Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

very infected machine with an assortment of malware


  • This topic is locked This topic is locked
72 replies to this topic

#1 anniyan

anniyan

  • Members
  • 222 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Under your bed, mwahahahahaha!
  • Local time:12:13 AM

Posted 26 January 2014 - 08:34 AM

with reference to
http://www.bleepingcomputer.com/forums/t/520666/i-am-not-sure-if-i-am-infected-but-100-sure-that-my-machine-has-some-problem
i am posting as i was directed:
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.16428  BrowserJavaVersion: 10.51.2
Run by NAVEEN at 18:37:18 on 2014-01-26
#Option Extended Search is enabled.
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.91.1033.18.8140.4170 [GMT 5.5:30]
.
AV: Kaspersky Internet Security *Enabled/Outdated* {179979E8-273D-D14E-0543-2861940E4886}
SP: Kaspersky Internet Security *Enabled/Updated* {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: Kaspersky Internet Security *Enabled* {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\Hpservice.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\HitmanPro\hmpsched.exe
C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k WbioSvcGroup
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
C:\Program Files (x86)\Google\Google Input Tools\GoogleInputService.exe
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
C:\Program Files (x86)\naveen\MalwarebytesAM\mbamscheduler.exe
C:\Program Files (x86)\naveen\MalwarebytesAM\mbamservice.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
C:\Program Files (x86)\Google\Google Input Tools\GoogleInputHandler.exe
C:\Program Files (x86)\naveen\MalwarebytesAM\mbamgui.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe
C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\naveen\Diskeeper\DkService.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\naveen\Internet Download Manager\IDMan.exe
C:\Program Files (x86)\naveen\Internet Download Manager\IEMonitor.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files (x86)\HP SimplePass 2012\TouchControl.exe
C:\Program Files (x86)\HP SimplePass 2012\BioMonitor.exe
C:\Users\NAVEEN\AppData\Local\Google\Google Talk Plugin\redirect\googletalkplugin.exe
C:\Users\NAVEEN\AppData\Local\Google\Google Talk Plugin\redirect\googletalkplugin.exe
C:\Users\NAVEEN\AppData\Local\Google\Google Talk Plugin\redirect\googletalkplugin.exe
C:\Users\NAVEEN\AppData\Local\Temp\nsf8913.tmp\PEV.DAT
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uWindow Title = Windows Internet Explorer provided by MSN and Bing
mStart Page = about:blank
mWindow Title = Windows Internet Explorer provided by MSN and Bing
BHO: AutorunsDisabled - <orphaned>
BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\naveen\Internet Download Manager\IDMIECC.dll
BHO: Bing Bar Helper: {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll
BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
BHO: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - <orphaned>
BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7u51\bin\ssv.dll
BHO: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2012\IEBHO.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\naveen\LastPass\LPToolbar.dll
BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7u51\bin\jp2ssv.dll
BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
BHO: ChromeFrame BHO: {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome Frame\Application\32.0.1700.76\npchrome_frame.dll
BHO: GrabberObj Class: {FF7C3CF0-4B15-11D1-ABED-709549C10000} - 
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\naveen\LastPass\LPToolbar.dll
TB: Bing Bar: {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [FLxHCIm64] "C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe"
mRun: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
dRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uPolicies-Explorer: NoDriveTypeAutoRun = dword:177
uPolicies-Explorer: NoResolveTrack = dword:1
uPolicies-Explorer: HideSCABattery = dword:1
uPolicies-Explorer: HideSCANetwork = dword:1
uPolicies-Explorer: HideSCAVolume = dword:1
