviders
2014-03-20 04:02 - 2014-03-20 04:00 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-19 23:54 - 2014-03-19 23:54 - 00000000 ____D () C:\Users\gokarna\AppData\Roaming\Media Player Classic
2014-03-19 18:28 - 2014-03-15 14:08 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-03-19 16:29 - 2014-03-16 00:28 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-03-19 16:29 - 2014-03-16 00:28 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-03-19 16:18 - 2014-03-16 00:29 - 00002012 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2014-03-19 16:17 - 2014-03-19 16:17 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-03-16 11:35 - 2014-03-16 10:58 - 00000000 ____D () C:\ProgramData\AnySend
2014-03-16 11:34 - 2014-03-16 10:58 - 00000000 ____D () C:\Users\gokarna\AppData\Roaming\AnySend
2014-03-16 11:15 - 2014-03-16 10:56 - 00000000 ____D () C:\Users\gokarna\AppData\Roaming\sweet-page
2014-03-16 11:04 - 2014-03-16 11:04 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-03-16 10:58 - 2014-03-16 10:31 - 00000000 ____D () C:\Users\gokarna\AppData\Roaming\DRPSu
2014-03-16 10:54 - 2014-03-16 10:55 - 01492336 _____ (Drivers For Free) C:\Users\gokarna\Downloads\DFFDriverDownloadManager.exe
2014-03-16 10:54 - 2014-03-16 10:54 - 00626056 _____ ( ) C:\Users\gokarna\Downloads\DriversForFreeSetup.exe
2014-03-16 10:36 - 2014-03-16 10:35 - 00000000 ____D () C:\ProgramData\Guard.Mail.Ru
2014-03-16 10:34 - 2014-03-16 10:34 - 00000000 ____D () C:\Users\gokarna\AppData\Roaming\Opera Software
2014-03-16 10:34 - 2014-03-16 10:34 - 00000000 ____D () C:\Users\gokarna\AppData\Roaming\Opera
2014-03-16 10:34 - 2014-03-16 10:34 - 00000000 ____D () C:\Users\gokarna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter
2014-03-16 10:34 - 2014-03-16 10:34 - 00000000 ____D () C:\Users\gokarna\AppData\Local\Opera
2014-03-16 10:34 - 2014-03-16 10:34 - 00000000 ____D () C:\Users\gokarna\AppData\Local\Chromium
2014-03-16 10:31 - 2014-03-16 10:31 - 00000000 ____D () C:\Program Files\DIFX
2014-03-16 10:31 - 2014-03-04 12:29 - 00017638 _____ () C:\Windows\DPINST.LOG
2014-03-16 10:29 - 2014-03-16 10:27 - 06782358 _____ (Kuzyakov Artur) C:\Users\gokarna\Downloads\2694_LAN_Win7-64_Win7_7006_.exe
2014-03-16 00:36 - 2014-03-16 00:36 - 00000000 ____D () C:\Users\gokarna\AppData\Local\Macromedia
2014-03-16 00:29 - 2014-03-16 00:29 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-03-16 00:29 - 2014-03-16 00:29 - 00000000 ____D () C:\ProgramData\McAfee
2014-03-16 00:24 - 2014-03-16 00:24 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-03-16 00:24 - 2014-03-15 15:22 - 00001753 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-03-15 21:41 - 2014-03-15 20:40 - 00000000 ____D () C:\Users\gokarna\Documents\Sexy Stockings and Smoking Girls_files
2014-03-15 21:25 - 2014-03-15 21:25 - 01069920 _____ (Solid State Networks) C:\Users\gokarna\Downloads\install_reader11_en_mssa_aaa_aih(1).exe
2014-03-15 20:40 - 2014-03-15 20:40 - 00101217 _____ () C:\Users\gokarna\Documents\Sexy Stockings and Smoking Girls.htm
2014-03-15 18:38 - 2014-03-08 11:09 - 00000000 ____D () C:\Users\gokarna\AppData\Local\Microsoft Games
2014-03-15 15:38 - 2014-03-15 15:38 - 00000000 __SHD () C:\Windows\system32\%APPDATA%
2014-03-15 15:27 - 2009-07-14 05:04 - 00450709 ____R () C:\Windows\system32\Drivers\etc\hosts.20140328-215512.backup
2014-03-15 15:23 - 2014-03-15 15:23 - 00000000 ____D () C:\Users\gokarna\AppData\Local\Apple Computer
2014-03-15 15:22 - 2014-03-15 15:22 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-03-15 15:22 - 2014-03-15 15:22 - 00000000 ____D () C:\Program Files\iTunes
2014-03-15 15:22 - 2014-03-15 15:22 - 00000000 ____D () C:\Program Files\iPod
2014-03-15 15:22 - 2014-03-15 15:02 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-03-15 15:02 - 2014-03-15 15:02 - 00000000 ____D () C:\Users\gokarna\AppData\Local\Apple
2014-03-15 15:02 - 2014-03-15 15:02 - 00000000 ____D () C:\ProgramData\Apple
2014-03-15 15:02 - 2014-03-15 15:02 - 00000000 ____D () C:\Program Files\Bonjour
2014-03-15 15:02 - 2014-03-15 15:02 - 00000000 ____D () C:\Program Files\Apple Software Update
2014-03-15 14:39 - 2014-03-15 14:34 - 137699152 _____ (Apple Inc.) C:\Users\gokarna\Downloads\iTunesSetup.exe
2014-03-15 14:33 - 2014-03-15 14:33 - 00559280 _____ (Safer-Networking Ltd. ) C:\Users\gokarna\Downloads\spybot2-license(1).exe
2014-03-15 14:33 - 2014-03-15 14:06 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-03-15 14:08 - 2014-03-15 14:08 - 00002123 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-03-15 14:04 - 2014-03-15 14:04 - 00559280 _____ (Safer-Networking Ltd. ) C:\Users\gokarna\Downloads\spybot2-license.exe
2014-03-15 12:33 - 2009-07-14 05:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-03-15 10:37 - 2014-03-04 12:19 - 00109280 _____ () C:\Users\gokarna\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-15 08:33 - 2014-03-15 08:31 - 00003885 _____ () C:\Windows\IE9_main.log
2014-03-13 09:00 - 2014-03-04 12:55 - 00000000 ____D () C:\Program Files\Beetel Connection Manager
Some content of TEMP:
====================
C:\Users\gokarna\AppData\Local\Temp\ose00000.exe
C:\Users\gokarna\AppData\Local\Temp\Quarantine.exe
C:\Users\gokarna\AppData\Local\Temp\_is76F.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-04-09 08:51
==================== End Of Log ============================
Hoping this reveals my Winload Money and Yandex problems
Now moving on to safe mode JRT operation
After you run JRT, let me know by posting. I will have a fixlog for you to run after that.
wendyseana
2014-04-13, 21:12
Hello again Juliet,
I followed the instruction for bringing up 'safe mode' went into it and downloaded the JRT program again. It seems to present no difference to the first time which You thought corrupted. Although you told me to expect it to be automatically saved on the desktop and I directed it so, nevertheless it did not and I had to make my own copy which I c and p here :
================================================================
[ ]
[ Junkware Removal Tool (JRT) by Thisisu ]
[ Version 6.1.4 (04.06.2014:1) ]
[ Information about this tool can be found at ]
[ www.thisisudax.org ]
[ ]
[ ]
[ Please save any work in your browsers before proceeding. ]
[ Your desktop may temporarily disappear during this scan. ]
[ A Windows Explorer window may also open. ]
[ These actions are normal. Don't panic. ]
[ ]
[ ** DISCLAIMER ** ]
[ ]
[ This software is provided "as is" without ]
[ warranty of any kind. You may use this software ]
[ at your own risk. ]
[ ]
[ Click the [X] in the top-right corner of this window ]
[ if you wish to exit. Otherwise, ]
================================================================
Press any key to continue . . .
Creating a registry backup
Checking Startup
Checking Modules
A bad module has been detected!
A reboot is required to remove modules.
Press 'y' to reboot now
Press 'n' to reboot later
Reboot now? [y,n]
I decided to do the reboot as when I asked you did not say not to. I hope I did right, also, that the result is that I will soon be out of this technical jungle.
Yesterday I heard for the first time about the pernicious and prevalent malware 'Heartbleed' it sounds very ominous, could you advise me on how best to protect against it ?
Thanking you very much as always, Wendy
Wendy
Yesterday I heard for the first time about the pernicious and prevalent malware 'Heartbleed' it sounds very ominous, could you advise me on how best to protect against it ?
This enters through exploits and unpatched systems.
Have you had an alert this is on your machine?
http://support.emsisoft.com/topic/14146-heartbleed-threat/
Heartbleed Threat
Please delete the version of Farbar Recovery Scan Tool you have now the tool has been updated since you downloaded this one.
Save it to your desktop.
Please download Farbar Recovery Scan Tool (http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/)
(use correct version for your system.....Which system am I using? (http://support.microsoft.com/kb/827218))
Once you have the new one on desktop please download the file I will have attached to your desktop.(hope it works, if not I'll try again)
Slide the file Fixlog next to the Farbar Recovery Scan Tool Icon.
Run/Open FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
Please post the logs when done and give me an update on how the computer is at the moment.
wendyseana
2014-04-16, 12:34
Hi Juliet,
I have deleted the old version of FRST and it is next to the fixlog on the desktop BUT when I open FRST and click fix it comes back with the message that the Fixlog and FRST need to be located in the same folder/place ??? Its a Huh ? moment - not what you expected to happen. So of course no log has been generated.
So hoping you can get back to me soon although it is now the middle of the night in the USA where you are - I live in Turkey.
Best regards, Wendy
Did you delete the old version and download the updated?, plus save it to desktop?
Can you see the Farbar Recovery Scan Tool Icon.....slide the fixlog you downloaded I saved in my earlier post next to it?, then open Farbar Recovery Scan Tool and click on fix?
wendyseana
2014-04-18, 23:19
.......didn't phrase my sentence properly so you could understand that, sorry about that. Yes I did delete the old copy of FRST and download it next to the Fixlog to the desktop and then run it. and the reult was as I said above the program complained that they were not in the same place as each other .
Its getting to be quite a while (April 1st) since I first consulted this forum and have still got that high level infection Win32.Load Money although that annoying Yandex has gone. It has been that after running my Spybot purchase over my system that Win.32 would be detected and then once 'fixed' would disappear for a wee while however, this evening I ran the scan and t didn't 'fix' it until the second attempt.
Btw I followed up the Heartbleed thing and acted as suggested by the Mashable site.
Hoping you can soon get me disinfected, Wendy
Hoping you can soon get me disinfected
I've honestly been trying to :)
Next, Please visit each of the following sites and lets reset all of your browsers back to defaults to prevent unexpected issues.
If you are not using one of the browsers but it is installed then you may want to consider uninstalling it as older versions of some software can pose an increase in the potential for an infection to get in.
Internet Explorer
How to reset Internet Explorer settings
http://support.microsoft.com/kb/923737
Firefox
Click on Help / Troubleshooting Information then click on the Reset Firefox button.
Chrome
Chrome - Reset browser settings
https://support.google.com/chrome/answer/3296214?hl=en
~~~~~~~~~~~~~~~~~~~
Download OTM by OldTimer Here (http://oldtimer.geekstogo.com/OTM.exe) & save it to your desktop.
* Save it to your desktop.
* Please double-click OTM to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
* Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
:Files
C:\Users\gokarna\AppData\Roaming\sweet-page
C:\Users\gokarna\AppData\Local\Temp\ose00000.exe
C:\Users\gokarna\AppData\Local\Temp\Quarantine.exe
C:\Users\gokarna\AppData\Local\Temp\_is76F.exe
C:\Users\gokarna\AppData\Roaming\Yandex
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\hullhm7j.default\Extensions\vb@yandex.ru
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\hullhm7j.default\searchplugins\yqs-barff-yandex.xml
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\hullhm7j.default\Extensions\vb@yandex.ru
:Commands
[emptytemp]
[Reboot]
* Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
* Click the red Moveit! button.
* Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
* Close OTM and reboot your PC.
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
~~~~~~~~~~~~~~~~~~~
Please download RogueKillerX64.exe (http://www.sur-la-toile.com/RogueKiller/RogueKillerX64.exe) and save to the desktop.
Close all windows and browsers
Right-click the program and select 'Run as Administrator'
Press the scan button.
A report opens on the desktop named - RKreport.txt
Please copy and past the results at pastebin.com and post the link to the log in your next reply.
~~~~~~~~~~~~~~~~~~~~
If there are any personal files, pics, etc. on your computer you cannot live without, back them up now just as a precaution.
Emergency Backup Procedure - Tech Support Forum (http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/306529-emergency-backup-procedure.html)
Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.
How to use ComboFix (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)
Download ComboFix from here:
Link 1 (http://www.bleepingcomputer.com/download/combofix/)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
Link 3 (http://subs.geekstogo.com/ComboFix.exe)
Place ComboFix.exe on your Desktop <--Important
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
You can get help on disabling your protection programs here (http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/490111-how-disable-your-security-applications.html)
Double click on ComboFix.exe & follow the prompts.
You may be asked to install or update the Recovery Console (http://en.wikipedia.org/wiki/Recovery_Console) (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)
Your desktop may go blank. This is normal. It will return when ComboFix is done. Combofix may need to reboot your computer more than once to do its job this is normal.
When finished, it shall produce a log for you. Post that log in your next reply
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer
---------------------------------------------------------------------------------------------
Ensure your AntiVirus and AntiSpyware applications are re-enabled.
Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.
---------------------------------------------------------------------------------------------
If there are Internet issues after running ComboFix:
Internet Explorer:
Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" and check to "Automatically detect settings". Also clear any proxy address and port. ok, apply (only if applicable), ok.
Firefox:
Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection. "No Proxy" should be selected, unless you have one set up yourself.
Chrome:
Select -> Tools menu -> then "Options", then go to "Change Proxy Settings", then "LAN Settings" , then take out the check mark for "Use a proxy server for your LAN" if set, unless you set this up yourself.
Safari
Launch Safari
Go to general settings menu
Then in Preferences/ Advanced
Then on line click Proxies change settings ...
Click Internet Options, then click the Connections tab, click Network Settings.
Disable option (uncheck) for the use of proxy server ...
Please post:
OTM log
RKreport.txt
ComboFix.txt
wendyseana
2014-04-19, 16:01
Hi Juliet,
I do appreciate you are doing your best and that it is proving tricky.
I have an hit an unexpected problem following your instructions :
I reset all the browsers and then read through your instructions and then carried them out as far as downloading OTM, running it and copying and pasting into its window in the indicated places when suddenly,any warning everything except it disappeared and I couldn't go back to see what the next move was !
So I shut down and rebooted the computer and re-opened this site. I then read ahead. As you go on to point out, I need to print out or copy your instructions in a notepad doc and place them on a external memory drive so as not to lose access to them if the computer has to go offline BUT I can't, I am unable to use the save function !! I planned to copy the notepad doc to my ex drive to refer to as I haven't got a printer.
I will take a break now before I copy them out by hand and await your comments.
Kind regards, Wendy
Download Windows Repair (all in one) from http://www.bleepingcomputer.com/download/windows-repair-all-in-one-portable/
Install the program then run
Go to step 3 and allow it to run SFC
On the start repairs tab click start
Select the following items and tick restart system when finished
Reset Registry Permissions
Reset File Permissions
Register System Files
Repair WMI
Repair Windows Firewall
Repair Internet Explorer
Repair Hosts File
Remove Policies Set By Infections
Repair Missing Start menu Icons
Repair Icons
Repair Winsock & DNS Cache
Remove Temp Files
Repair Proxy Settings
Unhide Non System Files
Repair Windows Updates
Set windows Services To Default
Repair MSI (windows Installer)
Repair File Associations
Repair windows Safe mode
After that come back and tell me if that has made a difference.
wendyseana
2014-04-20, 12:43
........is unnecessary if it is meant to address the problem I reported on saving stuff to notepad. I think it is my own fault as I have subsequently tried again but this time removed the asterix * from its place before the stop . whereas before I had allowed it to stay there. So now without it I have saved your directions to notepad and can proceed to carry them out. If you agree that is ?
Btw was that sudden shutdown without any warning after inserting that text into OTM to be expected or not ?
Best regards, Wendy
There was a reboot command script in the OTM log, can you please post
C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
Can you proceed with the other directions?
Are you still with me?
wendyseana
2014-04-26, 12:32
Hi Juliet, Its been several days since I could check in and am still with you and will proceed with that last suggested direction.
Cheers, Wendy
wendyseana
2014-04-26, 13:20
Dear Juliet,
In the period since I last contacted you ie., a several days ago, I have run Spybot every day and the Win32.LoadMoney threat SEEMS to have disappeared - although some registry changes are still taking place- and I wonder whether this is real or not :confused:?
Will still go ahead with the OTM scan and paste the log.
All the best Wendy
Dear Juliet,
In the period since I last contacted you ie., a several days ago, I have run Spybot every day and the Win32.LoadMoney threat SEEMS to have disappeared - although some registry changes are still taking place- and I wonder whether this is real or not :confused:?
Will still go ahead with the OTM scan and paste the log.
All the best Wendy
Without being able to see any logs, or scan results, I have no idea what registry changes are there.
wendyseana
2014-04-26, 13:57
Hi Juliet, Here be that OTM log.
All processes killed
========== FILES ==========
File/Folder C:\Users\gokarna\AppData\Roaming\sweet-page not found.
File/Folder C:\Users\gokarna\AppData\Local\Temp\ose00000.exe not found.
File/Folder C:\Users\gokarna\AppData\Local\Temp\Quarantine.exe not found.
File/Folder C:\Users\gokarna\AppData\Local\Temp\_is76F.exe not found.
File/Folder C:\Users\gokarna\AppData\Roaming\Yandex not found.
File/Folder C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\hullhm7j.default\Extensions\vb@yandex.ru not found.
File/Folder C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\hullhm7j.default\searchplugins\yqs-barff-yandex.xml not found.
File/Folder C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\hullhm7j.default\Extensions\vb@yandex.ru not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: gokarna
->Temp folder emptied: 1372 bytes
->Temporary Internet Files folder emptied: 171 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 295453038 bytes
->Google Chrome cache emptied: 16697053 bytes
->Flash cache emptied: 2251 bytes
User: Public
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33298 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 18549435 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 38352540 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 352.00 mb
OTM by OldTimer - Version 3.1.21.0 log created on 04262014_144732
Files moved on Reboot...
File C:\Users\gokarna\AppData\Local\Temp\etilqs_Yd4NrjxtxC1QCww not found!
File C:\Users\gokarna\AppData\Local\Temp\etilqs_zBg5wxOLa7Pc0NL not found!
File move failed. C:\Windows\temp\Low\SkypeClickToCall\Logs\AutoUpdateSvc.log scheduled to be moved on reboot.
File move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.
Registry entries deleted on Reboot...
Good deal
Can you give me an update?
wendyseana
2014-04-27, 07:41
H Juliet,
Yesterday I saw that contrary to what seemed to be that that awful browser Yandex is still with me and was managing the download of a program. Now this morning I botted up and discover that Yandex has completely hijacked Mozilla :fear:. I am scanning with SB as I write and will post result of that re Win32.LoadMoney when I its completed two scans as soon as done.
Is there anything else should I be doing and updating you on because you know I never went through with all your directions after the OTM thing ??
Best regards, Wendy
wendyseana
2014-04-27, 07:59
.......as I just discovered trying to circumvent the Mozilla take-over :fear::fear: !! For a long while ie., 2 months multiple Chromes have opened at a double click each with an error type message saying it saying :
" Your profile could not be opened correctly. Some features may be unavailable. Please check that the profile exists and that you you have permission to read and write its contents "
I didn't like the sound of that and had no idea what it meant but as I only use Chrome sometimes and have a busy life I didn't get round to following it up and forgot altogether to mention it to you. But I now see that it probably has a lot to do with this TOTAL Yandex invasion ?
I am very apprehensive about what Yandex is capable of doing
wendyseana
2014-04-27, 08:33
.....but then I haven't a clue about waht might actually be going on as I can't understand the unauthorised changes it does report. I saved the scan logs just in case you were interested
Talk again soon Juliet, Wendy
Is there anything else should I be doing and updating you on because you know I never went through with all your directions after the OTM thing ??
Yandex is an extension in your browser. I've been trying to locate it and delete it.
You really need to continue with the steps I outlined in a previous post.
Please download RogueKillerX64.exe (http://www.sur-la-toile.com/RogueKiller/RogueKillerX64.exe) and save to the desktop.
Close all windows and browsers
Right-click the program and select 'Run as Administrator'
Press the scan button.
A report opens on the desktop named - RKreport.txt
Please copy and past the results at pastebin.com and post the link to the log in your next reply.
~~~~~~~~~~~~~~~~~~~~
If there are any personal files, pics, etc. on your computer you cannot live without, back them up now just as a precaution.
Emergency Backup Procedure - Tech Support Forum (http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/306529-emergency-backup-procedure.html)
Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.
How to use ComboFix (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)
Download ComboFix from here:
Link 1 (http://www.bleepingcomputer.com/download/combofix/)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
Link 3 (http://subs.geekstogo.com/ComboFix.exe)
Place ComboFix.exe on your Desktop <--Important
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
You can get help on disabling your protection programs here (http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/490111-how-disable-your-security-applications.html)
Double click on ComboFix.exe & follow the prompts.
You may be asked to install or update the Recovery Console (http://en.wikipedia.org/wiki/Recovery_Console) (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)
Your desktop may go blank. This is normal. It will return when ComboFix is done. Combofix may need to reboot your computer more than once to do its job this is normal.
When finished, it shall produce a log for you. Post that log in your next reply
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer
---------------------------------------------------------------------------------------------
Ensure your AntiVirus and AntiSpyware applications are re-enabled.
Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.
---------------------------------------------------------------------------------------------
If there are Internet issues after running ComboFix:
Internet Explorer:
Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" and check to "Automatically detect settings". Also clear any proxy address and port. ok, apply (only if applicable), ok.
Firefox:
Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection. "No Proxy" should be selected, unless you have one set up yourself.
Chrome:
Select -> Tools menu -> then "Options", then go to "Change Proxy Settings", then "LAN Settings" , then take out the check mark for "Use a proxy server for your LAN" if set, unless you set this up yourself.
Safari
Launch Safari
Go to general settings menu
Then in Preferences/ Advanced
Then on line click Proxies change settings ...
Click Internet Options, then click the Connections tab, click Network Settings.
Disable option (uncheck) for the use of proxy server ...
Please post:
RKreport.txt
ComboFix.txt
wendyseana
2014-04-29, 12:19
Dear Juliet, HELP !!
I had to spend a bit of time discovering how exactly to disable SP (I also btw took out the Fırewall), meanwhile I had already downloaded Combo fix which seemed to involve a reboot - which I did. but Combofix had gone and I went back to Bleeping computers to get it again, I then downloaded it again now the antivirus was fully disabled and I now it seems I am completely shut out of my computer Firefox says " The proxy serer is refusing connections. firefox is configured to use a proxy server that is refusing connections." chrome says something similıar.
What is happening ? Luckily I have access to a friend`s computer and can still communicate with you.
Thanks, Wendy
wendyseana
2014-04-29, 12:20
Btw typo above SP was meant to be SB ie.,Spybot
Usually a reboot does the trick.
If there are Internet issues after running ComboFix:
Internet Explorer:
Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" and check to "Automatically detect settings". Also clear any proxy address and port. ok, apply (only if applicable), ok.
Firefox:
Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection. "No Proxy" should be selected, unless you have one set up yourself.
Chrome:
Select -> Tools menu -> then "Options", then go to "Change Proxy Settings", then "LAN Settings" , then take out the check mark for "Use a proxy server for your LAN" if set, unless you set this up yourself.
Safari
Launch Safari
Go to general settings menu
Then in Preferences/ Advanced
Then on line click Proxies change settings ...
Click Internet Options, then click the Connections tab, click Network Settings.
Disable option (uncheck) for the use of proxy server ...
wendyseana
2014-04-30, 21:41
Dear Juliet, Sorry about the glitch on the reboot front, I just didn't connect with what your directions implied and what happened. I have done as you suggested with Mozilla and that worked fine - though still manipulated by Yandex - but Chrome does not seem to have an options etc in its Tools menu and looking around in Settings I did not find it there ??
Having completed Roguekiller and Combofix I will now re-enable the antivirus
Here are the two reports from Rogue Killer and Combofix :
1. Roguekiller :
RogueKiller V8.8.15 [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : gokarna [Admin rights]
Mode : Scan -- Date : 04/29/2014 10:44:40
| ARK || FAK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 4 ¤¤¤
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Scheduled tasks : 0 ¤¤¤
¤¤¤ Startup Entries : 0 ¤¤¤
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ Browser Addons : 1 ¤¤¤
[FF][PUP] kp5xybf2.default-1397910583341 : Yahoo Toolbar
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [LOADED] ¤¤¤
[Address] EAT @explorer.exe (BeginBufferedAnimation) : HID.DLL -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x746E09AE)
[Address] EAT @explorer.exe (BeginBufferedPaint) : HID.DLL -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x746D49A1)
[Address] EAT @explorer.exe (BeginPanningFeedback) : HID.DLL -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74700731)
[Address] EAT @explorer.exe (BufferedPaintClear) : HID.DLL -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x746D6395)
[Address] EAT @explorer.exe (BufferedPaintInit) : HID.DLL -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x746D940E)
[Address] EAT @explorer.exe (BufferedPaintRenderAnimation) : HID.DLL -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x746E08ED)
[Address] EAT @explorer.exe (BufferedPaintSetAlpha) : HID.DLL -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x746EE6B3)
[Address] EAT @explorer.exe (BufferedPaintStopAllAnimations) : HID.DLL -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x746ED395)
[Address] EAT @explorer.exe (BufferedPaintUnInit) : HID.DLL -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x746D94AB)
[Address] EAT @explorer.exe (CloseThemeData) : HID.DLL -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x746D6A18)
[Address] EAT @explorer.exe (DrawThemeBackground) : HID.DLL -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x746D3982)
[Address] EAT @explorer.exe (DrawThemeBackgroundEx) : HID.DLL -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x746ED9DA)
[Address] EAT @explorer.exe (DrawThemeEdge) : HID.DLL -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x746F3B52)
[Address] EAT @explorer.exe (DrawThemeIcon) : HID.DLL -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x747035E7)
[Address] EAT @explorer.exe (DrawThemeParentBackground) : HID.DLL -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x746D53E5)
[Address] EAT @explorer.exe (DrawThemeParentBackgroundEx) : HID.DLL -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x746D51BF)
[Address] EAT @explorer.exe (DrawThemeText) : HID.DLL -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x746D4EA1)
[Address] EAT @explorer.exe (DrawThemeTextEx) : HID.DLL -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x746D63E6)
[Address] EAT @explorer.exe (EnableThemeDialogTexture) : HID.DLL -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x746DFCAF)
[Address] EAT @explorer.exe (EnableTheming) : HID.DLL -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74702FEB)
[Address] EAT @explorer.exe (EndBufferedAnimation) : HID.DLL -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x746D3F9A)
[Address] EAT @explorer.exe (EndBufferedPaint) : HID.DLL -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x746D3F9A)
[Address] EAT @explorer.exe (EndPanningFeedback) : HID.DLL -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x747006CC)
[Address] EAT @explorer.exe (GetBufferedPaintBits) : HID.DLL -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x746D4BAF)
[Address] EAT @explorer.exe (GetBufferedPaintDC) : HID.DLL -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x746E04BC)
[Address] EAT @explorer.exe (GetBufferedPaintTargetDC) : HID.DLL -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x746E0473)
[Address] EAT @explorer.exe (GetBufferedPaintTargetRect) : HID.DLL -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74702E7F)
[Address] EAT @explorer.exe (GetCurrentThemeName) : HID.DLL -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x746E05DD)
[Address] EAT @explorer.exe (GetThemeAppProperties) : HID.DLL -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x746E0FB1)
[Address] EAT @explorer.exe (GetThemeBackgroundContentRect) : HID.DLL -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x746DCD2E)
[Address] EAT @explorer.exe (GetThemeBackgroundExtent) : HID.DLL -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x746DF8BF)
[Address] EAT @explorer.exe (GetThemeBackgroundRegion) : HID.DLL -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x746E165D)
[Address] EAT @explorer.exe (GetThemeBitmap) : HID.DLL -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x746DBF93)
[Address] EAT @explorer.exe (GetThemeBool) : HID.DLL -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x746D7C1F)
[Address] EAT @explorer.exe (GetThemeColor) : HID.DLL -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x746D616C)
[Address] EAT @explorer.exe (GetThemeDocumentationProperty) : HID.DLL -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74702932)
[Address] EAT @explorer.exe (GetThemeEnumValue) : HID.DLL -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x746D616C)
[Address] EAT @explorer.exe (GetThemeFilename) : HID.DLL -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74702412)
[Address] EAT @explorer.exe (GetThemeFont) : HID.DLL -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x746DFF21)
[Address] EAT @explorer.exe (GetThemeInt) : HID.DLL -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x746D616C)
[Address] EAT @explorer.exe (GetThemeIntList) : HID.DLL -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x747023B1)
[Address] EAT @explorer.exe (GetThemeMargins) : HID.DLL -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x746D86E9)
[Address] EAT @explorer.exe (GetThemeMetric) : HID.DLL -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x746E06E2)
[Address] EAT @explorer.exe (GetThemePartSize) : HID.DLL -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x746DCDB1)
[Address] EAT @explorer.exe (GetThemePosition) : HID.DLL -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74702350)
[Address] EAT @explorer.exe (GetThemePropertyOrigin) : HID.DLL -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x746F3FBB)
[Address] EAT @explorer.exe (GetThemeRect) : HID.DLL -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x746E3611)
[Address] EAT @explorer.exe (GetThemeStream) : HID.DLL -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x746E39D9)
[Address] EAT @explorer.exe (GetThemeString) : HID.DLL -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x747022E4)
[Address] EAT @explorer.exe (GetThemeSysBool) : HID.DLL -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74703172)
[Address] EAT @explorer.exe (GetThemeSysColor) : HID.DLL -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x746F3274)
[Address] EAT @explorer.exe (GetThemeSysColorBrush) : HID.DLL -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7470301E)
[Address] EAT @explorer.exe (GetThemeSysFont) : HID.DLL -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x747029C4)
[Address] EAT @explorer.exe (GetThemeSysInt) : HID.DLL -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74702BD3)
[Address] EAT @explorer.exe (GetThemeSysSize) : HID.DLL -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7470320B)
[Address] EAT @explorer.exe (GetThemeSysString) : HID.DLL -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74702B3F)
[Address] EAT @explorer.exe (GetThemeTextExtent) : HID.DLL -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x746D2D57)
[Address] EAT @explorer.exe (GetThemeTextMetrics) : HID.DLL -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x746DF992)
[Address] EAT @explorer.exe (GetThemeTransitionDuration) : HID.DLL -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x746E1081)
[Address] EAT @explorer.exe (GetWindowTheme) : HID.DLL -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x746DDF46)
[Address] EAT @explorer.exe (HitTestThemeBackground) : HID.DLL -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x746E3CE3)
[Address] EAT @explorer.exe (IsAppThemed) : HID.DLL -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x746DF869)
[Address] EAT @explorer.exe (IsCompositionActive) : HID.DLL -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x746D2E9A)
[Address] EAT @explorer.exe (IsThemeActive) : HID.DLL -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x746DF785)
[Address] EAT @explorer.exe (IsThemeBackgroundPartiallyTransparent) : HID.DLL -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x746D60AB)
[Address] EAT @explorer.exe (IsThemeDialogTextureEnabled) : HID.DLL -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7470312B)
[Address] EAT @explorer.exe (IsThemePartDefined) : HID.DLL -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x746D85B4)
[Address] EAT @explorer.exe (OpenThemeData) : HID.DLL -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x746D73D2)
[Address] EAT @explorer.exe (OpenThemeDataEx) : HID.DLL -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x746F3D43)
[Address] EAT @explorer.exe (SetThemeAppProperties) : HID.DLL -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74703296)
[Address] EAT @explorer.exe (SetWindowTheme) : HID.DLL -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x746E0134)
[Address] EAT @explorer.exe (SetWindowThemeAttribute) : HID.DLL -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x746ECFE6)
[Address] EAT @explorer.exe (ThemeInitApiHook) : HID.DLL -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x746DB176)
[Address] EAT @explorer.exe (UpdatePanningFeedback) : HID.DLL -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7470068D)
[Address] EAT @explorer.exe (DllCanUnloadNow) : Wlanapi.dll -> HOOKED (C:\Windows\system32\Syncreg.dll @ 0x73863418)
[Address] EAT @explorer.exe (DllGetClassObject) : Wlanapi.dll -> HOOKED (C:\Windows\system32\Syncreg.dll @ 0x738634C5)
[Address] EAT @explorer.exe (DllRegisterServer) : Wlanapi.dll -> HOOKED (C:\Windows\system32\Syncreg.dll @ 0x738633A5)
[Address] EAT @explorer.exe (DllUnregisterServer) : Wlanapi.dll -> HOOKED (C:\Windows\system32\Syncreg.dll @ 0x73863408)
¤¤¤ External Hives: ¤¤¤
¤¤¤ Infection : PUP ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
[...]
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ATA ST9500325AS SCSI Disk Device +++++
--- User ---
[MBR] 731db79b3f40f638db6910776cba10f9
[BSP] 97970a6b0bbb08775dfcbf0a5cb6dd19 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 279896 MB
2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 573435904 | Size: 196941 MB
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[0]_S_04292014_104440.txt >>
2. Combofix:
ComboFix 14-04-30.01 - gokarna 04/30/2014 21:21:23.2.4 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3062.1994 [GMT 3:00]
Running from: c:\users\gokarna\Downloads\ComboFix.exe
AV: Spybot - Search and Destroy *Disabled/Updated* {20A26C15-1AF0-7CA3-9380-FAB824A7EE0D}
SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Files Created from 2014-03-28 to 2014-04-30 )))))))))))))))))))))))))))))))
.
.
2014-04-30 18:25 . 2014-04-30 18:25 -------- d-----w- c:\users\gokarna\AppData\Local\temp
2014-04-30 18:25 . 2014-04-30 18:25 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2014-04-30 18:25 . 2014-04-30 18:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-04-29 07:39 . 2014-04-29 07:39 26624 ----a-w- c:\windows\system32\TrueSight.sys
2014-04-29 06:48 . 2014-04-17 02:32 8050496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{037E7DDA-919D-4EAE-A2D4-3C7ACB2E29E0}\mpengine.dll
2014-04-26 14:28 . 2014-04-26 14:28 -------- d-----w- c:\programdata\Yandex
2014-04-26 14:28 . 2014-04-26 14:28 -------- d-----w- c:\users\gokarna\AppData\Local\Yandex
2014-04-26 14:28 . 2014-04-26 14:28 -------- d-----w- c:\program files\Yandex
2014-04-26 14:28 . 2014-04-27 01:18 -------- d-----w- c:\users\gokarna\AppData\Roaming\Yandex
2014-04-26 11:47 . 2014-04-26 11:47 -------- d-----w- C:\_OTM
2014-04-18 17:35 . 2014-04-18 17:35 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2014-04-18 17:22 . 2014-02-04 02:07 149440 ----a-w- c:\windows\system32\drivers\storport.sys
2014-04-18 17:22 . 2014-02-04 02:07 234432 ----a-w- c:\windows\system32\drivers\msiscsi.sys
2014-04-18 17:22 . 2014-02-04 02:07 27072 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2014-04-18 17:22 . 2014-02-04 02:00 2048 ----a-w- c:\windows\system32\iologmsg.dll
2014-04-18 17:11 . 2014-04-18 17:11 -------- d-----w- c:\users\gokarna\AppData\Local\WindowsUpdate
2014-04-18 17:06 . 2014-04-14 17:13 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-04-18 17:03 . 2014-04-18 17:03 921512 ----a-w- c:\program files\jxpiinstall.exe
2014-04-15 07:55 . 2014-04-15 07:56 -------- d-----w- c:\users\gokarna\Photos
2014-04-14 08:04 . 2014-04-14 08:04 -------- d-sh--w- c:\users\gokarna\AppData\Local\EmieUserList
2014-04-14 08:04 . 2014-04-14 08:04 -------- d-sh--w- c:\users\gokarna\AppData\Local\EmieSiteList
2014-04-13 13:38 . 2014-04-13 13:38 -------- d-----w- c:\windows\tr-TR
2014-04-13 13:38 . 2014-04-13 13:38 -------- d-----w- c:\windows\system32\XPSViewer
2014-04-13 13:38 . 2014-04-18 17:42 -------- d-----w- c:\windows\system32\drivers\tr-TR
2014-04-13 13:38 . 2014-04-13 13:38 -------- d-----w- c:\windows\system32\tr
2014-04-13 13:38 . 2014-04-13 13:38 -------- d-----w- c:\windows\system32\drivers\UMDF\tr-TR
2014-04-13 13:38 . 2014-04-13 13:38 -------- d-----w- c:\windows\system32\wbem\tr-TR
2014-04-13 13:14 . 2009-07-13 15:47 3584 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\tr-TR\LXKPTPRC.DLL.mui
2014-04-13 13:08 . 2014-01-24 02:18 1212352 ----a-w- c:\windows\system32\drivers\ntfs.sys
2014-04-13 13:08 . 2012-05-04 09:59 514560 ----a-w- c:\windows\system32\qdvd.dll
2014-04-05 19:16 . 2014-04-05 19:16 -------- d-----w- c:\windows\ERUNT
2014-04-05 18:21 . 2014-04-09 08:34 -------- d-----w- C:\AdwCleaner
2014-04-03 09:10 . 2014-04-03 09:10 -------- d-----w- c:\users\gokarna\AppData\Local\Spotify
2014-04-03 09:09 . 2014-04-08 05:54 -------- d-----w- c:\users\gokarna\AppData\Roaming\Spotify
2014-04-02 19:09 . 2014-04-02 19:09 -------- d-----w- c:\users\gokarna\AppData\Local\Skype
2014-04-02 19:09 . 2014-04-25 07:42 -------- d-----r- c:\program files\Skype
2014-04-02 19:09 . 2014-04-02 19:09 -------- d-----w- c:\program files\Common Files\Skype
2014-04-02 18:37 . 2014-04-18 17:08 -------- d-----w- c:\programdata\Oracle
2014-04-02 18:37 . 2014-04-02 18:39 -------- d-----w- c:\program files\Google
2014-04-02 18:04 . 2014-04-02 18:05 -------- d-----w- c:\program files\MPC-HC
2014-04-02 18:00 . 2014-04-02 18:00 -------- d-----w- c:\users\gokarna\AppData\Local\Secunia PSI
2014-04-02 17:58 . 2014-04-02 17:58 -------- d-----w- c:\program files\Secunia
2014-04-02 16:06 . 2014-04-26 10:27 107736 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-04-02 16:05 . 2014-04-05 12:13 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-04-02 16:05 . 2014-04-03 06:51 51416 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-04-02 16:05 . 2014-04-03 06:51 73432 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-04-02 16:05 . 2014-04-03 06:50 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-04-02 16:05 . 2014-04-02 16:05 -------- d-----w- c:\programdata\Malwarebytes
2014-04-01 09:19 . 2014-04-09 10:02 -------- d-----w- C:\FRST
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-04-29 09:09 . 2014-03-15 21:28 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-04-29 09:09 . 2014-03-15 21:28 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-03-31 06:35 . 2014-03-07 18:50 231584 ------w- c:\windows\system32\MpSigStub.exe
2014-03-21 12:02 . 2014-03-21 12:02 86016 ----a-w- c:\windows\system32\iesysprep.dll
2014-03-21 12:02 . 2014-03-21 12:02 74240 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2014-03-21 12:02 . 2014-03-21 12:02 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2014-03-21 12:02 . 2014-03-21 12:02 645120 ----a-w- c:\windows\system32\jsIntl.dll
2014-03-21 12:02 . 2014-03-21 12:02 62464 ----a-w- c:\windows\system32\tdc.ocx
2014-03-21 12:02 . 2014-03-21 12:02 61952 ----a-w- c:\windows\system32\MshtmlDac.dll
2014-03-21 12:02 . 2014-03-21 12:02 48640 ----a-w- c:\windows\system32\mshtmler.dll
2014-03-21 12:02 . 2014-03-21 12:02 36352 ----a-w- c:\windows\system32\imgutil.dll
2014-03-21 12:02 . 2014-03-21 12:02 337408 ----a-w- c:\windows\system32\html.iec
2014-03-21 12:02 . 2014-03-21 12:02 24576 ----a-w- c:\windows\system32\licmgr10.dll
2014-03-21 12:02 . 2014-03-21 12:02 194048 ----a-w- c:\windows\system32\elshyph.dll
2014-03-21 12:02 . 2014-03-21 12:02 182272 ----a-w- c:\windows\system32\msls31.dll
2014-03-21 12:02 . 2014-03-21 12:02 151552 ----a-w- c:\windows\system32\iexpress.exe
2014-03-21 12:02 . 2014-03-21 12:02 139264 ----a-w- c:\windows\system32\wextract.exe
2014-03-21 12:02 . 2014-03-21 12:02 13312 ----a-w- c:\windows\system32\mshta.exe
2014-03-21 12:02 . 2014-03-21 12:02 111616 ----a-w- c:\windows\system32\IEAdvpack.dll
2014-03-21 12:02 . 2014-03-21 12:02 1051136 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-03-21 01:03 . 2014-03-21 01:03 49152 ----a-w- c:\windows\system32\taskhost.exe
2014-03-21 01:03 . 2014-03-21 01:03 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-03-21 01:03 . 2014-03-21 01:03 906240 ----a-w- c:\windows\system32\FntCache.dll
2014-03-21 01:03 . 2014-03-21 01:03 604160 ----a-w- c:\windows\system32\d3d10level9.dll
2014-03-21 01:03 . 2014-03-21 01:03 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-03-21 01:03 . 2014-03-21 01:03 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-03-21 01:03 . 2014-03-21 01:03 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2014-03-21 01:03 . 2014-03-21 01:03 364544 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2014-03-21 01:03 . 2014-03-21 01:03 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-03-21 01:03 . 2014-03-21 01:03 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2014-03-21 01:03 . 2014-03-21 01:03 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-03-21 01:03 . 2014-03-21 01:03 293376 ----a-w- c:\windows\system32\dxgi.dll
2014-03-21 01:03 . 2014-03-21 01:03 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-03-21 01:03 . 2014-03-21 01:03 249856 ----a-w- c:\windows\system32\d3d10_1core.dll
2014-03-21 01:03 . 2014-03-21 01:03 2284544 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2014-03-21 01:03 . 2014-03-21 01:03 220160 ----a-w- c:\windows\system32\d3d10core.dll
2014-03-21 01:03 . 2014-03-21 01:03 207872 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2014-03-21 01:03 . 2014-03-21 01:03 187392 ----a-w- c:\windows\system32\UIAnimation.dll
2014-03-21 01:03 . 2014-03-21 01:03 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2014-03-21 01:03 . 2014-03-21 01:03 1247744 ----a-w- c:\windows\system32\DWrite.dll
2014-03-21 01:03 . 2014-03-21 01:03 1158144 ----a-w- c:\windows\system32\XpsPrint.dll
2014-03-21 01:03 . 2014-03-21 01:03 1080832 ----a-w- c:\windows\system32\d3d10.dll
2014-03-21 01:03 . 2014-03-21 01:03 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2014-03-21 01:02 . 2014-03-21 01:02 1505280 ----a-w- c:\windows\system32\d3d11.dll
2014-03-20 01:07 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2014-03-04 11:25 . 2012-05-30 09:14 246804 ----a-w- c:\windows\system32\drivers\AtherosBt.bin
2014-02-07 01:07 . 2014-03-20 08:31 2349056 ----a-w- c:\windows\system32\win32k.sys
2014-02-04 02:04 . 2014-03-21 07:48 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-02-04 02:04 . 2014-03-20 08:32 509440 ----a-w- c:\windows\system32\qedit.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{91397D20-1446-11D4-8AF4-0040CA1127B6}"= "c:\program files\Yandex\Elements\bartab.dll" [2013-12-18 3094368]
.