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:60
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ie_banner_deny.htm
IE: Download all links with IDM - C:\Program Files (x86)\naveen\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - C:\Program Files (x86)\naveen\Internet Download Manager\IEExt.htm
IE: LastPass - C:\Users\NAVEEN\AppData\LocalLow\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - C:\Users\NAVEEN\AppData\LocalLow\LastPass\context.html?cmd=fillforms
IE: Upload to Facebook - C:\Program Files (x86)\naveen\UploadRabbit\iecontext.htm
IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\naveen\LastPass\LPToolbar.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll
IE: {F894E6C5-415F-4177-A452-FB29B8B09A8E} - {F894E6C5-415F-4177-A452-FB29B8B09A8E} - C:\Program Files (x86)\Free Video Downloader\IePluginFVD.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{191C55E5-C1DC-4478-AD49-77F3638CA361} : NameServer = 8.8.8.8 218.248.241.3
TCP: Interfaces\{2517F750-4D1D-45F8-818C-40592DE6C535} : NameServer = 8.8.8.8 218.248.241.4
TCP: Interfaces\{649033BA-E433-4C5B-9C62-9A06B557BC2B} : NameServer = 218.248.255.147,218.248.255.146
TCP: Interfaces\{649033BA-E433-4C5B-9C62-9A06B557BC2B} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{ABCF1B36-2DC4-4984-8B47-29297830CB67} : NameServer = 103.8.45.5 103.8.44.5
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome Frame\Application\32.0.1700.76\npchrome_frame.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - <no file>
Notify: klogon - <no file>
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
mASetup: {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec /fu {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} /qn
x64-mStart Page = about:blank
x64-BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\naveen\Internet Download Manager\IDMIECC64.dll
x64-BHO: Shareaza Web Download Hook: {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files\naveen\Shareaza\RazaWebHook64.dll
x64-BHO: Bing Bar Helper: {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll
x64-BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
x64-BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-BHO: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2012\x64\IEBHO.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\naveen\LastPass\LPToolbar_x64.dll
x64-BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
x64-TB: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - 
x64-TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\naveen\LastPass\LPToolbar_x64.dll
x64-TB: Bing Bar: {eec0f710-38b5-4aba-99bf-ec87564a4e13} - 
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-RunOnce: [NCPluginUpdater] "c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\NCPluginUpdater.exe" Update
x64-IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\naveen\LastPass\LPToolbar_x64.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {0CE7EBAF-157D-4111-9146-057CB2A4023E} - msiexec /fu {0CE7EBAF-157D-4111-9146-057CB2A4023E} /qn
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\NAVEEN\AppData\Roaming\Mozilla\Firefox\Profiles\ptle5mxm.default\
FF - ExtSQL: 2014-01-01 16:29; anti_banner@kaspersky.com; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF - ExtSQL: 2014-01-01 16:29; content_blocker@kaspersky.com; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF - ExtSQL: 2014-01-01 16:29; url_advisor@kaspersky.com; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF - ExtSQL: 2014-01-01 16:29; online_banking@kaspersky.com; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF - ExtSQL: 2014-01-01 16:29; virtual_keyboard@kaspersky.com; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
.
============= SERVICES / DRIVERS ===============
.
R1 AntiLog32;AntiLog32;C:\Windows\System32\drivers\AntiLog64.sys [2012-9-2 49240]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2013-11-26 29792]
R1 klpd;klpd;C:\Windows\System32\drivers\klpd.sys [2013-4-12 15456]
R1 kltdi;kltdi;C:\Windows\System32\drivers\kltdi.sys [2013-5-14 55904]
R1 kneps;kneps;C:\Windows\System32\drivers\kneps.sys [2013-6-6 178272]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2013-2-10 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-3-14 204288]
R2 avp;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [2013-11-26 214512]
R2 BstHdDrv;BlueStacks Hypervisor;C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [2013-12-20 114448]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe [2011-8-26 260424]
R2 GoogleInputService;GoogleInputService;C:\Program Files (x86)\Google\Google Input Tools\GoogleInputService.exe [2013-6-15 164888]
R2 HitmanProScheduler;HitmanPro Scheduler;C:\Program Files\HitmanPro\hmpsched.exe [2014-1-23 109352]
R2 hmpalert;HitmanPro.Alert Support Driver;C:\Windows\System32\drivers\hmpalert.sys [2014-1-23 17416]
R2 hmpalertsvc;HitmanPro.Alert Service;C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [2014-1-23 1830768]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2013-9-10 270624]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2011-5-27 30520]
R2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [2013-12-17 46904]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-3-5 35200]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-3-14 13592]
R2 IDMWFP;IDMWFP;C:\Windows\System32\drivers\idmwfp.sys [2013-11-29 175480]
R2 jhi_service;Intel® Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-9-28 212944]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\naveen\MalwarebytesAM\mbamscheduler.exe [2014-1-19 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\naveen\MalwarebytesAM\mbamservice.exe [2014-1-19 701512]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-3-14 2656536]
R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.EXE [2013-12-16 247968]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2012-8-3 40432]
R3 DKRtWrt;DKRtWrt;C:\Windows\System32\drivers\DKRtWrt.sys [2012-9-4 44624]
R3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;C:\Windows\System32\drivers\FLxHCIc.sys [2012-11-8 249584]
R3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;C:\Windows\System32\drivers\FLxHCIh.sys [2012-11-8 77040]
R3 hpCMSrv;HP Connection Manager 4 Service;C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-9-13 1098296]
R3 huawei_enumerator;huawei_enumerator;C:\Windows\System32\drivers\ew_jubusenum.sys [2013-7-9 90112]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-3-14 317440]
R3 intelkmd;intelkmd;C:\Windows\System32\drivers\igdpmd64.sys [2012-3-14 12289472]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\Windows\System32\drivers\klkbdflt.sys [2013-11-26 29280]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2013-11-26 29280]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-1-19 25928]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2012-5-13 338536]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-3-14 428136]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\System32\drivers\rtl8192ce.sys [2012-3-14 1145448]
R3 seehcri;Sony Ericsson seehcri Device Driver;C:\Windows\System32\drivers\seehcri.sys [2013-1-16 34032]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
R3 teamviewervpn;TeamViewer VPN Adapter;C:\Windows\System32\drivers\teamviewervpn.sys [2013-8-16 35112]
S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BBSvc.EXE [2013-12-16 193696]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 MetroServ;WinMetro Service;C:\Program Files (x86)\naveen\WinMetro\MetroSvc.exe [2014-1-10 314176]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\System32\drivers\ssadadb.sys [2013-6-25 36328]
S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;C:\Windows\System32\drivers\BVRPMPR5a64.SYS [2012-5-30 35840]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;C:\Windows\System32\drivers\ew_hwusbdev.sys [2013-7-9 117248]
S3 ew_usbenumfilter;huawei_CompositeFilter;C:\Windows\System32\drivers\ew_usbenumfilter.sys [2013-7-9 14336]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-10-5 57856]
S3 huawei_cdcacm;huawei_cdcacm;C:\Windows\System32\drivers\ew_jucdcacm.sys [2013-7-9 104960]
S3 huawei_ext_ctrl;huawei_ext_ctrl;C:\Windows\System32\drivers\ew_juextctrl.sys [2013-7-9 30720]