[HKEY_CLASSES_ROOT\clsid\{91397d20-1446-11d4-8af4-0040ca1127b6}]
[HKEY_CLASSES_ROOT\Yandex.Toolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[HKEY_CLASSES_ROOT\Yandex.Toolbar]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{91397D20-1446-11D4-8AF4-0040CA1127B6}"= "c:\program files\Yandex\Elements\bartab.dll" [2013-12-18 3094368]
.
[HKEY_CLASSES_ROOT\clsid\{91397d20-1446-11d4-8af4-0040ca1127b6}]
[HKEY_CLASSES_ROOT\Yandex.Toolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[HKEY_CLASSES_ROOT\Yandex.Toolbar]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spybot-S&D Cleaning"="c:\program files\Spybot - Search & Destroy 2\SDCleaner.exe" [2013-09-20 3666224]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2014-02-10 20924576]
"Spotify Web Helper"="c:\users\gokarna\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-04-03 1171968]
"uTorrent"="c:\users\gokarna\AppData\Roaming\uTorrent\uTorrent.exe" [2014-04-26 1270352]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2011-07-11 74752]
"LGODDFU"="c:\program files\lg_fwupdate\fwupdate.exe" [2008-10-01 548864]
"PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-29 200704]
"AtherosBtStack"="c:\program files\Bluetooth Suite\btvstack.exe" [2012-05-30 878208]
"AthBtTray"="c:\program files\Bluetooth Suite\athbttray.exe" [2012-05-30 696448]
"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2013-07-25 5624784]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2014-02-21 152392]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2014-01-17 421888]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-12-21 959904]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2014-03-20 280576]
.
c:\users\gokarna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE %SystemRoot%\ERDNT\AutoBackup\#Date# /noconfirmdelete /noprogresswindow [2005-10-20 38912]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2014-3-4 113664]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.141\SSScheduler.exe [2014-1-16 277920]
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2013-12-6 565464]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-10-23 172192]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 40320]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-03-06 108032]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-04-26 107736]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.141\McCHSvc.exe [2014-01-16 235696]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-10-15 3921880]
R3 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-09-20 1042272]
R3 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-09-13 171416]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2014-03-15 1343400]
R3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\DRIVERS\ZTEusbvoice.sys [2011-03-26 107776]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys [2013-03-18 541680]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys [2013-03-18 26608]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys [2013-02-22 16880]
S2 AtherosSvc;AtherosSvc;c:\program files\Bluetooth Suite\adminservice.exe [2012-05-30 97920]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-04-11 1390720]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-04-11 1764992]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [2013-12-06 1229528]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [2013-12-06 662232]
S2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;c:\program files\Bluetooth Suite\Ath_CoexAgent.exe [2012-05-30 327296]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2012-05-30 35968]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2013-03-27 302920]
S3 btath_avdt;Qualcomm Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys [2013-03-27 101192]
S3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2013-03-27 27976]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2013-03-27 158688]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2013-03-27 66448]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2013-03-27 119624]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2013-03-27 496456]
S3 MEI;Intel(R) Management Engine Interface ;c:\windows\system32\DRIVERS\TeeDriver.sys [2013-03-20 85976]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf_x86.sys [2013-12-06 16024]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2012-10-18 258704]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2013-03-04 643656]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2007-08-03 9344]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-04-25 21:43 1078088 ----a-w- c:\program files\Google\Chrome\Application\34.0.1847.131\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-04-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-15 09:09]
.
2014-04-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-04-02 18:37]
.
2014-04-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-04-02 18:37]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yandex.ru/?win=121&clid=1991182
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = localhost:21320
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\
FF - prefs.js: browser.search.selectedEngine - Yandex
FF - prefs.js: browser.startup.homepage - hxxp://www.yandex.ru/?win=121&clid=1991182
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Notify-SDWinLogon - SDWinLogon.dll
AddRemove-Speed Test 127 - c:\program files\Speed Test 127\uninst.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_13_0_0_206_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_13_0_0_206_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-04-30 21:27:50
ComboFix-quarantined-files.txt 2014-04-30 18:27
.
Pre-Run: 156,012,404,736 bytes free
Post-Run: 155,890,843,648 bytes free
.
- - End Of File - - 54DE6406A8B436D54D018FF1D720AE75
A36C5E4F47E84449FF07ED3517B43A31
Btw, when you said "Yandex is an extension of your browser and you are trying to delete it, how will this happen - remotely ?
Best of the best with all this, Wendy
We need to disable Spybot S&D's "TeaTimer" only if you use this service.
TeaTimer works by preventing ANY changes to the system. It will attempt to undo any fixes we run, because it blocks these fixes from running.
We can reenable it when we're done.
Open SpyBot Search and Destroy by going to Start -> All Programs -> Spybot Search and Destroy -> Spybot Search and Destroy.
If prompted with a legal dialog, accept the warning.
Click http://billy-oneal.com/Canned%20Speeches/speechimages/teatimer/mode.png and then on "Advanced Mode"
http://billy-oneal.com/Canned%20Speeches/speechimages/teatimer/advanced%20mode.png
You may be presented with a warning dialog. If so, press http://billy-oneal.com/Canned%20Speeches/speechimages/teatimer/btnYes.png
Click on http://billy-oneal.com/Canned%20Speeches/speechimages/teatimer/tools.png
Click on http://billy-oneal.com/Canned%20Speeches/speechimages/teatimer/resident.png
Uncheck this checkbox:
http://billy-oneal.com/Canned%20Speeches/speechimages/teatimer/teatimercheck.png
Close/Exit Spybot Search and Destroy
Next: Disconnect from the internet. If you are on Cable or DSL unplug your computer from the modem.
Next: Please disable all onboard security programs (all running with back ground protection) as it may hinder the scanner from working.
This includes Antivirus, Firewall, and any Spyware scanners that run in the background.
Click on this link Here (http://www.bleepingcomputer.com/forums/topic114351.html) to see a list of programs that should be disabled.
The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
Save this as "CFScript.txt" including quotes and change the "Save as type" to "All Files" and place it on your desktop.
File::
c:\program files\Yandex\Elements\bartab.dll
c:\programdata\Yandex
c:\users\gokarna\AppData\Local\Yandex
c:\program files\Yandex
c:\users\gokarna\AppData\Roaming\Yandex
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{91397D20-1446-11D4-8AF4-0040CA1127B6}"=-
[-HKEY_CLASSES_ROOT\Yandex.Toolbar.1]
[-HKEY_CLASSES_ROOT\TypeLib\{91397D13-1446-11D4-8AF4-0040CA1127B6}]
Firefox::
FF - prefs.js: browser.search.selectedEngine - Yandex
FF - prefs.js: browser.startup.homepage - hxxp://www.yandex.ru/?win=121&clid=1991182
ClearJavaCache::
Save this as "CFScript.txt" including quotes and change the "Save as type" to "All Files" and place it on your desktop.
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe. ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.
CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
If there are internet issues afterward:
*In IE: Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.
In Firefox in Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection and uncheck the proxyserver, set it to No Proxy.
Chrome:
Select -> Tools menu -> then "Options", then go to "Change Proxy Settings", then "LAN Settings" , then take out the check mark for "Use a proxy server for your LAN" if set, unless you set this up yourself.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~``
Please post this log when done.
wendyseana
2014-05-01, 09:39
......because in my Spybot Sand D I do not seem to have these functions offered to me ???? No legal dialog, no mode selection, no 'Tools' section or, therefore a 'resident option'. I feel we must be looking at two different Spybot S and D universes. Nor btw have I seen anything in its contents called Tea timer.
Sorry its probably just me but I need more help to carry out this next operation. Wendy
We need to disable Spybot S&D's "TeaTimer" only if you use this service.
That was no big deal, you should continue with the instructions I gave to clean your computer.
wendyseana
2014-05-03, 14:32
Hi Juliet, Sorry about the tea timer misunderstanding I just didn't know if my Spybot S and D ran this service or not and now I understand that it doesn't.
Pasted below is resultant log for CFscript united to ComboFix
ComboFix 14-04-30.01 - gokarna 05/03/2014 15:19:07.3.4 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3062.1926 [GMT 3:00]
Running from: c:\users\gokarna\Downloads\ComboFix.exe
Command switches used :: c:\users\gokarna\Desktop\CFScript.txt
AV: Spybot - Search and Destroy *Disabled/Updated* {20A26C15-1AF0-7CA3-9380-FAB824A7EE0D}
SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\program files\Yandex"
"c:\program files\Yandex\Elements\bartab.dll"
"c:\programdata\Yandex"
"c:\users\gokarna\AppData\Local\Yandex"
"c:\users\gokarna\AppData\Roaming\Yandex"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Yandex\Elements\bartab.dll
.
.
((((((((((((((((((((((((( Files Created from 2014-04-03 to 2014-05-03 )))))))))))))))))))))))))))))))
.
.
2014-05-03 12:23 . 2014-05-03 12:23 -------- d-----w- c:\users\gokarna\AppData\Local\temp
2014-05-03 12:23 . 2014-05-03 12:23 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2014-05-03 12:23 . 2014-05-03 12:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-05-03 00:00 . 2014-04-29 12:34 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-05-02 22:18 . 2014-04-17 02:32 8050496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6C9B3D11-6407-4AF9-90B2-9FF7A64F02E4}\mpengine.dll
2014-04-29 07:39 . 2014-04-29 07:39 26624 ----a-w- c:\windows\system32\TrueSight.sys
2014-04-26 14:28 . 2014-04-26 14:28 -------- d-----w- c:\programdata\Yandex
2014-04-26 14:28 . 2014-04-26 14:28 -------- d-----w- c:\users\gokarna\AppData\Local\Yandex
2014-04-26 14:28 . 2014-04-26 14:28 -------- d-----w- c:\program files\Yandex
2014-04-26 14:28 . 2014-04-27 01:18 -------- d-----w- c:\users\gokarna\AppData\Roaming\Yandex
2014-04-26 11:47 . 2014-04-26 11:47 -------- d-----w- C:\_OTM
2014-04-18 17:35 . 2014-04-18 17:35 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2014-04-18 17:22 . 2014-02-04 02:07 149440 ----a-w- c:\windows\system32\drivers\storport.sys
2014-04-18 17:22 . 2014-02-04 02:07 234432 ----a-w- c:\windows\system32\drivers\msiscsi.sys
2014-04-18 17:22 . 2014-02-04 02:07 27072 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2014-04-18 17:22 . 2014-02-04 02:00 2048 ----a-w- c:\windows\system32\iologmsg.dll
2014-04-18 17:11 . 2014-04-18 17:11 -------- d-----w- c:\users\gokarna\AppData\Local\WindowsUpdate
2014-04-18 17:06 . 2014-04-14 17:13 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-04-18 17:03 . 2014-04-18 17:03 921512 ----a-w- c:\program files\jxpiinstall.exe
2014-04-15 07:55 . 2014-04-15 07:56 -------- d-----w- c:\users\gokarna\Photos
2014-04-14 08:04 . 2014-04-14 08:04 -------- d-sh--w- c:\users\gokarna\AppData\Local\EmieUserList
2014-04-14 08:04 . 2014-04-14 08:04 -------- d-sh--w- c:\users\gokarna\AppData\Local\EmieSiteList
2014-04-13 13:38 . 2014-04-13 13:38 -------- d-----w- c:\windows\tr-TR
2014-04-13 13:38 . 2014-04-13 13:38 -------- d-----w- c:\windows\system32\XPSViewer
2014-04-13 13:38 . 2014-04-18 17:42 -------- d-----w- c:\windows\system32\drivers\tr-TR
2014-04-13 13:38 . 2014-04-13 13:38 -------- d-----w- c:\windows\system32\tr
2014-04-13 13:38 . 2014-04-13 13:38 -------- d-----w- c:\windows\system32\drivers\UMDF\tr-TR
2014-04-13 13:38 . 2014-04-13 13:38 -------- d-----w- c:\windows\system32\wbem\tr-TR
2014-04-13 13:14 . 2009-07-13 15:47 3584 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\tr-TR\LXKPTPRC.DLL.mui
2014-04-13 13:08 . 2014-01-24 02:18 1212352 ----a-w- c:\windows\system32\drivers\ntfs.sys
2014-04-13 13:08 . 2012-05-04 09:59 514560 ----a-w- c:\windows\system32\qdvd.dll
2014-04-05 19:16 . 2014-04-05 19:16 -------- d-----w- c:\windows\ERUNT
2014-04-05 18:21 . 2014-04-09 08:34 -------- d-----w- C:\AdwCleaner
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-04-29 09:09 . 2014-03-15 21:28 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-04-29 09:09 . 2014-03-15 21:28 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-04-26 10:27 . 2014-04-02 16:06 107736 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-04-03 06:51 . 2014-04-02 16:05 51416 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-04-03 06:51 . 2014-04-02 16:05 73432 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-04-03 06:50 . 2014-04-02 16:05 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-03-31 06:35 . 2014-03-07 18:50 231584 ------w- c:\windows\system32\MpSigStub.exe
2014-03-21 12:02 . 2014-03-21 12:02 86016 ----a-w- c:\windows\system32\iesysprep.dll
2014-03-21 12:02 . 2014-03-21 12:02 74240 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2014-03-21 12:02 . 2014-03-21 12:02 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2014-03-21 12:02 . 2014-03-21 12:02 645120 ----a-w- c:\windows\system32\jsIntl.dll
2014-03-21 12:02 . 2014-03-21 12:02 62464 ----a-w- c:\windows\system32\tdc.ocx
2014-03-21 12:02 . 2014-03-21 12:02 61952 ----a-w- c:\windows\system32\MshtmlDac.dll
2014-03-21 12:02 . 2014-03-21 12:02 48640 ----a-w- c:\windows\system32\mshtmler.dll
2014-03-21 12:02 . 2014-03-21 12:02 36352 ----a-w- c:\windows\system32\imgutil.dll
2014-03-21 12:02 . 2014-03-21 12:02 337408 ----a-w- c:\windows\system32\html.iec
2014-03-21 12:02 . 2014-03-21 12:02 24576 ----a-w- c:\windows\system32\licmgr10.dll
2014-03-21 12:02 . 2014-03-21 12:02 194048 ----a-w- c:\windows\system32\elshyph.dll
2014-03-21 12:02 . 2014-03-21 12:02 182272 ----a-w- c:\windows\system32\msls31.dll
2014-03-21 12:02 . 2014-03-21 12:02 151552 ----a-w- c:\windows\system32\iexpress.exe
2014-03-21 12:02 . 2014-03-21 12:02 139264 ----a-w- c:\windows\system32\wextract.exe
2014-03-21 12:02 . 2014-03-21 12:02 13312 ----a-w- c:\windows\system32\mshta.exe
2014-03-21 12:02 . 2014-03-21 12:02 111616 ----a-w- c:\windows\system32\IEAdvpack.dll
2014-03-21 12:02 . 2014-03-21 12:02 1051136 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-03-21 01:03 . 2014-03-21 01:03 49152 ----a-w- c:\windows\system32\taskhost.exe
2014-03-21 01:03 . 2014-03-21 01:03 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-03-21 01:03 . 2014-03-21 01:03 906240 ----a-w- c:\windows\system32\FntCache.dll
2014-03-21 01:03 . 2014-03-21 01:03 604160 ----a-w- c:\windows\system32\d3d10level9.dll
2014-03-21 01:03 . 2014-03-21 01:03 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-03-21 01:03 . 2014-03-21 01:03 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-03-21 01:03 . 2014-03-21 01:03 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2014-03-21 01:03 . 2014-03-21 01:03 364544 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2014-03-21 01:03 . 2014-03-21 01:03 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-03-21 01:03 . 2014-03-21 01:03 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2014-03-21 01:03 . 2014-03-21 01:03 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-03-21 01:03 . 2014-03-21 01:03 293376 ----a-w- c:\windows\system32\dxgi.dll
2014-03-21 01:03 . 2014-03-21 01:03 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-03-21 01:03 . 2014-03-21 01:03 249856 ----a-w- c:\windows\system32\d3d10_1core.dll
2014-03-21 01:03 . 2014-03-21 01:03 2284544 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2014-03-21 01:03 . 2014-03-21 01:03 220160 ----a-w- c:\windows\system32\d3d10core.dll
2014-03-21 01:03 . 2014-03-21 01:03 207872 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2014-03-21 01:03 . 2014-03-21 01:03 187392 ----a-w- c:\windows\system32\UIAnimation.dll
2014-03-21 01:03 . 2014-03-21 01:03 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2014-03-21 01:03 . 2014-03-21 01:03 1247744 ----a-w- c:\windows\system32\DWrite.dll
2014-03-21 01:03 . 2014-03-21 01:03 1158144 ----a-w- c:\windows\system32\XpsPrint.dll
2014-03-21 01:03 . 2014-03-21 01:03 1080832 ----a-w- c:\windows\system32\d3d10.dll
2014-03-21 01:03 . 2014-03-21 01:03 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2014-03-21 01:02 . 2014-03-21 01:02 1505280 ----a-w- c:\windows\system32\d3d11.dll
2014-03-20 01:07 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2014-03-04 11:25 . 2012-05-30 09:14 246804 ----a-w- c:\windows\system32\drivers\AtherosBt.bin
2014-02-07 01:07 . 2014-03-20 08:31 2349056 ----a-w- c:\windows\system32\win32k.sys
2014-02-04 02:04 . 2014-03-21 07:48 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-02-04 02:04 . 2014-03-20 08:32 509440 ----a-w- c:\windows\system32\qedit.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spybot-S&D Cleaning"="c:\program files\Spybot - Search & Destroy 2\SDCleaner.exe" [2013-09-20 3666224]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2014-02-10 20924576]
"Spotify Web Helper"="c:\users\gokarna\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-04-03 1171968]
"uTorrent"="c:\users\gokarna\AppData\Roaming\uTorrent\uTorrent.exe" [2014-04-26 1270352]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2011-07-11 74752]
"LGODDFU"="c:\program files\lg_fwupdate\fwupdate.exe" [2008-10-01 548864]
"PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-29 200704]
"AtherosBtStack"="c:\program files\Bluetooth Suite\btvstack.exe" [2012-05-30 878208]
"AthBtTray"="c:\program files\Bluetooth Suite\athbttray.exe" [2012-05-30 696448]
"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2013-07-25 5624784]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2014-02-21 152392]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2014-01-17 421888]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-12-21 959904]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2014-03-20 280576]
.
c:\users\gokarna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE %SystemRoot%\ERDNT\AutoBackup\#Date# /noconfirmdelete /noprogresswindow [2005-10-20 38912]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2014-3-4 113664]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.141\SSScheduler.exe [2014-1-16 277920]
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2013-12-6 565464]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [2013-12-06 662232]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-10-23 172192]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 40320]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-03-06 108032]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-04-26 107736]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.141\McCHSvc.exe [2014-01-16 235696]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-10-15 3921880]
R3 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-09-20 1042272]
R3 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-09-13 171416]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2014-03-15 1343400]
R3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\DRIVERS\ZTEusbvoice.sys [2011-03-26 107776]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys [2013-03-18 541680]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys [2013-03-18 26608]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys [2013-02-22 16880]
S2 AtherosSvc;AtherosSvc;c:\program files\Bluetooth Suite\adminservice.exe [2012-05-30 97920]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-04-11 1390720]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-04-11 1764992]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [2013-12-06 1229528]
S2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;c:\program files\Bluetooth Suite\Ath_CoexAgent.exe [2012-05-30 327296]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2012-05-30 35968]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2013-03-27 302920]
S3 btath_avdt;Qualcomm Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys [2013-03-27 101192]
S3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2013-03-27 27976]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2013-03-27 158688]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2013-03-27 66448]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2013-03-27 119624]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2013-03-27 496456]
S3 MEI;Intel(R) Management Engine Interface ;c:\windows\system32\DRIVERS\TeeDriver.sys [2013-03-20 85976]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf_x86.sys [2013-12-06 16024]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2012-10-18 258704]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2013-03-04 643656]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2007-08-03 9344]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-04-25 21:43 1078088 ----a-w- c:\program files\Google\Chrome\Application\34.0.1847.131\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-05-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-15 09:09]
.
2014-05-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-04-02 18:37]
.
2014-05-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-04-02 18:37]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yandex.ru/?win=121&clid=1991182
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = localhost:21320
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\
FF - prefs.js: browser.search.selectedEngine - Yandex
FF - prefs.js: browser.startup.homepage - hxxp://www.yandex.ru/?win=121&clid=1991182
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{91397D20-1446-11D4-8AF4-0040CA1127B6} - c:\program files\Yandex\Elements\bartab.dll
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_13_0_0_206_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_13_0_0_206_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-05-03 15:24:50
ComboFix-quarantined-files.txt 2014-05-03 12:24
ComboFix2.txt 2014-04-30 18:27
.
Pre-Run: 155,436,085,248 bytes free
Post-Run: 155,359,883,264 bytes free
.
- - End Of File - - 5B846DB26390F8ACFA7B90617180273E
A36C5E4F47E84449FF07ED3517B43A31
Please Run TFC by OldTimer to clear temporary files:
Download TFC from here http://oldtimer.geekstogo.com/TFC.exe
and save it to your desktop.
Close any open programs and Internet browsers.
Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
Please be patient as clearing out temp files may take a while.
Once it completes you may be prompted to restart your computer, please do so.
Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.
~~~~~~~~~~~~~~~~~~~~~~~~~~~`
Go here (http://go.eset.com/us/online-scanner) to run an online scanner from ESET.
Turn off the real time scanner of any existing antivirus program while performing the online scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activeX control to install
Click Start Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
Click Scan
Wait for the scan to finish
When the scan completes, press the LIST OF THREATS FOUND button
Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
Include the contents of this report in your next reply.
Press the BACK button.
Press Finish
wendyseana
2014-05-04, 10:19
Hello Juliet,
So it looks even to my novice eyes that we may be getting to the nitty grits of my infection . Here is the ESEETSCAN log :
C:\Users\gokarna\Downloads\DriversForFreeSetup.exe a variant of Win32/InstallCore.JW potentially unwanted application
C:\Users\gokarna\Downloads\MediaPlayer__7392_i603528379_il146.exe a variant of Win32/Amonetize.AO potentially unwanted application
C:\Users\gokarna\Downloads\shrek-the-third2007dvdrip-ac3eng-axxo_BitLord.exe Win32/InstallCore.MT potentially unwanted application
Btw how goes it with finding and deleting Yandex ? Can you do it remotely ?
Salute, Wendy
Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)
start
C:\Users\gokarna\Downloads\DriversForFreeSetup.exe
C:\Users\gokarna\Downloads\MediaPlayer__7392_i603528379_il146.exe
C:\Users\gokarna\Downloads\shrek-the-third2007dvdrip-ac3eng-axxo_BitLord.exe
c:\programdata\Yandex
c:\users\gokarna\AppData\Local\Yandex
c:\program files\Yandex
c:\users\gokarna\AppData\Roaming\Yandex
Reboot:
end
Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
Please post this log when finished.
wendyseana
2014-05-05, 18:39
Hi Juliet, moving right along towards a conclusion then here is the fixlog.txt
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:05-05-2014
Ran by gokarna at 2014-05-05 19:30:52 Run:2
Running from C:\Users\gokarna\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
start
C:\Users\gokarna\Downloads\DriversForFreeSetup.exe
C:\Users\gokarna\Downloads\MediaPlayer__7392_i603528379_il146.exe
C:\Users\gokarna\Downloads\shrek-the-third2007dvdrip-ac3eng-axxo_BitLord.exe
c:\programdata\Yandex
c:\users\gokarna\AppData\Local\Yandex
c:\program files\Yandex
c:\users\gokarna\AppData\Roaming\Yandex
Reboot:
end
*****************
C:\Users\gokarna\Downloads\DriversForFreeSetup.exe => Moved successfully.
C:\Users\gokarna\Downloads\MediaPlayer__7392_i603528379_il146.exe => Moved successfully.
"C:\Users\gokarna\Downloads\shrek-the-third2007dvdrip-ac3eng-axxo_BitLord.exe" => File/Directory not found.
c:\programdata\Yandex => Moved successfully.
c:\users\gokarna\AppData\Local\Yandex => Moved successfully.
c:\program files\Yandex => Moved successfully.
c:\users\gokarna\AppData\Roaming\Yandex => Moved successfully.
The system needed a reboot.
==== End of Fixlog ====
The results look good to me, how is the computer operating now?
wendyseana
2014-05-09, 23:59
Hello Juliet,
How is it going ? Well Yandex is still very much with me which is a downer. You haven't given me feedback on what's happening there for sometime. While it it has hijacked Firefox and Chrome I think its best not to use this computer for any banking or purchasing activity. I am not really sure what to make of the Spybot scan logs which although Win32.Loadmoney no longer appears still shows lots of entries every day and its often only a few hours after fixing show as many entries again. I have copy and pasted the latest here so as you can tell me if this is acceptable/normal or not ??
Search results from Spybot - Search & Destroy
5/10/2014 12:42:58 AM
Scan took 00:16:05.
20 items found.
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\gokarna\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\XY9GT5VC\kiks.yandex.ru\fuid01.sol
Properties.size=188
Properties.md5=7B8842C292510E47967FC622F91A4B28
Properties.filedate=1399417808
Properties.filedatetext=2014-05-07 02:10:08
Macromedia.FlashPlayer.Cookies: [SBI $1EF45977] Text file (File, nothing done)
C:\Users\gokarna\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\XY9GT5VC\ospank.com\#kernelteam\preferences.sol
Properties.size=61
Properties.md5=C58803187774833DFC9451A7E42B4002
Properties.filedate=1399420269
Properties.filedatetext=2014-05-07 02:51:08
Macromedia.FlashPlayer.Cookies: [SBI $1EF45977] Text file (File, nothing done)
C:\Users\gokarna\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\XY9GT5VC\skype.com\#ui\preferences.sol
Properties.size=217
Properties.md5=DD1BC5A42AEC607C0FEE7A07D7EB04F2
Properties.filedate=1399324437
Properties.filedatetext=2014-05-06 00:13:57
DoubleClick: [SBI $4E2AF2AC] Tracking cookie (Google Chrome: Default) (Browser: Cookie, nothing done)
Gabest Media Player Classic: [SBI $E81D76E1] Last captured file (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000\Software\Gabest\Media Player Classic\Capture\FileName
Gabest Media Player Classic: [SBI $A8B11633] Recent file list (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000\Software\Gabest\Media Player Classic\Recent File List
MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000\Software\Microsoft\Direct3D\MostRecentApplication\Name
MS DirectInput: [SBI $9A063C91] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000\Software\Microsoft\DirectInput\MostRecentApplication\Name
MS DirectInput: [SBI $7B184199] Most recent application ID (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000\Software\Microsoft\DirectInput\MostRecentApplication\Id
Windows.OpenWith: [SBI $7E93AD81] Open with list - .CSS extension (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CSS\OpenWithList
Windows Explorer: [SBI $AA0766B5] Stream history (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU
Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000\Software\Microsoft\Windows Media\WMSDK\General\ComputerName
Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000\Software\Microsoft\Windows Media\WMSDK\General\UniqueID
Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry Value, nothing done)
HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber
Cookie: [SBI $49804B54] Browser: Cookie (3) (Browser: Cookie, nothing done)
Cache: [SBI $49804B54] Browser: Cache (74) (Browser: Cache, nothing done)
History: [SBI $49804B54] Browser: History (83) (Browser: History, nothing done)
Cookie: [SBI $49804B54] Browser: Cookie (150) (Browser: Cookie, nothing done)
Cookie: [SBI $49804B54] Browser: Cookie (160) (Browser: Cookie, nothing done)
--- Spybot - Search & Destroy version: 2.1.18.131 DLL (build: 20130516) ---
2013-09-20 blindman.exe (2.2.18.151)
2013-09-20 explorer.exe (2.2.18.177)
2013-09-20 SDBootCD.exe (2.2.18.109)
2013-09-20 SDCleaner.exe (2.2.18.110)
2013-09-20 SDDelFile.exe (2.2.18.94)
2013-06-18 SDDisableProxy.exe
2013-09-20 SDFiles.exe (2.2.18.135)
2013-09-20 SDFileScanHelper.exe (2.2.16.1)
2013-10-15 SDFSSvc.exe (2.2.25.211)
2013-10-10 SDHookHelper.exe (2.3.30.2)
2013-10-10 SDHookInst32.exe (2.3.30.2)
2013-09-20 SDImmunize.exe (2.2.18.130)
2013-05-16 SDLogReport.exe (2.1.18.107)
2013-10-14 SDOnAccess.exe (2.2.25.4)
2013-09-20 SDPESetup.exe (2.2.18.3)
2013-09-20 SDPEStart.exe (2.2.18.86)
2013-09-20 SDPhoneScan.exe (2.2.18.28)
2013-09-20 SDPRE.exe (2.2.18.22)
2013-09-20 SDPrepPos.exe (2.2.18.10)
2013-09-20 SDQuarantine.exe (2.2.18.103)
2013-09-20 SDRootAlyzer.exe (2.2.18.116)
2013-09-20 SDSBIEdit.exe (2.2.18.39)
2013-09-20 SDScan.exe (2.2.18.177)
2013-09-20 SDScript.exe (2.2.18.53)
2013-10-15 SDSettings.exe (2.2.25.138)
2013-09-20 SDShell.exe (2.2.18.2)
2013-09-20 SDShred.exe (2.2.18.107)
2013-09-20 SDSysRepair.exe (2.2.18.101)
2013-09-20 SDTools.exe (2.2.18.150)
2013-07-25 SDTray.exe (2.1.21.129)
2013-09-20 SDUpdate.exe (2.2.18.91)
2013-09-20 SDUpdSvc.exe (2.2.18.76)
2013-09-20 SDWelcome.exe (2.2.21.129)
2013-09-13 SDWSCSvc.exe (2.2.22.2)
2014-03-15 spybotsd2-installer.exe (2.2.25.0)
2013-06-19 spybotsd2-translation-frx.exe
2014-03-15 unins000.exe (51.1052.0.0)
1999-12-02 xcacls.exe
2012-08-23 borlndmm.dll (10.0.2288.42451)
2012-09-05 DelZip190.dll (1.9.0.107)
2012-09-10 libeay32.dll (1.0.0.4)
2012-09-10 libssl32.dll (1.0.0.4)
2013-05-16 SDAdvancedCheckLibrary.dll (2.1.18.98)
2013-05-16 SDAV.dll
2013-05-16 SDECon32.dll (2.1.18.113)
2013-04-05 SDEvents.dll (2.1.16.2)
2013-10-14 SDFileScanLibrary.dll (2.2.25.14)
2013-10-10 SDHook32.dll (2.3.30.2)
2013-05-16 SDImmunizeLibrary.dll (2.1.18.2)
2013-05-16 SDLicense.dll (2.1.18.0)
2013-05-16 SDLists.dll (2.1.18.4)
2013-05-16 SDResources.dll (2.1.18.7)
2013-05-16 SDScanLibrary.dll (2.1.18.131)
2013-05-16 SDTasks.dll (2.1.18.15)
2013-05-16 SDWinLogon.dll (2.1.18.0)
2012-08-23 sqlite3.dll
2012-09-10 ssleay32.dll (1.0.0.4)
2013-05-16 Tools.dll (2.1.18.36)
2014-03-05 Includes\Adware-000.sbi (*)
2014-01-08 Includes\Adware-001.sbi (*)
2014-05-06 Includes\Adware-C.sbi (*)
2014-01-13 Includes\Adware.sbi (*)
2014-01-13 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2014-01-08 Includes\Dialer-000.sbi (*)
2014-01-08 Includes\Dialer-001.sbi (*)
2014-01-08 Includes\Dialer-C.sbi (*)
2014-01-13 Includes\Dialer.sbi (*)
2014-01-13 Includes\DialerC.sbi (*)
2014-01-09 Includes\Fraud-000.sbi (*)
2014-01-09 Includes\Fraud-001.sbi (*)
2014-03-31 Includes\Fraud-002.sbi (*)
2014-01-09 Includes\Fraud-003.sbi (*)
2012-11-14 Includes\HeavyDuty.sbi (*)
2014-01-08 Includes\Hijackers-000.sbi (*)
2014-01-08 Includes\Hijackers-001.sbi (*)
2014-01-08 Includes\Hijackers-C.sbi (*)
2014-01-13 Includes\Hijackers.sbi (*)
2014-01-13 Includes\HijackersC.sbi (*)
2014-01-08 Includes\iPhone-000.sbi (*)
2014-01-08 Includes\iPhone.sbi (*)
2014-01-08 Includes\Keyloggers-000.sbi (*)
2014-03-19 Includes\Keyloggers-C.sbi (*)
2014-01-13 Includes\Keyloggers.sbi (*)
2014-01-13 Includes\KeyloggersC.sbi (*)
2014-01-09 Includes\Malware-001.sbi (*)
2014-01-09 Includes\Malware-002.sbi (*)
2014-02-05 Includes\Malware-003.sbi (*)
2014-01-28 Includes\Malware-004.sbi (*)
2014-04-15 Includes\Malware-005.sbi (*)
2014-02-26 Includes\Malware-006.sbi (*)
2014-01-09 Includes\Malware-007.sbi (*)
2014-04-30 Includes\Malware-C.sbi (*)
2014-01-13 Includes\Malware.sbi (*)
2013-12-23 Includes\MalwareC.sbi (*)
2014-01-15 Includes\PUPS-000.sbi (*)
2014-01-15 Includes\PUPS-001.sbi (*)
2014-01-15 Includes\PUPS-002.sbi (*)
2014-05-06 Includes\PUPS-C.sbi (*)
2012-11-14 Includes\PUPS.sbi (*)
2014-01-07 Includes\PUPSC.sbi (*)
2014-01-08 Includes\Security-000.sbi (*)
2014-01-08 Includes\Security-C.sbi (*)
2014-01-21 Includes\Security.sbi (*)
2014-01-21 Includes\SecurityC.sbi (*)
2014-01-08 Includes\Spyware-000.sbi (*)
2014-01-08 Includes\Spyware-001.sbi (*)
2014-01-08 Includes\Spyware-C.sbi (*)
2014-01-21 Includes\Spyware.sbi (*)
2014-01-21 Includes\SpywareC.sbi (*)
2011-06-07 Includes\Tracks.sbi (*)
2012-11-19 Includes\Tracks.uti (*)
2014-01-15 Includes\Trojans-000.sbi (*)
2014-01-15 Includes\Trojans-001.sbi (*)
2014-01-15 Includes\Trojans-002.sbi (*)
2014-01-15 Includes\Trojans-003.sbi (*)
2014-01-15 Includes\Trojans-004.sbi (*)
2014-03-19 Includes\Trojans-005.sbi (*)
2014-01-15 Includes\Trojans-006.sbi (*)
2014-01-15 Includes\Trojans-007.sbi (*)
2014-01-15 Includes\Trojans-008.sbi (*)
2014-01-15 Includes\Trojans-009.sbi (*)
2014-05-06 Includes\Trojans-C.sbi (*)
2014-01-15 Includes\Trojans-OG-000.sbi (*)
2014-01-15 Includes\Trojans-TD-000.sbi (*)
2014-01-15 Includes\Trojans-VM-000.sbi (*)
2014-01-15 Includes\Trojans-VM-001.sbi (*)
2014-01-15 Includes\Trojans-VM-002.sbi (*)
2014-01-15 Includes\Trojans-VM-003.sbi (*)
2014-01-15 Includes\Trojans-VM-004.sbi (*)
2014-01-15 Includes\Trojans-VM-005.sbi (*)
2014-01-15 Includes\Trojans-VM-006.sbi (*)
2014-01-15 Includes\Trojans-VM-007.sbi (*)
2014-01-15 Includes\Trojans-VM-008.sbi (*)
2014-01-15 Includes\Trojans-VM-009.sbi (*)
2014-01-15 Includes\Trojans-VM-010.sbi (*)
2014-01-15 Includes\Trojans-VM-011.sbi (*)
2014-01-15 Includes\Trojans-VM-012.sbi (*)
2014-01-15 Includes\Trojans-VM-013.sbi (*)
2014-01-15 Includes\Trojans-VM-014.sbi (*)
2014-01-15 Includes\Trojans-VM-015.sbi (*)
2014-01-15 Includes\Trojans-VM-016.sbi (*)
2014-01-15 Includes\Trojans-VM-017.sbi (*)
2014-01-15 Includes\Trojans-VM-018.sbi (*)
2014-01-15 Includes\Trojans-VM-019.sbi (*)
2014-01-15 Includes\Trojans-VM-020.sbi (*)
2014-01-15 Includes\Trojans-VM-021.sbi (*)
2014-01-15 Includes\Trojans-VM-022.sbi (*)
2014-01-15 Includes\Trojans-VM-023.sbi (*)
2014-01-15 Includes\Trojans-VM-024.sbi (*)
2014-01-15 Includes\Trojans-ZB-000.sbi (*)
2014-01-15 Includes\Trojans-ZL-000.sbi (*)
2014-01-09 Includes\Trojans.sbi (*)
2014-01-16 Includes\TrojansC-01.sbi (*)
2014-01-16 Includes\TrojansC-02.sbi (*)
2014-01-16 Includes\TrojansC-03.sbi (*)
2014-01-16 Includes\TrojansC-04.sbi (*)
2014-01-16 Includes\TrojansC-05.sbi (*)
2014-01-09 Includes\TrojansC.sbi (*)
Talk to you tomorrow I hope, Wendy
From what I can see it's stored cookies from using Flash Player
http://www.piriform.com/ccleaner/download
Download CCleaner
Once it's downloaded then set it to delete Flash cookies
http://www.piriform.com/docs/ccleaner/ccleaner-settings/cleaning-flash-cookies
The registry entries you have listed are all simply usage tracks, not malware, so there's really no reason to worry about them unless you're paranoid about your privacy.
http://www.safer-networking.org/faq/usage-tracks/
wendyseana
2014-05-10, 11:44
but Yandex is still very much there so what can we do now please :confused: You didn't say a reboot was necessary so I haven't but I will just to see if perhaps thatis the key...........
It's odd, tools I've had you use find and say it's deleted but returns.
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #2 (http://images.malwareremoval.com/jpshortstuff/SystemLook.exe)
Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:
:folderfind
Yandex
:filefind
Yandex
:regfind
Yandex
Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
wendyseana
2014-05-13, 18:15
The Download Mirror #1 brought up this warning when I clicked on it
Reported Attack Page!
This web page at jpshortstuff.247fixes.com has been reported as an attack page and has been blocked based on your security preferences.
Attack pages try to install programs that steal private information, use your computer to attack others, or damage your system.
Some attack pages intentionally distribute harmful software, but many are compromised without the knowledge or permission of their owners.
Download Mirror 2 seems to be fine though
wendyseana
2014-05-13, 18:50
Hi Juliet, here is the log for Systemlook
SystemLook 30.07.11 by jpshortstuff
Log created at 19:19 on 13/05/2014 by gokarna
Administrator - Elevation successful
========== folderfind ==========
Searching for "Yandex"
C:\FRST\Quarantine\C\program files\Yandex d------ [14:28 26/04/2014]
C:\FRST\Quarantine\C\programdata\Yandex d------ [14:28 26/04/2014]
C:\FRST\Quarantine\C\Users\gokarna\AppData\Local\Yandex d------ [14:28 26/04/2014]
C:\FRST\Quarantine\C\Users\gokarna\AppData\Roaming\Yandex d------ [14:28 26/04/2014]
C:\Program Files\AdwCleaner\Quarantine\C\Users\gokarna\AppData\Local\Yandex d------ [08:33 09/04/2014]
C:\Program Files\AdwCleaner\Quarantine\C\Users\gokarna\AppData\LocalLow\Yandex d------ [08:33 09/04/2014]
C:\Program Files\AdwCleaner\Quarantine\C\Users\gokarna\AppData\Roaming\Yandex d------ [08:33 09/04/2014]
C:\Program Files\AdwCleaner\Quarantine\C\Users\gokarna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Yandex d------ [08:33 09/04/2014]
C:\Program Files\AdwCleaner\Quarantine\C\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\hullhm7j.default\Yandex d------ [08:33 09/04/2014]
C:\Qoobox\Quarantine\C\Program Files\Yandex d------ [12:22 03/05/2014]
C:\Users\gokarna\AppData\LocalLow\Yandex d------ [14:28 26/04/2014]
C:\Users\gokarna\AppData\Roaming\Yandex d------ [16:35 05/05/2014]
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yandex d------ [01:18 27/04/2014]
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\locale\en\brand\yandex d------ [07:49 29/04/2014]
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\locale\ru\brand\yandex d------ [07:49 29/04/2014]
C:\Users\gokarna\Desktop\Old Firefox Data\hullhm7j.default\yasearch-xb\packages\{3a427092-f8a8-4cfc-8619-30830ef0df73}\locale\en\brand\yandex d------ [12:30 19/04/2014]
C:\Users\gokarna\Desktop\Old Firefox Data\hullhm7j.default\yasearch-xb\packages\{3a427092-f8a8-4cfc-8619-30830ef0df73}\locale\ru\brand\yandex d------ [12:30 19/04/2014]
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Yandex d------ [07:34 16/03/2014]
========== filefind ==========
Searching for "Yandex"
No files found.
========== regfind ==========
Searching for "Yandex"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Yandex]
[HKEY_CURRENT_USER\Software\AppDataLow\Yandex]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{54079e4f-b72f-4c73-939e-3e10f242767f}]
"AppPath"="C:\Users\gokarna\AppData\Local\Yandex\Updater\"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.yandex.ru/?win=121&clid=1991182"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"DisplayName"="Yandex"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"FaviconURLFallback"="http://www.yandex.ru/favicon.ico"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"SuggestionsURL_JSON"="http://suggest.yandex.net/suggest-ff.cgi?part={searchTerms}"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"="http://yandex.ru/yandsearch?win=121&clid=1991183&text={searchTerms}"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\y]
@="http://yandex.ru/yandsearch?win=121&clid=1991186&text=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\YandexBrowser]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\YandexBrowser]
"DisplayName"="Yandex"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\YandexBrowser]
"UninstallString"=""C:\Program Files\Uninstall Information\97\4258\uninstall.exe" /PUninstall="HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\YandexBrowser" /reg=32"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\YandexBrowser]
"InstallLocation"="C:\Users\gokarna\AppData\Local\Yandex\YandexBrowser\Application"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\YandexBrowser]
"DisplayIcon"="C:\Users\gokarna\AppData\Local\Yandex\YandexBrowser\Application\browser.exe,0"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\YandexBrowser]
"Publisher"="YANDEX"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\YandexBrowser]
"OUninstallString"=""C:\Users\gokarna\AppData\Local\Yandex\YandexBrowser\Application\30.0.1599.13014\Installer\setup.exe" --uninstall --verbose-logging"
[HKEY_CURRENT_USER\Software\Yandex]
[HKEY_CURRENT_USER\Software\Yandex\YandexBrowser]
[HKEY_CURRENT_USER\Software\Yandex\YandexBrowser]
"UninstallString"="C:\Users\gokarna\AppData\Local\Yandex\YandexBrowser\Application\30.0.1599.13014\Installer\setup.exe"
[HKEY_CURRENT_USER\Software\Yandex\YandexBrowser]
"name"="Yandex"
[HKEY_CURRENT_USER\Software\Yandex\YandexBrowser]
"InstallerSuccessLaunchCmdLine"=""C:\Users\gokarna\AppData\Local\Yandex\YandexBrowser\Application\browser.exe""
[HKEY_CURRENT_USER\Software\Yandex\YandexBrowser\Commands\install-extension]
"CommandLine"=""C:\Users\gokarna\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --limited-install-from-webstore=%1"
[HKEY_CURRENT_USER\Software\Yandex\YandexBrowser\Commands\on-os-upgrade]
"CommandLine"=""C:\Users\gokarna\AppData\Local\Yandex\YandexBrowser\Application\30.0.1599.13014\Installer\setup.exe" --on-os-upgrade --verbose-logging"
[HKEY_CURRENT_USER\Software\Classes\.crx]
@="YandexBrowser.crx"
[HKEY_CURRENT_USER\Software\Classes\CLSID\{4671DB2A-087D-4EB2-96DF-64AF0177FE1B}\LocalServer32]
@=""C:\Users\gokarna\AppData\Local\Yandex\Updater\yupdate-ctrl.exe""
[HKEY_CURRENT_USER\Software\Classes\CLSID\{5FAFC90A-D443-4E4F-B69B-DA1F8D553C6C}\LocalServer32]
@=""C:\Users\gokarna\AppData\Local\Yandex\YandexBrowser\Application\30.0.1599.13014\delegate_execute.exe""
[HKEY_CURRENT_USER\Software\Classes\CLSID\{5FAFC90A-D443-4E4F-B69B-DA1F8D553C6C}\LocalServer32]
"ServerExecutable"="C:\Users\gokarna\AppData\Local\Yandex\YandexBrowser\Application\30.0.1599.13014\delegate_execute.exe"
[HKEY_CURRENT_USER\Software\Classes\TypeLib\{B01CA563-8D3B-4E50-94B7-BBCED71B3083}\1.0\0\win32]
@="C:\Users\gokarna\AppData\Local\Yandex\Updater\yupdate-ctrl.exe"
[HKEY_CURRENT_USER\Software\Classes\TypeLib\{B01CA563-8D3B-4E50-94B7-BBCED71B3083}\1.0\HELPDIR]
@="C:\Users\gokarna\AppData\Local\Yandex\Updater\"
[HKEY_CURRENT_USER\Software\Classes\YandexBrowser.crx]
[HKEY_CURRENT_USER\Software\Classes\YandexBrowser.crx]
@="Yandex Browser Extra"
[HKEY_CURRENT_USER\Software\Classes\YandexBrowser.crx\DefaultIcon]
@=""C:\Users\gokarna\AppData\Local\Yandex\YandexBrowser\Application\browser.exe",0"
[HKEY_CURRENT_USER\Software\Classes\YandexBrowser.crx\shell\open\command]
@=""C:\Users\gokarna\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.htm\OpenWithProgids]
"YandexHTML.FRWESAIQ3UMB4SAG6QDLDICFXE"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.html\OpenWithProgids]
"YandexHTML.FRWESAIQ3UMB4SAG6QDLDICFXE"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.pdf\OpenWithProgids]
"YandexPDF.FRWESAIQ3UMB4SAG6QDLDICFXE"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.shtml\OpenWithProgids]
"YandexHTML.FRWESAIQ3UMB4SAG6QDLDICFXE"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.swf\OpenWithProgids]
"YandexHTML.FRWESAIQ3UMB4SAG6QDLDICFXE"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.webp\OpenWithProgids]
"YandexHTML.FRWESAIQ3UMB4SAG6QDLDICFXE"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.xht\OpenWithProgids]
"YandexHTML.FRWESAIQ3UMB4SAG6QDLDICFXE"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.xhtml\OpenWithProgids]
"YandexHTML.FRWESAIQ3UMB4SAG6QDLDICFXE"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D5FEC983-01DB-414a-9456-AF95AC9ED7B5}\InprocServer32]
@="C:\Program Files\Yandex\FastDial\fastdial.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\fd\DefaultIcon]
@="C:\Program Files\Yandex\FastDial\fastdial.dll,0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{AFBDA429-7995-4CCA-9298-7C7D6B4A244C}\1.0\0\win32]
@="C:\Program Files\Yandex\FastDial\fastdial.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{AFBDA429-7995-4CCA-9298-7C7D6B4A244C}\1.0\HELPDIR]
@="C:\Program Files\Yandex\FastDial"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\yabrowser\DefaultIcon]
@="C:\Users\gokarna\AppData\Local\Yandex\YandexBrowser\Application\browser.exe,0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\yabrowser\shell\open\command]
@=""C:\Users\gokarna\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" -- "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YandexHTML.FRWESAIQ3UMB4SAG6QDLDICFXE]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YandexHTML.FRWESAIQ3UMB4SAG6QDLDICFXE]
@="Yandex Browser HTML Document"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YandexHTML.FRWESAIQ3UMB4SAG6QDLDICFXE\shell\open\command]
@=""C:\Users\gokarna\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" -- "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YandexPDF.FRWESAIQ3UMB4SAG6QDLDICFXE]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YandexPDF.FRWESAIQ3UMB4SAG6QDLDICFXE]
@="Yandex Browser PDF Document"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YandexPDF.FRWESAIQ3UMB4SAG6QDLDICFXE\DefaultIcon]
@="C:\Users\gokarna\AppData\Local\Yandex\YandexBrowser\Application\browser.exe,-103"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YandexPDF.FRWESAIQ3UMB4SAG6QDLDICFXE\shell\open\command]
@=""C:\Users\gokarna\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" -- "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Yandex.FRWESAIQ3UMB4SAG6QDLDICFXE]
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Yandex.FRWESAIQ3UMB4SAG6QDLDICFXE]
@="Yandex"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Yandex.FRWESAIQ3UMB4SAG6QDLDICFXE\Capabilities]
"ApplicationDescription"="Yandex.Browser — web sayfalarını görüntülemek için kullanılan tarayıcı."
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Yandex.FRWESAIQ3UMB4SAG6QDLDICFXE\Capabilities]
"ApplicationIcon"="C:\Users\gokarna\AppData\Local\Yandex\YandexBrowser\Application\browser.exe,0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Yandex.FRWESAIQ3UMB4SAG6QDLDICFXE\Capabilities]
"ApplicationName"="Yandex"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Yandex.FRWESAIQ3UMB4SAG6QDLDICFXE\Capabilities\FileAssociations]
".htm"="YandexHTML.FRWESAIQ3UMB4SAG6QDLDICFXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Yandex.FRWESAIQ3UMB4SAG6QDLDICFXE\Capabilities\FileAssociations]
".html"="YandexHTML.FRWESAIQ3UMB4SAG6QDLDICFXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Yandex.FRWESAIQ3UMB4SAG6QDLDICFXE\Capabilities\FileAssociations]
".shtml"="YandexHTML.FRWESAIQ3UMB4SAG6QDLDICFXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Yandex.FRWESAIQ3UMB4SAG6QDLDICFXE\Capabilities\FileAssociations]
".xht"="YandexHTML.FRWESAIQ3UMB4SAG6QDLDICFXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Yandex.FRWESAIQ3UMB4SAG6QDLDICFXE\Capabilities\FileAssociations]
".xhtml"="YandexHTML.FRWESAIQ3UMB4SAG6QDLDICFXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Yandex.FRWESAIQ3UMB4SAG6QDLDICFXE\Capabilities\FileAssociations]
".crx"="YandexHTML.FRWESAIQ3UMB4SAG6QDLDICFXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Yandex.FRWESAIQ3UMB4SAG6QDLDICFXE\Capabilities\FileAssociations]
".pdf"="YandexPDF.FRWESAIQ3UMB4SAG6QDLDICFXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Yandex.FRWESAIQ3UMB4SAG6QDLDICFXE\Capabilities\FileAssociations]
".swf"="YandexHTML.FRWESAIQ3UMB4SAG6QDLDICFXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Yandex.FRWESAIQ3UMB4SAG6QDLDICFXE\Capabilities\FileAssociations]
".webp"="YandexHTML.FRWESAIQ3UMB4SAG6QDLDICFXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Yandex.FRWESAIQ3UMB4SAG6QDLDICFXE\Capabilities\Startmenu]
"StartMenuInternet"="Yandex.FRWESAIQ3UMB4SAG6QDLDICFXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Yandex.FRWESAIQ3UMB4SAG6QDLDICFXE\Capabilities\URLAssociations]
"ftp"="YandexHTML.FRWESAIQ3UMB4SAG6QDLDICFXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Yandex.FRWESAIQ3UMB4SAG6QDLDICFXE\Capabilities\URLAssociations]
"http"="YandexHTML.FRWESAIQ3UMB4SAG6QDLDICFXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Yandex.FRWESAIQ3UMB4SAG6QDLDICFXE\Capabilities\URLAssociations]
"https"="YandexHTML.FRWESAIQ3UMB4SAG6QDLDICFXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Yandex.FRWESAIQ3UMB4SAG6QDLDICFXE\Capabilities\URLAssociations]
"irc"="YandexHTML.FRWESAIQ3UMB4SAG6QDLDICFXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Yandex.FRWESAIQ3UMB4SAG6QDLDICFXE\Capabilities\URLAssociations]
"mailto"="YandexHTML.FRWESAIQ3UMB4SAG6QDLDICFXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Yandex.FRWESAIQ3UMB4SAG6QDLDICFXE\Capabilities\URLAssociations]
"mms"="YandexHTML.FRWESAIQ3UMB4SAG6QDLDICFXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Yandex.FRWESAIQ3UMB4SAG6QDLDICFXE\Capabilities\URLAssociations]
"news"="YandexHTML.FRWESAIQ3UMB4SAG6QDLDICFXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Yandex.FRWESAIQ3UMB4SAG6QDLDICFXE\Capabilities\URLAssociations]
"nntp"="YandexHTML.FRWESAIQ3UMB4SAG6QDLDICFXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Yandex.FRWESAIQ3UMB4SAG6QDLDICFXE\Capabilities\URLAssociations]
"sms"="YandexHTML.FRWESAIQ3UMB4SAG6QDLDICFXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Yandex.FRWESAIQ3UMB4SAG6QDLDICFXE\Capabilities\URLAssociations]
"smsto"="YandexHTML.FRWESAIQ3UMB4SAG6QDLDICFXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Yandex.FRWESAIQ3UMB4SAG6QDLDICFXE\Capabilities\URLAssociations]
"tel"="YandexHTML.FRWESAIQ3UMB4SAG6QDLDICFXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Yandex.FRWESAIQ3UMB4SAG6QDLDICFXE\Capabilities\URLAssociations]
"urn"="YandexHTML.FRWESAIQ3UMB4SAG6QDLDICFXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Yandex.FRWESAIQ3UMB4SAG6QDLDICFXE\Capabilities\URLAssociations]
"webcal"="YandexHTML.FRWESAIQ3UMB4SAG6QDLDICFXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Yandex.FRWESAIQ3UMB4SAG6QDLDICFXE\DefaultIcon]
@="C:\Users\gokarna\AppData\Local\Yandex\YandexBrowser\Application\browser.exe,0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Yandex.FRWESAIQ3UMB4SAG6QDLDICFXE\InstallInfo]
"ReinstallCommand"=""C:\Users\gokarna\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --make-default-browser"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Yandex.FRWESAIQ3UMB4SAG6QDLDICFXE\InstallInfo]
"HideIconsCommand"=""C:\Users\gokarna\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --hide-icons"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Yandex.FRWESAIQ3UMB4SAG6QDLDICFXE\InstallInfo]
"ShowIconsCommand"=""C:\Users\gokarna\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --show-icons"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Yandex.FRWESAIQ3UMB4SAG6QDLDICFXE\shell\open\command]
@=""C:\Users\gokarna\AppData\Local\Yandex\YandexBrowser\Application\browser.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\YandexSetup_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\YandexSetup_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\browser.exe]
@="C:\Users\gokarna\AppData\Local\Yandex\YandexBrowser\Application\browser.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\browser.exe]
"Path"="C:\Users\gokarna\AppData\Local\Yandex\YandexBrowser\Application"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\hullhm7j.default\yandex-offer\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yandex-offer\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\RegisteredApplications]
"Yandex.FRWESAIQ3UMB4SAG6QDLDICFXE"="Software\Clients\StartMenuInternet\Yandex.FRWESAIQ3UMB4SAG6QDLDICFXE\Capabilities"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Yandex]
[HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000\Software\AppDataLow\Software\Yandex]
[HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000\Software\AppDataLow\Yandex]
[HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{54079e4f-b72f-4c73-939e-3e10f242767f}]
"AppPath"="C:\Users\gokarna\AppData\Local\Yandex\Updater\"
[HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.yandex.ru/?win=121&clid=1991182"
[HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"DisplayName"="Yandex"
[HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"FaviconURLFallback"="http://www.yandex.ru/favicon.ico"
[HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"SuggestionsURL_JSON"="http://suggest.yandex.net/suggest-ff.cgi?part={searchTerms}"
[HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"="http://yandex.ru/yandsearch?win=121&clid=1991183&text={searchTerms}"
[HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000\Software\Microsoft\Internet Explorer\SearchUrl\y]
@="http://yandex.ru/yandsearch?win=121&clid=1991186&text=%s"
[HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\YandexBrowser]
[HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\YandexBrowser]
"DisplayName"="Yandex"
[HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\YandexBrowser]
"UninstallString"=""C:\Program Files\Uninstall Information\97\4258\uninstall.exe" /PUninstall="HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\YandexBrowser" /reg=32"
[HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\YandexBrowser]
"InstallLocation"="C:\Users\gokarna\AppData\Local\Yandex\YandexBrowser\Application"
[HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\YandexBrowser]
"DisplayIcon"="C:\Users\gokarna\AppData\Local\Yandex\YandexBrowser\Application\browser.exe,0"
[HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\YandexBrowser]
"Publisher"="YANDEX"
[HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\YandexBrowser]
"OUninstallString"=""C:\Users\gokarna\AppData\Local\Yandex\YandexBrowser\Application\30.0.1599.13014\Installer\setup.exe" --uninstall --verbose-logging"
[HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000\Software\Yandex]
[HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000\Software\Yandex\YandexBrowser]
[HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000\Software\Yandex\YandexBrowser]
"UninstallString"="C:\Users\gokarna\AppData\Local\Yandex\YandexBrowser\Application\30.0.1599.13014\Installer\setup.exe"
[HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000\Software\Yandex\YandexBrowser]
"name"="Yandex"
[HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000\Software\Yandex\YandexBrowser]
"InstallerSuccessLaunchCmdLine"=""C:\Users\gokarna\AppData\Local\Yandex\YandexBrowser\Application\browser.exe""
[HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000\Software\Yandex\YandexBrowser\Commands\install-extension]
"CommandLine"=""C:\Users\gokarna\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --limited-install-from-webstore=%1"
[HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000\Software\Yandex\YandexBrowser\Commands\on-os-upgrade]
"CommandLine"=""C:\Users\gokarna\AppData\Local\Yandex\YandexBrowser\Application\30.0.1599.13014\Installer\setup.exe" --on-os-upgrade --verbose-logging"
[HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000\Software\Classes\.crx]
@="YandexBrowser.crx"
[HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000\Software\Classes\CLSID\{4671DB2A-087D-4EB2-96DF-64AF0177FE1B}\LocalServer32]
@=""C:\Users\gokarna\AppData\Local\Yandex\Updater\yupdate-ctrl.exe""
[HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000\Software\Classes\CLSID\{5FAFC90A-D443-4E4F-B69B-DA1F8D553C6C}\LocalServer32]
@=""C:\Users\gokarna\AppData\Local\Yandex\YandexBrowser\Application\30.0.1599.13014\delegate_execute.exe""
[HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000\Software\Classes\CLSID\{5FAFC90A-D443-4E4F-B69B-DA1F8D553C6C}\LocalServer32]
"ServerExecutable"="C:\Users\gokarna\AppData\Local\Yandex\YandexBrowser\Application\30.0.1599.13014\delegate_execute.exe"
[HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000\Software\Classes\TypeLib\{B01CA563-8D3B-4E50-94B7-BBCED71B3083}\1.0\0\win32]
@="C:\Users\gokarna\AppData\Local\Yandex\Updater\yupdate-ctrl.exe"
[HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000\Software\Classes\TypeLib\{B01CA563-8D3B-4E50-94B7-BBCED71B3083}\1.0\HELPDIR]
@="C:\Users\gokarna\AppData\Local\Yandex\Updater\"
[HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000\Software\Classes\YandexBrowser.crx]
[HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000\Software\Classes\YandexBrowser.crx]
@="Yandex Browser Extra"
[HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000\Software\Classes\YandexBrowser.crx\DefaultIcon]
@=""C:\Users\gokarna\AppData\Local\Yandex\YandexBrowser\Application\browser.exe",0"
[HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000\Software\Classes\YandexBrowser.crx\shell\open\command]
@=""C:\Users\gokarna\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" "%1""
[HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000_Classes\.crx]
@="YandexBrowser.crx"
[HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000_Classes\CLSID\{4671DB2A-087D-4EB2-96DF-64AF0177FE1B}\LocalServer32]
@=""C:\Users\gokarna\AppData\Local\Yandex\Updater\yupdate-ctrl.exe""
[HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000_Classes\CLSID\{5FAFC90A-D443-4E4F-B69B-DA1F8D553C6C}\LocalServer32]
@=""C:\Users\gokarna\AppData\Local\Yandex\YandexBrowser\Application\30.0.1599.13014\delegate_execute.exe""
[HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000_Classes\CLSID\{5FAFC90A-D443-4E4F-B69B-DA1F8D553C6C}\LocalServer32]
"ServerExecutable"="C:\Users\gokarna\AppData\Local\Yandex\YandexBrowser\Application\30.0.1599.13014\delegate_execute.exe"
[HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000_Classes\TypeLib\{B01CA563-8D3B-4E50-94B7-BBCED71B3083}\1.0\0\win32]
@="C:\Users\gokarna\AppData\Local\Yandex\Updater\yupdate-ctrl.exe"
[HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000_Classes\TypeLib\{B01CA563-8D3B-4E50-94B7-BBCED71B3083}\1.0\HELPDIR]
@="C:\Users\gokarna\AppData\Local\Yandex\Updater\"
[HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000_Classes\YandexBrowser.crx]
[HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000_Classes\YandexBrowser.crx]
@="Yandex Browser Extra"
[HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000_Classes\YandexBrowser.crx\DefaultIcon]
@=""C:\Users\gokarna\AppData\Local\Yandex\YandexBrowser\Application\browser.exe",0"
[HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000_Classes\YandexBrowser.crx\shell\open\command]
@=""C:\Users\gokarna\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" "%1""
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Yandex]
-= EOF =-
Next: Disconnect from the internet. If you are on Cable or DSL unplug your computer from the modem.
Next: Please disable all onboard security programs (all running with back ground protection) as it may hinder the scanner from working.
This includes Antivirus, Firewall, and any Spyware scanners that run in the background.
Click on this link Here (http://www.bleepingcomputer.com/forums/topic114351.html) to see a list of programs that should be disabled.
The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
Save this as "CFScript.txt" including quotes and change the "Save as type" to "All Files" and place it on your desktop.
Folder::
C:\Users\gokarna\AppData\LocalLow\Yandex
C:\Users\gokarna\AppData\Roaming\Yandex
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yandex
C:\Users\gokarna\Desktop\Old Firefox Data\hullhm7j.default\yasearch-xb\packages\{3a427092-f8a8-4cfc-8619-30830ef0df73}\locale\en\brand\yandex
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Yandex
Registry::
[-HKEY_CURRENT_USER\Software\Yandex]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Yandex]
Save this as "CFScript.txt" including quotes and change the "Save as type" to "All Files" and place it on your desktop.
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe. ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.
CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
If there are internet issues afterward:
*In IE: Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.
In Firefox in Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection and uncheck the proxyserver, set it to No Proxy.
Chrome:
Select -> Tools menu -> then "Options", then go to "Change Proxy Settings", then "LAN Settings" , then take out the check mark for "Use a proxy server for your LAN" if set, unless you set this up yourself.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~``
NEXT, we'll check for left overs.
Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:
:folderfind
Yandex
:filefind
Yandex
:regfind
Yandex
Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
wendyseana
2014-05-14, 09:01
......disable Spybot antivirus search and protection as its not on your list Juliet and, although I somehow stumbled on it last time it was necessary and, have tried to o find my way back, the way through SB 'settings' and turning it off has worked only "partially" and it doesn't allow me uninstall and reinstall later :confused:
Firewall I know about
Thanks, Wendy
wendyseana
2014-05-14, 09:19
sorry, I realized how it worked seconds after posting the above
wendyseana
2014-05-14, 10:28
Hi Juliet, here are the 1. CFScript and 2. SystemLook Logs :
ComboFix 14-05-13.01 - gokarna 05/14/2014 10:53:06.5.4 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3062.1786 [GMT 3:00]
Running from: c:\users\gokarna\Desktop\ComboFix.exe
Command switches used :: c:\users\gokarna\Desktop\CFScript.txt
AV: Spybot - Search and Destroy *Disabled/Updated* {20A26C15-1AF0-7CA3-9380-FAB824A7EE0D}
SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\gokarna\AppData\LocalLow\Yandex
c:\users\gokarna\AppData\LocalLow\Yandex\Updater\vbie\appinfo.xml
c:\users\gokarna\AppData\LocalLow\Yandex\Updater\vbie\statistics.xml
c:\users\gokarna\AppData\LocalLow\Yandex\Updater\yupdate-ctrl.log
c:\users\gokarna\AppData\LocalLow\Yandex\Updater\yupdate-exec-statistic.log
c:\users\gokarna\AppData\LocalLow\Yandex\Updater\yupdate-exec.log
c:\users\gokarna\AppData\LocalLow\Yandex\VB\branding\{BB19F5A7-2302-4E8B-9418-5B9B7ABAC9AE}\about\product.xml
c:\users\gokarna\AppData\LocalLow\Yandex\VB\branding\{BB19F5A7-2302-4E8B-9418-5B9B7ABAC9AE}\fastdial\backgrounds\wp_almost_white_small.jpeg
c:\users\gokarna\AppData\LocalLow\Yandex\VB\branding\{BB19F5A7-2302-4E8B-9418-5B9B7ABAC9AE}\fastdial\backgrounds\wp_autumn.jpg
c:\users\gokarna\AppData\LocalLow\Yandex\VB\branding\{BB19F5A7-2302-4E8B-9418-5B9B7ABAC9AE}\fastdial\backgrounds\wp_bezh.jpg
c:\users\gokarna\AppData\LocalLow\Yandex\VB\branding\{BB19F5A7-2302-4E8B-9418-5B9B7ABAC9AE}\fastdial\backgrounds\wp_carbon.jpg
c:\users\gokarna\AppData\LocalLow\Yandex\VB\branding\{BB19F5A7-2302-4E8B-9418-5B9B7ABAC9AE}\fastdial\backgrounds\wp_clouds.jpg
c:\users\gokarna\AppData\LocalLow\Yandex\VB\branding\{BB19F5A7-2302-4E8B-9418-5B9B7ABAC9AE}\fastdial\backgrounds\wp_colours.jpg
c:\users\gokarna\AppData\LocalLow\Yandex\VB\branding\{BB19F5A7-2302-4E8B-9418-5B9B7ABAC9AE}\fastdial\backgrounds\wp_grass.jpg
c:\users\gokarna\AppData\LocalLow\Yandex\VB\branding\{BB19F5A7-2302-4E8B-9418-5B9B7ABAC9AE}\fastdial\backgrounds\wp_red.jpg
c:\users\gokarna\AppData\LocalLow\Yandex\VB\branding\{BB19F5A7-2302-4E8B-9418-5B9B7ABAC9AE}\fastdial\backgrounds\wp_snow.jpg
c:\users\gokarna\AppData\LocalLow\Yandex\VB\branding\{BB19F5A7-2302-4E8B-9418-5B9B7ABAC9AE}\fastdial\blacklist.xml
c:\users\gokarna\AppData\LocalLow\Yandex\VB\branding\{BB19F5A7-2302-4E8B-9418-5B9B7ABAC9AE}\fastdial\clckr.xml
c:\users\gokarna\AppData\LocalLow\Yandex\VB\branding\{BB19F5A7-2302-4E8B-9418-5B9B7ABAC9AE}\ie\product.xml
c:\users\gokarna\AppData\LocalLow\Yandex\VB\branding\{BB19F5A7-2302-4E8B-9418-5B9B7ABAC9AE}\locale\en\about\product.dtd
c:\users\gokarna\AppData\LocalLow\Yandex\VB\branding\{BB19F5A7-2302-4E8B-9418-5B9B7ABAC9AE}\locale\en\fastdial\config.xml
c:\users\gokarna\AppData\LocalLow\Yandex\VB\branding\{BB19F5A7-2302-4E8B-9418-5B9B7ABAC9AE}\locale\en\fastdial\logo.png
c:\users\gokarna\AppData\LocalLow\Yandex\VB\branding\{BB19F5A7-2302-4E8B-9418-5B9B7ABAC9AE}\locale\ru\about\product.dtd
c:\users\gokarna\AppData\LocalLow\Yandex\VB\branding\{BB19F5A7-2302-4E8B-9418-5B9B7ABAC9AE}\locale\ru\fastdial\config.xml
c:\users\gokarna\AppData\LocalLow\Yandex\VB\branding\{BB19F5A7-2302-4E8B-9418-5B9B7ABAC9AE}\locale\ru\fastdial\logo.png
c:\users\gokarna\AppData\LocalLow\Yandex\VB\branding\{BB19F5A7-2302-4E8B-9418-5B9B7ABAC9AE}\locale\tr\about\product.dtd
c:\users\gokarna\AppData\LocalLow\Yandex\VB\branding\{BB19F5A7-2302-4E8B-9418-5B9B7ABAC9AE}\locale\tr\fastdial\config.xml
c:\users\gokarna\AppData\LocalLow\Yandex\VB\branding\{BB19F5A7-2302-4E8B-9418-5B9B7ABAC9AE}\locale\tr\fastdial\logo.png
c:\users\gokarna\AppData\LocalLow\Yandex\VB\branding\{BB19F5A7-2302-4E8B-9418-5B9B7ABAC9AE}\statistics\statistics.xml
c:\users\gokarna\AppData\LocalLow\Yandex\VB\FastDialTabIE.log
c:\users\gokarna\AppData\LocalLow\Yandex\VB\migrate.ver
c:\users\gokarna\AppData\LocalLow\Yandex\VB\migrateFromBar
c:\users\gokarna\AppData\LocalLow\Yandex\VB\vb\fav\fav_full.xml
c:\users\gokarna\AppData\LocalLow\Yandex\VB\vb\fav\fav_lite.xml
c:\users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yandex
c:\users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yandex\users.sqlite
c:\users\gokarna\AppData\Roaming\Yandex
c:\users\gokarna\AppData\Roaming\Yandex\clids-barff.xml
c:\users\gokarna\AppData\Roaming\Yandex\clids-vbff.xml
c:\users\gokarna\AppData\Roaming\Yandex\ui
c:\users\gokarna\Desktop\Old Firefox Data\hullhm7j.default\yasearch-xb\packages\{3a427092-f8a8-4cfc-8619-30830ef0df73}\locale\en\brand\yandex
c:\users\gokarna\Desktop\Old Firefox Data\hullhm7j.default\yasearch-xb\packages\{3a427092-f8a8-4cfc-8619-30830ef0df73}\locale\en\brand\yandex\urls\cy.properties
c:\users\gokarna\Desktop\Old Firefox Data\hullhm7j.default\yasearch-xb\packages\{3a427092-f8a8-4cfc-8619-30830ef0df73}\locale\en\brand\yandex\urls\lenta.properties
c:\users\gokarna\Desktop\Old Firefox Data\hullhm7j.default\yasearch-xb\packages\{3a427092-f8a8-4cfc-8619-30830ef0df73}\locale\en\brand\yandex\urls\mail.properties
c:\users\gokarna\Desktop\Old Firefox Data\hullhm7j.default\yasearch-xb\packages\{3a427092-f8a8-4cfc-8619-30830ef0df73}\locale\en\brand\yandex\urls\town.properties
c:\windows\System32\config\systemprofile\AppData\LocalLow\Yandex
c:\windows\System32\config\systemprofile\AppData\LocalLow\Yandex\Toolbar\branding\{20131EEC-02B3-4E4D-9881-17B4C465DDC2}\about\background-fx.png
c:\windows\System32\config\systemprofile\AppData\LocalLow\Yandex\Toolbar\branding\{20131EEC-02B3-4E4D-9881-17B4C465DDC2}\about\background-ie.png
c:\windows\System32\config\systemprofile\AppData\LocalLow\Yandex\Toolbar\branding\{20131EEC-02B3-4E4D-9881-17B4C465DDC2}\about\logo-fx-large.png
c:\windows\System32\config\systemprofile\AppData\LocalLow\Yandex\Toolbar\branding\{20131EEC-02B3-4E4D-9881-17B4C465DDC2}\about\logo-fx-medium.png
c:\windows\System32\config\systemprofile\AppData\LocalLow\Yandex\Toolbar\branding\{20131EEC-02B3-4E4D-9881-17B4C465DDC2}\about\logo-fx-small.png
c:\windows\System32\config\systemprofile\AppData\LocalLow\Yandex\Toolbar\branding\{20131EEC-02B3-4E4D-9881-17B4C465DDC2}\about\logo-fx-tiny.png
c:\windows\System32\config\systemprofile\AppData\LocalLow\Yandex\Toolbar\branding\{20131EEC-02B3-4E4D-9881-17B4C465DDC2}\about\logo-ie-large.png
c:\windows\System32\config\systemprofile\AppData\LocalLow\Yandex\Toolbar\branding\{20131EEC-02B3-4E4D-9881-17B4C465DDC2}\about\logo-ie-medium.png
c:\windows\System32\config\systemprofile\AppData\LocalLow\Yandex\Toolbar\branding\{20131EEC-02B3-4E4D-9881-17B4C465DDC2}\about\logo-ie-small.png
c:\windows\System32\config\systemprofile\AppData\LocalLow\Yandex\Toolbar\branding\{20131EEC-02B3-4E4D-9881-17B4C465DDC2}\about\logo-ie-tiny.png
c:\windows\System32\config\systemprofile\AppData\LocalLow\Yandex\Toolbar\branding\{20131EEC-02B3-4E4D-9881-17B4C465DDC2}\about\product.xml
c:\windows\System32\config\systemprofile\AppData\LocalLow\Yandex\Toolbar\branding\{20131EEC-02B3-4E4D-9881-17B4C465DDC2}\about\vendorlogo.png
c:\windows\System32\config\systemprofile\AppData\LocalLow\Yandex\Toolbar\branding\{20131EEC-02B3-4E4D-9881-17B4C465DDC2}\browser\browserconf.xml
c:\windows\System32\config\systemprofile\AppData\LocalLow\Yandex\Toolbar\branding\{20131EEC-02B3-4E4D-9881-17B4C465DDC2}\distribution\distribution.xml
c:\windows\System32\config\systemprofile\AppData\LocalLow\Yandex\Toolbar\branding\{20131EEC-02B3-4E4D-9881-17B4C465DDC2}\fx\about\product.xml
c:\windows\System32\config\systemprofile\AppData\LocalLow\Yandex\Toolbar\branding\{20131EEC-02B3-4E4D-9881-17B4C465DDC2}\icons\bing.png
c:\windows\System32\config\systemprofile\AppData\LocalLow\Yandex\Toolbar\branding\{20131EEC-02B3-4E4D-9881-17B4C465DDC2}\icons\google.png
c:\windows\System32\config\systemprofile\AppData\LocalLow\Yandex\Toolbar\branding\{20131EEC-02B3-4E4D-9881-17B4C465DDC2}\icons\wiki.png
c:\windows\System32\config\systemprofile\AppData\LocalLow\Yandex\Toolbar\branding\{20131EEC-02B3-4E4D-9881-17B4C465DDC2}\icons\yagorsel.ico
c:\windows\System32\config\systemprofile\AppData\LocalLow\Yandex\Toolbar\branding\{20131EEC-02B3-4E4D-9881-17B4C465DDC2}\icons\yagorsel.png
c:\windows\System32\config\systemprofile\AppData\LocalLow\Yandex\Toolbar\branding\{20131EEC-02B3-4E4D-9881-17B4C465DDC2}\icons\yahaber.ico
c:\windows\System32\config\systemprofile\AppData\LocalLow\Yandex\Toolbar\branding\{20131EEC-02B3-4E4D-9881-17B4C465DDC2}\icons\yandex.ico