S3 huawei_wwanecm;huawei_wwanecm;C:\Windows\System32\drivers\ew_juwwanecm.sys [2013-7-9 241152]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-14 111616]
S3 MatSvc;Microsoft Automated Troubleshooting Service;C:\Program Files\Microsoft Fix it Center\Matsvc.exe [2011-6-13 343856]
S3 PSI;PSI;C:\Windows\System32\drivers\psi_mf.sys [2010-9-1 17976]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-10-27 19456]
S3 Revoflt;Revoflt;C:\Windows\System32\drivers\revoflt.sys [2012-9-21 31800]
S3 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\naveen\Spybot2\SDFSSvc.exe [2014-1-8 3921880]
S3 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\naveen\Spybot2\SDUpdSvc.exe [2014-1-8 1042272]
S3 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\naveen\Spybot2\SDWSCSvc.exe [2014-1-8 171416]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-14 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-14 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-14 740864]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\System32\drivers\ssadbus.sys [2013-6-25 157672]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\System32\drivers\ssadmdfl.sys [2013-6-25 16872]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\System32\drivers\ssadmdm.sys [2013-6-25 177640]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);C:\Windows\System32\drivers\ssadserd.sys [2013-6-25 146920]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-10-27 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-10-27 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-4-7 1255736]
S4 BingDesktopUpdate;Bing Desktop Update service;C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [2012-3-30 151656]
S4 BstHdAndroidSvc;BlueStacks Android Service;C:\Program Files (x86)\BlueStacks\HD-Service.exe [2013-12-20 402192]
S4 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [2013-12-20 385808]
S4 CLKMSVC10_38F51D56;CyberLink Product - 2012/06/03 05:29:34;C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2012-2-8 244720]
S4 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-9-12 1512448]
S4 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S4 HDDlife HDD Access service;HDDlife HDD Access service;C:\Program Files (x86)\Common Files\BinarySense\hldasvc.exe [2013-2-14 2095368]
S4 HWDeviceService64.exe;HWDeviceService64.exe;C:\ProgramData\DatacardService\HWDeviceService64.exe [2011-3-14 346976]
S4 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2013-2-10 2413056]
S4 klflt;klflt;C:\Windows\System32\drivers\klflt.sys [2013-6-8 112224]
S4 Mobile Partner. RunOuc;Mobile Partner. OUC;C:\Program Files (x86)\naveen\huaweiMP\UpdateDog\ouc.exe [2013-7-9 650240]
S4 MoboroboDeviceService;Moborobo Device Service;C:\Program Files (x86)\naveen\Moborobo\MoboroboDeviceService.exe [2013-1-20 71976]
S4 MotoHelper.exe;Motorola Helper;C:\Program Files (x86)\Motorola\Moto Helper Service\MotoHelper.exe [2010-9-14 6656]
S4 Motorola Device Manager;Motorola Device Manager Service;C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [2012-10-24 120728]
S4 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2012-7-13 769432]
S4 PST Service;PST Service;C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [2013-2-27 65657]
S4 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2012-11-26 1225312]
S4 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2012-11-26 659040]
S4 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-7-5 3048136]
S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]
S4 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S4 TeamViewer9;TeamViewer 9;C:\Program Files (x86)\naveen\TeamViewer9\TeamViewer_Service.exe [2013-12-25 5341536]
S4 XMouseButton Launcher;XMouseButton Launcher;C:\Program Files\naveen\X-MouseBtnctrl\XMouseButtonSvc.exe [2012-6-23 87040]
.
=============== File Associations ===============
.
FileExt: .txt: Applications\notepad++.exe="C:\Program Files (x86)\naveen\Notepad++\notepad++.exe" "%1" [UserChoice]
FileExt: .ini: Ini File="C:\Program Files (x86)\naveen\GetDiz\GetDiz.exe" "%1"
FileExt: .js: Applications\NOTEPAD.EXE=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 60 ================