c:\windows\System32\config\systemprofile\AppData\LocalLow\Yandex\Toolbar\branding\{20131EEC-02B3-4E4D-9881-17B4C465DDC2}\icons\yandex.png
c:\windows\System32\config\systemprofile\AppData\LocalLow\Yandex\Toolbar\branding\{20131EEC-02B3-4E4D-9881-17B4C465DDC2}\icons\yavideo.ico
c:\windows\System32\config\systemprofile\AppData\LocalLow\Yandex\Toolbar\branding\{20131EEC-02B3-4E4D-9881-17B4C465DDC2}\icons\yavideo.png
c:\windows\System32\config\systemprofile\AppData\LocalLow\Yandex\Toolbar\branding\{20131EEC-02B3-4E4D-9881-17B4C465DDC2}\ie\product.xml
c:\windows\System32\config\systemprofile\AppData\LocalLow\Yandex\Toolbar\branding\{20131EEC-02B3-4E4D-9881-17B4C465DDC2}\license\fx\license.css
c:\windows\System32\config\systemprofile\AppData\LocalLow\Yandex\Toolbar\branding\{20131EEC-02B3-4E4D-9881-17B4C465DDC2}\license\fx\sublicenses\apache.xhtml
c:\windows\System32\config\systemprofile\AppData\LocalLow\Yandex\Toolbar\branding\{20131EEC-02B3-4E4D-9881-17B4C465DDC2}\locale\en\about\product.dtd
c:\windows\System32\config\systemprofile\AppData\LocalLow\Yandex\Toolbar\branding\{20131EEC-02B3-4E4D-9881-17B4C465DDC2}\locale\en\fastdial\product.dtd
c:\windows\System32\config\systemprofile\AppData\LocalLow\Yandex\Toolbar\branding\{20131EEC-02B3-4E4D-9881-17B4C465DDC2}\locale\en\license\fx\license.xhtml
c:\windows\System32\config\systemprofile\AppData\LocalLow\Yandex\Toolbar\branding\{20131EEC-02B3-4E4D-9881-17B4C465DDC2}\locale\en\logobutton\logoconf.dtd
c:\windows\System32\config\systemprofile\AppData\LocalLow\Yandex\Toolbar\branding\{20131EEC-02B3-4E4D-9881-17B4C465DDC2}\locale\en\services.dtd
c:\windows\System32\config\systemprofile\AppData\LocalLow\Yandex\Toolbar\branding\{20131EEC-02B3-4E4D-9881-17B4C465DDC2}\locale\en\welcome\fx\welcome.html
c:\windows\System32\config\systemprofile\AppData\LocalLow\Yandex\Toolbar\branding\{20131EEC-02B3-4E4D-9881-17B4C465DDC2}\locale\ru\about\product.dtd
c:\windows\System32\config\systemprofile\AppData\LocalLow\Yandex\Toolbar\branding\{20131EEC-02B3-4E4D-9881-17B4C465DDC2}\locale\ru\fastdial\product.dtd
c:\windows\System32\config\systemprofile\AppData\LocalLow\Yandex\Toolbar\branding\{20131EEC-02B3-4E4D-9881-17B4C465DDC2}\locale\ru\license\fx\license.xhtml
c:\windows\System32\config\systemprofile\AppData\LocalLow\Yandex\Toolbar\branding\{20131EEC-02B3-4E4D-9881-17B4C465DDC2}\locale\ru\logobutton\logoconf.dtd
c:\windows\System32\config\systemprofile\AppData\LocalLow\Yandex\Toolbar\branding\{20131EEC-02B3-4E4D-9881-17B4C465DDC2}\locale\ru\services.dtd
c:\windows\System32\config\systemprofile\AppData\LocalLow\Yandex\Toolbar\branding\{20131EEC-02B3-4E4D-9881-17B4C465DDC2}\locale\ru\welcome\fx\welcome.html
c:\windows\System32\config\systemprofile\AppData\LocalLow\Yandex\Toolbar\branding\{20131EEC-02B3-4E4D-9881-17B4C465DDC2}\locale\tr\about\product.dtd
c:\windows\System32\config\systemprofile\AppData\LocalLow\Yandex\Toolbar\branding\{20131EEC-02B3-4E4D-9881-17B4C465DDC2}\locale\tr\fastdial\product.dtd
c:\windows\System32\config\systemprofile\AppData\LocalLow\Yandex\Toolbar\branding\{20131EEC-02B3-4E4D-9881-17B4C465DDC2}\locale\tr\license\fx\license.xhtml
c:\windows\System32\config\systemprofile\AppData\LocalLow\Yandex\Toolbar\branding\{20131EEC-02B3-4E4D-9881-17B4C465DDC2}\locale\tr\logobutton\logoconf.dtd
c:\windows\System32\config\systemprofile\AppData\LocalLow\Yandex\Toolbar\branding\{20131EEC-02B3-4E4D-9881-17B4C465DDC2}\locale\tr\services.dtd
c:\windows\System32\config\systemprofile\AppData\LocalLow\Yandex\Toolbar\branding\{20131EEC-02B3-4E4D-9881-17B4C465DDC2}\locale\tr\welcome\fx\welcome.html
c:\windows\System32\config\systemprofile\AppData\LocalLow\Yandex\Toolbar\branding\{20131EEC-02B3-4E4D-9881-17B4C465DDC2}\logobutton\bing.png
c:\windows\System32\config\systemprofile\AppData\LocalLow\Yandex\Toolbar\branding\{20131EEC-02B3-4E4D-9881-17B4C465DDC2}\logobutton\google.png
c:\windows\System32\config\systemprofile\AppData\LocalLow\Yandex\Toolbar\branding\{20131EEC-02B3-4E4D-9881-17B4C465DDC2}\logobutton\icons\365.ico
c:\windows\System32\config\systemprofile\AppData\LocalLow\Yandex\Toolbar\branding\{20131EEC-02B3-4E4D-9881-17B4C465DDC2}\logobutton\icons\antoloji.ico
c:\windows\System32\config\systemprofile\AppData\LocalLow\Yandex\Toolbar\branding\{20131EEC-02B3-4E4D-9881-17B4C465DDC2}\logobutton\icons\antoloji.png
c:\windows\System32\config\systemprofile\AppData\LocalLow\Yandex\Toolbar\branding\{20131EEC-02B3-4E4D-9881-17B4C465DDC2}\logobutton\icons\araba.ico
c:\windows\System32\config\systemprofile\AppData\LocalLow\Yandex\Toolbar\branding\{20131EEC-02B3-4E4D-9881-17B4C465DDC2}\logobutton\icons\bedavasitem.ico
c:\windows\System32\config\systemprofile\AppData\LocalLow\Yandex\Toolbar\branding\{20131EEC-02B3-4E4D-9881-17B4C465DDC2}\logobutton\icons\bigpoint.ico
c:\windows\System32\config\systemprofile\AppData\LocalLow\Yandex\Toolbar\branding\{20131EEC-02B3-4E4D-9881-17B4C465DDC2}\logobutton\icons\bing.ico
c:\windows\System32\config\systemprofile\AppData\LocalLow\Yandex\Toolbar\branding\{20131EEC-02B3-4E4D-9881-17B4C465DDC2}\logobutton\icons\blogcu.ico
c:\windows\System32\config\systemprofile\AppData\LocalLow\Yandex\Toolbar\branding\{20131EEC-02B3-4E4D-9881-17B4C465DDC2}\logobutton\icons\blogger.ico
c:\windows\System32\config\systemprofile\AppData\LocalLow\Yandex\Toolbar\branding\{20131EEC-02B3-4E4D-9881-17B4C465DDC2}\logobutton\icons\dailymotion.ico
c:\windows\System32\config\systemprofile\AppData\LocalLow\Yandex\Toolbar\branding\{20131EEC-02B3-4E4D-9881-17B4C465DDC2}\logobutton\icons\diziport.ico
c:\windows\System32\config\systemprofile\AppData\LocalLow\Yandex\Toolbar\branding\{20131EEC-02B3-4E4D-9881-17B4C465DDC2}\logobutton\icons\diziport.png
c:\windows\System32\config\systemprofile\AppData\LocalLow\Yandex\Toolbar\branding\{20131EEC-02B3-4E4D-9881-17B4C465DDC2}\logobutton\icons\ekolay.ico
c:\windows\System32\config\systemprofile\AppData\LocalLow\Yandex\Toolbar\branding\{20131EEC-02B3-4E4D-9881-17B4C465DDC2}\logobutton\icons\ekolay.png
c:\windows\System32\config\systemprofile\AppData\LocalLow\Yandex\Toolbar\branding\{20131EEC-02B3-4E4D-9881-17B4C465DDC2}\logobutton\icons\eksisozluk.ico
c:\windows\System32\config\systemprofile\AppData\LocalLow\Yandex\Toolbar\branding\{20131EEC-02B3-4E4D-9881-17B4C465DDC2}\logobutton\icons\facebook.png
c:\windows\System32\config\systemprofile\AppData\LocalLow\Yandex\Toolbar\branding\{20131EEC-02B3-4E4D-9881-17B4C465DDC2}\logobutton\icons\facebookvideo.ico
c:\windows\System32\config\systemprofile\AppData\LocalLow\Yandex\Toolbar\branding\{20131EEC-02B3-4E4D-9881-17B4C465DDC2}\logobutton\icons\fanatik.ico
c:\windows\System32\config\systemprofile\AppData\LocalLow\Yandex\Toolbar\branding\{20131EEC-02B3-4E4D-9881-17B4C465DDC2}\logobutton\icons\fizy.jpg
c:\windows\System32\config\systemprofile\AppData\LocalLow\Yandex\Toolbar\branding\{20131EEC-02B3-4E4D-9881-17B4C465DDC2}\logobutton\icons\fotomac.ico
c:\windows\System32\config\systemprofile\AppData\LocalLow\Yandex\Toolbar\branding\{20131EEC-02B3-4E4D-9881-17B4C465DDC2}\logobutton\icons\friendfeed.ico
c:\windows\System32\config\systemprofile\AppData\LocalLow\Yandex\Toolbar\branding\{20131EEC-02B3-4E4D-9881-17B4C465DDC2}\logobutton\icons\gazetevatan.png
c:\windows\System32\config\systemprofile\AppData\LocalLow\Yandex\Toolbar\branding\{20131EEC-02B3-4E4D-9881-17B4C465DDC2}\logobutton\icons\gittigidiyor.ico
c:\windows\System32\config\systemprofile\AppData\LocalLow\Yandex\Toolbar\branding\{20131EEC-02B3-4E4D-9881-17B4C465DDC2}\logobutton\icons\google.ico
c:\windows\System32\config\systemprofile\AppData\LocalLow\Yandex\Toolbar\branding\{20131EEC-02B3-4E4D-9881-17B4C465DDC2}\logobutton\icons\haber7.ico
c:\windows\System32\config\systemprofile\AppData\LocalLow\Yandex\Toolbar\branding\{20131EEC-02B3-4E4D-9881-17B4C465DDC2}\logobutton\icons\haber7.png
c:\windows\System32\config\systemprofile\AppData\LocalLow\Yandex\Toolbar\branding\{20131EEC-02B3-4E4D-9881-17B4C465DDC2}\logobutton\icons\haberler.ico
c:\windows\System32\config\systemprofile\AppData\LocalLow\Yandex\Toolbar\branding\{20131EEC-02B3-4E4D-9881-17B4C465DDC2}\logobutton\icons\haberler.png
c:\windows\System32\config\systemprofile\AppData\LocalLow\Yandex\Toolbar\branding\{20131EEC-02B3-4E4D-9881-17B4C465DDC2}\logobutton\icons\haberturk.ico
c:\windows\System32\config\systemprofile\AppData\LocalLow\Yandex\Toolbar\branding\{20131EEC-02B3-4E4D-9881-17B4C465DDC2}\logobutton\icons\hepsiburada.ico
c:\windows\System32\config\systemprofile\AppData\LocalLow\Yandex\Toolbar\branding\{20131EEC-02B3-4E4D-9881-17B4C465DDC2}\logobutton\icons\htspor.ico
c:\windows\System32\config\systemprofile\AppData\LocalLow\Yandex\Toolbar\branding\{20131EEC-02B3-4E4D-9881-17B4C465DDC2}\logobutton\icons\hurriyet.ico
c:\windows\System32\config\systemprofile\AppData\LocalLow\Yandex\Toolbar\branding\{20131EEC-02B3-4E4D-9881-17B4C465DDC2}\logobutton\icons\hurriyet.png
c:\windows\System32\config\systemprofile\AppData\LocalLow\Yandex\Toolbar\branding\{20131EEC-02B3-4E4D-9881-17B4C465DDC2}\logobutton\icons\izlesene.ico
c:\windows\System32\config\systemprofile\AppData\LocalLow\Yandex\Toolbar\branding\{20131EEC-02B3-4E4D-9881-17B4C465DDC2}\logobutton\icons\kraloyun.ico
c:\windows\System32\config\systemprofile\AppData\LocalLow\Yandex\Toolbar\branding\{20131EEC-02B3-4E4D-9881-17B4C465DDC2}\logobutton\icons\mackolik.png
c:\windows\System32\config\systemprofile\AppData\LocalLow\Yandex\Toolbar\branding\{20131EEC-02B3-4E4D-9881-17B4C465DDC2}\logobutton\icons\meb.ico
c:\windows\System32\config\systemprofile\AppData\LocalLow\Yandex\Toolbar\branding\{20131EEC-02B3-4E4D-9881-17B4C465DDC2}\logobutton\icons\meb.png
c:\windows\System32\config\systemprofile\AppData\LocalLow\Yandex\Toolbar\branding\{20131EEC-02B3-4E4D-9881-17B4C465DDC2}\logobutton\icons\milliyet.ico
c:\windows\System32\config\systemprofile\AppData\LocalLow\Yandex\Toolbar\branding\{20131EEC-02B3-4E4D-9881-17B4C465DDC2}\logobutton\icons\msn.ico
c:\windows\System32\config\systemprofile\AppData\LocalLow\Yandex\Toolbar\branding\{20131EEC-02B3-4E4D-9881-17B4C465DDC2}\logobutton\icons\mynet.ico
c:\windows\System32\config\systemprofile\AppData\LocalLow\Yandex\Toolbar\branding\{20131EEC-02B3-4E4D-9881-17B4C465DDC2}\logobutton\icons\osym.ico
c:\windows\System32\config\systemprofile\AppData\LocalLow\Yandex\Toolbar\branding\{20131EEC-02B3-4E4D-9881-17B4C465DDC2}\logobutton\icons\oyunlar1.ico
c:\windows\System32\config\systemprofile\AppData\LocalLow\Yandex\Toolbar\branding\{20131EEC-02B3-4E4D-9881-17B4C465DDC2}\logobutton\icons\oyunlar1.png
c:\windows\System32\config\systemprofile\AppData\LocalLow\Yandex\Toolbar\branding\{20131EEC-02B3-4E4D-9881-17B4C465DDC2}\logobutton\icons\oyunskor.ico
c:\windows\System32\config\systemprofile\AppData\LocalLow\Yandex\Toolbar\branding\{20131EEC-02B3-4E4D-9881-17B4C465DDC2}\logobutton\icons\reflist.png
c:\windows\System32\config\systemprofile\AppData\LocalLow\Yandex\Toolbar\branding\{20131EEC-02B3-4E4D-9881-17B4C465DDC2}\logobutton\icons\sabah.ico
c:\windows\System32\config\systemprofile\AppData\LocalLow\Yandex\Toolbar\branding\{20131EEC-02B3-4E4D-9881-17B4C465DDC2}\logobutton\icons\sahadan.ico
c:\windows\System32\config\systemprofile\AppData\LocalLow\Yandex\Toolbar\branding\{20131EEC-02B3-4E4D-9881-17B4C465DDC2}\logobutton\icons\sahibinden.ico
c:\windows\System32\config\systemprofile\AppData\LocalLow\Yandex\Toolbar\branding\{20131EEC-02B3-4E4D-9881-17B4C465DDC2}\logobutton\icons\sporx.png
c:\windows\System32\config\systemprofile\AppData\LocalLow\Yandex\Toolbar\branding\{20131EEC-02B3-4E4D-9881-17B4C465DDC2}\logobutton\icons\travian.ico
c:\windows\System32\config\systemprofile\AppData\LocalLow\Yandex\Toolbar\branding\{20131EEC-02B3-4E4D-9881-17B4C465DDC2}\logobutton\icons\travian.png
c:\windows\System32\config\systemprofile\AppData\LocalLow\Yandex\Toolbar\branding\{20131EEC-02B3-4E4D-9881-17B4C465DDC2}\logobutton\icons\twitter.ico
c:\windows\System32\config\systemprofile\AppData\LocalLow\Yandex\Toolbar\branding\{20131EEC-02B3-4E4D-9881-17B4C465DDC2}\logobutton\icons\uludagsozluk.ico
c:\windows\System32\config\systemprofile\AppData\LocalLow\Yandex\Toolbar\branding\{20131EEC-02B3-4E4D-9881-17B4C465DDC2}\logobutton\icons\vidivodo.ico
c:\windows\System32\config\systemprofile\AppData\LocalLow\Yandex\Toolbar\branding\{20131EEC-02B3-4E4D-9881-17B4C465DDC2}\logobutton\icons\wordpress.ico
c:\windows\System32\config\systemprofile\AppData\LocalLow\Yandex\Toolbar\branding\{20131EEC-02B3-4E4D-9881-17B4C465DDC2}\logobutton\icons\yahoo.ico
c:\windows\System32\config\systemprofile\AppData\LocalLow\Yandex\Toolbar\branding\{20131EEC-02B3-4E4D-9881-17B4C465DDC2}\logobutton\icons\yandex.ico
c:\windows\System32\config\systemprofile\AppData\LocalLow\Yandex\Toolbar\branding\{20131EEC-02B3-4E4D-9881-17B4C465DDC2}\logobutton\icons\yandex.png
c:\windows\System32\config\systemprofile\AppData\LocalLow\Yandex\Toolbar\branding\{20131EEC-02B3-4E4D-9881-17B4C465DDC2}\logobutton\icons\yandexmail.png
c:\windows\System32\config\systemprofile\AppData\LocalLow\Yandex\Toolbar\branding\{20131EEC-02B3-4E4D-9881-17B4C465DDC2}\logobutton\icons\youtube.ico
c:\windows\System32\config\systemprofile\AppData\LocalLow\Yandex\Toolbar\branding\{20131EEC-02B3-4E4D-9881-17B4C465DDC2}\logobutton\logo.png
c:\windows\System32\config\systemprofile\AppData\LocalLow\Yandex\Toolbar\branding\{20131EEC-02B3-4E4D-9881-17B4C465DDC2}\logobutton\logoconf.xml
c:\windows\System32\config\systemprofile\AppData\LocalLow\Yandex\Toolbar\branding\{20131EEC-02B3-4E4D-9881-17B4C465DDC2}\logobutton\yahoo.ico
c:\windows\System32\config\systemprofile\AppData\LocalLow\Yandex\Toolbar\branding\{20131EEC-02B3-4E4D-9881-17B4C465DDC2}\passport\bar.txt
c:\windows\System32\config\systemprofile\AppData\LocalLow\Yandex\Toolbar\branding\{20131EEC-02B3-4E4D-9881-17B4C465DDC2}\passport\passport.xml
c:\windows\System32\config\systemprofile\AppData\LocalLow\Yandex\Toolbar\branding\{20131EEC-02B3-4E4D-9881-17B4C465DDC2}\statistics\statistics.xml
c:\windows\System32\config\systemprofile\AppData\LocalLow\Yandex\Toolbar\branding\{20131EEC-02B3-4E4D-9881-17B4C465DDC2}\toolbar\autoinst.xml
c:\windows\System32\config\systemprofile\AppData\LocalLow\Yandex\Toolbar\branding\{20131EEC-02B3-4E4D-9881-17B4C465DDC2}\welcome\fx\favicon.ico
c:\windows\System32\config\systemprofile\AppData\LocalLow\Yandex\Toolbar\branding\{20131EEC-02B3-4E4D-9881-17B4C465DDC2}\welcome\fx\img\b-bg.jpg
c:\windows\System32\config\systemprofile\AppData\LocalLow\Yandex\Toolbar\branding\{20131EEC-02B3-4E4D-9881-17B4C465DDC2}\welcome\fx\img\b-close.png
c:\windows\System32\config\systemprofile\AppData\LocalLow\Yandex\Toolbar\branding\{20131EEC-02B3-4E4D-9881-17B4C465DDC2}\welcome\fx\img\b-info_type_adress.png
c:\windows\System32\config\systemprofile\AppData\LocalLow\Yandex\Toolbar\branding\{20131EEC-02B3-4E4D-9881-17B4C465DDC2}\welcome\fx\img\b-info_type_button.png
c:\windows\System32\config\systemprofile\AppData\LocalLow\Yandex\Toolbar\branding\{20131EEC-02B3-4E4D-9881-17B4C465DDC2}\welcome\fx\img\b-info_type_setting.png
c:\windows\System32\config\systemprofile\AppData\LocalLow\Yandex\Toolbar\branding\{20131EEC-02B3-4E4D-9881-17B4C465DDC2}\welcome\fx\img\b-info_type_visual.png
c:\windows\System32\config\systemprofile\AppData\LocalLow\Yandex\Toolbar\branding\{20131EEC-02B3-4E4D-9881-17B4C465DDC2}\welcome\fx\img\b-tabs.png
c:\windows\System32\config\systemprofile\AppData\LocalLow\Yandex\Toolbar\branding\{20131EEC-02B3-4E4D-9881-17B4C465DDC2}\welcome\fx\welcome.css
c:\windows\System32\config\systemprofile\AppData\LocalLow\Yandex\Toolbar\Install.log
c:\windows\System32\config\systemprofile\AppData\LocalLow\Yandex\VB\branding\{F98F98CD-5243-405D-85F3-F54394F63839}\about\product.xml
c:\windows\System32\config\systemprofile\AppData\LocalLow\Yandex\VB\branding\{F98F98CD-5243-405D-85F3-F54394F63839}\fastdial\backgrounds\wp_almost_white_small.jpeg
c:\windows\System32\config\systemprofile\AppData\LocalLow\Yandex\VB\branding\{F98F98CD-5243-405D-85F3-F54394F63839}\fastdial\backgrounds\wp_autumn.jpg
c:\windows\System32\config\systemprofile\AppData\LocalLow\Yandex\VB\branding\{F98F98CD-5243-405D-85F3-F54394F63839}\fastdial\backgrounds\wp_bezh.jpg
c:\windows\System32\config\systemprofile\AppData\LocalLow\Yandex\VB\branding\{F98F98CD-5243-405D-85F3-F54394F63839}\fastdial\backgrounds\wp_carbon.jpg
c:\windows\System32\config\systemprofile\AppData\LocalLow\Yandex\VB\branding\{F98F98CD-5243-405D-85F3-F54394F63839}\fastdial\backgrounds\wp_clouds.jpg
c:\windows\System32\config\systemprofile\AppData\LocalLow\Yandex\VB\branding\{F98F98CD-5243-405D-85F3-F54394F63839}\fastdial\backgrounds\wp_colours.jpg
c:\windows\System32\config\systemprofile\AppData\LocalLow\Yandex\VB\branding\{F98F98CD-5243-405D-85F3-F54394F63839}\fastdial\backgrounds\wp_grass.jpg
c:\windows\System32\config\systemprofile\AppData\LocalLow\Yandex\VB\branding\{F98F98CD-5243-405D-85F3-F54394F63839}\fastdial\backgrounds\wp_red.jpg
c:\windows\System32\config\systemprofile\AppData\LocalLow\Yandex\VB\branding\{F98F98CD-5243-405D-85F3-F54394F63839}\fastdial\backgrounds\wp_snow.jpg
c:\windows\System32\config\systemprofile\AppData\LocalLow\Yandex\VB\branding\{F98F98CD-5243-405D-85F3-F54394F63839}\fastdial\blacklist.xml
c:\windows\System32\config\systemprofile\AppData\LocalLow\Yandex\VB\branding\{F98F98CD-5243-405D-85F3-F54394F63839}\fastdial\clckr.xml
c:\windows\System32\config\systemprofile\AppData\LocalLow\Yandex\VB\branding\{F98F98CD-5243-405D-85F3-F54394F63839}\ie\product.xml
c:\windows\System32\config\systemprofile\AppData\LocalLow\Yandex\VB\branding\{F98F98CD-5243-405D-85F3-F54394F63839}\locale\en\about\product.dtd
c:\windows\System32\config\systemprofile\AppData\LocalLow\Yandex\VB\branding\{F98F98CD-5243-405D-85F3-F54394F63839}\locale\en\fastdial\config.xml
c:\windows\System32\config\systemprofile\AppData\LocalLow\Yandex\VB\branding\{F98F98CD-5243-405D-85F3-F54394F63839}\locale\en\fastdial\logo.png
c:\windows\System32\config\systemprofile\AppData\LocalLow\Yandex\VB\branding\{F98F98CD-5243-405D-85F3-F54394F63839}\locale\ru\about\product.dtd
c:\windows\System32\config\systemprofile\AppData\LocalLow\Yandex\VB\branding\{F98F98CD-5243-405D-85F3-F54394F63839}\locale\ru\fastdial\config.xml
c:\windows\System32\config\systemprofile\AppData\LocalLow\Yandex\VB\branding\{F98F98CD-5243-405D-85F3-F54394F63839}\locale\ru\fastdial\logo.png
c:\windows\System32\config\systemprofile\AppData\LocalLow\Yandex\VB\branding\{F98F98CD-5243-405D-85F3-F54394F63839}\locale\tr\about\product.dtd
c:\windows\System32\config\systemprofile\AppData\LocalLow\Yandex\VB\branding\{F98F98CD-5243-405D-85F3-F54394F63839}\locale\tr\fastdial\config.xml
c:\windows\System32\config\systemprofile\AppData\LocalLow\Yandex\VB\branding\{F98F98CD-5243-405D-85F3-F54394F63839}\locale\tr\fastdial\logo.png
c:\windows\System32\config\systemprofile\AppData\LocalLow\Yandex\VB\branding\{F98F98CD-5243-405D-85F3-F54394F63839}\statistics\statistics.xml
c:\windows\System32\config\systemprofile\AppData\LocalLow\Yandex\VB\FastDialTabIE.log
.
.
((((((((((((((((((((((((( Files Created from 2014-04-14 to 2014-05-14 )))))))))))))))))))))))))))))))
.
.
2014-05-14 07:57 . 2014-05-14 07:57 -------- d-----w- c:\users\gokarna\AppData\Local\temp
2014-05-14 07:57 . 2014-05-14 07:57 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2014-05-14 07:57 . 2014-05-14 07:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-05-13 11:56 . 2014-04-17 02:32 8050496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CAEE9019-1EAC-40FD-B73B-6C7DBE176B01}\mpengine.dll
2014-05-10 09:24 . 2014-05-10 09:24 -------- d-----w- c:\program files\CCleaner
2014-05-05 17:28 . 2014-05-05 17:28 -------- d-s---w- c:\windows\system32\CompatTel
2014-05-05 16:40 . 2014-04-14 02:11 361984 ----a-w- c:\windows\system32\aepdu.dll
2014-05-05 16:40 . 2014-04-14 02:07 302592 ----a-w- c:\windows\system32\aeinv.dll
2014-05-04 06:55 . 2014-05-04 06:55 -------- d-----w- c:\program files\ESET
2014-05-03 00:00 . 2014-04-29 12:34 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-04-29 07:39 . 2014-04-29 07:39 26624 ----a-w- c:\windows\system32\TrueSight.sys
2014-04-18 17:35 . 2014-04-18 17:35 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2014-04-18 17:22 . 2014-02-04 02:07 149440 ----a-w- c:\windows\system32\drivers\storport.sys
2014-04-18 17:22 . 2014-02-04 02:07 234432 ----a-w- c:\windows\system32\drivers\msiscsi.sys
2014-04-18 17:22 . 2014-02-04 02:07 27072 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2014-04-18 17:22 . 2014-02-04 02:00 2048 ----a-w- c:\windows\system32\iologmsg.dll
2014-04-18 17:11 . 2014-04-18 17:11 -------- d-----w- c:\users\gokarna\AppData\Local\WindowsUpdate
2014-04-18 17:06 . 2014-04-14 17:13 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-04-18 17:03 . 2014-04-18 17:03 921512 ----a-w- c:\program files\jxpiinstall.exe
2014-04-15 07:55 . 2014-04-15 07:56 -------- d-----w- c:\users\gokarna\Photos
2014-04-14 08:04 . 2014-04-14 08:04 -------- d-sh--w- c:\users\gokarna\AppData\Local\EmieUserList
2014-04-14 08:04 . 2014-04-14 08:04 -------- d-sh--w- c:\users\gokarna\AppData\Local\EmieSiteList
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-13 22:49 . 2014-03-15 21:28 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-05-13 22:49 . 2014-03-15 21:28 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-04-26 10:27 . 2014-04-02 16:06 107736 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-04-03 06:51 . 2014-04-02 16:05 51416 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-04-03 06:51 . 2014-04-02 16:05 73432 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-04-03 06:50 . 2014-04-02 16:05 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-03-31 06:35 . 2014-03-07 18:50 231584 ------w- c:\windows\system32\MpSigStub.exe
2014-03-21 12:02 . 2014-03-21 12:02 86016 ----a-w- c:\windows\system32\iesysprep.dll
2014-03-21 12:02 . 2014-03-21 12:02 74240 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2014-03-21 12:02 . 2014-03-21 12:02 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2014-03-21 12:02 . 2014-03-21 12:02 645120 ----a-w- c:\windows\system32\jsIntl.dll
2014-03-21 12:02 . 2014-03-21 12:02 62464 ----a-w- c:\windows\system32\tdc.ocx
2014-03-21 12:02 . 2014-03-21 12:02 61952 ----a-w- c:\windows\system32\MshtmlDac.dll
2014-03-21 12:02 . 2014-03-21 12:02 48640 ----a-w- c:\windows\system32\mshtmler.dll
2014-03-21 12:02 . 2014-03-21 12:02 36352 ----a-w- c:\windows\system32\imgutil.dll
2014-03-21 12:02 . 2014-03-21 12:02 337408 ----a-w- c:\windows\system32\html.iec
2014-03-21 12:02 . 2014-03-21 12:02 24576 ----a-w- c:\windows\system32\licmgr10.dll
2014-03-21 12:02 . 2014-03-21 12:02 194048 ----a-w- c:\windows\system32\elshyph.dll
2014-03-21 12:02 . 2014-03-21 12:02 182272 ----a-w- c:\windows\system32\msls31.dll
2014-03-21 12:02 . 2014-03-21 12:02 151552 ----a-w- c:\windows\system32\iexpress.exe
2014-03-21 12:02 . 2014-03-21 12:02 139264 ----a-w- c:\windows\system32\wextract.exe
2014-03-21 12:02 . 2014-03-21 12:02 13312 ----a-w- c:\windows\system32\mshta.exe
2014-03-21 12:02 . 2014-03-21 12:02 111616 ----a-w- c:\windows\system32\IEAdvpack.dll
2014-03-21 12:02 . 2014-03-21 12:02 1051136 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-03-21 01:03 . 2014-03-21 01:03 49152 ----a-w- c:\windows\system32\taskhost.exe
2014-03-21 01:03 . 2014-03-21 01:03 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-03-21 01:03 . 2014-03-21 01:03 906240 ----a-w- c:\windows\system32\FntCache.dll
2014-03-21 01:03 . 2014-03-21 01:03 604160 ----a-w- c:\windows\system32\d3d10level9.dll
2014-03-21 01:03 . 2014-03-21 01:03 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-03-21 01:03 . 2014-03-21 01:03 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-03-21 01:03 . 2014-03-21 01:03 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2014-03-21 01:03 . 2014-03-21 01:03 364544 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2014-03-21 01:03 . 2014-03-21 01:03 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-03-21 01:03 . 2014-03-21 01:03 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2014-03-21 01:03 . 2014-03-21 01:03 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-03-21 01:03 . 2014-03-21 01:03 293376 ----a-w- c:\windows\system32\dxgi.dll
2014-03-21 01:03 . 2014-03-21 01:03 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-03-21 01:03 . 2014-03-21 01:03 249856 ----a-w- c:\windows\system32\d3d10_1core.dll
2014-03-21 01:03 . 2014-03-21 01:03 2284544 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2014-03-21 01:03 . 2014-03-21 01:03 220160 ----a-w- c:\windows\system32\d3d10core.dll
2014-03-21 01:03 . 2014-03-21 01:03 207872 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2014-03-21 01:03 . 2014-03-21 01:03 187392 ----a-w- c:\windows\system32\UIAnimation.dll
2014-03-21 01:03 . 2014-03-21 01:03 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2014-03-21 01:03 . 2014-03-21 01:03 1247744 ----a-w- c:\windows\system32\DWrite.dll
2014-03-21 01:03 . 2014-03-21 01:03 1158144 ----a-w- c:\windows\system32\XpsPrint.dll
2014-03-21 01:03 . 2014-03-21 01:03 1080832 ----a-w- c:\windows\system32\d3d10.dll
2014-03-21 01:03 . 2014-03-21 01:03 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2014-03-21 01:02 . 2014-03-21 01:02 1505280 ----a-w- c:\windows\system32\d3d11.dll
2014-03-20 01:07 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2014-03-06 08:31 . 2014-04-13 13:19 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-03-06 08:02 . 2014-04-13 13:19 61952 ----a-w- c:\windows\system32\iesetup.dll
2014-03-06 08:02 . 2014-04-13 13:19 455168 ----a-w- c:\windows\system32\vbscript.dll
2014-03-06 08:01 . 2014-04-13 13:19 51200 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-03-06 07:46 . 2014-04-13 13:19 4254720 ----a-w- c:\windows\system32\jscript9.dll
2014-03-06 07:38 . 2014-04-13 13:19 112128 ----a-w- c:\windows\system32\ieUnatt.exe
2014-03-06 07:38 . 2014-04-13 13:19 108032 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-03-06 07:36 . 2014-04-13 13:19 592896 ----a-w- c:\windows\system32\jscript9diag.dll
2014-03-06 07:28 . 2014-04-13 13:19 646144 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-03-06 07:13 . 2014-04-13 13:19 32256 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-03-06 06:40 . 2014-04-13 13:19 1967104 ----a-w- c:\windows\system32\inetcpl.cpl
2014-03-06 05:41 . 2014-04-13 13:19 1789440 ----a-w- c:\windows\system32\wininet.dll
2014-03-04 11:25 . 2012-05-30 09:14 246804 ----a-w- c:\windows\system32\drivers\AtherosBt.bin
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spybot-S&D Cleaning"="c:\program files\Spybot - Search & Destroy 2\SDCleaner.exe" [2013-09-20 3666224]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2014-02-10 20924576]
"Spotify Web Helper"="c:\users\gokarna\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-04-03 1171968]
"uTorrent"="c:\users\gokarna\AppData\Roaming\uTorrent\uTorrent.exe" [2014-04-26 1270352]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner.exe" [2014-04-17 4524312]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2011-07-11 74752]
"LGODDFU"="c:\program files\lg_fwupdate\fwupdate.exe" [2008-10-01 548864]
"PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-29 200704]
"AtherosBtStack"="c:\program files\Bluetooth Suite\btvstack.exe" [2012-05-30 878208]
"AthBtTray"="c:\program files\Bluetooth Suite\athbttray.exe" [2012-05-30 696448]
"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2013-07-25 5624784]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2014-02-21 152392]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2014-01-17 421888]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-12-21 959904]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2014-03-20 280576]
.
c:\users\gokarna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE %SystemRoot%\ERDNT\AutoBackup\#Date# /noconfirmdelete /noprogresswindow [2005-10-20 38912]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2014-3-4 113664]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.141\SSScheduler.exe [2014-1-16 277920]
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2013-12-6 565464]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-10-15 3921880]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-09-20 1042272]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-09-13 171416]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-10-23 172192]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 40320]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-03-06 108032]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-04-26 107736]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.141\McCHSvc.exe [2014-01-16 235696]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2014-03-15 1343400]
R3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\DRIVERS\ZTEusbvoice.sys [2011-03-26 107776]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys [2013-03-18 541680]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys [2013-03-18 26608]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys [2013-02-22 16880]
S2 AtherosSvc;AtherosSvc;c:\program files\Bluetooth Suite\adminservice.exe [2012-05-30 97920]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-04-11 1390720]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-04-11 1764992]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [2013-12-06 1229528]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [2013-12-06 662232]
S2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;c:\program files\Bluetooth Suite\Ath_CoexAgent.exe [2012-05-30 327296]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2012-05-30 35968]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2013-03-27 302920]
S3 btath_avdt;Qualcomm Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys [2013-03-27 101192]
S3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2013-03-27 27976]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2013-03-27 158688]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2013-03-27 66448]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2013-03-27 119624]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2013-03-27 496456]
S3 MEI;Intel(R) Management Engine Interface ;c:\windows\system32\DRIVERS\TeeDriver.sys [2013-03-20 85976]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf_x86.sys [2013-12-06 16024]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2012-10-18 258704]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2013-03-04 643656]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2007-08-03 9344]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-04-25 21:43 1078088 ----a-w- c:\program files\Google\Chrome\Application\34.0.1847.131\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-05-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-15 22:49]
.
2014-05-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-04-02 18:37]
.
2014-05-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-04-02 18:37]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yandex.ru/?win=121&clid=1991182
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = localhost:21320
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\
FF - prefs.js: browser.search.selectedEngine - Yandex
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: network.proxy.type - 0
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-05-14 10:59:21
ComboFix-quarantined-files.txt 2014-05-14 07:59
ComboFix2.txt 2014-05-14 07:40
ComboFix3.txt 2014-04-30 18:27
.
Pre-Run: 149,213,241,344 bytes free
Post-Run: 149,146,357,760 bytes free
.
- - End Of File - - F5AADD572A49EF086420A27B79509591
A36C5E4F47E84449FF07ED3517B43A31
2. SystemLook 30.07.11 by jpshortstuff
Log created at 11:18 on 14/05/2014 by gokarna
Administrator - Elevation successful
========== folderfind ==========
Searching for "Yandex"
C:\FRST\Quarantine\C\program files\Yandex d------ [14:28 26/04/2014]
C:\FRST\Quarantine\C\programdata\Yandex d------ [14:28 26/04/2014]
C:\FRST\Quarantine\C\Users\gokarna\AppData\Local\Yandex d------ [14:28 26/04/2014]
C:\FRST\Quarantine\C\Users\gokarna\AppData\Roaming\Yandex d------ [14:28 26/04/2014]
C:\Program Files\AdwCleaner\Quarantine\C\Users\gokarna\AppData\Local\Yandex d------ [08:33 09/04/2014]
C:\Program Files\AdwCleaner\Quarantine\C\Users\gokarna\AppData\LocalLow\Yandex d------ [08:33 09/04/2014]
C:\Program Files\AdwCleaner\Quarantine\C\Users\gokarna\AppData\Roaming\Yandex d------ [08:33 09/04/2014]
C:\Program Files\AdwCleaner\Quarantine\C\Users\gokarna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Yandex d------ [08:33 09/04/2014]
C:\Program Files\AdwCleaner\Quarantine\C\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\hullhm7j.default\Yandex d------ [08:33 09/04/2014]
C:\Qoobox\Quarantine\C\Program Files\Yandex d------ [12:22 03/05/2014]
C:\Qoobox\Quarantine\C\Users\gokarna\AppData\LocalLow\Yandex d------ [07:57 14/05/2014]
C:\Qoobox\Quarantine\C\Users\gokarna\AppData\Roaming\Yandex d------ [07:57 14/05/2014]
C:\Qoobox\Quarantine\C\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yandex d------ [07:57 14/05/2014]
C:\Qoobox\Quarantine\C\Users\gokarna\Desktop\Old Firefox Data\hullhm7j.default\yasearch-xb\packages\{3a427092-f8a8-4cfc-8619-30830ef0df73}\locale\en\brand\yandex d------ [07:57 14/05/2014]
C:\Qoobox\Quarantine\C\Windows\System32\config\systemprofile\AppData\LocalLow\Yandex d------ [07:57 14/05/2014]
C:\Users\gokarna\AppData\Roaming\Yandex d------ [08:11 14/05/2014]
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yandex d------ [08:11 14/05/2014]
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\locale\en\brand\yandex d------ [07:49 29/04/2014]
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\locale\ru\brand\yandex d------ [07:49 29/04/2014]
C:\Users\gokarna\Desktop\Old Firefox Data\hullhm7j.default\yasearch-xb\packages\{3a427092-f8a8-4cfc-8619-30830ef0df73}\locale\ru\brand\yandex d------ [12:30 19/04/2014]
========== filefind ==========
Searching for "Yandex"
No files found.
========== regfind ==========
Searching for "Yandex"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Yandex]
[HKEY_CURRENT_USER\Software\AppDataLow\Yandex]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{54079e4f-b72f-4c73-939e-3e10f242767f}]
"AppPath"="C:\Users\gokarna\AppData\Local\Yandex\Updater\"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.yandex.ru/?win=121&clid=1991182"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"DisplayName"="Yandex"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"FaviconURLFallback"="http://www.yandex.ru/favicon.ico"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"SuggestionsURL_JSON"="http://suggest.yandex.net/suggest-ff.cgi?part={searchTerms}"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"="http://yandex.ru/yandsearch?win=121&clid=1991183&text={searchTerms}"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\y]
@="http://yandex.ru/yandsearch?win=121&clid=1991186&text=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\YandexBrowser]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\YandexBrowser]
"DisplayName"="Yandex"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\YandexBrowser]
"UninstallString"=""C:\Program Files\Uninstall Information\97\4258\uninstall.exe" /PUninstall="HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\YandexBrowser" /reg=32"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\YandexBrowser]
"InstallLocation"="C:\Users\gokarna\AppData\Local\Yandex\YandexBrowser\Application"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\YandexBrowser]
"DisplayIcon"="C:\Users\gokarna\AppData\Local\Yandex\YandexBrowser\Application\browser.exe,0"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\YandexBrowser]
"Publisher"="YANDEX"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\YandexBrowser]
"OUninstallString"=""C:\Users\gokarna\AppData\Local\Yandex\YandexBrowser\Application\30.0.1599.13014\Installer\setup.exe" --uninstall --verbose-logging"
[HKEY_CURRENT_USER\Software\Classes\.crx]
@="YandexBrowser.crx"
[HKEY_CURRENT_USER\Software\Classes\TypeLib\{B01CA563-8D3B-4E50-94B7-BBCED71B3083}\1.0\0\win32]
@="C:\Users\gokarna\AppData\Local\Yandex\Updater\yupdate-ctrl.exe"
[HKEY_CURRENT_USER\Software\Classes\TypeLib\{B01CA563-8D3B-4E50-94B7-BBCED71B3083}\1.0\HELPDIR]
@="C:\Users\gokarna\AppData\Local\Yandex\Updater\"
[HKEY_CURRENT_USER\Software\Classes\YandexBrowser.crx]
[HKEY_CURRENT_USER\Software\Classes\YandexBrowser.crx]
@="Yandex Browser Extra"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.htm\OpenWithProgids]
"YandexHTML.FRWESAIQ3UMB4SAG6QDLDICFXE"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.html\OpenWithProgids]
"YandexHTML.FRWESAIQ3UMB4SAG6QDLDICFXE"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.pdf\OpenWithProgids]
"YandexPDF.FRWESAIQ3UMB4SAG6QDLDICFXE"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.shtml\OpenWithProgids]
"YandexHTML.FRWESAIQ3UMB4SAG6QDLDICFXE"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.swf\OpenWithProgids]
"YandexHTML.FRWESAIQ3UMB4SAG6QDLDICFXE"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.webp\OpenWithProgids]
"YandexHTML.FRWESAIQ3UMB4SAG6QDLDICFXE"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.xht\OpenWithProgids]
"YandexHTML.FRWESAIQ3UMB4SAG6QDLDICFXE"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.xhtml\OpenWithProgids]
"YandexHTML.FRWESAIQ3UMB4SAG6QDLDICFXE"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{AFBDA429-7995-4CCA-9298-7C7D6B4A244C}\1.0\0\win32]
@="C:\Program Files\Yandex\FastDial\fastdial.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{AFBDA429-7995-4CCA-9298-7C7D6B4A244C}\1.0\HELPDIR]
@="C:\Program Files\Yandex\FastDial"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YandexHTML.FRWESAIQ3UMB4SAG6QDLDICFXE]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YandexHTML.FRWESAIQ3UMB4SAG6QDLDICFXE]
@="Yandex Browser HTML Document"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YandexPDF.FRWESAIQ3UMB4SAG6QDLDICFXE]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YandexPDF.FRWESAIQ3UMB4SAG6QDLDICFXE]
@="Yandex Browser PDF Document"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Yandex.FRWESAIQ3UMB4SAG6QDLDICFXE]
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Yandex.FRWESAIQ3UMB4SAG6QDLDICFXE]
@="Yandex"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Yandex.FRWESAIQ3UMB4SAG6QDLDICFXE\Capabilities]
"ApplicationDescription"="Yandex.Browser — web sayfalarını görüntülemek için kullanılan tarayıcı."
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Yandex.FRWESAIQ3UMB4SAG6QDLDICFXE\Capabilities]
"ApplicationIcon"="C:\Users\gokarna\AppData\Local\Yandex\YandexBrowser\Application\browser.exe,0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Yandex.FRWESAIQ3UMB4SAG6QDLDICFXE\Capabilities]
"ApplicationName"="Yandex"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Yandex.FRWESAIQ3UMB4SAG6QDLDICFXE\Capabilities\FileAssociations]
".htm"="YandexHTML.FRWESAIQ3UMB4SAG6QDLDICFXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Yandex.FRWESAIQ3UMB4SAG6QDLDICFXE\Capabilities\FileAssociations]
".html"="YandexHTML.FRWESAIQ3UMB4SAG6QDLDICFXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Yandex.FRWESAIQ3UMB4SAG6QDLDICFXE\Capabilities\FileAssociations]
".shtml"="YandexHTML.FRWESAIQ3UMB4SAG6QDLDICFXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Yandex.FRWESAIQ3UMB4SAG6QDLDICFXE\Capabilities\FileAssociations]
".xht"="YandexHTML.FRWESAIQ3UMB4SAG6QDLDICFXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Yandex.FRWESAIQ3UMB4SAG6QDLDICFXE\Capabilities\FileAssociations]
".xhtml"="YandexHTML.FRWESAIQ3UMB4SAG6QDLDICFXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Yandex.FRWESAIQ3UMB4SAG6QDLDICFXE\Capabilities\FileAssociations]
".crx"="YandexHTML.FRWESAIQ3UMB4SAG6QDLDICFXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Yandex.FRWESAIQ3UMB4SAG6QDLDICFXE\Capabilities\FileAssociations]
".pdf"="YandexPDF.FRWESAIQ3UMB4SAG6QDLDICFXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Yandex.FRWESAIQ3UMB4SAG6QDLDICFXE\Capabilities\FileAssociations]
".swf"="YandexHTML.FRWESAIQ3UMB4SAG6QDLDICFXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Yandex.FRWESAIQ3UMB4SAG6QDLDICFXE\Capabilities\FileAssociations]
".webp"="YandexHTML.FRWESAIQ3UMB4SAG6QDLDICFXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Yandex.FRWESAIQ3UMB4SAG6QDLDICFXE\Capabilities\Startmenu]
"StartMenuInternet"="Yandex.FRWESAIQ3UMB4SAG6QDLDICFXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Yandex.FRWESAIQ3UMB4SAG6QDLDICFXE\Capabilities\URLAssociations]
"ftp"="YandexHTML.FRWESAIQ3UMB4SAG6QDLDICFXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Yandex.FRWESAIQ3UMB4SAG6QDLDICFXE\Capabilities\URLAssociations]
"http"="YandexHTML.FRWESAIQ3UMB4SAG6QDLDICFXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Yandex.FRWESAIQ3UMB4SAG6QDLDICFXE\Capabilities\URLAssociations]
"https"="YandexHTML.FRWESAIQ3UMB4SAG6QDLDICFXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Yandex.FRWESAIQ3UMB4SAG6QDLDICFXE\Capabilities\URLAssociations]
"irc"="YandexHTML.FRWESAIQ3UMB4SAG6QDLDICFXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Yandex.FRWESAIQ3UMB4SAG6QDLDICFXE\Capabilities\URLAssociations]
"mailto"="YandexHTML.FRWESAIQ3UMB4SAG6QDLDICFXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Yandex.FRWESAIQ3UMB4SAG6QDLDICFXE\Capabilities\URLAssociations]
"mms"="YandexHTML.FRWESAIQ3UMB4SAG6QDLDICFXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Yandex.FRWESAIQ3UMB4SAG6QDLDICFXE\Capabilities\URLAssociations]
"news"="YandexHTML.FRWESAIQ3UMB4SAG6QDLDICFXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Yandex.FRWESAIQ3UMB4SAG6QDLDICFXE\Capabilities\URLAssociations]
"nntp"="YandexHTML.FRWESAIQ3UMB4SAG6QDLDICFXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Yandex.FRWESAIQ3UMB4SAG6QDLDICFXE\Capabilities\URLAssociations]
"sms"="YandexHTML.FRWESAIQ3UMB4SAG6QDLDICFXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Yandex.FRWESAIQ3UMB4SAG6QDLDICFXE\Capabilities\URLAssociations]
"smsto"="YandexHTML.FRWESAIQ3UMB4SAG6QDLDICFXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Yandex.FRWESAIQ3UMB4SAG6QDLDICFXE\Capabilities\URLAssociations]
"tel"="YandexHTML.FRWESAIQ3UMB4SAG6QDLDICFXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Yandex.FRWESAIQ3UMB4SAG6QDLDICFXE\Capabilities\URLAssociations]
"urn"="YandexHTML.FRWESAIQ3UMB4SAG6QDLDICFXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Yandex.FRWESAIQ3UMB4SAG6QDLDICFXE\Capabilities\URLAssociations]
"webcal"="YandexHTML.FRWESAIQ3UMB4SAG6QDLDICFXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Yandex.FRWESAIQ3UMB4SAG6QDLDICFXE\DefaultIcon]
@="C:\Users\gokarna\AppData\Local\Yandex\YandexBrowser\Application\browser.exe,0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Yandex.FRWESAIQ3UMB4SAG6QDLDICFXE\InstallInfo]
"ReinstallCommand"=""C:\Users\gokarna\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --make-default-browser"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Yandex.FRWESAIQ3UMB4SAG6QDLDICFXE\InstallInfo]
"HideIconsCommand"=""C:\Users\gokarna\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --hide-icons"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Yandex.FRWESAIQ3UMB4SAG6QDLDICFXE\InstallInfo]
"ShowIconsCommand"=""C:\Users\gokarna\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --show-icons"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Yandex.FRWESAIQ3UMB4SAG6QDLDICFXE\shell\open\command]
@=""C:\Users\gokarna\AppData\Local\Yandex\YandexBrowser\Application\browser.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\YandexSetup_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\YandexSetup_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\RegisteredApplications]
"Yandex.FRWESAIQ3UMB4SAG6QDLDICFXE"="Software\Clients\StartMenuInternet\Yandex.FRWESAIQ3UMB4SAG6QDLDICFXE\Capabilities"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Yandex]
[HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000\Software\AppDataLow\Software\Yandex]
[HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000\Software\AppDataLow\Yandex]
[HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{54079e4f-b72f-4c73-939e-3e10f242767f}]
"AppPath"="C:\Users\gokarna\AppData\Local\Yandex\Updater\"
[HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.yandex.ru/?win=121&clid=1991182"
[HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"DisplayName"="Yandex"
[HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"FaviconURLFallback"="http://www.yandex.ru/favicon.ico"
[HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"SuggestionsURL_JSON"="http://suggest.yandex.net/suggest-ff.cgi?part={searchTerms}"
[HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"="http://yandex.ru/yandsearch?win=121&clid=1991183&text={searchTerms}"
[HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000\Software\Microsoft\Internet Explorer\SearchUrl\y]
@="http://yandex.ru/yandsearch?win=121&clid=1991186&text=%s"
[HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\YandexBrowser]
[HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\YandexBrowser]
"DisplayName"="Yandex"
[HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\YandexBrowser]
"UninstallString"=""C:\Program Files\Uninstall Information\97\4258\uninstall.exe" /PUninstall="HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\YandexBrowser" /reg=32"
[HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\YandexBrowser]
"InstallLocation"="C:\Users\gokarna\AppData\Local\Yandex\YandexBrowser\Application"
[HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\YandexBrowser]
"DisplayIcon"="C:\Users\gokarna\AppData\Local\Yandex\YandexBrowser\Application\browser.exe,0"
[HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\YandexBrowser]
"Publisher"="YANDEX"
[HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\YandexBrowser]
"OUninstallString"=""C:\Users\gokarna\AppData\Local\Yandex\YandexBrowser\Application\30.0.1599.13014\Installer\setup.exe" --uninstall --verbose-logging"
[HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000\Software\Classes\.crx]
@="YandexBrowser.crx"
[HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000\Software\Classes\TypeLib\{B01CA563-8D3B-4E50-94B7-BBCED71B3083}\1.0\0\win32]
@="C:\Users\gokarna\AppData\Local\Yandex\Updater\yupdate-ctrl.exe"
[HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000\Software\Classes\TypeLib\{B01CA563-8D3B-4E50-94B7-BBCED71B3083}\1.0\HELPDIR]
@="C:\Users\gokarna\AppData\Local\Yandex\Updater\"
[HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000\Software\Classes\YandexBrowser.crx]
[HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000\Software\Classes\YandexBrowser.crx]
@="Yandex Browser Extra"
[HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000_Classes\.crx]
@="YandexBrowser.crx"
[HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000_Classes\TypeLib\{B01CA563-8D3B-4E50-94B7-BBCED71B3083}\1.0\0\win32]
@="C:\Users\gokarna\AppData\Local\Yandex\Updater\yupdate-ctrl.exe"
[HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000_Classes\TypeLib\{B01CA563-8D3B-4E50-94B7-BBCED71B3083}\1.0\HELPDIR]
@="C:\Users\gokarna\AppData\Local\Yandex\Updater\"
[HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000_Classes\YandexBrowser.crx]
[HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000_Classes\YandexBrowser.crx]
@="Yandex Browser Extra"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Yandex]
-= EOF =-
Let's see if this gets rid of the left overs.
Next: Please disable all onboard security programs (all running with back ground protection) as it may hinder the scanner from working.
This includes Antivirus, Firewall, and any Spyware scanners that run in the background.
Click on this link Here (http://www.bleepingcomputer.com/forums/topic114351.html) to see a list of programs that should be disabled.
The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
Save this as "CFScript.txt" including quotes and change the "Save as type" to "All Files" and place it on your desktop.
DDS::
uStart Page = hxxp://www.yandex.ru/?win=121&clid=1991182
uInternet Settings,ProxyServer = localhost:21320
Firefox::
FF - ProfilePath - c:\users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\
FF - prefs.js: browser.search.selectedEngine -
Yandex
Folder::
C:\Users\gokarna\AppData\Roaming\Yandex
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yandex
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb
C:\Users\gokarna\Desktop\Old Firefox Data\hullhm7j.default\yasearch-xb
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe. ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.
CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
If there are internet issues afterward:
*In IE: Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.
In Firefox in Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection and uncheck the proxyserver, set it to No Proxy.
Chrome:
Select -> Tools menu -> then "Options", then go to "Change Proxy Settings", then "LAN Settings" , then take out the check mark for "Use a proxy server for your LAN" if set, unless you set this up yourself.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~``
Before we go any further, after you follow my above instructions, please look in your add/remove programs list located in the control panel...
See if Yandex by chance is listed there. If it is please try to uninstall it.
If it's there and it throws out errors please use Revo uninstaller but only if it's listed there. Since we have been deleting out so many related files it might not be there now.
Download and install the Revo Uninstaller (http://www.revouninstaller.com/)
Double click the new Revo Uninstaller icon on your desktop to start the program
Scroll through the listed programs and Right Click Yandex or something that might look like Яндекс
From the pop out menu choose Uninstall
Click Yes to the confirmation dialogue
In the next window select the Advanced mode
Click Next to start uninstalling the program
Answer Yes to confirm the uninstall
When the program has completed the four steps, click Next to allow the program to search for leftovers
Once complete, click Next, then Finish
Repeat the above steps for any other programs you wish to remove.
wendyseana
2014-05-15, 14:58
..... my first port of call after Yandex came to menace me. It is listed in programs but trying to uninstall it brings up a message which says something like "please wait until the current program has finished uninstalling or being change "
However I somehow overlooked your first message re Revo uninstall - as you may have guessed - and carried out the CFscript exercise with Combofix. Sorry about that, it comes with trying to pay attention to too many things at once - multi-tasking is a myth unless you are satisfied with partial successes.
Anyway so am getting Revo now and you will hear from me again soon
Cheers, Wendy
yes please report back as soon as you can.
I have other advisors looking in so that we may delete everything we can find.
wendyseana
2014-05-17, 12:38
Hello Juliet,
Apologies for not being back as soon as I hoped. Having now performed RevoUninstall I have redone 1. ComboFix and 2. SystemLook :-
1. ComboFix 14-05-16.01 - gokarna 05/17/2014 13:10:27.6.4 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3062.1770 [GMT 3:00]
Running from: c:\users\gokarna\Desktop\ComboFix.exe
Command switches used :: c:\users\gokarna\Desktop\CFScript.txt
AV: Spybot - Search and Destroy *Disabled/Updated* {20A26C15-1AF0-7CA3-9380-FAB824A7EE0D}
SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yandex
c:\users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yandex\users.sqlite
c:\users\gokarna\AppData\Roaming\Yandex
c:\users\gokarna\AppData\Roaming\Yandex\clids-barff.xml
c:\users\gokarna\AppData\Roaming\Yandex\clids-vbff.xml
c:\users\gokarna\AppData\Roaming\Yandex\ui
c:\users\gokarna\nokia-pc-suite-7.1.180.94.exe
.
.
((((((((((((((((((((((((( Files Created from 2014-04-17 to 2014-05-17 )))))))))))))))))))))))))))))))
.
.
2014-05-17 10:18 . 2014-05-17 10:19 -------- d-----w- c:\users\gokarna\AppData\Local\temp
2014-05-17 10:18 . 2014-05-17 10:18 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2014-05-17 10:18 . 2014-05-17 10:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-05-17 06:27 . 2014-04-17 02:32 8050496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{ACE1EC71-6BD9-4DB4-9AC3-A3EFD1A4D84B}\mpengine.dll
2014-05-15 13:04 . 2014-05-15 13:04 -------- d-----w- c:\users\gokarna\AppData\Local\VS Revo Group
2014-05-15 13:03 . 2014-05-15 13:03 -------- d-----w- c:\programdata\VS Revo Group
2014-05-15 13:03 . 2009-12-30 07:21 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys
2014-05-15 13:03 . 2014-05-15 13:03 -------- d-----w- c:\program files\VS Revo Group
2014-05-15 00:02 . 2014-05-06 03:07 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-05-10 09:24 . 2014-05-10 09:24 -------- d-----w- c:\program files\CCleaner
2014-05-05 17:28 . 2014-05-15 00:23 -------- d-s---w- c:\windows\system32\CompatTel
2014-05-04 06:55 . 2014-05-04 06:55 -------- d-----w- c:\program files\ESET
2014-04-29 07:39 . 2014-04-29 07:39 26624 ----a-w- c:\windows\system32\TrueSight.sys
2014-04-18 17:35 . 2014-04-18 17:35 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2014-04-18 17:22 . 2014-02-04 02:07 149440 ----a-w- c:\windows\system32\drivers\storport.sys
2014-04-18 17:22 . 2014-02-04 02:07 234432 ----a-w- c:\windows\system32\drivers\msiscsi.sys
2014-04-18 17:22 . 2014-02-04 02:07 27072 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2014-04-18 17:22 . 2014-02-04 02:00 2048 ----a-w- c:\windows\system32\iologmsg.dll
2014-04-18 17:11 . 2014-04-18 17:11 -------- d-----w- c:\users\gokarna\AppData\Local\WindowsUpdate
2014-04-18 17:06 . 2014-04-14 17:13 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-04-18 17:03 . 2014-04-18 17:03 921512 ----a-w- c:\program files\jxpiinstall.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-15 00:19 . 2014-03-15 21:28 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-05-15 00:19 . 2014-03-15 21:28 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-04-26 10:27 . 2014-04-02 16:06 107736 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-04-03 06:51 . 2014-04-02 16:05 51416 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-04-03 06:51 . 2014-04-02 16:05 73432 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-04-03 06:50 . 2014-04-02 16:05 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-03-31 19:46 . 2014-03-31 19:46 130712 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2014-03-31 19:46 . 2014-03-31 19:46 1070232 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2014-03-31 06:35 . 2014-03-07 18:50 231584 ------w- c:\windows\system32\MpSigStub.exe
2014-03-21 12:02 . 2014-03-21 12:02 86016 ----a-w- c:\windows\system32\iesysprep.dll
2014-03-21 12:02 . 2014-03-21 12:02 74240 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2014-03-21 12:02 . 2014-03-21 12:02 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2014-03-21 12:02 . 2014-03-21 12:02 645120 ----a-w- c:\windows\system32\jsIntl.dll
2014-03-21 12:02 . 2014-03-21 12:02 62464 ----a-w- c:\windows\system32\tdc.ocx
2014-03-21 12:02 . 2014-03-21 12:02 61952 ----a-w- c:\windows\system32\MshtmlDac.dll
2014-03-21 12:02 . 2014-03-21 12:02 48640 ----a-w- c:\windows\system32\mshtmler.dll
2014-03-21 12:02 . 2014-03-21 12:02 36352 ----a-w- c:\windows\system32\imgutil.dll
2014-03-21 12:02 . 2014-03-21 12:02 337408 ----a-w- c:\windows\system32\html.iec
2014-03-21 12:02 . 2014-03-21 12:02 24576 ----a-w- c:\windows\system32\licmgr10.dll
2014-03-21 12:02 . 2014-03-21 12:02 194048 ----a-w- c:\windows\system32\elshyph.dll
2014-03-21 12:02 . 2014-03-21 12:02 182272 ----a-w- c:\windows\system32\msls31.dll
2014-03-21 12:02 . 2014-03-21 12:02 151552 ----a-w- c:\windows\system32\iexpress.exe
2014-03-21 12:02 . 2014-03-21 12:02 139264 ----a-w- c:\windows\system32\wextract.exe
2014-03-21 12:02 . 2014-03-21 12:02 13312 ----a-w- c:\windows\system32\mshta.exe
2014-03-21 12:02 . 2014-03-21 12:02 111616 ----a-w- c:\windows\system32\IEAdvpack.dll
2014-03-21 12:02 . 2014-03-21 12:02 1051136 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-03-21 01:03 . 2014-03-21 01:03 49152 ----a-w- c:\windows\system32\taskhost.exe
2014-03-21 01:03 . 2014-03-21 01:03 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-03-21 01:03 . 2014-03-21 01:03 906240 ----a-w- c:\windows\system32\FntCache.dll
2014-03-21 01:03 . 2014-03-21 01:03 604160 ----a-w- c:\windows\system32\d3d10level9.dll
2014-03-21 01:03 . 2014-03-21 01:03 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-03-21 01:03 . 2014-03-21 01:03 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-03-21 01:03 . 2014-03-21 01:03 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2014-03-21 01:03 . 2014-03-21 01:03 364544 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2014-03-21 01:03 . 2014-03-21 01:03 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-03-21 01:03 . 2014-03-21 01:03 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2014-03-21 01:03 . 2014-03-21 01:03 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-03-21 01:03 . 2014-03-21 01:03 293376 ----a-w- c:\windows\system32\dxgi.dll
2014-03-21 01:03 . 2014-03-21 01:03 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-03-21 01:03 . 2014-03-21 01:03 249856 ----a-w- c:\windows\system32\d3d10_1core.dll
2014-03-21 01:03 . 2014-03-21 01:03 2284544 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2014-03-21 01:03 . 2014-03-21 01:03 220160 ----a-w- c:\windows\system32\d3d10core.dll
2014-03-21 01:03 . 2014-03-21 01:03 207872 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2014-03-21 01:03 . 2014-03-21 01:03 187392 ----a-w- c:\windows\system32\UIAnimation.dll
2014-03-21 01:03 . 2014-03-21 01:03 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2014-03-21 01:03 . 2014-03-21 01:03 1247744 ----a-w- c:\windows\system32\DWrite.dll
2014-03-21 01:03 . 2014-03-21 01:03 1158144 ----a-w- c:\windows\system32\XpsPrint.dll
2014-03-21 01:03 . 2014-03-21 01:03 1080832 ----a-w- c:\windows\system32\d3d10.dll
2014-03-21 01:03 . 2014-03-21 01:03 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2014-03-21 01:02 . 2014-03-21 01:02 1505280 ----a-w- c:\windows\system32\d3d11.dll
2014-03-20 01:07 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2014-03-06 08:31 . 2014-04-13 13:19 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-03-06 08:02 . 2014-04-13 13:19 61952 ----a-w- c:\windows\system32\iesetup.dll
2014-03-06 08:02 . 2014-04-13 13:19 455168 ----a-w- c:\windows\system32\vbscript.dll
2014-03-06 08:01 . 2014-04-13 13:19 51200 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-03-06 07:46 . 2014-04-13 13:19 4254720 ----a-w- c:\windows\system32\jscript9.dll
2014-03-06 07:38 . 2014-04-13 13:19 112128 ----a-w- c:\windows\system32\ieUnatt.exe
2014-03-06 07:38 . 2014-04-13 13:19 108032 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-03-06 07:36 . 2014-04-13 13:19 592896 ----a-w- c:\windows\system32\jscript9diag.dll
2014-03-06 07:28 . 2014-04-13 13:19 646144 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-03-06 07:13 . 2014-04-13 13:19 32256 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-03-06 06:40 . 2014-04-13 13:19 1967104 ----a-w- c:\windows\system32\inetcpl.cpl
2014-03-06 05:41 . 2014-04-13 13:19 1789440 ----a-w- c:\windows\system32\wininet.dll
2014-03-04 11:25 . 2012-05-30 09:14 246804 ----a-w- c:\windows\system32\drivers\AtherosBt.bin
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spybot-S&D Cleaning"="c:\program files\Spybot - Search & Destroy 2\SDCleaner.exe" [2013-09-20 3666224]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2014-02-10 20924576]
"Spotify Web Helper"="c:\users\gokarna\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-04-03 1171968]
"uTorrent"="c:\users\gokarna\AppData\Roaming\uTorrent\uTorrent.exe" [2014-05-15 1272400]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner.exe" [2014-04-17 4524312]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2011-07-11 74752]
"LGODDFU"="c:\program files\lg_fwupdate\fwupdate.exe" [2008-10-01 548864]
"PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-29 200704]
"AtherosBtStack"="c:\program files\Bluetooth Suite\btvstack.exe" [2012-05-30 878208]
"AthBtTray"="c:\program files\Bluetooth Suite\athbttray.exe" [2012-05-30 696448]
"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2013-07-25 5624784]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2014-02-21 152392]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2014-01-17 421888]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-12-21 959904]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2014-03-20 280576]
.
c:\users\gokarna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE %SystemRoot%\ERDNT\AutoBackup\#Date# /noconfirmdelete /noprogresswindow [2005-10-20 38912]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2014-3-4 113664]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.141\SSScheduler.exe [2014-1-16 277920]
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2013-12-6 565464]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-10-15 3921880]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-09-20 1042272]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-09-13 171416]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-10-23 172192]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 40320]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-03-06 108032]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-04-26 107736]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.141\McCHSvc.exe [2014-01-16 235696]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2014-03-15 1343400]
R3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\DRIVERS\ZTEusbvoice.sys [2011-03-26 107776]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys [2013-03-18 541680]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys [2013-03-18 26608]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys [2013-02-22 16880]
S2 AtherosSvc;AtherosSvc;c:\program files\Bluetooth Suite\adminservice.exe [2012-05-30 97920]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-04-11 1390720]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-04-11 1764992]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [2013-12-06 1229528]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [2013-12-06 662232]
S2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;c:\program files\Bluetooth Suite\Ath_CoexAgent.exe [2012-05-30 327296]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2012-05-30 35968]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2013-03-27 302920]
S3 btath_avdt;Qualcomm Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys [2013-03-27 101192]
S3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2013-03-27 27976]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2013-03-27 158688]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2013-03-27 66448]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2013-03-27 119624]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2013-03-27 496456]
S3 MEI;Intel(R) Management Engine Interface ;c:\windows\system32\DRIVERS\TeeDriver.sys [2013-03-20 85976]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf_x86.sys [2013-12-06 16024]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2012-10-18 258704]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2013-03-04 643656]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2007-08-03 9344]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-05-15 12:00 1077576 ----a-w- c:\program files\Google\Chrome\Application\34.0.1847.137\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-05-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-15 00:19]
.
2014-05-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-04-02 18:37]
.
2014-05-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-04-02 18:37]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yandex.ru/?win=121&clid=1991182
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = localhost:21320
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\
FF - prefs.js: browser.search.selectedEngine - Yandex
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: network.proxy.type - 0
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-05-17 13:21:29
ComboFix-quarantined-files.txt 2014-05-17 10:21
ComboFix2.txt 2014-05-14 07:59
ComboFix3.txt 2014-05-14 07:40
ComboFix4.txt 2014-04-30 18:27
.
Pre-Run: 150,912,798,720 bytes free
Post-Run: 151,315,951,616 bytes free
.
- - End Of File - - 7F106C478ABCC6C40E9F43E49E6070C7
A36C5E4F47E84449FF07ED3517B43A31
2. SystemLook 30.07.11 by jpshortstuff
Log created at 13:32 on 17/05/2014 by gokarna
Administrator - Elevation successful
========== folderfind ==========
Searching for "Yandex"
C:\FRST\Quarantine\C\program files\Yandex d------ [14:28 26/04/2014]
C:\FRST\Quarantine\C\programdata\Yandex d------ [14:28 26/04/2014]
C:\FRST\Quarantine\C\Users\gokarna\AppData\Local\Yandex d------ [14:28 26/04/2014]
C:\FRST\Quarantine\C\Users\gokarna\AppData\Roaming\Yandex d------ [14:28 26/04/2014]
C:\Program Files\AdwCleaner\Quarantine\C\Users\gokarna\AppData\Local\Yandex d------ [08:33 09/04/2014]
C:\Program Files\AdwCleaner\Quarantine\C\Users\gokarna\AppData\LocalLow\Yandex d------ [08:33 09/04/2014]
C:\Program Files\AdwCleaner\Quarantine\C\Users\gokarna\AppData\Roaming\Yandex d------ [08:33 09/04/2014]
C:\Program Files\AdwCleaner\Quarantine\C\Users\gokarna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Yandex d------ [08:33 09/04/2014]
C:\Program Files\AdwCleaner\Quarantine\C\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\hullhm7j.default\Yandex d------ [08:33 09/04/2014]
C:\Qoobox\Quarantine\C\Program Files\Yandex d------ [12:22 03/05/2014]
C:\Qoobox\Quarantine\C\Users\gokarna\AppData\LocalLow\Yandex d------ [07:57 14/05/2014]
C:\Qoobox\Quarantine\C\Users\gokarna\AppData\Roaming\Yandex d------ [07:57 14/05/2014]
C:\Qoobox\Quarantine\C\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yandex d------ [07:57 14/05/2014]
C:\Qoobox\Quarantine\C\Users\gokarna\Desktop\Old Firefox Data\hullhm7j.default\yasearch-xb\packages\{3a427092-f8a8-4cfc-8619-30830ef0df73}\locale\en\brand\yandex d------ [07:57 14/05/2014]
C:\Qoobox\Quarantine\C\Windows\System32\config\systemprofile\AppData\LocalLow\Yandex d------ [07:57 14/05/2014]
C:\Users\gokarna\AppData\Roaming\Yandex d------ [10:28 17/05/2014]
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yandex d------ [10:28 17/05/2014]
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\locale\en\brand\yandex d------ [07:49 29/04/2014]
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\locale\ru\brand\yandex d------ [07:49 29/04/2014]
========== filefind ==========
Searching for "Yandex"
No files found.
========== regfind ==========
Searching for "Yandex"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Yandex]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{54079e4f-b72f-4c73-939e-3e10f242767f}]
"AppPath"="C:\Users\gokarna\AppData\Local\Yandex\Updater\"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.yandex.ru/?win=121&clid=1991182"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"DisplayName"="Yandex"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"FaviconURLFallback"="http://www.yandex.ru/favicon.ico"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"SuggestionsURL_JSON"="http://suggest.yandex.net/suggest-ff.cgi?part={searchTerms}"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"="http://yandex.ru/yandsearch?win=121&clid=1991183&text={searchTerms}"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\y]
@="http://yandex.ru/yandsearch?win=121&clid=1991186&text=%s"
[HKEY_CURRENT_USER\Software\Classes\.crx]
@="YandexBrowser.crx"
[HKEY_CURRENT_USER\Software\Classes\TypeLib\{B01CA563-8D3B-4E50-94B7-BBCED71B3083}\1.0\0\win32]
@="C:\Users\gokarna\AppData\Local\Yandex\Updater\yupdate-ctrl.exe"
[HKEY_CURRENT_USER\Software\Classes\TypeLib\{B01CA563-8D3B-4E50-94B7-BBCED71B3083}\1.0\HELPDIR]
@="C:\Users\gokarna\AppData\Local\Yandex\Updater\"
[HKEY_CURRENT_USER\Software\Classes\YandexBrowser.crx]
[HKEY_CURRENT_USER\Software\Classes\YandexBrowser.crx]
@="Yandex Browser Extra"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.htm\OpenWithProgids]
"YandexHTML.FRWESAIQ3UMB4SAG6QDLDICFXE"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.html\OpenWithProgids]
"YandexHTML.FRWESAIQ3UMB4SAG6QDLDICFXE"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.pdf\OpenWithProgids]
"YandexPDF.FRWESAIQ3UMB4SAG6QDLDICFXE"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.shtml\OpenWithProgids]
"YandexHTML.FRWESAIQ3UMB4SAG6QDLDICFXE"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.swf\OpenWithProgids]
"YandexHTML.FRWESAIQ3UMB4SAG6QDLDICFXE"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.webp\OpenWithProgids]
"YandexHTML.FRWESAIQ3UMB4SAG6QDLDICFXE"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.xht\OpenWithProgids]
"YandexHTML.FRWESAIQ3UMB4SAG6QDLDICFXE"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.xhtml\OpenWithProgids]
"YandexHTML.FRWESAIQ3UMB4SAG6QDLDICFXE"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{AFBDA429-7995-4CCA-9298-7C7D6B4A244C}\1.0\0\win32]
@="C:\Program Files\Yandex\FastDial\fastdial.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{AFBDA429-7995-4CCA-9298-7C7D6B4A244C}\1.0\HELPDIR]
@="C:\Program Files\Yandex\FastDial"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YandexHTML.FRWESAIQ3UMB4SAG6QDLDICFXE]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YandexHTML.FRWESAIQ3UMB4SAG6QDLDICFXE]
@="Yandex Browser HTML Document"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YandexPDF.FRWESAIQ3UMB4SAG6QDLDICFXE]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YandexPDF.FRWESAIQ3UMB4SAG6QDLDICFXE]
@="Yandex Browser PDF Document"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Yandex]
[HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000\Software\AppDataLow\Software\Yandex]
[HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{54079e4f-b72f-4c73-939e-3e10f242767f}]
"AppPath"="C:\Users\gokarna\AppData\Local\Yandex\Updater\"
[HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.yandex.ru/?win=121&clid=1991182"
[HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"DisplayName"="Yandex"
[HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"FaviconURLFallback"="http://www.yandex.ru/favicon.ico"
[HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"SuggestionsURL_JSON"="http://suggest.yandex.net/suggest-ff.cgi?part={searchTerms}"
[HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"="http://yandex.ru/yandsearch?win=121&clid=1991183&text={searchTerms}"
[HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000\Software\Microsoft\Internet Explorer\SearchUrl\y]
@="http://yandex.ru/yandsearch?win=121&clid=1991186&text=%s"
[HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000\Software\Classes\.crx]
@="YandexBrowser.crx"
[HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000\Software\Classes\TypeLib\{B01CA563-8D3B-4E50-94B7-BBCED71B3083}\1.0\0\win32]
@="C:\Users\gokarna\AppData\Local\Yandex\Updater\yupdate-ctrl.exe"
[HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000\Software\Classes\TypeLib\{B01CA563-8D3B-4E50-94B7-BBCED71B3083}\1.0\HELPDIR]
@="C:\Users\gokarna\AppData\Local\Yandex\Updater\"
[HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000\Software\Classes\YandexBrowser.crx]
[HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000\Software\Classes\YandexBrowser.crx]
@="Yandex Browser Extra"
[HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000_Classes\.crx]
@="YandexBrowser.crx"
[HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000_Classes\TypeLib\{B01CA563-8D3B-4E50-94B7-BBCED71B3083}\1.0\0\win32]
@="C:\Users\gokarna\AppData\Local\Yandex\Updater\yupdate-ctrl.exe"
[HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000_Classes\TypeLib\{B01CA563-8D3B-4E50-94B7-BBCED71B3083}\1.0\HELPDIR]
@="C:\Users\gokarna\AppData\Local\Yandex\Updater\"
[HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000_Classes\YandexBrowser.crx]
[HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000_Classes\YandexBrowser.crx]
@="Yandex Browser Extra"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Yandex]
-= EOF =-
Please do this:
Tweaking.com Registry Backup
http://i.imgur.com/OJQgrbU.png
Tweaking.com Registry Backup
Download the tool found here (http://www.bleepingcomputer.com/download/registry-backup/) to your Desktop so it is easy to find.
Double click on the file you just downloaded
to install it to your system.
Once the tool is installed, double-click on the Tweaking.com Registry Backup icon
**Note** The tool should automatically open to the Backup Registry tab.
http://i.imgur.com/TRfuT3t.jpg
Press Backup Now
When the back up is complete, the tool will tell you that Successful */* Files Backed Up
You have now successfully backed up your Registry.
Once you have the tool downloaded there is a tab labeled Settings where you can set where the backups are saved at.
~~~~~~~~~~~~~~~~~~~~~~~
We're going to attempt using a different tool to remove this.
Please down load OTL from here http://www.bleepingcomputer.com/download/otl/ and save it to your desktop.
Please open OTL, To do that:
Vista and 7 users: Right click the icon and click Run as Administrator
~~~~~~~~~~~~~~~~~~~~~~~
Please copy the text in the Quote box below, (Do Not copy the word Quote), and paste it in the Posted Image box in OTL.
Under the Custom Scans/Fixes box at the bottom, paste in the following
To do that:
Highlight everything inside the quote box, (except the word Quote), right click the mouse and click Copy.
Copy (Ctrl+C) and Paste (Ctrl+V) all of the following text into the Custom Scans/Fixes box:
https://dl.dropbox.com/u/73555776/OTL_Fix.GIF
:OTL
:files
C:\Users\gokarna\AppData\Roaming\Yandex
C:\Users\gokarna\AppData\Local\Yandex
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yandex
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb
C:\Program Files\Yandex
:reg
[-HKEY_CURRENT_USER\Software\AppDataLow\Software\Yandex]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{54079e4f-b72f-4c73-939e-3e10f242767f}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
“Start Page”=”http://www.google.com/”
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\y]
@=" http://www.google.com/ %s"
[-HKEY_CURRENT_USER\Software\Classes\.crx]
[-HKEY_CURRENT_USER\Software\Classes\TypeLib\{B01CA563-8D3B-4E50-94B7-BBCED71B3083}]
[-HKEY_CURRENT_USER\Software\Classes\YandexBrowser.crx]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.htm\OpenWithProgids]
"YandexHTML.FRWESAIQ3UMB4SAG6QDLDICFXE"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.html\OpenWithProgids]
"YandexHTML.FRWESAIQ3UMB4SAG6QDLDICFXE"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.pdf\OpenWithProgids]
"YandexPDF.FRWESAIQ3UMB4SAG6QDLDICFXE"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.shtml\OpenWithProgids]
"YandexHTML.FRWESAIQ3UMB4SAG6QDLDICFXE"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.swf\OpenWithProgids]
"YandexHTML.FRWESAIQ3UMB4SAG6QDLDICFXE"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.webp\OpenWithProgids]
"YandexHTML.FRWESAIQ3UMB4SAG6QDLDICFXE"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.xht\OpenWithProgids]
"YandexHTML.FRWESAIQ3UMB4SAG6QDLDICFXE"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.xhtml\OpenWithProgids]
"YandexHTML.FRWESAIQ3UMB4SAG6QDLDICFXE"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{AFBDA429-7995-4CCA-9298-7C7D6B4A244C}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YandexHTML.FRWESAIQ3UMB4SAG6QDLDICFXE]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YandexPDF.FRWESAIQ3UMB4SAG6QDLDICFXE]
[-HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Yandex]
[-HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000\Software\AppDataLow\Software\Yandex]
[-HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{54079e4f-b72f-4c73-939e-3e10f242767f}]
[HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000\Software\Microsoft\Internet Explorer\Main]
“Start Page”=”http://www.google.com/”
[-HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
[HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000\Software\Microsoft\Internet Explorer\SearchUrl\y]
@=" http://www.google.com/ %s"
[-HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000\Software\Classes\.crx]
[-HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000\Software\Classes\TypeLib\{B01CA563-8D3B-4E50-94B7-BBCED71B3083}]
[-HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000\Software\Classes\YandexBrowser.crx]
[-HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000_Classes\.crx]
[-HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000_Classes\TypeLib\{B01CA563-8D3B-4E50-94B7-BBCED71B3083}]
[-HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000_Classes\YandexBrowser.crx]
[-HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Yandex]
:commands
[emptytemp]
Click Run Fix.
Please post the contents of the fix log file back here if you are prompted to open the file. It can also be found at C:\_OTL\Moved Files as MMDDYYY_HHMMSS.log where MMDDYYY is date format and HHMMSS is time format.
If requested to reboot, please do so. The log file will open after restart.