.
2014-01-25 18:29:30 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-01-25 18:17:48 -------- d-----w- C:\ProgramData\Oracle
2014-01-25 15:46:32 -------- d-sh--w- C:\$RECYCLE.BIN
2014-01-25 14:39:45 98816 ----a-w- C:\Windows\sed.exe
2014-01-25 14:39:45 256000 ----a-w- C:\Windows\PEV.exe
2014-01-25 14:39:45 208896 ----a-w- C:\Windows\MBR.exe
2014-01-25 14:39:32 -------- d-s---w- C:\ComboFix
2014-01-24 23:28:11 987425 ----a-w- C:\SecurityCheck.exe
2014-01-23 16:14:34 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0DD5DFAA-9859-4F59-9AEF-0336544FAAC1}\offreg.dll
2014-01-23 14:44:05 -------- d-----w- C:\Program Files (x86)\ESET
2014-01-23 13:24:46 -------- d-----w- C:\Program Files\HitmanPro
2014-01-23 13:18:10 -------- d-----w- C:\ProgramData\HitmanPro
2014-01-23 13:17:11 564312 ----a-w- C:\Windows\SysWow64\hmpalert.dll
2014-01-23 13:17:11 518480 ----a-w- C:\Windows\System32\hmpalert.dll
2014-01-23 13:17:11 17416 ----a-w- C:\Windows\System32\drivers\hmpalert.sys
2014-01-23 13:17:11 -------- d-----w- C:\Program Files (x86)\HitmanPro.Alert
2014-01-23 00:29:35 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-01-23 00:24:41 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-01-22 23:06:34 -------- d-----w- C:\ProgramData\ViceVersa PRO
2014-01-22 21:56:04 -------- d-----w- C:\Users\NAVEEN\AppData\Roaming\dclogs
2014-01-19 21:02:04 10315576 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0DD5DFAA-9859-4F59-9AEF-0336544FAAC1}\mpengine.dll
2014-01-19 20:53:47 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2014-01-19 20:53:47 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys
2014-01-19 20:53:47 53248 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2014-01-19 20:53:47 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2014-01-19 20:53:47 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2014-01-19 20:53:47 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2014-01-19 20:53:47 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2014-01-19 20:53:46 376768 ----a-w- C:\Windows\System32\drivers\netio.sys
2014-01-19 20:53:46 3156480 ----a-w- C:\Windows\System32\win32k.sys
2014-01-19 09:22:27 -------- d-----w- C:\Users\NAVEEN\AppData\Roaming\Malwarebytes
2014-01-19 09:22:04 -------- d-----w- C:\ProgramData\Malwarebytes
2014-01-19 09:22:03 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-01-15 00:03:53 -------- d-----w- C:\AMD
2014-01-13 13:28:19 -------- d-----w- C:\AdwCleaner
2014-01-09 21:11:34 -------- d-----w- C:\Users\NAVEEN\AppData\Roaming\IObit
2014-01-09 13:59:27 -------- d-----w- C:\Users\NAVEEN\.android
2014-01-09 12:08:40 -------- d-----w- C:\Users\NAVEEN\AppData\Local\Genymobile
2014-01-09 12:07:21 -------- d-----w- C:\Users\NAVEEN\.VirtualBox
2014-01-09 12:06:15 237840 ----a-w- C:\Windows\System32\drivers\VBoxDrv.sys
2014-01-09 12:06:01 120080 ----a-w- C:\Windows\System32\drivers\VBoxUSBMon.sys
2014-01-08 10:49:10 21040 ----a-w- C:\Windows\System32\sdnclean64.exe
2014-01-06 12:11:17 -------- d-----w- C:\LiberKey
2014-01-04 06:33:46 -------- d-----w- C:\naveenpgmfiles
2014-01-03 12:05:00 -------- d-----w- C:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}
2014-01-03 11:49:05 -------- d-----w- C:\Users\NAVEEN\AppData\Roaming\Wassapp
2014-01-03 09:15:03 -------- d-----w- C:\Program Files (x86)\BlueStacks
2014-01-03 09:13:31 -------- d-----w- C:\ProgramData\BlueStacks
2014-01-01 06:04:27 -------- d-----w- C:\Program Files (x86)\Hp
2013-12-25 06:53:11 -------- d-----w- C:\Users\NAVEEN\AppData\Roaming\TeamViewer
2013-12-23 05:52:44 -------- d-----w- C:\Users\NAVEEN\AppData\Roaming\GmailKeeper
2013-12-20 21:47:19 -------- d-----w- C:\Users\NAVEEN\.dvdcss
2013-12-20 00:19:18 27600 ----a-r- C:\Windows\isk3ro.exe
2013-12-19 22:07:10 -------- d-----w- C:\ProgramData\Emicsoft Studio
2013-12-19 21:55:58 -------- d-----w- C:\Users\NAVEEN\AppData\Roaming\mkvtoolnix
2013-12-16 02:27:19 -------- d-----w- C:\Users\NAVEEN\AppData\Local\Thunderbird
2013-12-15 04:18:55 -------- d-----w- C:\Windows\rescache
2013-12-15 02:14:06 -------- d-----w- C:\Users\NAVEEN\AppData\Roaming\Softland