Enable back your security softwares as soon as you completed the OTL fix steps.
wendyseana
2014-05-21, 08:59
Hi Juliet,
Once again I was unable to get back to you sooner because my life is like that. You did not say disable your security software before I ran OTL and so I did not but then I see at the end of your instructions the idea that I re-enable it,
" Enable back your security softwares as soon as you completed the OTL fix steps."
So I am unsure whether all went according to plan with the OTL device.
Anyhoo, here is the OTL log which because it is too long for a single reply I will send in at least two posts :
1. All processes killed
========== OTL ==========
========== FILES ==========
C:\Users\gokarna\AppData\Roaming\Yandex folder moved successfully.
File\Folder C:\Users\gokarna\AppData\Local\Yandex not found.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yandex folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\vendor\branding\welcome\fx\img folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\vendor\branding\welcome\fx folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\vendor\branding\welcome folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\vendor\branding\toolbar folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\vendor\branding\statistics folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\vendor\branding\passport folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\vendor\branding\logobutton\icons folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\vendor\branding\logobutton folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\vendor\branding\locale\tr\welcome\fx folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\vendor\branding\locale\tr\welcome folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\vendor\branding\locale\tr\logobutton folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\vendor\branding\locale\tr\license\fx folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\vendor\branding\locale\tr\license folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\vendor\branding\locale\tr\fx\about folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\vendor\branding\locale\tr\fx folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\vendor\branding\locale\tr\fastdial folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\vendor\branding\locale\tr\about folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\vendor\branding\locale\tr folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\vendor\branding\locale\ru\welcome\fx folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\vendor\branding\locale\ru\welcome folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\vendor\branding\locale\ru\logobutton folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\vendor\branding\locale\ru\license\fx folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\vendor\branding\locale\ru\license folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\vendor\branding\locale\ru\fx\about folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\vendor\branding\locale\ru\fx folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\vendor\branding\locale\ru\fastdial folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\vendor\branding\locale\ru\about folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\vendor\branding\locale\ru folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\vendor\branding\locale\en\welcome\fx folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\vendor\branding\locale\en\welcome folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\vendor\branding\locale\en\logobutton folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\vendor\branding\locale\en\license\fx folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\vendor\branding\locale\en\license folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\vendor\branding\locale\en\fx\about folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\vendor\branding\locale\en\fx folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\vendor\branding\locale\en\fastdial folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\vendor\branding\locale\en\about folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\vendor\branding\locale\en folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\vendor\branding\locale folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\vendor\branding\license\fx\sublicenses folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\vendor\branding\license\fx folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\vendor\branding\license folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\vendor\branding\icons folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\vendor\branding\fx\logobutton folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\vendor\branding\fx\about folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\vendor\branding\fx folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\vendor\branding\distribution folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\vendor\branding\browser folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\vendor\branding\about folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\vendor\branding folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\vendor folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\presets folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\parsed_comps folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{fc5f6770-96bb-4f9a-b255-806fe8d8ebdf}\xb-skin\default\gfx\icons folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{fc5f6770-96bb-4f9a-b255-806fe8d8ebdf}\xb-skin\default\gfx folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{fc5f6770-96bb-4f9a-b255-806fe8d8ebdf}\xb-skin\default folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{fc5f6770-96bb-4f9a-b255-806fe8d8ebdf}\xb-skin folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{fc5f6770-96bb-4f9a-b255-806fe8d8ebdf}\modules folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{fc5f6770-96bb-4f9a-b255-806fe8d8ebdf}\locale\tr folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{fc5f6770-96bb-4f9a-b255-806fe8d8ebdf}\locale\ru folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{fc5f6770-96bb-4f9a-b255-806fe8d8ebdf}\locale\en folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{fc5f6770-96bb-4f9a-b255-806fe8d8ebdf}\locale folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{fc5f6770-96bb-4f9a-b255-806fe8d8ebdf}\lib folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{fc5f6770-96bb-4f9a-b255-806fe8d8ebdf}\img folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{fc5f6770-96bb-4f9a-b255-806fe8d8ebdf}\content\microbrowser folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{fc5f6770-96bb-4f9a-b255-806fe8d8ebdf}\content folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{fc5f6770-96bb-4f9a-b255-806fe8d8ebdf} folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{f741a4cb-bccd-4f77-ba1a-09dd062fd4f0}\skin\icons folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{f741a4cb-bccd-4f77-ba1a-09dd062fd4f0}\skin folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{f741a4cb-bccd-4f77-ba1a-09dd062fd4f0}\modules\proto folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{f741a4cb-bccd-4f77-ba1a-09dd062fd4f0}\modules\libs folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{f741a4cb-bccd-4f77-ba1a-09dd062fd4f0}\modules\engines\typedurls folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{f741a4cb-bccd-4f77-ba1a-09dd062fd4f0}\modules\engines\tophistory folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{f741a4cb-bccd-4f77-ba1a-09dd062fd4f0}\modules\engines\pinned\modules folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{f741a4cb-bccd-4f77-ba1a-09dd062fd4f0}\modules\engines\pinned folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{f741a4cb-bccd-4f77-ba1a-09dd062fd4f0}\modules\engines\passwords\modules folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{f741a4cb-bccd-4f77-ba1a-09dd062fd4f0}\modules\engines\passwords folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{f741a4cb-bccd-4f77-ba1a-09dd062fd4f0}\modules\engines\nigori\modules folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{f741a4cb-bccd-4f77-ba1a-09dd062fd4f0}\modules\engines\nigori folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{f741a4cb-bccd-4f77-ba1a-09dd062fd4f0}\modules\engines\deviceinfo\modules folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{f741a4cb-bccd-4f77-ba1a-09dd062fd4f0}\modules\engines\deviceinfo folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{f741a4cb-bccd-4f77-ba1a-09dd062fd4f0}\modules\engines\bookmarks\modules folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{f741a4cb-bccd-4f77-ba1a-09dd062fd4f0}\modules\engines\bookmarks folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{f741a4cb-bccd-4f77-ba1a-09dd062fd4f0}\modules\engines\autofill folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{f741a4cb-bccd-4f77-ba1a-09dd062fd4f0}\modules\engines folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{f741a4cb-bccd-4f77-ba1a-09dd062fd4f0}\modules folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{f741a4cb-bccd-4f77-ba1a-09dd062fd4f0}\locale\tr folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{f741a4cb-bccd-4f77-ba1a-09dd062fd4f0}\locale\ru folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{f741a4cb-bccd-4f77-ba1a-09dd062fd4f0}\locale\en folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{f741a4cb-bccd-4f77-ba1a-09dd062fd4f0}\locale folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{f741a4cb-bccd-4f77-ba1a-09dd062fd4f0}\icons folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{f741a4cb-bccd-4f77-ba1a-09dd062fd4f0}\content\wpage\sync folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{f741a4cb-bccd-4f77-ba1a-09dd062fd4f0}\content\wpage folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{f741a4cb-bccd-4f77-ba1a-09dd062fd4f0}\content\settings folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{f741a4cb-bccd-4f77-ba1a-09dd062fd4f0}\content\bindings\islands\icons folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{f741a4cb-bccd-4f77-ba1a-09dd062fd4f0}\content\bindings\islands\controls folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{f741a4cb-bccd-4f77-ba1a-09dd062fd4f0}\content\bindings\islands folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{f741a4cb-bccd-4f77-ba1a-09dd062fd4f0}\content\bindings folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{f741a4cb-bccd-4f77-ba1a-09dd062fd4f0}\content folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{f741a4cb-bccd-4f77-ba1a-09dd062fd4f0} folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{b98cfd30-bfa2-41d8-94ac-835504b1dd87}\__MACOSX\locale\tr folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{b98cfd30-bfa2-41d8-94ac-835504b1dd87}\__MACOSX\locale\ru folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{b98cfd30-bfa2-41d8-94ac-835504b1dd87}\__MACOSX\locale\en folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{b98cfd30-bfa2-41d8-94ac-835504b1dd87}\__MACOSX\locale folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{b98cfd30-bfa2-41d8-94ac-835504b1dd87}\__MACOSX\icons folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{b98cfd30-bfa2-41d8-94ac-835504b1dd87}\__MACOSX folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{b98cfd30-bfa2-41d8-94ac-835504b1dd87}\locale\tr folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{b98cfd30-bfa2-41d8-94ac-835504b1dd87}\locale\ru folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{b98cfd30-bfa2-41d8-94ac-835504b1dd87}\locale\en folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{b98cfd30-bfa2-41d8-94ac-835504b1dd87}\locale folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{b98cfd30-bfa2-41d8-94ac-835504b1dd87}\icons folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{b98cfd30-bfa2-41d8-94ac-835504b1dd87} folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{a1456921-60f9-4b19-ba9d-5f2a0867e37e}\locale\tr\facebook folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{a1456921-60f9-4b19-ba9d-5f2a0867e37e}\locale\tr folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{a1456921-60f9-4b19-ba9d-5f2a0867e37e}\locale\ru\facebook folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{a1456921-60f9-4b19-ba9d-5f2a0867e37e}\locale\ru folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{a1456921-60f9-4b19-ba9d-5f2a0867e37e}\locale\en\facebook folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{a1456921-60f9-4b19-ba9d-5f2a0867e37e}\locale\en folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{a1456921-60f9-4b19-ba9d-5f2a0867e37e}\locale folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{a1456921-60f9-4b19-ba9d-5f2a0867e37e}\facebook\modules\common\microbrowser\content folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{a1456921-60f9-4b19-ba9d-5f2a0867e37e}\facebook\modules\common\microbrowser folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{a1456921-60f9-4b19-ba9d-5f2a0867e37e}\facebook\modules\common folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{a1456921-60f9-4b19-ba9d-5f2a0867e37e}\facebook\modules folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{a1456921-60f9-4b19-ba9d-5f2a0867e37e}\facebook\core folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{a1456921-60f9-4b19-ba9d-5f2a0867e37e}\facebook\content\img folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{a1456921-60f9-4b19-ba9d-5f2a0867e37e}\facebook\content folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{a1456921-60f9-4b19-ba9d-5f2a0867e37e}\facebook folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{a1456921-60f9-4b19-ba9d-5f2a0867e37e}\-common\modules folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{a1456921-60f9-4b19-ba9d-5f2a0867e37e}\-common\img folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{a1456921-60f9-4b19-ba9d-5f2a0867e37e}\-common\content folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{a1456921-60f9-4b19-ba9d-5f2a0867e37e}\-common folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{a1456921-60f9-4b19-ba9d-5f2a0867e37e} folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{9c5073e3-730e-4894-adac-b5b5d9283f74}\xb-skin\default\images\icons folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{9c5073e3-730e-4894-adac-b5b5d9283f74}\xb-skin\default\images folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{9c5073e3-730e-4894-adac-b5b5d9283f74}\xb-skin\default folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{9c5073e3-730e-4894-adac-b5b5d9283f74}\xb-skin folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{9c5073e3-730e-4894-adac-b5b5d9283f74}\modules\common\SettingsWatcher folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{9c5073e3-730e-4894-adac-b5b5d9283f74}\modules\common\md5 folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{9c5073e3-730e-4894-adac-b5b5d9283f74}\modules\common\Mailman folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{9c5073e3-730e-4894-adac-b5b5d9283f74}\modules\common\Cache folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{9c5073e3-730e-4894-adac-b5b5d9283f74}\modules\common\Ajax folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{9c5073e3-730e-4894-adac-b5b5d9283f74}\modules\common folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{9c5073e3-730e-4894-adac-b5b5d9283f74}\modules folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{9c5073e3-730e-4894-adac-b5b5d9283f74}\locale\tr folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{9c5073e3-730e-4894-adac-b5b5d9283f74}\locale\ru folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{9c5073e3-730e-4894-adac-b5b5d9283f74}\locale\en folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{9c5073e3-730e-4894-adac-b5b5d9283f74}\locale folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{9c5073e3-730e-4894-adac-b5b5d9283f74}\content\slice\locale\tr folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{9c5073e3-730e-4894-adac-b5b5d9283f74}\content\slice\locale\ru folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{9c5073e3-730e-4894-adac-b5b5d9283f74}\content\slice\locale\en folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{9c5073e3-730e-4894-adac-b5b5d9283f74}\content\slice\locale folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{9c5073e3-730e-4894-adac-b5b5d9283f74}\content\slice\js folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{9c5073e3-730e-4894-adac-b5b5d9283f74}\content\slice\images\new-flags folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{9c5073e3-730e-4894-adac-b5b5d9283f74}\content\slice\images folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{9c5073e3-730e-4894-adac-b5b5d9283f74}\content\slice\css\build folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{9c5073e3-730e-4894-adac-b5b5d9283f74}\content\slice\css folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{9c5073e3-730e-4894-adac-b5b5d9283f74}\content\slice folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{9c5073e3-730e-4894-adac-b5b5d9283f74}\content folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{9c5073e3-730e-4894-adac-b5b5d9283f74} folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{982e7420-fd88-48b4-83da-5569b54b0695}\twitter\modules\common\oauth folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{982e7420-fd88-48b4-83da-5569b54b0695}\twitter\modules\common\microbrowser\content folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{982e7420-fd88-48b4-83da-5569b54b0695}\twitter\modules\common\microbrowser folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{982e7420-fd88-48b4-83da-5569b54b0695}\twitter\modules\common folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{982e7420-fd88-48b4-83da-5569b54b0695}\twitter\modules folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{982e7420-fd88-48b4-83da-5569b54b0695}\twitter\core folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{982e7420-fd88-48b4-83da-5569b54b0695}\twitter\content\slice\widget folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{982e7420-fd88-48b4-83da-5569b54b0695}\twitter\content\slice\transform folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{982e7420-fd88-48b4-83da-5569b54b0695}\twitter\content\slice\js folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{982e7420-fd88-48b4-83da-5569b54b0695}\twitter\content\slice\i folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{982e7420-fd88-48b4-83da-5569b54b0695}\twitter\content\slice folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{982e7420-fd88-48b4-83da-5569b54b0695}\twitter\content\microbrowser folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{982e7420-fd88-48b4-83da-5569b54b0695}\twitter\content\img folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{982e7420-fd88-48b4-83da-5569b54b0695}\twitter\content folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{982e7420-fd88-48b4-83da-5569b54b0695}\twitter folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{982e7420-fd88-48b4-83da-5569b54b0695}\locale\tr\twitter\content\slice\js folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{982e7420-fd88-48b4-83da-5569b54b0695}\locale\tr\twitter\content\slice folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{982e7420-fd88-48b4-83da-5569b54b0695}\locale\tr\twitter\content folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{982e7420-fd88-48b4-83da-5569b54b0695}\locale\tr\twitter folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{982e7420-fd88-48b4-83da-5569b54b0695}\locale\tr folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{982e7420-fd88-48b4-83da-5569b54b0695}\locale\ru\twitter\content\slice\js folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{982e7420-fd88-48b4-83da-5569b54b0695}\locale\ru\twitter\content\slice folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{982e7420-fd88-48b4-83da-5569b54b0695}\locale\ru\twitter\content folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{982e7420-fd88-48b4-83da-5569b54b0695}\locale\ru\twitter folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{982e7420-fd88-48b4-83da-5569b54b0695}\locale\ru folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{982e7420-fd88-48b4-83da-5569b54b0695}\locale\en\twitter\content\slice\js folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{982e7420-fd88-48b4-83da-5569b54b0695}\locale\en\twitter\content\slice folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{982e7420-fd88-48b4-83da-5569b54b0695}\locale\en\twitter\content folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{982e7420-fd88-48b4-83da-5569b54b0695}\locale\en\twitter folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{982e7420-fd88-48b4-83da-5569b54b0695}\locale\en folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{982e7420-fd88-48b4-83da-5569b54b0695}\locale folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{982e7420-fd88-48b4-83da-5569b54b0695}\-common\modules folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{982e7420-fd88-48b4-83da-5569b54b0695}\-common\img folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{982e7420-fd88-48b4-83da-5569b54b0695}\-common\content folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{982e7420-fd88-48b4-83da-5569b54b0695}\-common folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{982e7420-fd88-48b4-83da-5569b54b0695} folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{8c449b05-fda4-4f61-9c4b-2a800bb0ea30}\xb-skin folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{8c449b05-fda4-4f61-9c4b-2a800bb0ea30}\modules folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{8c449b05-fda4-4f61-9c4b-2a800bb0ea30}\locale\tr\radio folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{8c449b05-fda4-4f61-9c4b-2a800bb0ea30}\locale\tr folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{8c449b05-fda4-4f61-9c4b-2a800bb0ea30}\locale\ru\radio folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{8c449b05-fda4-4f61-9c4b-2a800bb0ea30}\locale\ru folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{8c449b05-fda4-4f61-9c4b-2a800bb0ea30}\locale\en\radio folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{8c449b05-fda4-4f61-9c4b-2a800bb0ea30}\locale\en folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{8c449b05-fda4-4f61-9c4b-2a800bb0ea30}\locale folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{8c449b05-fda4-4f61-9c4b-2a800bb0ea30}\content\gfx folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{8c449b05-fda4-4f61-9c4b-2a800bb0ea30}\content folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{8c449b05-fda4-4f61-9c4b-2a800bb0ea30} folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{6718b76e-3623-4679-a045-d51499c75c42}\native\fx\games\ui\jquery folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{6718b76e-3623-4679-a045-d51499c75c42}\native\fx\games\ui\images folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{6718b76e-3623-4679-a045-d51499c75c42}\native\fx\games\ui\css\b-widget-games folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{6718b76e-3623-4679-a045-d51499c75c42}\native\fx\games\ui\css\b-widget-flash folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{6718b76e-3623-4679-a045-d51499c75c42}\native\fx\games\ui\css\b-widget folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{6718b76e-3623-4679-a045-d51499c75c42}\native\fx\games\ui\css folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{6718b76e-3623-4679-a045-d51499c75c42}\native\fx\games\ui folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{6718b76e-3623-4679-a045-d51499c75c42}\native\fx\games folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{6718b76e-3623-4679-a045-d51499c75c42}\native\fx folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{6718b76e-3623-4679-a045-d51499c75c42}\native folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{6718b76e-3623-4679-a045-d51499c75c42}\locale\tr folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{6718b76e-3623-4679-a045-d51499c75c42}\locale\ru folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{6718b76e-3623-4679-a045-d51499c75c42}\locale\en folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{6718b76e-3623-4679-a045-d51499c75c42}\locale folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{6718b76e-3623-4679-a045-d51499c75c42}\icons folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{6718b76e-3623-4679-a045-d51499c75c42} folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{6588288e-9622-4fcd-95d5-5c7bd2fd5f01}\locale\tr\gmail folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{6588288e-9622-4fcd-95d5-5c7bd2fd5f01}\locale\tr folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{6588288e-9622-4fcd-95d5-5c7bd2fd5f01}\locale\ru\gmail folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{6588288e-9622-4fcd-95d5-5c7bd2fd5f01}\locale\ru folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{6588288e-9622-4fcd-95d5-5c7bd2fd5f01}\locale\en\gmail folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{6588288e-9622-4fcd-95d5-5c7bd2fd5f01}\locale\en folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{6588288e-9622-4fcd-95d5-5c7bd2fd5f01}\locale folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{6588288e-9622-4fcd-95d5-5c7bd2fd5f01}\gmail\modules folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{6588288e-9622-4fcd-95d5-5c7bd2fd5f01}\gmail\core folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{6588288e-9622-4fcd-95d5-5c7bd2fd5f01}\gmail\content\img folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{6588288e-9622-4fcd-95d5-5c7bd2fd5f01}\gmail\content folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{6588288e-9622-4fcd-95d5-5c7bd2fd5f01}\gmail folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{6588288e-9622-4fcd-95d5-5c7bd2fd5f01}\-common\modules folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{6588288e-9622-4fcd-95d5-5c7bd2fd5f01}\-common\img folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{6588288e-9622-4fcd-95d5-5c7bd2fd5f01}\-common\content folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{6588288e-9622-4fcd-95d5-5c7bd2fd5f01}\-common folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{6588288e-9622-4fcd-95d5-5c7bd2fd5f01} folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\weather folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\urls folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\traffic folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\templates folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\native\fx\yaru folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\native\fx\translator\scripts folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\native\fx\translator\icons folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\native\fx\translator\css folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\native\fx\translator folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\native\fx\town\slice-w\jquery folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\native\fx\town\slice-w\img folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\native\fx\town\slice-w folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\native\fx\town\slice-t\jquery\images folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\native\fx\town\slice-t\jquery folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\native\fx\town\slice-t\img folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\native\fx\town\slice-t folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\native\fx\town folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\native\fx\textonly\inframe folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\native\fx\textonly folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\native\fx\templates folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\native\fx\styles folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\native\fx\spam folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\native\fx\settings folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\native\fx\separators folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\native\fx\quote\styles folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\native\fx\quote\modules folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\native\fx\quote\icons folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\native\fx\quote\bindings folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\native\fx\quote folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\native\fx\pagetranslator\notifications folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\native\fx\pagetranslator folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\native\fx\opinions\i folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\native\fx\opinions folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\native\fx\music\slice\noflash folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\native\fx\music\slice folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\native\fx\music\i folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\native\fx\music folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\native\fx\money folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\native\fx\moikrug folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\native\fx\modules\dicts folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\native\fx\modules folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\native\fx\mail\slice\jquery\1.7.2 folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\native\fx\mail\slice\jquery folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\native\fx\mail\slice\img folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\native\fx\mail\slice folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\native\fx\mail folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\native\fx\logo folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\native\fx\login folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\native\fx\lenta folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\native\fx\icons\throbber folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\native\fx\icons\status folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\native\fx\icons\arrows folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\native\fx\icons folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\native\fx\geolocation folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\native\fx\fotki folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\native\fx\dialogs\opinions\icons folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\native\fx\dialogs\opinions folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\native\fx\dialogs\feeds folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\native\fx\dialogs\bookmarks folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\native\fx\dialogs\auth folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\native\fx\dialogs folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\native\fx\cy\i folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\native\fx\cy folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\native\fx\bookmarks folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\native\fx\bindings\orange\radio folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\native\fx\bindings\orange\progressmeter folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\native\fx\bindings\orange\notification folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\native\fx\bindings\orange\more\images folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\native\fx\bindings\orange\more folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\native\fx\bindings\orange\link folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\native\fx\bindings\orange\label folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\native\fx\bindings\orange\dialog folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\native\fx\bindings\orange\checkbox folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\native\fx\bindings\orange\button\images folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\native\fx\bindings\orange\button folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\native\fx\bindings\orange folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\native\fx\bindings folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\native\fx folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\native folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\locale\tr\native\fx\icons folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\locale\tr\native\fx folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\locale\tr\native folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\locale\tr\mail folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\locale\tr\icons\logo\ya folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\locale\tr\icons\logo folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\locale\tr\icons folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\locale\tr folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\locale\ru\native\fx folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\locale\ru\native folder moved successfully.
wendyseana
2014-05-21, 09:01
2. C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\locale\ru\mail folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\locale\ru\brand\yandex\urls folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\locale\ru\brand\yandex folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\locale\ru\brand folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\locale\ru folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\locale\en\native\fx\icons folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\locale\en\native\fx folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\locale\en\native folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\locale\en\mail folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\locale\en\icons\logo\ya folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\locale\en\icons\logo folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\locale\en\icons folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\locale\en\brand\yandex\urls folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\locale\en\brand\yandex folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\locale\en\brand folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\locale\en folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\locale folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\icons\textonly folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\icons\pagetranslator folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\icons\logo\ya folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\icons\logo folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\icons folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\brand\ua\urls folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\brand\ua\templates folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\brand\ua\native\fx\translator folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\brand\ua\native\fx folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\brand\ua\native folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\brand\ua folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\brand\tb\urls folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\brand\tb\templates folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\brand\tb\native\fx\translator folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\brand\tb\native\fx\quote folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\brand\tb\native\fx folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\brand\tb\native folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\brand\tb folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\brand folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c} folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{373df4af-0572-4b83-8373-9943d2c400b3}\module folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{373df4af-0572-4b83-8373-9943d2c400b3}\locale\tr folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{373df4af-0572-4b83-8373-9943d2c400b3}\locale\ru folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{373df4af-0572-4b83-8373-9943d2c400b3}\locale\en folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{373df4af-0572-4b83-8373-9943d2c400b3}\locale folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{373df4af-0572-4b83-8373-9943d2c400b3}\icons folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{373df4af-0572-4b83-8373-9943d2c400b3}\content\js folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{373df4af-0572-4b83-8373-9943d2c400b3}\content\css\jquery-ui folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{373df4af-0572-4b83-8373-9943d2c400b3}\content\css\b-news-title folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{373df4af-0572-4b83-8373-9943d2c400b3}\content\css\b-news-slice folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{373df4af-0572-4b83-8373-9943d2c400b3}\content\css\b-news-menu folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{373df4af-0572-4b83-8373-9943d2c400b3}\content\css\b-news-list folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{373df4af-0572-4b83-8373-9943d2c400b3}\content\css folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{373df4af-0572-4b83-8373-9943d2c400b3}\content folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{373df4af-0572-4b83-8373-9943d2c400b3} folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{2254407c-81df-459d-bad0-7ceccbf8b675}\res\pages\style folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{2254407c-81df-459d-bad0-7ceccbf8b675}\res\pages\js folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{2254407c-81df-459d-bad0-7ceccbf8b675}\res\pages folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{2254407c-81df-459d-bad0-7ceccbf8b675}\res\icons folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{2254407c-81df-459d-bad0-7ceccbf8b675}\res folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{2254407c-81df-459d-bad0-7ceccbf8b675}\locale\tr folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{2254407c-81df-459d-bad0-7ceccbf8b675}\locale\ru folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{2254407c-81df-459d-bad0-7ceccbf8b675}\locale\en folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{2254407c-81df-459d-bad0-7ceccbf8b675}\locale folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{2254407c-81df-459d-bad0-7ceccbf8b675}\code\sklib folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{2254407c-81df-459d-bad0-7ceccbf8b675}\code\mail\pop3 folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{2254407c-81df-459d-bad0-7ceccbf8b675}\code\mail folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{2254407c-81df-459d-bad0-7ceccbf8b675}\code\hotmail\ui folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{2254407c-81df-459d-bad0-7ceccbf8b675}\code\hotmail\img folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{2254407c-81df-459d-bad0-7ceccbf8b675}\code\hotmail\ApplicationAPI folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{2254407c-81df-459d-bad0-7ceccbf8b675}\code\hotmail folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{2254407c-81df-459d-bad0-7ceccbf8b675}\code\caolan folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{2254407c-81df-459d-bad0-7ceccbf8b675}\code folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{2254407c-81df-459d-bad0-7ceccbf8b675} folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{1e28dda5-5640-4081-b86b-2955580d99d4}\native folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{1e28dda5-5640-4081-b86b-2955580d99d4}\locale\tr folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{1e28dda5-5640-4081-b86b-2955580d99d4}\locale\ru\brand\ua folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{1e28dda5-5640-4081-b86b-2955580d99d4}\locale\ru\brand\tb folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{1e28dda5-5640-4081-b86b-2955580d99d4}\locale\ru\brand folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{1e28dda5-5640-4081-b86b-2955580d99d4}\locale\ru folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{1e28dda5-5640-4081-b86b-2955580d99d4}\locale\en\brand\ua folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{1e28dda5-5640-4081-b86b-2955580d99d4}\locale\en\brand\tb folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{1e28dda5-5640-4081-b86b-2955580d99d4}\locale\en\brand folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{1e28dda5-5640-4081-b86b-2955580d99d4}\locale\en folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{1e28dda5-5640-4081-b86b-2955580d99d4}\locale folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{1e28dda5-5640-4081-b86b-2955580d99d4}\icons folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{1e28dda5-5640-4081-b86b-2955580d99d4} folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{19788787-001b-4840-a500-e5e727d639b7}\welcome\js folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{19788787-001b-4840-a500-e5e727d639b7}\welcome\css\l-table folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{19788787-001b-4840-a500-e5e727d639b7}\welcome\css\l-footer folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{19788787-001b-4840-a500-e5e727d639b7}\welcome\css\l-content folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{19788787-001b-4840-a500-e5e727d639b7}\welcome\css\g-clear folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{19788787-001b-4840-a500-e5e727d639b7}\welcome\css\b-video folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{19788787-001b-4840-a500-e5e727d639b7}\welcome\css\b-title folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{19788787-001b-4840-a500-e5e727d639b7}\welcome\css\b-suggest-menu folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{19788787-001b-4840-a500-e5e727d639b7}\welcome\css\b-suggest\_ie folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{19788787-001b-4840-a500-e5e727d639b7}\welcome\css\b-suggest\_ff folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{19788787-001b-4840-a500-e5e727d639b7}\welcome\css\b-suggest folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{19788787-001b-4840-a500-e5e727d639b7}\welcome\css\b-menu-ico folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{19788787-001b-4840-a500-e5e727d639b7}\welcome\css\b-logo folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{19788787-001b-4840-a500-e5e727d639b7}\welcome\css\b-footer-links folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{19788787-001b-4840-a500-e5e727d639b7}\welcome\css\b-footer folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{19788787-001b-4840-a500-e5e727d639b7}\welcome\css folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{19788787-001b-4840-a500-e5e727d639b7}\welcome folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{19788787-001b-4840-a500-e5e727d639b7}\native\providers folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{19788787-001b-4840-a500-e5e727d639b7}\native\engineManager folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{19788787-001b-4840-a500-e5e727d639b7}\native\corrector folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{19788787-001b-4840-a500-e5e727d639b7}\native folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{19788787-001b-4840-a500-e5e727d639b7}\locale\tr\welcome folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{19788787-001b-4840-a500-e5e727d639b7}\locale\tr folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{19788787-001b-4840-a500-e5e727d639b7}\locale\ru\welcome folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{19788787-001b-4840-a500-e5e727d639b7}\locale\ru\brand\ua\welcome folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{19788787-001b-4840-a500-e5e727d639b7}\locale\ru\brand\ua folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{19788787-001b-4840-a500-e5e727d639b7}\locale\ru\brand\tb folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{19788787-001b-4840-a500-e5e727d639b7}\locale\ru\brand folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{19788787-001b-4840-a500-e5e727d639b7}\locale\ru folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{19788787-001b-4840-a500-e5e727d639b7}\locale\en\welcome folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{19788787-001b-4840-a500-e5e727d639b7}\locale\en\brand\ua\welcome folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{19788787-001b-4840-a500-e5e727d639b7}\locale\en\brand\ua folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{19788787-001b-4840-a500-e5e727d639b7}\locale\en\brand\tb folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{19788787-001b-4840-a500-e5e727d639b7}\locale\en\brand folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{19788787-001b-4840-a500-e5e727d639b7}\locale\en folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{19788787-001b-4840-a500-e5e727d639b7}\locale folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{19788787-001b-4840-a500-e5e727d639b7}\icons\traffic folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{19788787-001b-4840-a500-e5e727d639b7}\icons\addressbar folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{19788787-001b-4840-a500-e5e727d639b7}\icons folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{19788787-001b-4840-a500-e5e727d639b7}\data folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{19788787-001b-4840-a500-e5e727d639b7} folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{0fb70df7-3dcd-4f61-a5e4-3f45adc6fc3a}\styles\ts folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{0fb70df7-3dcd-4f61-a5e4-3f45adc6fc3a}\styles\mc folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{0fb70df7-3dcd-4f61-a5e4-3f45adc6fc3a}\styles folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{0fb70df7-3dcd-4f61-a5e4-3f45adc6fc3a}\slice folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{0fb70df7-3dcd-4f61-a5e4-3f45adc6fc3a}\scripts folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{0fb70df7-3dcd-4f61-a5e4-3f45adc6fc3a}\modules folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{0fb70df7-3dcd-4f61-a5e4-3f45adc6fc3a}\locale\tr\icons folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{0fb70df7-3dcd-4f61-a5e4-3f45adc6fc3a}\locale\tr folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{0fb70df7-3dcd-4f61-a5e4-3f45adc6fc3a}\locale\ru folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{0fb70df7-3dcd-4f61-a5e4-3f45adc6fc3a}\locale\en\icons folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{0fb70df7-3dcd-4f61-a5e4-3f45adc6fc3a}\locale\en folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{0fb70df7-3dcd-4f61-a5e4-3f45adc6fc3a}\locale folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{0fb70df7-3dcd-4f61-a5e4-3f45adc6fc3a}\links folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{0fb70df7-3dcd-4f61-a5e4-3f45adc6fc3a}\icons\mc-badge folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{0fb70df7-3dcd-4f61-a5e4-3f45adc6fc3a}\icons folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{0fb70df7-3dcd-4f61-a5e4-3f45adc6fc3a}\data folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{0fb70df7-3dcd-4f61-a5e4-3f45adc6fc3a}\brand\ua\links folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{0fb70df7-3dcd-4f61-a5e4-3f45adc6fc3a}\brand\ua folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{0fb70df7-3dcd-4f61-a5e4-3f45adc6fc3a}\brand\tb\links folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{0fb70df7-3dcd-4f61-a5e4-3f45adc6fc3a}\brand\tb folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{0fb70df7-3dcd-4f61-a5e4-3f45adc6fc3a}\brand folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{0fb70df7-3dcd-4f61-a5e4-3f45adc6fc3a}\bindings\ts folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{0fb70df7-3dcd-4f61-a5e4-3f45adc6fc3a}\bindings\mc folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{0fb70df7-3dcd-4f61-a5e4-3f45adc6fc3a}\bindings\islands\icons folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{0fb70df7-3dcd-4f61-a5e4-3f45adc6fc3a}\bindings\islands\controls folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{0fb70df7-3dcd-4f61-a5e4-3f45adc6fc3a}\bindings\islands folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{0fb70df7-3dcd-4f61-a5e4-3f45adc6fc3a}\bindings folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{0fb70df7-3dcd-4f61-a5e4-3f45adc6fc3a} folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\native_storage\http%3A%2F%2Fbar.yandex.ru%2Fpackages%2Fyandexbar%23translator folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\native_storage\http%3A%2F%2Fbar-widgets.yandex.ru%2Fpackages%2Fapproved%2F176%2Fmanifest.xml%23smartbox folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\native_storage\http%3A%2F%2Fbar-widgets.yandex.ru%2Fpackages%2Fapproved%2F176%2Fmanifest.xml folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\native_storage\http%3A%2F%2Fbar-widgets.yandex.ru%2Fpackages%2Fapproved%2F143%2Fmanifest.xml%23typosquatting folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\native_storage\http%3A%2F%2Fbar-widgets.yandex.ru%2Fpackages%2Fapproved%2F143%2Fmanifest.xml%23mc folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\native_storage\http%3A%2F%2Fbar-widgets.yandex.ru%2Fpackages%2Fapproved%2F131%2Fmanifest.xml%23facebook folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\native_storage\http%3A%2F%2Fbar-widgets.yandex.ru%2Fpackages%2Fapproved%2F126%2Fmanifest.xml%23yahoomail folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\native_storage folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb folder moved successfully.
File\Folder C:\Program Files\Yandex not found.
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\Software\AppDataLow\Software\Yandex\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{54079e4f-b72f-4c73-939e-3e10f242767f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{54079e4f-b72f-4c73-939e-3e10f242767f}\ not found.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\“Start Page”|”http://www.google.com/” /E :invalid edit format. Invalid data type.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\y\\@|" http://www.google.com/ %s" /E : value set successfully!
Registry key HKEY_CURRENT_USER\Software\Classes\.crx\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Classes\TypeLib\{B01CA563-8D3B-4E50-94B7-BBCED71B3083}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B01CA563-8D3B-4E50-94B7-BBCED71B3083}\ not found.
Registry key HKEY_CURRENT_USER\Software\Classes\YandexBrowser.crx\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.htm\OpenWithProgids\\YandexHTML.FRWESAIQ3UMB4SAG6QDLDICFXE deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.html\OpenWithProgids\\YandexHTML.FRWESAIQ3UMB4SAG6QDLDICFXE deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.pdf\OpenWithProgids\\YandexPDF.FRWESAIQ3UMB4SAG6QDLDICFXE deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.shtml\OpenWithProgids\\YandexHTML.FRWESAIQ3UMB4SAG6QDLDICFXE deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.swf\OpenWithProgids\\YandexHTML.FRWESAIQ3UMB4SAG6QDLDICFXE deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.webp\OpenWithProgids\\YandexHTML.FRWESAIQ3UMB4SAG6QDLDICFXE deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.xht\OpenWithProgids\\YandexHTML.FRWESAIQ3UMB4SAG6QDLDICFXE deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.xhtml\OpenWithProgids\\YandexHTML.FRWESAIQ3UMB4SAG6QDLDICFXE deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{AFBDA429-7995-4CCA-9298-7C7D6B4A244C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFBDA429-7995-4CCA-9298-7C7D6B4A244C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YandexHTML.FRWESAIQ3UMB4SAG6QDLDICFXE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YandexPDF.FRWESAIQ3UMB4SAG6QDLDICFXE\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Yandex\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000\Software\AppDataLow\Software\Yandex\ not found.
Registry key HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{54079e4f-b72f-4c73-939e-3e10f242767f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{54079e4f-b72f-4c73-939e-3e10f242767f}\ not found.
HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000\Software\Microsoft\Internet Explorer\Main\\“Start Page”|”http://www.google.com/” /E :invalid edit format. Invalid data type.
Registry key HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000\Software\Microsoft\Internet Explorer\SearchUrl\y\\@|" http://www.google.com/ %s" /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000\Software\Classes\.crx\ not found.
Registry key HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000\Software\Classes\TypeLib\{B01CA563-8D3B-4E50-94B7-BBCED71B3083}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B01CA563-8D3B-4E50-94B7-BBCED71B3083}\ not found.
Registry key HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000\Software\Classes\YandexBrowser.crx\ not found.
Registry key HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000_Classes\.crx not found.
Registry key HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000_Classes\TypeLib\{B01CA563-8D3B-4E50-94B7-BBCED71B3083}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B01CA563-8D3B-4E50-94B7-BBCED71B3083}\ not found.
Registry key HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000_Classes\YandexBrowser.crx not found.
Registry key HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Yandex\ not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 57311 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: gokarna
->Temp folder emptied: 2189730 bytes
->Temporary Internet Files folder emptied: 4485206 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 19931730 bytes
->Google Chrome cache emptied: 856432 bytes
->Flash cache emptied: 2163 bytes
User: Public
->Temp folder emptied: 0 bytes
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 490171693 bytes
RecycleBin emptied: 117219 bytes
Total Files Cleaned = 494.00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 05212014_085907
Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\Low\SkypeClickToCall\Logs\AutoUpdateSvc.log scheduled to be moved on reboot.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Appears that was very successful
If we run System look again and Yandex is still present we will have to uninstall then reinstall Google Chrome and Firefox.
Double-click SystemLook.exe to run it.
Vista users:: Right click on SystemLook.exe, click Run As Administrator
Copy the content of the following box and paste it into the main textfield:
:filefind
yandex
Яндекс
:folderfind
yandex
Яндекс
:regfind
yandex
Яндекс
Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
wendyseana
2014-05-22, 12:38
Dear Juliet,
Here is the SystemLook log :-
SystemLook 30.07.11 by jpshortstuff
Log created at 11:49 on 22/05/2014 by gokarna
Administrator - Elevation successful
========== filefind ==========
Searching for "yandex"
No files found.
Searching for "Яндекс"
No files found.
========== folderfind ==========
Searching for "yandex"
C:\FRST\Quarantine\C\program files\Yandex d------ [14:28 26/04/2014]
C:\FRST\Quarantine\C\programdata\Yandex d------ [14:28 26/04/2014]
C:\FRST\Quarantine\C\Users\gokarna\AppData\Local\Yandex d------ [14:28 26/04/2014]
C:\FRST\Quarantine\C\Users\gokarna\AppData\Roaming\Yandex d------ [14:28 26/04/2014]
C:\Program Files\AdwCleaner\Quarantine\C\Users\gokarna\AppData\Local\Yandex d------ [08:33 09/04/2014]
C:\Program Files\AdwCleaner\Quarantine\C\Users\gokarna\AppData\LocalLow\Yandex d------ [08:33 09/04/2014]
C:\Program Files\AdwCleaner\Quarantine\C\Users\gokarna\AppData\Roaming\Yandex d------ [08:33 09/04/2014]
C:\Program Files\AdwCleaner\Quarantine\C\Users\gokarna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Yandex d------ [08:33 09/04/2014]
C:\Program Files\AdwCleaner\Quarantine\C\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\hullhm7j.default\Yandex d------ [08:33 09/04/2014]
C:\Qoobox\Quarantine\C\Program Files\Yandex d------ [12:22 03/05/2014]
C:\Qoobox\Quarantine\C\Users\gokarna\AppData\LocalLow\Yandex d------ [07:57 14/05/2014]
C:\Qoobox\Quarantine\C\Users\gokarna\AppData\Roaming\Yandex d------ [07:57 14/05/2014]
C:\Qoobox\Quarantine\C\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yandex d------ [07:57 14/05/2014]
C:\Qoobox\Quarantine\C\Users\gokarna\Desktop\Old Firefox Data\hullhm7j.default\yasearch-xb\packages\{3a427092-f8a8-4cfc-8619-30830ef0df73}\locale\en\brand\yandex d------ [07:57 14/05/2014]
C:\Qoobox\Quarantine\C\Windows\System32\config\systemprofile\AppData\LocalLow\Yandex d------ [07:57 14/05/2014]
C:\Users\gokarna\AppData\Roaming\Yandex d------ [06:40 21/05/2014]
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yandex d------ [06:40 21/05/2014]
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{f9ef0a1e-7e30-445a-9cef-28a102b3e297}\locale\en\brand\yandex d------ [06:40 21/05/2014]
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{f9ef0a1e-7e30-445a-9cef-28a102b3e297}\locale\ru\brand\yandex d------ [06:40 21/05/2014]
C:\_OTL\MovedFiles\05212014_085907\C_Users\gokarna\AppData\Roaming\Yandex d------ [10:28 17/05/2014]
C:\_OTL\MovedFiles\05212014_085907\C_Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yandex d------ [10:28 17/05/2014]
C:\_OTL\MovedFiles\05212014_085907\C_Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\locale\en\brand\yandex d------ [07:49 29/04/2014]
C:\_OTL\MovedFiles\05212014_085907\C_Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\locale\ru\brand\yandex d------ [07:49 29/04/2014]
Searching for "Яндекс"
No folders found.
========== regfind ==========
Searching for "yandex"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.yandex.ru/?win=121&clid=1991182"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\y]
@="http://yandex.ru/yandsearch?win=121&clid=1991186&text=%s"
[HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.yandex.ru/?win=121&clid=1991182"
[HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000\Software\Microsoft\Internet Explorer\SearchUrl\y]
@="http://yandex.ru/yandsearch?win=121&clid=1991186&text=%s"
Searching for "Яндекс "
No data found.
-= EOF =-
We're making progress.
Most of what was found is already in quarantine folders.
Couple of steps here we will follow.
We'll enter the remaining folders to delete, then I want to see Add-Remove Programs list, then a different tool too show us whats loading at bootup that includes files/folders/registry entries to find anything else that might remain.
Open OTL,
Vista and 7 users: Right click the icon and click Run as Administrator
~~~~~~~~~~~~~~~~~~~~~~~
Please copy the text in the Quote box below, (Do Not copy the word Quote), and paste it in the Posted Image box in OTL.
Under the Custom Scans/Fixes box at the bottom, paste in the following
To do that:
Highlight everything inside the quote box, (except the word Quote), right click the mouse and click Copy.
Copy (Ctrl+C) and Paste (Ctrl+V) all of the following text into the Custom Scans/Fixes box:
:OTL
:Files
C:\Users\gokarna\AppData\Roaming\Yandex
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yandex
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb
:commands
[EMPTYFLASH]
[resethosts]
[emptytemp]
[Reboot]
https://dl.dropbox.com/u/73555776/OTL_Fix.GIF
Click Run Fix.
Please post the contents of the fix log file back here if you are prompted to open the file. It can also be found at C:\_OTL\Moved Files as MMDDYYY_HHMMSS.log where MMDDYYY is date format and HHMMSS is time format.
If requested to reboot, please do so. The log file will open after restart.
Enable back your security softwares as soon as you completed the OTL fix steps.
NEXT**
Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
Save this as "CFScript.txt" including quotes and change the "Save as type" to "All Files" and place it on your desktop.
C:\Qoobox\Add-Remove Programs.txt
Save this as "CFScript.txt" including quotes and change the "Save as type" to "All Files" and place it on your desktop.
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe. ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.
~~~~~~~~~~~~~~~~~`
NEXT**
Please download Process Monitor (http://technet.microsoft.com/en-us/sysinternals/bb896645.aspx) and save it to your desktop. Extract the archive to your desktop and run the file procmon.exe
Process Monitor will begin logging from the moment it starts running. To stop this, click the "Capture" icon http://sophserv.sophos.com/repo_kb/119038/image/ico-01.png
Clear all the events that Process Monitor recorded by clicking the "Clear" icon http://sophserv.sophos.com/repo_kb/119038/image/ico-03.png
**
Now go in to the Options menu and select Enable Boot Logging
http://sophserv.sophos.com/repo_kb/119038/image/04.png
**
You will be presented with the following dialogue. Ensure that profiling events are generated every second.
http://sophserv.sophos.com/repo_kb/119038/image/05.png
Login with the previously chosen account.
Allow the system to fully load windows and any associated startup programs (wait 15 minutes to ensure that all processes are running).
Next double-click on the Procmon.exe file to run Process Monitor again.
Upon opening Procmon.exe, you will be presented with the following dialogue.
http://sophserv.sophos.com/repo_kb/119038/image/07.png
***
Click Yes to save the collected data. Insert in the “File name” field the desired name for the output and select the "Save" button.
Close Process Monitor.
Compress and archive (zip) the PML file and upload it here (http://www.filedropper.com/) then post the link to the file in your next reply.
wendyseana
2014-05-27, 23:02
Hello Juliet,
Here are the 1. OTL which must be divided into two pieces and 2. CFTScript logs :
1. All processes killed
========== OTL ==========
========== FILES ==========
C:\Users\gokarna\AppData\Roaming\Yandex folder moved successfully.
File\Folder C:\Users\gokarna\AppData\Local\Yandex not found.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yandex folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\vendor\branding\welcome\fx\img folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\vendor\branding\welcome\fx folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\vendor\branding\welcome folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\vendor\branding\toolbar folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\vendor\branding\statistics folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\vendor\branding\passport folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\vendor\branding\logobutton\icons folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\vendor\branding\logobutton folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\vendor\branding\locale\tr\welcome\fx folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\vendor\branding\locale\tr\welcome folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\vendor\branding\locale\tr\logobutton folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\vendor\branding\locale\tr\license\fx folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\vendor\branding\locale\tr\license folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\vendor\branding\locale\tr\fx\about folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\vendor\branding\locale\tr\fx folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\vendor\branding\locale\tr\fastdial folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\vendor\branding\locale\tr\about folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\vendor\branding\locale\tr folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\vendor\branding\locale\ru\welcome\fx folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\vendor\branding\locale\ru\welcome folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\vendor\branding\locale\ru\logobutton folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\vendor\branding\locale\ru\license\fx folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\vendor\branding\locale\ru\license folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\vendor\branding\locale\ru\fx\about folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\vendor\branding\locale\ru\fx folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\vendor\branding\locale\ru\fastdial folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\vendor\branding\locale\ru\about folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\vendor\branding\locale\ru folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\vendor\branding\locale\en\welcome\fx folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\vendor\branding\locale\en\welcome folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\vendor\branding\locale\en\logobutton folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\vendor\branding\locale\en\license\fx folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\vendor\branding\locale\en\license folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\vendor\branding\locale\en\fx\about folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\vendor\branding\locale\en\fx folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\vendor\branding\locale\en\fastdial folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\vendor\branding\locale\en\about folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\vendor\branding\locale\en folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\vendor\branding\locale folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\vendor\branding\license\fx\sublicenses folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\vendor\branding\license\fx folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\vendor\branding\license folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\vendor\branding\icons folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\vendor\branding\fx\logobutton folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\vendor\branding\fx\about folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\vendor\branding\fx folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\vendor\branding\distribution folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\vendor\branding\browser folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\vendor\branding\about folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\vendor\branding folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\vendor folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\presets folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\parsed_comps folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{fc5f6770-96bb-4f9a-b255-806fe8d8ebdf}\xb-skin\default\gfx\icons folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{fc5f6770-96bb-4f9a-b255-806fe8d8ebdf}\xb-skin\default\gfx folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{fc5f6770-96bb-4f9a-b255-806fe8d8ebdf}\xb-skin\default folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{fc5f6770-96bb-4f9a-b255-806fe8d8ebdf}\xb-skin folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{fc5f6770-96bb-4f9a-b255-806fe8d8ebdf}\modules folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{fc5f6770-96bb-4f9a-b255-806fe8d8ebdf}\locale\tr folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{fc5f6770-96bb-4f9a-b255-806fe8d8ebdf}\locale\ru folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{fc5f6770-96bb-4f9a-b255-806fe8d8ebdf}\locale\en folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{fc5f6770-96bb-4f9a-b255-806fe8d8ebdf}\locale folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{fc5f6770-96bb-4f9a-b255-806fe8d8ebdf}\lib folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{fc5f6770-96bb-4f9a-b255-806fe8d8ebdf}\img folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{fc5f6770-96bb-4f9a-b255-806fe8d8ebdf}\content\microbrowser folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{fc5f6770-96bb-4f9a-b255-806fe8d8ebdf}\content folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{fc5f6770-96bb-4f9a-b255-806fe8d8ebdf} folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{f741a4cb-bccd-4f77-ba1a-09dd062fd4f0}\skin\icons folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{f741a4cb-bccd-4f77-ba1a-09dd062fd4f0}\skin folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{f741a4cb-bccd-4f77-ba1a-09dd062fd4f0}\modules\proto folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{f741a4cb-bccd-4f77-ba1a-09dd062fd4f0}\modules\libs folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{f741a4cb-bccd-4f77-ba1a-09dd062fd4f0}\modules\engines\typedurls folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{f741a4cb-bccd-4f77-ba1a-09dd062fd4f0}\modules\engines\tophistory folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{f741a4cb-bccd-4f77-ba1a-09dd062fd4f0}\modules\engines\pinned\modules folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{f741a4cb-bccd-4f77-ba1a-09dd062fd4f0}\modules\engines\pinned folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{f741a4cb-bccd-4f77-ba1a-09dd062fd4f0}\modules\engines\passwords\modules folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{f741a4cb-bccd-4f77-ba1a-09dd062fd4f0}\modules\engines\passwords folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{f741a4cb-bccd-4f77-ba1a-09dd062fd4f0}\modules\engines\nigori\modules folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{f741a4cb-bccd-4f77-ba1a-09dd062fd4f0}\modules\engines\nigori folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{f741a4cb-bccd-4f77-ba1a-09dd062fd4f0}\modules\engines\deviceinfo\modules folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{f741a4cb-bccd-4f77-ba1a-09dd062fd4f0}\modules\engines\deviceinfo folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{f741a4cb-bccd-4f77-ba1a-09dd062fd4f0}\modules\engines\bookmarks\modules folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{f741a4cb-bccd-4f77-ba1a-09dd062fd4f0}\modules\engines\bookmarks folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{f741a4cb-bccd-4f77-ba1a-09dd062fd4f0}\modules\engines\autofill folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{f741a4cb-bccd-4f77-ba1a-09dd062fd4f0}\modules\engines folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{f741a4cb-bccd-4f77-ba1a-09dd062fd4f0}\modules folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{f741a4cb-bccd-4f77-ba1a-09dd062fd4f0}\locale\tr folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{f741a4cb-bccd-4f77-ba1a-09dd062fd4f0}\locale\ru folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{f741a4cb-bccd-4f77-ba1a-09dd062fd4f0}\locale\en folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{f741a4cb-bccd-4f77-ba1a-09dd062fd4f0}\locale folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{f741a4cb-bccd-4f77-ba1a-09dd062fd4f0}\icons folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{f741a4cb-bccd-4f77-ba1a-09dd062fd4f0}\content\wpage\sync folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{f741a4cb-bccd-4f77-ba1a-09dd062fd4f0}\content\wpage folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{f741a4cb-bccd-4f77-ba1a-09dd062fd4f0}\content\settings folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{f741a4cb-bccd-4f77-ba1a-09dd062fd4f0}\content\bindings\islands\icons folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{f741a4cb-bccd-4f77-ba1a-09dd062fd4f0}\content\bindings\islands\controls folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{f741a4cb-bccd-4f77-ba1a-09dd062fd4f0}\content\bindings\islands folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{f741a4cb-bccd-4f77-ba1a-09dd062fd4f0}\content\bindings folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{f741a4cb-bccd-4f77-ba1a-09dd062fd4f0}\content folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{f741a4cb-bccd-4f77-ba1a-09dd062fd4f0} folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{b98cfd30-bfa2-41d8-94ac-835504b1dd87}\__MACOSX\locale\tr folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{b98cfd30-bfa2-41d8-94ac-835504b1dd87}\__MACOSX\locale\ru folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{b98cfd30-bfa2-41d8-94ac-835504b1dd87}\__MACOSX\locale\en folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{b98cfd30-bfa2-41d8-94ac-835504b1dd87}\__MACOSX\locale folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{b98cfd30-bfa2-41d8-94ac-835504b1dd87}\__MACOSX\icons folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{b98cfd30-bfa2-41d8-94ac-835504b1dd87}\__MACOSX folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{b98cfd30-bfa2-41d8-94ac-835504b1dd87}\locale\tr folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{b98cfd30-bfa2-41d8-94ac-835504b1dd87}\locale\ru folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{b98cfd30-bfa2-41d8-94ac-835504b1dd87}\locale\en folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{b98cfd30-bfa2-41d8-94ac-835504b1dd87}\locale folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{b98cfd30-bfa2-41d8-94ac-835504b1dd87}\icons folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{b98cfd30-bfa2-41d8-94ac-835504b1dd87} folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{a1456921-60f9-4b19-ba9d-5f2a0867e37e}\locale\tr\facebook folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{a1456921-60f9-4b19-ba9d-5f2a0867e37e}\locale\tr folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{a1456921-60f9-4b19-ba9d-5f2a0867e37e}\locale\ru\facebook folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{a1456921-60f9-4b19-ba9d-5f2a0867e37e}\locale\ru folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{a1456921-60f9-4b19-ba9d-5f2a0867e37e}\locale\en\facebook folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{a1456921-60f9-4b19-ba9d-5f2a0867e37e}\locale\en folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{a1456921-60f9-4b19-ba9d-5f2a0867e37e}\locale folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{a1456921-60f9-4b19-ba9d-5f2a0867e37e}\facebook\modules\common\microbrowser\content folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{a1456921-60f9-4b19-ba9d-5f2a0867e37e}\facebook\modules\common\microbrowser folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{a1456921-60f9-4b19-ba9d-5f2a0867e37e}\facebook\modules\common folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{a1456921-60f9-4b19-ba9d-5f2a0867e37e}\facebook\modules folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{a1456921-60f9-4b19-ba9d-5f2a0867e37e}\facebook\core folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{a1456921-60f9-4b19-ba9d-5f2a0867e37e}\facebook\content\img folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{a1456921-60f9-4b19-ba9d-5f2a0867e37e}\facebook\content folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{a1456921-60f9-4b19-ba9d-5f2a0867e37e}\facebook folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{a1456921-60f9-4b19-ba9d-5f2a0867e37e}\-common\modules folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{a1456921-60f9-4b19-ba9d-5f2a0867e37e}\-common\img folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{a1456921-60f9-4b19-ba9d-5f2a0867e37e}\-common\content folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{a1456921-60f9-4b19-ba9d-5f2a0867e37e}\-common folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{a1456921-60f9-4b19-ba9d-5f2a0867e37e} folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{9c5073e3-730e-4894-adac-b5b5d9283f74}\xb-skin\default\images\icons folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{9c5073e3-730e-4894-adac-b5b5d9283f74}\xb-skin\default\images folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{9c5073e3-730e-4894-adac-b5b5d9283f74}\xb-skin\default folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{9c5073e3-730e-4894-adac-b5b5d9283f74}\xb-skin folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{9c5073e3-730e-4894-adac-b5b5d9283f74}\modules\common\SettingsWatcher folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{9c5073e3-730e-4894-adac-b5b5d9283f74}\modules\common\md5 folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{9c5073e3-730e-4894-adac-b5b5d9283f74}\modules\common\Mailman folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{9c5073e3-730e-4894-adac-b5b5d9283f74}\modules\common\Cache folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{9c5073e3-730e-4894-adac-b5b5d9283f74}\modules\common\Ajax folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{9c5073e3-730e-4894-adac-b5b5d9283f74}\modules\common folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{9c5073e3-730e-4894-adac-b5b5d9283f74}\modules folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{9c5073e3-730e-4894-adac-b5b5d9283f74}\locale\tr folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{9c5073e3-730e-4894-adac-b5b5d9283f74}\locale\ru folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{9c5073e3-730e-4894-adac-b5b5d9283f74}\locale\en folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{9c5073e3-730e-4894-adac-b5b5d9283f74}\locale folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{9c5073e3-730e-4894-adac-b5b5d9283f74}\content\slice\locale\tr folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{9c5073e3-730e-4894-adac-b5b5d9283f74}\content\slice\locale\ru folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{9c5073e3-730e-4894-adac-b5b5d9283f74}\content\slice\locale\en folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{9c5073e3-730e-4894-adac-b5b5d9283f74}\content\slice\locale folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{9c5073e3-730e-4894-adac-b5b5d9283f74}\content\slice\js folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{9c5073e3-730e-4894-adac-b5b5d9283f74}\content\slice\images\new-flags folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{9c5073e3-730e-4894-adac-b5b5d9283f74}\content\slice\images folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{9c5073e3-730e-4894-adac-b5b5d9283f74}\content\slice\css\build folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{9c5073e3-730e-4894-adac-b5b5d9283f74}\content\slice\css folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{9c5073e3-730e-4894-adac-b5b5d9283f74}\content\slice folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{9c5073e3-730e-4894-adac-b5b5d9283f74}\content folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{9c5073e3-730e-4894-adac-b5b5d9283f74} folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{982e7420-fd88-48b4-83da-5569b54b0695}\twitter\modules\common\oauth folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{982e7420-fd88-48b4-83da-5569b54b0695}\twitter\modules\common\microbrowser\content folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{982e7420-fd88-48b4-83da-5569b54b0695}\twitter\modules\common\microbrowser folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{982e7420-fd88-48b4-83da-5569b54b0695}\twitter\modules\common folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{982e7420-fd88-48b4-83da-5569b54b0695}\twitter\modules folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{982e7420-fd88-48b4-83da-5569b54b0695}\twitter\core folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{982e7420-fd88-48b4-83da-5569b54b0695}\twitter\content\slice\widget folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{982e7420-fd88-48b4-83da-5569b54b0695}\twitter\content\slice\transform folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{982e7420-fd88-48b4-83da-5569b54b0695}\twitter\content\slice\js folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{982e7420-fd88-48b4-83da-5569b54b0695}\twitter\content\slice\i folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{982e7420-fd88-48b4-83da-5569b54b0695}\twitter\content\slice folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{982e7420-fd88-48b4-83da-5569b54b0695}\twitter\content\microbrowser folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{982e7420-fd88-48b4-83da-5569b54b0695}\twitter\content\img folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{982e7420-fd88-48b4-83da-5569b54b0695}\twitter\content folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{982e7420-fd88-48b4-83da-5569b54b0695}\twitter folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{982e7420-fd88-48b4-83da-5569b54b0695}\locale\tr\twitter\content\slice\js folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{982e7420-fd88-48b4-83da-5569b54b0695}\locale\tr\twitter\content\slice folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{982e7420-fd88-48b4-83da-5569b54b0695}\locale\tr\twitter\content folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{982e7420-fd88-48b4-83da-5569b54b0695}\locale\tr\twitter folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{982e7420-fd88-48b4-83da-5569b54b0695}\locale\tr folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{982e7420-fd88-48b4-83da-5569b54b0695}\locale\ru\twitter\content\slice\js folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{982e7420-fd88-48b4-83da-5569b54b0695}\locale\ru\twitter\content\slice folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{982e7420-fd88-48b4-83da-5569b54b0695}\locale\ru\twitter\content folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{982e7420-fd88-48b4-83da-5569b54b0695}\locale\ru\twitter folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{982e7420-fd88-48b4-83da-5569b54b0695}\locale\ru folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{982e7420-fd88-48b4-83da-5569b54b0695}\locale\en\twitter\content\slice\js folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{982e7420-fd88-48b4-83da-5569b54b0695}\locale\en\twitter\content\slice folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{982e7420-fd88-48b4-83da-5569b54b0695}\locale\en\twitter\content folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{982e7420-fd88-48b4-83da-5569b54b0695}\locale\en\twitter folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{982e7420-fd88-48b4-83da-5569b54b0695}\locale\en folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{982e7420-fd88-48b4-83da-5569b54b0695}\locale folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{982e7420-fd88-48b4-83da-5569b54b0695}\-common\modules folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{982e7420-fd88-48b4-83da-5569b54b0695}\-common\img folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{982e7420-fd88-48b4-83da-5569b54b0695}\-common\content folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{982e7420-fd88-48b4-83da-5569b54b0695}\-common folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{982e7420-fd88-48b4-83da-5569b54b0695} folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{8c449b05-fda4-4f61-9c4b-2a800bb0ea30}\xb-skin folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{8c449b05-fda4-4f61-9c4b-2a800bb0ea30}\modules folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{8c449b05-fda4-4f61-9c4b-2a800bb0ea30}\locale\tr\radio folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{8c449b05-fda4-4f61-9c4b-2a800bb0ea30}\locale\tr folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{8c449b05-fda4-4f61-9c4b-2a800bb0ea30}\locale\ru\radio folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{8c449b05-fda4-4f61-9c4b-2a800bb0ea30}\locale\ru folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{8c449b05-fda4-4f61-9c4b-2a800bb0ea30}\locale\en\radio folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{8c449b05-fda4-4f61-9c4b-2a800bb0ea30}\locale\en folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{8c449b05-fda4-4f61-9c4b-2a800bb0ea30}\locale folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{8c449b05-fda4-4f61-9c4b-2a800bb0ea30}\content\gfx folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{8c449b05-fda4-4f61-9c4b-2a800bb0ea30}\content folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{8c449b05-fda4-4f61-9c4b-2a800bb0ea30} folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{6718b76e-3623-4679-a045-d51499c75c42}\native\fx\games\ui\jquery folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{6718b76e-3623-4679-a045-d51499c75c42}\native\fx\games\ui\images folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{6718b76e-3623-4679-a045-d51499c75c42}\native\fx\games\ui\css\b-widget-games folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{6718b76e-3623-4679-a045-d51499c75c42}\native\fx\games\ui\css\b-widget-flash folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{6718b76e-3623-4679-a045-d51499c75c42}\native\fx\games\ui\css\b-widget folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{6718b76e-3623-4679-a045-d51499c75c42}\native\fx\games\ui\css folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{6718b76e-3623-4679-a045-d51499c75c42}\native\fx\games\ui folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{6718b76e-3623-4679-a045-d51499c75c42}\native\fx\games folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{6718b76e-3623-4679-a045-d51499c75c42}\native\fx folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{6718b76e-3623-4679-a045-d51499c75c42}\native folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{6718b76e-3623-4679-a045-d51499c75c42}\locale\tr folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{6718b76e-3623-4679-a045-d51499c75c42}\locale\ru folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{6718b76e-3623-4679-a045-d51499c75c42}\locale\en folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{6718b76e-3623-4679-a045-d51499c75c42}\locale folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{6718b76e-3623-4679-a045-d51499c75c42}\icons folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{6718b76e-3623-4679-a045-d51499c75c42} folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{6588288e-9622-4fcd-95d5-5c7bd2fd5f01}\locale\tr\gmail folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{6588288e-9622-4fcd-95d5-5c7bd2fd5f01}\locale\tr folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{6588288e-9622-4fcd-95d5-5c7bd2fd5f01}\locale\ru\gmail folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{6588288e-9622-4fcd-95d5-5c7bd2fd5f01}\locale\ru folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{6588288e-9622-4fcd-95d5-5c7bd2fd5f01}\locale\en\gmail folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{6588288e-9622-4fcd-95d5-5c7bd2fd5f01}\locale\en folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{6588288e-9622-4fcd-95d5-5c7bd2fd5f01}\locale folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{6588288e-9622-4fcd-95d5-5c7bd2fd5f01}\gmail\modules folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{6588288e-9622-4fcd-95d5-5c7bd2fd5f01}\gmail\core folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{6588288e-9622-4fcd-95d5-5c7bd2fd5f01}\gmail\content\img folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{6588288e-9622-4fcd-95d5-5c7bd2fd5f01}\gmail\content folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{6588288e-9622-4fcd-95d5-5c7bd2fd5f01}\gmail folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{6588288e-9622-4fcd-95d5-5c7bd2fd5f01}\-common\modules folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{6588288e-9622-4fcd-95d5-5c7bd2fd5f01}\-common\img folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{6588288e-9622-4fcd-95d5-5c7bd2fd5f01}\-common\content folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{6588288e-9622-4fcd-95d5-5c7bd2fd5f01}\-common folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{6588288e-9622-4fcd-95d5-5c7bd2fd5f01} folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\weather folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\urls folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\traffic folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\templates folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\native\fx\yaru folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\native\fx\translator\scripts folder moved successfully.
wendyseana
2014-05-27, 23:05
Hello Juliet,
Here are the 1. OTL which must be divided into two pieces and 2. CFTScript logs :
1. All processes killed
========== OTL ==========
========== FILES ==========
C:\Users\gokarna\AppData\Roaming\Yandex folder moved successfully.
File\Folder C:\Users\gokarna\AppData\Local\Yandex not found.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yandex folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\vendor\branding\welcome\fx\img folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\vendor\branding\welcome\fx folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\vendor\branding\welcome folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\vendor\branding\toolbar folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\vendor\branding\statistics folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\vendor\branding\passport folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\vendor\branding\logobutton\icons folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\vendor\branding\logobutton folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\vendor\branding\locale\tr\welcome\fx folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\vendor\branding\locale\tr\welcome folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\vendor\branding\locale\tr\logobutton folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\vendor\branding\locale\tr\license\fx folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\vendor\branding\locale\tr\license folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\vendor\branding\locale\tr\fx\about folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\vendor\branding\locale\tr\fx folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\vendor\branding\locale\tr\fastdial folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\vendor\branding\locale\tr\about folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\vendor\branding\locale\tr folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\vendor\branding\locale\ru\welcome\fx folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\vendor\branding\locale\ru\welcome folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\vendor\branding\locale\ru\logobutton folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\vendor\branding\locale\ru\license\fx folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\vendor\branding\locale\ru\license folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\vendor\branding\locale\ru\fx\about folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\vendor\branding\locale\ru\fx folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\vendor\branding\locale\ru\fastdial folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\vendor\branding\locale\ru\about folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\vendor\branding\locale\ru folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\vendor\branding\locale\en\welcome\fx folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\vendor\branding\locale\en\welcome folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\vendor\branding\locale\en\logobutton folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\vendor\branding\locale\en\license\fx folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\vendor\branding\locale\en\license folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\vendor\branding\locale\en\fx\about folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\vendor\branding\locale\en\fx folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\vendor\branding\locale\en\fastdial folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\vendor\branding\locale\en\about folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\vendor\branding\locale\en folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\vendor\branding\locale folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\vendor\branding\license\fx\sublicenses folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\vendor\branding\license\fx folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\vendor\branding\license folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\vendor\branding\icons folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\vendor\branding\fx\logobutton folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\vendor\branding\fx\about folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\vendor\branding\fx folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\vendor\branding\distribution folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\vendor\branding\browser folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\vendor\branding\about folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\vendor\branding folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\vendor folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\presets folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\parsed_comps folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{fc5f6770-96bb-4f9a-b255-806fe8d8ebdf}\xb-skin\default\gfx\icons folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{fc5f6770-96bb-4f9a-b255-806fe8d8ebdf}\xb-skin\default\gfx folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{fc5f6770-96bb-4f9a-b255-806fe8d8ebdf}\xb-skin\default folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{fc5f6770-96bb-4f9a-b255-806fe8d8ebdf}\xb-skin folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{fc5f6770-96bb-4f9a-b255-806fe8d8ebdf}\modules folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{fc5f6770-96bb-4f9a-b255-806fe8d8ebdf}\locale\tr folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{fc5f6770-96bb-4f9a-b255-806fe8d8ebdf}\locale\ru folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{fc5f6770-96bb-4f9a-b255-806fe8d8ebdf}\locale\en folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{fc5f6770-96bb-4f9a-b255-806fe8d8ebdf}\locale folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{fc5f6770-96bb-4f9a-b255-806fe8d8ebdf}\lib folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{fc5f6770-96bb-4f9a-b255-806fe8d8ebdf}\img folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{fc5f6770-96bb-4f9a-b255-806fe8d8ebdf}\content\microbrowser folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{fc5f6770-96bb-4f9a-b255-806fe8d8ebdf}\content folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{fc5f6770-96bb-4f9a-b255-806fe8d8ebdf} folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{f741a4cb-bccd-4f77-ba1a-09dd062fd4f0}\skin\icons folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{f741a4cb-bccd-4f77-ba1a-09dd062fd4f0}\skin folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{f741a4cb-bccd-4f77-ba1a-09dd062fd4f0}\modules\proto folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{f741a4cb-bccd-4f77-ba1a-09dd062fd4f0}\modules\libs folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{f741a4cb-bccd-4f77-ba1a-09dd062fd4f0}\modules\engines\typedurls folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{f741a4cb-bccd-4f77-ba1a-09dd062fd4f0}\modules\engines\tophistory folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{f741a4cb-bccd-4f77-ba1a-09dd062fd4f0}\modules\engines\pinned\modules folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{f741a4cb-bccd-4f77-ba1a-09dd062fd4f0}\modules\engines\pinned folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{f741a4cb-bccd-4f77-ba1a-09dd062fd4f0}\modules\engines\passwords\modules folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{f741a4cb-bccd-4f77-ba1a-09dd062fd4f0}\modules\engines\passwords folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{f741a4cb-bccd-4f77-ba1a-09dd062fd4f0}\modules\engines\nigori\modules folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{f741a4cb-bccd-4f77-ba1a-09dd062fd4f0}\modules\engines\nigori folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{f741a4cb-bccd-4f77-ba1a-09dd062fd4f0}\modules\engines\deviceinfo\modules folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{f741a4cb-bccd-4f77-ba1a-09dd062fd4f0}\modules\engines\deviceinfo folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{f741a4cb-bccd-4f77-ba1a-09dd062fd4f0}\modules\engines\bookmarks\modules folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{f741a4cb-bccd-4f77-ba1a-09dd062fd4f0}\modules\engines\bookmarks folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{f741a4cb-bccd-4f77-ba1a-09dd062fd4f0}\modules\engines\autofill folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{f741a4cb-bccd-4f77-ba1a-09dd062fd4f0}\modules\engines folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{f741a4cb-bccd-4f77-ba1a-09dd062fd4f0}\modules folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{f741a4cb-bccd-4f77-ba1a-09dd062fd4f0}\locale\tr folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{f741a4cb-bccd-4f77-ba1a-09dd062fd4f0}\locale\ru folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{f741a4cb-bccd-4f77-ba1a-09dd062fd4f0}\locale\en folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{f741a4cb-bccd-4f77-ba1a-09dd062fd4f0}\locale folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{f741a4cb-bccd-4f77-ba1a-09dd062fd4f0}\icons folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{f741a4cb-bccd-4f77-ba1a-09dd062fd4f0}\content\wpage\sync folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{f741a4cb-bccd-4f77-ba1a-09dd062fd4f0}\content\wpage folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{f741a4cb-bccd-4f77-ba1a-09dd062fd4f0}\content\settings folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{f741a4cb-bccd-4f77-ba1a-09dd062fd4f0}\content\bindings\islands\icons folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{f741a4cb-bccd-4f77-ba1a-09dd062fd4f0}\content\bindings\islands\controls folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{f741a4cb-bccd-4f77-ba1a-09dd062fd4f0}\content\bindings\islands folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{f741a4cb-bccd-4f77-ba1a-09dd062fd4f0}\content\bindings folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{f741a4cb-bccd-4f77-ba1a-09dd062fd4f0}\content folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{f741a4cb-bccd-4f77-ba1a-09dd062fd4f0} folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{b98cfd30-bfa2-41d8-94ac-835504b1dd87}\__MACOSX\locale\tr folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{b98cfd30-bfa2-41d8-94ac-835504b1dd87}\__MACOSX\locale\ru folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{b98cfd30-bfa2-41d8-94ac-835504b1dd87}\__MACOSX\locale\en folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{b98cfd30-bfa2-41d8-94ac-835504b1dd87}\__MACOSX\locale folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{b98cfd30-bfa2-41d8-94ac-835504b1dd87}\__MACOSX\icons folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{b98cfd30-bfa2-41d8-94ac-835504b1dd87}\__MACOSX folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{b98cfd30-bfa2-41d8-94ac-835504b1dd87}\locale\tr folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{b98cfd30-bfa2-41d8-94ac-835504b1dd87}\locale\ru folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{b98cfd30-bfa2-41d8-94ac-835504b1dd87}\locale\en folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{b98cfd30-bfa2-41d8-94ac-835504b1dd87}\locale folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{b98cfd30-bfa2-41d8-94ac-835504b1dd87}\icons folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{b98cfd30-bfa2-41d8-94ac-835504b1dd87} folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{a1456921-60f9-4b19-ba9d-5f2a0867e37e}\locale\tr\facebook folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{a1456921-60f9-4b19-ba9d-5f2a0867e37e}\locale\tr folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{a1456921-60f9-4b19-ba9d-5f2a0867e37e}\locale\ru\facebook folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{a1456921-60f9-4b19-ba9d-5f2a0867e37e}\locale\ru folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{a1456921-60f9-4b19-ba9d-5f2a0867e37e}\locale\en\facebook folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{a1456921-60f9-4b19-ba9d-5f2a0867e37e}\locale\en folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{a1456921-60f9-4b19-ba9d-5f2a0867e37e}\locale folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{a1456921-60f9-4b19-ba9d-5f2a0867e37e}\facebook\modules\common\microbrowser\content folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{a1456921-60f9-4b19-ba9d-5f2a0867e37e}\facebook\modules\common\microbrowser folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{a1456921-60f9-4b19-ba9d-5f2a0867e37e}\facebook\modules\common folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{a1456921-60f9-4b19-ba9d-5f2a0867e37e}\facebook\modules folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{a1456921-60f9-4b19-ba9d-5f2a0867e37e}\facebook\core folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{a1456921-60f9-4b19-ba9d-5f2a0867e37e}\facebook\content\img folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{a1456921-60f9-4b19-ba9d-5f2a0867e37e}\facebook\content folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{a1456921-60f9-4b19-ba9d-5f2a0867e37e}\facebook folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{a1456921-60f9-4b19-ba9d-5f2a0867e37e}\-common\modules folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{a1456921-60f9-4b19-ba9d-5f2a0867e37e}\-common\img folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{a1456921-60f9-4b19-ba9d-5f2a0867e37e}\-common\content folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{a1456921-60f9-4b19-ba9d-5f2a0867e37e}\-common folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{a1456921-60f9-4b19-ba9d-5f2a0867e37e} folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{9c5073e3-730e-4894-adac-b5b5d9283f74}\xb-skin\default\images\icons folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{9c5073e3-730e-4894-adac-b5b5d9283f74}\xb-skin\default\images folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{9c5073e3-730e-4894-adac-b5b5d9283f74}\xb-skin\default folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{9c5073e3-730e-4894-adac-b5b5d9283f74}\xb-skin folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{9c5073e3-730e-4894-adac-b5b5d9283f74}\modules\common\SettingsWatcher folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{9c5073e3-730e-4894-adac-b5b5d9283f74}\modules\common\md5 folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{9c5073e3-730e-4894-adac-b5b5d9283f74}\modules\common\Mailman folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{9c5073e3-730e-4894-adac-b5b5d9283f74}\modules\common\Cache folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{9c5073e3-730e-4894-adac-b5b5d9283f74}\modules\common\Ajax folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{9c5073e3-730e-4894-adac-b5b5d9283f74}\modules\common folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{9c5073e3-730e-4894-adac-b5b5d9283f74}\modules folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{9c5073e3-730e-4894-adac-b5b5d9283f74}\locale\tr folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{9c5073e3-730e-4894-adac-b5b5d9283f74}\locale\ru folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{9c5073e3-730e-4894-adac-b5b5d9283f74}\locale\en folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{9c5073e3-730e-4894-adac-b5b5d9283f74}\locale folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{9c5073e3-730e-4894-adac-b5b5d9283f74}\content\slice\locale\tr folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{9c5073e3-730e-4894-adac-b5b5d9283f74}\content\slice\locale\ru folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{9c5073e3-730e-4894-adac-b5b5d9283f74}\content\slice\locale\en folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{9c5073e3-730e-4894-adac-b5b5d9283f74}\content\slice\locale folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{9c5073e3-730e-4894-adac-b5b5d9283f74}\content\slice\js folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{9c5073e3-730e-4894-adac-b5b5d9283f74}\content\slice\images\new-flags folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{9c5073e3-730e-4894-adac-b5b5d9283f74}\content\slice\images folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{9c5073e3-730e-4894-adac-b5b5d9283f74}\content\slice\css\build folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{9c5073e3-730e-4894-adac-b5b5d9283f74}\content\slice\css folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{9c5073e3-730e-4894-adac-b5b5d9283f74}\content\slice folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{9c5073e3-730e-4894-adac-b5b5d9283f74}\content folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{9c5073e3-730e-4894-adac-b5b5d9283f74} folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{982e7420-fd88-48b4-83da-5569b54b0695}\twitter\modules\common\oauth folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{982e7420-fd88-48b4-83da-5569b54b0695}\twitter\modules\common\microbrowser\content folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{982e7420-fd88-48b4-83da-5569b54b0695}\twitter\modules\common\microbrowser folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{982e7420-fd88-48b4-83da-5569b54b0695}\twitter\modules\common folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{982e7420-fd88-48b4-83da-5569b54b0695}\twitter\modules folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{982e7420-fd88-48b4-83da-5569b54b0695}\twitter\core folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{982e7420-fd88-48b4-83da-5569b54b0695}\twitter\content\slice\widget folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{982e7420-fd88-48b4-83da-5569b54b0695}\twitter\content\slice\transform folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{982e7420-fd88-48b4-83da-5569b54b0695}\twitter\content\slice\js folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{982e7420-fd88-48b4-83da-5569b54b0695}\twitter\content\slice\i folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{982e7420-fd88-48b4-83da-5569b54b0695}\twitter\content\slice folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{982e7420-fd88-48b4-83da-5569b54b0695}\twitter\content\microbrowser folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{982e7420-fd88-48b4-83da-5569b54b0695}\twitter\content\img folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{982e7420-fd88-48b4-83da-5569b54b0695}\twitter\content folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{982e7420-fd88-48b4-83da-5569b54b0695}\twitter folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{982e7420-fd88-48b4-83da-5569b54b0695}\locale\tr\twitter\content\slice\js folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{982e7420-fd88-48b4-83da-5569b54b0695}\locale\tr\twitter\content\slice folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{982e7420-fd88-48b4-83da-5569b54b0695}\locale\tr\twitter\content folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{982e7420-fd88-48b4-83da-5569b54b0695}\locale\tr\twitter folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{982e7420-fd88-48b4-83da-5569b54b0695}\locale\tr folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{982e7420-fd88-48b4-83da-5569b54b0695}\locale\ru\twitter\content\slice\js folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{982e7420-fd88-48b4-83da-5569b54b0695}\locale\ru\twitter\content\slice folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{982e7420-fd88-48b4-83da-5569b54b0695}\locale\ru\twitter\content folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{982e7420-fd88-48b4-83da-5569b54b0695}\locale\ru\twitter folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{982e7420-fd88-48b4-83da-5569b54b0695}\locale\ru folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{982e7420-fd88-48b4-83da-5569b54b0695}\locale\en\twitter\content\slice\js folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{982e7420-fd88-48b4-83da-5569b54b0695}\locale\en\twitter\content\slice folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{982e7420-fd88-48b4-83da-5569b54b0695}\locale\en\twitter\content folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{982e7420-fd88-48b4-83da-5569b54b0695}\locale\en\twitter folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{982e7420-fd88-48b4-83da-5569b54b0695}\locale\en folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{982e7420-fd88-48b4-83da-5569b54b0695}\locale folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{982e7420-fd88-48b4-83da-5569b54b0695}\-common\modules folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{982e7420-fd88-48b4-83da-5569b54b0695}\-common\img folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{982e7420-fd88-48b4-83da-5569b54b0695}\-common\content folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{982e7420-fd88-48b4-83da-5569b54b0695}\-common folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{982e7420-fd88-48b4-83da-5569b54b0695} folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{8c449b05-fda4-4f61-9c4b-2a800bb0ea30}\xb-skin folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{8c449b05-fda4-4f61-9c4b-2a800bb0ea30}\modules folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{8c449b05-fda4-4f61-9c4b-2a800bb0ea30}\locale\tr\radio folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{8c449b05-fda4-4f61-9c4b-2a800bb0ea30}\locale\tr folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{8c449b05-fda4-4f61-9c4b-2a800bb0ea30}\locale\ru\radio folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{8c449b05-fda4-4f61-9c4b-2a800bb0ea30}\locale\ru folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{8c449b05-fda4-4f61-9c4b-2a800bb0ea30}\locale\en\radio folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{8c449b05-fda4-4f61-9c4b-2a800bb0ea30}\locale\en folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{8c449b05-fda4-4f61-9c4b-2a800bb0ea30}\locale folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{8c449b05-fda4-4f61-9c4b-2a800bb0ea30}\content\gfx folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{8c449b05-fda4-4f61-9c4b-2a800bb0ea30}\content folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{8c449b05-fda4-4f61-9c4b-2a800bb0ea30} folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{6718b76e-3623-4679-a045-d51499c75c42}\native\fx\games\ui\jquery folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{6718b76e-3623-4679-a045-d51499c75c42}\native\fx\games\ui\images folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{6718b76e-3623-4679-a045-d51499c75c42}\native\fx\games\ui\css\b-widget-games folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{6718b76e-3623-4679-a045-d51499c75c42}\native\fx\games\ui\css\b-widget-flash folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{6718b76e-3623-4679-a045-d51499c75c42}\native\fx\games\ui\css\b-widget folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{6718b76e-3623-4679-a045-d51499c75c42}\native\fx\games\ui\css folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{6718b76e-3623-4679-a045-d51499c75c42}\native\fx\games\ui folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{6718b76e-3623-4679-a045-d51499c75c42}\native\fx\games folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{6718b76e-3623-4679-a045-d51499c75c42}\native\fx folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{6718b76e-3623-4679-a045-d51499c75c42}\native folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{6718b76e-3623-4679-a045-d51499c75c42}\locale\tr folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{6718b76e-3623-4679-a045-d51499c75c42}\locale\ru folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{6718b76e-3623-4679-a045-d51499c75c42}\locale\en folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{6718b76e-3623-4679-a045-d51499c75c42}\locale folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{6718b76e-3623-4679-a045-d51499c75c42}\icons folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{6718b76e-3623-4679-a045-d51499c75c42} folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{6588288e-9622-4fcd-95d5-5c7bd2fd5f01}\locale\tr\gmail folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{6588288e-9622-4fcd-95d5-5c7bd2fd5f01}\locale\tr folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{6588288e-9622-4fcd-95d5-5c7bd2fd5f01}\locale\ru\gmail folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{6588288e-9622-4fcd-95d5-5c7bd2fd5f01}\locale\ru folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{6588288e-9622-4fcd-95d5-5c7bd2fd5f01}\locale\en\gmail folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{6588288e-9622-4fcd-95d5-5c7bd2fd5f01}\locale\en folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{6588288e-9622-4fcd-95d5-5c7bd2fd5f01}\locale folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{6588288e-9622-4fcd-95d5-5c7bd2fd5f01}\gmail\modules folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{6588288e-9622-4fcd-95d5-5c7bd2fd5f01}\gmail\core folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{6588288e-9622-4fcd-95d5-5c7bd2fd5f01}\gmail\content\img folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{6588288e-9622-4fcd-95d5-5c7bd2fd5f01}\gmail\content folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{6588288e-9622-4fcd-95d5-5c7bd2fd5f01}\gmail folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{6588288e-9622-4fcd-95d5-5c7bd2fd5f01}\-common\modules folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{6588288e-9622-4fcd-95d5-5c7bd2fd5f01}\-common\img folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{6588288e-9622-4fcd-95d5-5c7bd2fd5f01}\-common\content folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{6588288e-9622-4fcd-95d5-5c7bd2fd5f01}\-common folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{6588288e-9622-4fcd-95d5-5c7bd2fd5f01} folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\weather folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\urls folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\traffic folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\templates folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\native\fx\yaru folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\native\fx\translator\scripts folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\native\fx\translator\icons folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\native\fx\translator\css folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\native\fx\translator folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\native\fx\town\slice-w\jquery folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\native\fx\town\slice-w\img folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\native\fx\town\slice-w folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\native\fx\town\slice-t\jquery\images folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\native\fx\town\slice-t\jquery folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\native\fx\town\slice-t\img folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\native\fx\town\slice-t folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\native\fx\town folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\native\fx\textonly\inframe folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\native\fx\textonly folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\native\fx\templates folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\native\fx\styles folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\native\fx\spam folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\native\fx\settings folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\native\fx\separators folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\native\fx\quote\styles folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\native\fx\quote\modules folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\native\fx\quote\icons folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\native\fx\quote\bindings folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\native\fx\quote folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\native\fx\pagetranslator\notifications folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\native\fx\pagetranslator folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\native\fx\opinions\i folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\native\fx\opinions folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\native\fx\music\slice\noflash folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\native\fx\music\slice folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\native\fx\music\i folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\native\fx\music folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\native\fx\money folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\native\fx\moikrug folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\native\fx\modules\dicts folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\native\fx\modules folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\native\fx\mail\slice\jquery\1.7.2 folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\native\fx\mail\slice\jquery folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\native\fx\mail\slice\img folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\native\fx\mail\slice folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\native\fx\mail folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\native\fx\logo folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\native\fx\login folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\native\fx\lenta folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\native\fx\icons\throbber folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\native\fx\icons\status folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\native\fx\icons\arrows folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\native\fx\icons folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\native\fx\geolocation folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\native\fx\fotki folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\native\fx\dialogs\opinions\icons folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\native\fx\dialogs\opinions folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\native\fx\dialogs\feeds folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\native\fx\dialogs\bookmarks folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\native\fx\dialogs\auth folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\native\fx\dialogs folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\native\fx\cy\i folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\native\fx\cy folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\native\fx\bookmarks folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\native\fx\bindings\orange\radio folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\native\fx\bindings\orange\progressmeter folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\native\fx\bindings\orange\notification folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\native\fx\bindings\orange\more\images folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\native\fx\bindings\orange\more folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\native\fx\bindings\orange\link folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\native\fx\bindings\orange\label folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\native\fx\bindings\orange\dialog folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\native\fx\bindings\orange\checkbox folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\native\fx\bindings\orange\button\images folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\native\fx\bindings\orange\button folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\native\fx\bindings\orange folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\native\fx\bindings folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\native\fx folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\native folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\locale\tr\native\fx\icons folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\locale\tr\native\fx folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\locale\tr\native folder moved successfully.