2013-12-14 23:19:37 753664 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
2013-12-14 23:19:37 69714 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
2013-12-14 23:19:37 63488 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ISBEW64.exe
2013-12-14 23:19:37 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
2013-12-14 23:19:37 274432 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
2013-12-14 23:19:37 200836 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
2013-12-14 23:19:37 184320 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
2013-12-14 23:19:36 331908 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
2013-12-12 12:34:35 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
2013-12-12 12:34:35 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2013-12-12 12:34:35 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2013-12-12 12:34:34 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2013-12-12 12:13:01 335360 ----a-w- C:\Windows\System32\msieftp.dll
2013-12-12 12:13:01 301568 ----a-w- C:\Windows\SysWow64\msieftp.dll
2013-12-10 10:25:24 -------- d-----w- C:\Users\NAVEEN\AppData\Roaming\log
2013-12-10 10:23:39 99384 ----a-w- C:\Users\NAVEEN\AppData\Roaming\inst.exe
2013-12-10 10:23:39 82816 ----a-w- C:\Windows\System32\drivers\pcouffin.sys
2013-12-10 10:23:39 82816 ----a-w- C:\Users\NAVEEN\AppData\Roaming\pcouffin.sys
2013-12-10 10:23:31 -------- d-----w- C:\Program Files (x86)\vso
2013-12-09 22:34:47 -------- d-----w- C:\Users\NAVEEN\AppData\Roaming\Ashampoo
2013-12-09 22:34:36 -------- d-----w- C:\Users\NAVEEN\AppData\Local\ashampoo
2013-12-09 21:43:53 -------- d-----w- C:\Program Files (x86)\Common Files\SWF Studio
2013-12-09 21:43:26 32768 ----a-w- C:\Windows\NCUNINST.EXe
2013-12-09 19:45:23 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL
2013-12-09 19:45:23 830464 ----a-w- C:\Windows\System32\nshwfp.dll
2013-12-09 19:45:23 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL
2013-12-09 19:45:23 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL
2013-12-09 19:45:22 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll
2013-12-07 22:06:50 -------- d-----w- C:\ProgramData\Ashampoo
2013-12-01 11:50:16 -------- d-----w- C:\Program Files (x86)\BurnAware Professional
2013-12-01 11:17:11 129944 ----a-w- C:\Windows\System32\drivers\scdemu.sys
2013-11-29 16:10:36 175480 ----a-w- C:\Windows\System32\drivers\idmwfp.sys
.
==================== Find6M  ====================
.
2014-01-07 14:46:41 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-01-07 14:46:41 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-01-01 10:59:02 178272 ----a-w- C:\Windows\System32\drivers\kneps.sys
2013-12-19 01:31:45 13024768 ----a-w- C:\Program Files (x86)\Common Files\lpuninstall.exe
2013-11-26 10:19:07 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2013-11-26 10:18:23 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2013-11-26 09:48:07 66048 ----a-w- C:\Windows\System32\iesetup.dll
2013-11-26 09:46:25 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2013-11-26 09:23:02 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-11-26 09:18:39 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-11-26 09:18:09 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2013-11-26 09:16:57 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2013-11-26 08:35:02 5769216 ----a-w- C:\Windows\System32\jscript9.dll
2013-11-26 08:28:16 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2013-11-26 08:16:12 4243968 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-11-26 08:02:16 1995264 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-11-26 07:32:06 1928192 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-11-26 07:07:57 2334208 ----a-w- C:\Windows\System32\wininet.dll
2013-11-26 06:33:33 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-11-25 23:23:10 29792 ----a-w- C:\Windows\System32\drivers\klim6.sys
2013-11-25 23:23:10 29280 ----a-w- C:\Windows\System32\drivers\klmouflt.sys
2013-11-25 23:23:10 29280 ----a-w- C:\Windows\System32\drivers\klkbdflt.sys
2013-11-25 23:23:04 458336 ----a-w- C:\Windows\System32\drivers\kl1.sys
2013-11-23 18:26:20 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2013-11-23 17:47:34 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2013-11-18 22:03:38 267936 ------w- C:\Windows\System32\MpSigStub.exe
2013-11-12 02:23:09 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-11-12 02:07:29 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-10-24 14:49:46 519392 ----a-w- C:\Windows\SysWow64\GSService.exe
2013-10-19 02:18:57 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2013-10-19 01:36:59 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2013-10-12 02:32:04 150016 ----a-w- C:\Windows\System32\wshom.ocx
2013-10-12 02:31:04 202752 ----a-w- C:\Windows\System32\scrrun.dll
2013-10-12 02:04:36 121856 ----a-w- C:\Windows\SysWow64\wshom.ocx
2013-10-12 02:03:31 163840 ----a-w- C:\Windows\SysWow64\scrrun.dll
2013-10-12 01:33:39 156160 ----a-w- C:\Windows\System32\cscript.exe
2013-10-12 01:33:26 168960 ----a-w- C:\Windows\System32\wscript.exe
2013-10-12 01:15:48 141824 ----a-w- C:\Windows\SysWow64\wscript.exe
2013-10-12 01:15:48 126976 ----a-w- C:\Windows\SysWow64\cscript.exe
2013-10-05 20:25:35 1474048 ----a-w- C:\Windows\System32\crypt32.dll
2013-10-05 19:57:25 1168384 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-10-04 02:28:31 190464 ----a-w- C:\Windows\System32\SmartcardCredentialProvider.dll
2013-10-04 02:25:17 197120 ----a-w- C:\Windows\System32\credui.dll
2013-10-04 02:24:49 1930752 ----a-w- C:\Windows\System32\authui.dll
2013-10-04 02:16:30 116736 ----a-w- C:\Windows\System32\drivers\drmk.sys
2013-10-04 01:58:50 152576 ----a-w- C:\Windows\SysWow64\SmartcardCredentialProvider.dll
2013-10-04 01:56:25 168960 ----a-w- C:\Windows\SysWow64\credui.dll
2013-10-04 01:56:00 1796096 ----a-w- C:\Windows\SysWow64\authui.dll
2013-10-04 01:36:04 230400 ----a-w- C:\Windows\System32\drivers\portcls.sys
2013-10-03 02:23:48 404480 ----a-w- C:\Windows\System32\gdi32.dll
2013-10-03 02:00:44 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2013-09-28 01:09:10 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
2013-09-25 02:26:40 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2013-09-25 02:26:40 154560 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2013-09-25 02:23:33 28672 ----a-w- C:\Windows\System32\sspisrv.dll
2013-09-25 02:23:33 135680 ----a-w- C:\Windows\System32\sspicli.dll
2013-09-25 02:23:01 28160 ----a-w- C:\Windows\System32\secur32.dll
2013-09-25 02:22:59 340992 ----a-w- C:\Windows\System32\schannel.dll
2013-09-25 02:21:50 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2013-09-25 02:21:07 1447936 ----a-w- C:\Windows\System32\lsasrv.dll
2013-09-25 01:58:17 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2013-09-25 01:57:26 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2013-09-25 01:57:24 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2013-09-25 01:56:42 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2013-09-25 01:03:24 30720 ----a-w- C:\Windows\System32\lsass.exe
2013-09-20 12:21:21 49240 ----a-w- C:\Windows\System32\drivers\AntiLog64.sys
2013-09-11 15:51:54 863344 ----a-w- C:\Windows\SysWow64\msvcr110_clr0400.dll
2013-09-11 15:51:54 501872 ----a-w- C:\Windows\SysWow64\msvcp110_clr0400.dll
2013-09-11 15:51:54 28776 ----a-w- C:\Windows\SysWow64\aspnet_counters.dll
2013-09-11 15:51:54 18000 ----a-w- C:\Windows\SysWow64\msvcr100_clr0400.dll
2013-09-11 14:09:06 855664 ----a-w- C:\Windows\System32\msvcr110_clr0400.dll
2013-09-11 14:09:06 614000 ----a-w- C:\Windows\System32\msvcp110_clr0400.dll
2013-09-11 14:09:06 30312 ----a-w- C:\Windows\System32\aspnet_counters.dll
2013-09-11 14:09:06 18000 ----a-w- C:\Windows\System32\msvcr100_clr0400.dll
2013-09-08 02:30:37 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-09-08 02:27:14 327168 ----a-w- C:\Windows\System32\mswsock.dll
2013-09-08 02:03:58 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll
2013-08-29 02:17:48 5549504 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-08-29 02:16:35 1732032 ----a-w- C:\Windows\System32\ntdll.dll
2013-08-29 02:16:28 243712 ----a-w- C:\Windows\System32\wow64.dll
2013-08-29 02:16:14 859648 ----a-w