wendyseana
2014-05-27, 23:15
Hi again,
Sorry I must be too tired to be here and repeated the first half of my OTL and CFscript logs.Here is the second half
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\locale\tr\mail folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\locale\tr\icons\logo\ya folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\locale\tr\icons\logo folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\locale\tr\icons folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\locale\tr folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\locale\ru\native\fx folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\locale\ru\native folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\locale\ru\mail folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\locale\ru\brand\yandex\urls folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\locale\ru\brand\yandex folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\locale\ru\brand folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\locale\ru folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\locale\en\native\fx\icons folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\locale\en\native\fx folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\locale\en\native folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\locale\en\mail folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\locale\en\icons\logo\ya folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\locale\en\icons\logo folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\locale\en\icons folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\locale\en\brand\yandex\urls folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\locale\en\brand\yandex folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\locale\en\brand folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\locale\en folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\locale folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\icons\textonly folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\icons\pagetranslator folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\icons\logo\ya folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\icons\logo folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\icons folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\brand\ua\urls folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\brand\ua\templates folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\brand\ua\native\fx\translator folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\brand\ua\native\fx folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\brand\ua\native folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\brand\ua folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\brand\tb\urls folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\brand\tb\templates folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\brand\tb\native\fx\translator folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\brand\tb\native\fx\quote folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\brand\tb\native\fx folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\brand\tb\native folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\brand\tb folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\brand folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c} folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{373df4af-0572-4b83-8373-9943d2c400b3}\module folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{373df4af-0572-4b83-8373-9943d2c400b3}\locale\tr folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{373df4af-0572-4b83-8373-9943d2c400b3}\locale\ru folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{373df4af-0572-4b83-8373-9943d2c400b3}\locale\en folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{373df4af-0572-4b83-8373-9943d2c400b3}\locale folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{373df4af-0572-4b83-8373-9943d2c400b3}\icons folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{373df4af-0572-4b83-8373-9943d2c400b3}\content\js folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{373df4af-0572-4b83-8373-9943d2c400b3}\content\css\jquery-ui folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{373df4af-0572-4b83-8373-9943d2c400b3}\content\css\b-news-title folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{373df4af-0572-4b83-8373-9943d2c400b3}\content\css\b-news-slice folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{373df4af-0572-4b83-8373-9943d2c400b3}\content\css\b-news-menu folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{373df4af-0572-4b83-8373-9943d2c400b3}\content\css\b-news-list folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{373df4af-0572-4b83-8373-9943d2c400b3}\content\css folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{373df4af-0572-4b83-8373-9943d2c400b3}\content folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{373df4af-0572-4b83-8373-9943d2c400b3} folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{2254407c-81df-459d-bad0-7ceccbf8b675}\res\pages\style folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{2254407c-81df-459d-bad0-7ceccbf8b675}\res\pages\js folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{2254407c-81df-459d-bad0-7ceccbf8b675}\res\pages folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{2254407c-81df-459d-bad0-7ceccbf8b675}\res\icons folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{2254407c-81df-459d-bad0-7ceccbf8b675}\res folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{2254407c-81df-459d-bad0-7ceccbf8b675}\locale\tr folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{2254407c-81df-459d-bad0-7ceccbf8b675}\locale\ru folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{2254407c-81df-459d-bad0-7ceccbf8b675}\locale\en folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{2254407c-81df-459d-bad0-7ceccbf8b675}\locale folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{2254407c-81df-459d-bad0-7ceccbf8b675}\code\sklib folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{2254407c-81df-459d-bad0-7ceccbf8b675}\code\mail\pop3 folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{2254407c-81df-459d-bad0-7ceccbf8b675}\code\mail folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{2254407c-81df-459d-bad0-7ceccbf8b675}\code\hotmail\ui folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{2254407c-81df-459d-bad0-7ceccbf8b675}\code\hotmail\img folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{2254407c-81df-459d-bad0-7ceccbf8b675}\code\hotmail\ApplicationAPI folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{2254407c-81df-459d-bad0-7ceccbf8b675}\code\hotmail folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{2254407c-81df-459d-bad0-7ceccbf8b675}\code\caolan folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{2254407c-81df-459d-bad0-7ceccbf8b675}\code folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{2254407c-81df-459d-bad0-7ceccbf8b675} folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{1e28dda5-5640-4081-b86b-2955580d99d4}\native folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{1e28dda5-5640-4081-b86b-2955580d99d4}\locale\tr folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{1e28dda5-5640-4081-b86b-2955580d99d4}\locale\ru\brand\ua folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{1e28dda5-5640-4081-b86b-2955580d99d4}\locale\ru\brand\tb folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{1e28dda5-5640-4081-b86b-2955580d99d4}\locale\ru\brand folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{1e28dda5-5640-4081-b86b-2955580d99d4}\locale\ru folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{1e28dda5-5640-4081-b86b-2955580d99d4}\locale\en\brand\ua folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{1e28dda5-5640-4081-b86b-2955580d99d4}\locale\en\brand\tb folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{1e28dda5-5640-4081-b86b-2955580d99d4}\locale\en\brand folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{1e28dda5-5640-4081-b86b-2955580d99d4}\locale\en folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{1e28dda5-5640-4081-b86b-2955580d99d4}\locale folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{1e28dda5-5640-4081-b86b-2955580d99d4}\icons folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{1e28dda5-5640-4081-b86b-2955580d99d4} folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{19788787-001b-4840-a500-e5e727d639b7}\welcome\js folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{19788787-001b-4840-a500-e5e727d639b7}\welcome\css\l-table folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{19788787-001b-4840-a500-e5e727d639b7}\welcome\css\l-footer folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{19788787-001b-4840-a500-e5e727d639b7}\welcome\css\l-content folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{19788787-001b-4840-a500-e5e727d639b7}\welcome\css\g-clear folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{19788787-001b-4840-a500-e5e727d639b7}\welcome\css\b-video folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{19788787-001b-4840-a500-e5e727d639b7}\welcome\css\b-title folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{19788787-001b-4840-a500-e5e727d639b7}\welcome\css\b-suggest-menu folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{19788787-001b-4840-a500-e5e727d639b7}\welcome\css\b-suggest\_ie folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{19788787-001b-4840-a500-e5e727d639b7}\welcome\css\b-suggest\_ff folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{19788787-001b-4840-a500-e5e727d639b7}\welcome\css\b-suggest folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{19788787-001b-4840-a500-e5e727d639b7}\welcome\css\b-menu-ico folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{19788787-001b-4840-a500-e5e727d639b7}\welcome\css\b-logo folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{19788787-001b-4840-a500-e5e727d639b7}\welcome\css\b-footer-links folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{19788787-001b-4840-a500-e5e727d639b7}\welcome\css\b-footer folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{19788787-001b-4840-a500-e5e727d639b7}\welcome\css folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{19788787-001b-4840-a500-e5e727d639b7}\welcome folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{19788787-001b-4840-a500-e5e727d639b7}\native\providers folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{19788787-001b-4840-a500-e5e727d639b7}\native\engineManager folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{19788787-001b-4840-a500-e5e727d639b7}\native\corrector folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{19788787-001b-4840-a500-e5e727d639b7}\native folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{19788787-001b-4840-a500-e5e727d639b7}\locale\tr\welcome folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{19788787-001b-4840-a500-e5e727d639b7}\locale\tr folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{19788787-001b-4840-a500-e5e727d639b7}\locale\ru\welcome folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{19788787-001b-4840-a500-e5e727d639b7}\locale\ru\brand\ua\welcome folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{19788787-001b-4840-a500-e5e727d639b7}\locale\ru\brand\ua folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{19788787-001b-4840-a500-e5e727d639b7}\locale\ru\brand\tb folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{19788787-001b-4840-a500-e5e727d639b7}\locale\ru\brand folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{19788787-001b-4840-a500-e5e727d639b7}\locale\ru folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{19788787-001b-4840-a500-e5e727d639b7}\locale\en\welcome folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{19788787-001b-4840-a500-e5e727d639b7}\locale\en\brand\ua\welcome folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{19788787-001b-4840-a500-e5e727d639b7}\locale\en\brand\ua folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{19788787-001b-4840-a500-e5e727d639b7}\locale\en\brand\tb folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{19788787-001b-4840-a500-e5e727d639b7}\locale\en\brand folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{19788787-001b-4840-a500-e5e727d639b7}\locale\en folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{19788787-001b-4840-a500-e5e727d639b7}\locale folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{19788787-001b-4840-a500-e5e727d639b7}\icons\traffic folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{19788787-001b-4840-a500-e5e727d639b7}\icons\addressbar folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{19788787-001b-4840-a500-e5e727d639b7}\icons folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{19788787-001b-4840-a500-e5e727d639b7}\data folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{19788787-001b-4840-a500-e5e727d639b7} folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{0fb70df7-3dcd-4f61-a5e4-3f45adc6fc3a}\styles\ts folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{0fb70df7-3dcd-4f61-a5e4-3f45adc6fc3a}\styles\mc folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{0fb70df7-3dcd-4f61-a5e4-3f45adc6fc3a}\styles folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{0fb70df7-3dcd-4f61-a5e4-3f45adc6fc3a}\slice folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{0fb70df7-3dcd-4f61-a5e4-3f45adc6fc3a}\scripts folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{0fb70df7-3dcd-4f61-a5e4-3f45adc6fc3a}\modules folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{0fb70df7-3dcd-4f61-a5e4-3f45adc6fc3a}\locale\tr\icons folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{0fb70df7-3dcd-4f61-a5e4-3f45adc6fc3a}\locale\tr folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{0fb70df7-3dcd-4f61-a5e4-3f45adc6fc3a}\locale\ru folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{0fb70df7-3dcd-4f61-a5e4-3f45adc6fc3a}\locale\en\icons folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{0fb70df7-3dcd-4f61-a5e4-3f45adc6fc3a}\locale\en folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{0fb70df7-3dcd-4f61-a5e4-3f45adc6fc3a}\locale folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{0fb70df7-3dcd-4f61-a5e4-3f45adc6fc3a}\links folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{0fb70df7-3dcd-4f61-a5e4-3f45adc6fc3a}\icons\mc-badge folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{0fb70df7-3dcd-4f61-a5e4-3f45adc6fc3a}\icons folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{0fb70df7-3dcd-4f61-a5e4-3f45adc6fc3a}\data folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{0fb70df7-3dcd-4f61-a5e4-3f45adc6fc3a}\brand\ua\links folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{0fb70df7-3dcd-4f61-a5e4-3f45adc6fc3a}\brand\ua folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{0fb70df7-3dcd-4f61-a5e4-3f45adc6fc3a}\brand\tb\links folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{0fb70df7-3dcd-4f61-a5e4-3f45adc6fc3a}\brand\tb folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{0fb70df7-3dcd-4f61-a5e4-3f45adc6fc3a}\brand folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{0fb70df7-3dcd-4f61-a5e4-3f45adc6fc3a}\bindings\ts folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{0fb70df7-3dcd-4f61-a5e4-3f45adc6fc3a}\bindings\mc folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{0fb70df7-3dcd-4f61-a5e4-3f45adc6fc3a}\bindings\islands\icons folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{0fb70df7-3dcd-4f61-a5e4-3f45adc6fc3a}\bindings\islands\controls folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{0fb70df7-3dcd-4f61-a5e4-3f45adc6fc3a}\bindings\islands folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{0fb70df7-3dcd-4f61-a5e4-3f45adc6fc3a}\bindings folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{0fb70df7-3dcd-4f61-a5e4-3f45adc6fc3a} folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\native_storage\http%3A%2F%2Fbar.yandex.ru%2Fpackages%2Fyandexbar%23translator folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\native_storage\http%3A%2F%2Fbar-widgets.yandex.ru%2Fpackages%2Fapproved%2F176%2Fmanifest.xml%23smartbox folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\native_storage\http%3A%2F%2Fbar-widgets.yandex.ru%2Fpackages%2Fapproved%2F176%2Fmanifest.xml folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\native_storage\http%3A%2F%2Fbar-widgets.yandex.ru%2Fpackages%2Fapproved%2F143%2Fmanifest.xml%23typosquatting folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\native_storage\http%3A%2F%2Fbar-widgets.yandex.ru%2Fpackages%2Fapproved%2F143%2Fmanifest.xml%23mc folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\native_storage\http%3A%2F%2Fbar-widgets.yandex.ru%2Fpackages%2Fapproved%2F131%2Fmanifest.xml%23facebook folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\native_storage\http%3A%2F%2Fbar-widgets.yandex.ru%2Fpackages%2Fapproved%2F126%2Fmanifest.xml%23yahoomail folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\native_storage folder moved successfully.
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb folder moved successfully.
File\Folder C:\Program Files\Yandex not found.
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\Software\AppDataLow\Software\Yandex\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{54079e4f-b72f-4c73-939e-3e10f242767f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{54079e4f-b72f-4c73-939e-3e10f242767f}\ not found.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\“Start Page”|”http://www.google.com/” /E :invalid edit format. Invalid data type.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\y\\@|" http://www.google.com/ %s" /E : value set successfully!
Registry key HKEY_CURRENT_USER\Software\Classes\.crx\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Classes\TypeLib\{B01CA563-8D3B-4E50-94B7-BBCED71B3083}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B01CA563-8D3B-4E50-94B7-BBCED71B3083}\ not found.
Registry key HKEY_CURRENT_USER\Software\Classes\YandexBrowser.crx\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.htm\OpenWithProgids\\YandexHTML.FRWESAIQ3UMB4SAG6QDLDICFXE deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.html\OpenWithProgids\\YandexHTML.FRWESAIQ3UMB4SAG6QDLDICFXE deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.pdf\OpenWithProgids\\YandexPDF.FRWESAIQ3UMB4SAG6QDLDICFXE deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.shtml\OpenWithProgids\\YandexHTML.FRWESAIQ3UMB4SAG6QDLDICFXE deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.swf\OpenWithProgids\\YandexHTML.FRWESAIQ3UMB4SAG6QDLDICFXE deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.webp\OpenWithProgids\\YandexHTML.FRWESAIQ3UMB4SAG6QDLDICFXE deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.xht\OpenWithProgids\\YandexHTML.FRWESAIQ3UMB4SAG6QDLDICFXE deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.xhtml\OpenWithProgids\\YandexHTML.FRWESAIQ3UMB4SAG6QDLDICFXE deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{AFBDA429-7995-4CCA-9298-7C7D6B4A244C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFBDA429-7995-4CCA-9298-7C7D6B4A244C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YandexHTML.FRWESAIQ3UMB4SAG6QDLDICFXE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YandexPDF.FRWESAIQ3UMB4SAG6QDLDICFXE\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Yandex\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000\Software\AppDataLow\Software\Yandex\ not found.
Registry key HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{54079e4f-b72f-4c73-939e-3e10f242767f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{54079e4f-b72f-4c73-939e-3e10f242767f}\ not found.
HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000\Software\Microsoft\Internet Explorer\Main\\“Start Page”|”http://www.google.com/” /E :invalid edit format. Invalid data type.
Registry key HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000\Software\Microsoft\Internet Explorer\SearchUrl\y\\@|" http://www.google.com/ %s" /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000\Software\Classes\.crx\ not found.
Registry key HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000\Software\Classes\TypeLib\{B01CA563-8D3B-4E50-94B7-BBCED71B3083}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B01CA563-8D3B-4E50-94B7-BBCED71B3083}\ not found.
Registry key HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000\Software\Classes\YandexBrowser.crx\ not found.
Registry key HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000_Classes\.crx not found.
Registry key HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000_Classes\TypeLib\{B01CA563-8D3B-4E50-94B7-BBCED71B3083}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B01CA563-8D3B-4E50-94B7-BBCED71B3083}\ not found.
Registry key HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000_Classes\YandexBrowser.crx not found.
Registry key HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Yandex\ not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 57311 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: gokarna
->Temp folder emptied: 2189730 bytes
->Temporary Internet Files folder emptied: 4485206 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 19931730 bytes
->Google Chrome cache emptied: 856432 bytes
->Flash cache emptied: 2163 bytes
User: Public
->Temp folder emptied: 0 bytes
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 490171693 bytes
RecycleBin emptied: 117219 bytes
Total Files Cleaned = 494.00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 05212014_085907
Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\Low\SkypeClickToCall\Logs\AutoUpdateSvc.log scheduled to be moved on reboot.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
2. ComboFix 14-05-27.02 - gokarna 05/27/2014 22:51:59.7.4 - x86
Running from: c:\users\gokarna\Desktop\ComboFix.exe
Command switches used :: c:\users\gokarna\Desktop\CFScript.txt
AV: Kaspersky Anti-Virus *Disabled/Updated* {179979E8-273D-D14E-0543-2861940E4886}
AV: Spybot - Search and Destroy *Enabled/Updated* {20A26C15-1AF0-7CA3-9380-FAB824A7EE0D}
SP: Kaspersky Anti-Virus *Disabled/Updated* {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2014-04-27 to 2014-05-27 )))))))))))))))))))))))))))))))
.
.
2014-05-27 20:02 . 2014-05-27 20:02 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2014-05-27 20:02 . 2014-05-27 20:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-05-27 19:29 . 2014-05-27 19:29 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5C5BC110-153C-4AE3-A8E6-20ACB31F60D8}\offreg.dll
2014-05-24 19:23 . 2014-05-24 19:23 -------- d-----w- c:\windows\ELAMBKUP
2014-05-24 19:23 . 2014-05-27 19:45 -------- d-----w- c:\programdata\Kaspersky Lab
2014-05-24 19:23 . 2014-05-24 19:23 -------- d-----w- c:\program files\Kaspersky Lab
2014-05-23 07:06 . 2014-04-30 23:37 8073384 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5C5BC110-153C-4AE3-A8E6-20ACB31F60D8}\mpengine.dll
2014-05-21 05:59 . 2014-05-21 05:59 -------- d-----w- C:\_OTL
2014-05-21 05:46 . 2014-05-21 05:46 -------- d-----w- C:\RegBackup
2014-05-21 05:42 . 2014-05-21 05:42 -------- d-----w- c:\program files\Tweaking.com
2014-05-17 10:18 . 2014-05-27 20:02 -------- d-----w- c:\users\gokarna\AppData\Local\temp
2014-05-15 13:04 . 2014-05-15 13:04 -------- d-----w- c:\users\gokarna\AppData\Local\VS Revo Group
2014-05-15 13:03 . 2014-05-15 13:03 -------- d-----w- c:\programdata\VS Revo Group
2014-05-15 13:03 . 2009-12-30 07:21 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys
2014-05-15 13:03 . 2014-05-15 13:03 -------- d-----w- c:\program files\VS Revo Group
2014-05-15 00:02 . 2014-05-06 03:07 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-05-10 09:24 . 2014-05-24 21:01 -------- d-----w- c:\program files\CCleaner
2014-05-08 13:48 . 2014-05-08 13:48 227704 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
2014-05-05 17:28 . 2014-05-15 00:23 -------- d-s---w- c:\windows\system32\CompatTel
2014-05-04 06:55 . 2014-05-04 06:55 -------- d-----w- c:\program files\ESET
2014-04-29 07:39 . 2014-04-29 07:39 26624 ----a-w- c:\windows\system32\TrueSight.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-26 06:43 . 2014-02-15 00:40 25184 ----a-w- c:\windows\system32\drivers\klkbdflt.sys
2014-05-26 06:43 . 2013-06-08 17:18 94304 ----a-w- c:\windows\system32\drivers\klflt.sys
2014-05-17 17:08 . 2014-03-15 21:28 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-05-17 17:08 . 2014-03-15 21:28 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-04-26 10:27 . 2014-04-02 16:06 107736 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-04-18 17:03 . 2014-04-18 17:03 921512 ----a-w- c:\program files\jxpiinstall.exe
2014-04-14 17:13 . 2014-04-18 17:06 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-04-03 06:51 . 2014-04-02 16:05 51416 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-04-03 06:51 . 2014-04-02 16:05 73432 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-04-03 06:50 . 2014-04-02 16:05 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-03-31 19:46 . 2014-03-31 19:46 130712 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2014-03-31 19:46 . 2014-03-31 19:46 1070232 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2014-03-31 06:35 . 2014-03-07 18:50 231584 ------w- c:\windows\system32\MpSigStub.exe
2014-03-21 12:02 . 2014-03-21 12:02 86016 ----a-w- c:\windows\system32\iesysprep.dll
2014-03-21 12:02 . 2014-03-21 12:02 74240 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2014-03-21 12:02 . 2014-03-21 12:02 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2014-03-21 12:02 . 2014-03-21 12:02 645120 ----a-w- c:\windows\system32\jsIntl.dll
2014-03-21 12:02 . 2014-03-21 12:02 62464 ----a-w- c:\windows\system32\tdc.ocx
2014-03-21 12:02 . 2014-03-21 12:02 61952 ----a-w- c:\windows\system32\MshtmlDac.dll
2014-03-21 12:02 . 2014-03-21 12:02 48640 ----a-w- c:\windows\system32\mshtmler.dll
2014-03-21 12:02 . 2014-03-21 12:02 36352 ----a-w- c:\windows\system32\imgutil.dll
2014-03-21 12:02 . 2014-03-21 12:02 337408 ----a-w- c:\windows\system32\html.iec
2014-03-21 12:02 . 2014-03-21 12:02 24576 ----a-w- c:\windows\system32\licmgr10.dll
2014-03-21 12:02 . 2014-03-21 12:02 194048 ----a-w- c:\windows\system32\elshyph.dll
2014-03-21 12:02 . 2014-03-21 12:02 182272 ----a-w- c:\windows\system32\msls31.dll
2014-03-21 12:02 . 2014-03-21 12:02 151552 ----a-w- c:\windows\system32\iexpress.exe
2014-03-21 12:02 . 2014-03-21 12:02 139264 ----a-w- c:\windows\system32\wextract.exe
2014-03-21 12:02 . 2014-03-21 12:02 13312 ----a-w- c:\windows\system32\mshta.exe
2014-03-21 12:02 . 2014-03-21 12:02 111616 ----a-w- c:\windows\system32\IEAdvpack.dll
2014-03-21 12:02 . 2014-03-21 12:02 1051136 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-03-21 01:03 . 2014-03-21 01:03 49152 ----a-w- c:\windows\system32\taskhost.exe
2014-03-21 01:03 . 2014-03-21 01:03 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-03-21 01:03 . 2014-03-21 01:03 906240 ----a-w- c:\windows\system32\FntCache.dll
2014-03-21 01:03 . 2014-03-21 01:03 604160 ----a-w- c:\windows\system32\d3d10level9.dll
2014-03-21 01:03 . 2014-03-21 01:03 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-03-21 01:03 . 2014-03-21 01:03 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-03-21 01:03 . 2014-03-21 01:03 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2014-03-21 01:03 . 2014-03-21 01:03 364544 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2014-03-21 01:03 . 2014-03-21 01:03 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-03-21 01:03 . 2014-03-21 01:03 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2014-03-21 01:03 . 2014-03-21 01:03 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-03-21 01:03 . 2014-03-21 01:03 293376 ----a-w- c:\windows\system32\dxgi.dll
2014-03-21 01:03 . 2014-03-21 01:03 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-03-21 01:03 . 2014-03-21 01:03 249856 ----a-w- c:\windows\system32\d3d10_1core.dll
2014-03-21 01:03 . 2014-03-21 01:03 2284544 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2014-03-21 01:03 . 2014-03-21 01:03 220160 ----a-w- c:\windows\system32\d3d10core.dll
2014-03-21 01:03 . 2014-03-21 01:03 207872 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2014-03-21 01:03 . 2014-03-21 01:03 187392 ----a-w- c:\windows\system32\UIAnimation.dll
2014-03-21 01:03 . 2014-03-21 01:03 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2014-03-21 01:03 . 2014-03-21 01:03 1247744 ----a-w- c:\windows\system32\DWrite.dll
2014-03-21 01:03 . 2014-03-21 01:03 1158144 ----a-w- c:\windows\system32\XpsPrint.dll
2014-03-21 01:03 . 2014-03-21 01:03 1080832 ----a-w- c:\windows\system32\d3d10.dll
2014-03-21 01:03 . 2014-03-21 01:03 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2014-03-21 01:02 . 2014-03-21 01:02 1505280 ----a-w- c:\windows\system32\d3d11.dll
2014-03-20 01:07 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2014-03-06 08:31 . 2014-04-13 13:19 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-03-06 08:02 . 2014-04-13 13:19 61952 ----a-w- c:\windows\system32\iesetup.dll
2014-03-06 08:02 . 2014-04-13 13:19 455168 ----a-w- c:\windows\system32\vbscript.dll
2014-03-06 08:01 . 2014-04-13 13:19 51200 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-03-06 07:46 . 2014-04-13 13:19 4254720 ----a-w- c:\windows\system32\jscript9.dll
2014-03-06 07:38 . 2014-04-13 13:19 112128 ----a-w- c:\windows\system32\ieUnatt.exe
2014-03-06 07:38 . 2014-04-13 13:19 108032 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-03-06 07:36 . 2014-04-13 13:19 592896 ----a-w- c:\windows\system32\jscript9diag.dll
2014-03-06 07:28 . 2014-04-13 13:19 646144 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-03-06 07:13 . 2014-04-13 13:19 32256 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-03-06 06:40 . 2014-04-13 13:19 1967104 ----a-w- c:\windows\system32\inetcpl.cpl
2014-03-06 05:41 . 2014-04-13 13:19 1789440 ----a-w- c:\windows\system32\wininet.dll
2014-03-04 11:25 . 2012-05-30 09:14 246804 ----a-w- c:\windows\system32\drivers\AtherosBt.bin
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spybot-S&D Cleaning"="c:\program files\Spybot - Search & Destroy 2\SDCleaner.exe" [2013-09-20 3666224]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2014-02-10 20924576]
"Spotify Web Helper"="c:\users\gokarna\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-04-03 1171968]
"uTorrent"="c:\users\gokarna\AppData\Roaming\uTorrent\uTorrent.exe" [2014-05-15 1272400]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2011-07-11 74752]
"LGODDFU"="c:\program files\lg_fwupdate\fwupdate.exe" [2008-10-01 548864]
"PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-29 200704]
"AtherosBtStack"="c:\program files\Bluetooth Suite\btvstack.exe" [2012-05-30 878208]
"AthBtTray"="c:\program files\Bluetooth Suite\athbttray.exe" [2012-05-30 696448]
"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2013-07-25 5624784]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2014-02-21 152392]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2014-01-17 421888]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-12-21 959904]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2014-03-20 280576]
.
c:\users\gokarna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE %SystemRoot%\ERDNT\AutoBackup\#Date# /noconfirmdelete /noprogresswindow [2005-10-20 38912]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2014-3-4 113664]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.141\SSScheduler.exe [2014-1-16 277920]
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2013-12-6 565464]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-10-15 3921880]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-09-20 1042272]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-09-13 171416]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-10-23 172192]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 40320]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-03-06 108032]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-04-26 107736]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.141\McCHSvc.exe [2014-01-16 235696]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2014-03-15 1343400]
R3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\DRIVERS\ZTEusbvoice.sys [2011-03-26 107776]
R4 klflt;klflt;c:\windows\system32\DRIVERS\klflt.sys [2014-05-26 94304]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys [2013-03-18 541680]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys [2013-03-18 26608]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys [2013-02-22 16880]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2014-02-15 25696]
S1 klpd;klpd;c:\windows\system32\DRIVERS\klpd.sys [2013-04-12 14432]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys [2013-05-14 45024]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys [2014-02-15 144992]
S2 AtherosSvc;AtherosSvc;c:\program files\Bluetooth Suite\adminservice.exe [2012-05-30 97920]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-04-11 1390720]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-04-11 1764992]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [2013-12-06 1229528]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [2013-12-06 662232]
S2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;c:\program files\Bluetooth Suite\Ath_CoexAgent.exe [2012-05-30 327296]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2012-05-30 35968]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2013-03-27 302920]
S3 btath_avdt;Qualcomm Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys [2013-03-27 101192]
S3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2013-03-27 27976]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2013-03-27 158688]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2013-03-27 66448]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2013-03-27 119624]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2013-03-27 496456]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys [2014-05-26 25184]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2014-02-15 25696]
S3 MEI;Intel(R) Management Engine Interface ;c:\windows\system32\DRIVERS\TeeDriver.sys [2013-03-20 85976]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf_x86.sys [2013-12-06 16024]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2012-10-18 258704]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2013-03-04 643656]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2007-08-03 9344]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-05-25 16:04 1091912 ----a-w- c:\program files\Google\Chrome\Application\35.0.1916.114\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-05-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-15 17:08]
.
2014-05-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-04-02 18:37]
.
2014-05-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-04-02 18:37]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yandex.ru/?win=121&clid=1991182
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = localhost:21320
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\
FF - prefs.js: browser.search.selectedEngine - Yandex
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: network.proxy.type - 0
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-05-27 23:06:22
ComboFix-quarantined-files.txt 2014-05-27 20:06
ComboFix2.txt 2014-05-17 10:21
ComboFix3.txt 2014-05-14 07:59
ComboFix4.txt 2014-05-14 07:40
ComboFix5.txt 2014-05-27 19:49
.
Pre-Run: 148,622,671,872 bytes free
Post-Run: 148,540,076,032 bytes free
.
- - End Of File - - 44D5528369278D3E3A85747700946D6D
A36C5E4F47E84449FF07ED3517B43A31
I have just now undertaken the Procom process and now it is completedand it has produced 10 seperate boot logs on my desktop which I do not know how to compress and archive them, nor am I at all sure what link you are referring-where would it appear ?
Sorry for the botherations, Wendy
I have just now undertaken the Procom process and now it is completedand it has produced 10 seperate boot logs on my desktop which I do not know how to compress and archive them, nor am I at all sure what link you are referring-where would it appear ?
On each folder that was created on your desktop produced by Procom all you need to do is right click on it, a side window will open, scroll to Send to, then another small window will show Compress/Zip
Do this for each.
Then upload it here --> http://www.filedropper.com/
You should be able to do this will too all the folders, then copy and paste the link ( from filedropper) in your next reply.
~~~~~~~~~~~~~`
You ran ComboFix normally, you didn't create the script to show me the add/remove programs list.
Let's try this again.
Go to the => Start button=> Run => type in or copy and paste C:\Qoobox\Add-Remove Programs.txt
please copy and paste what is found here in your next reply
Or can you copy and paste the Extras.txt log created by OTL
or
the Addition.txt created by Farbar Recovery Scan Tool
At this time this topic will now be closed.
If the topic has been archived and you still require help start a new topic and include fresh DDS & aswMBR logs with a link to your previous thread. Please do not post any other logs, you'd be starting fresh.
It takes time to analyze logs and prepare a response. Volunteers help users at several sites, and take X number of new topics in order to give each member their attention.
---------------------------------------
Admin Edit
Thank you Juliet. :heart: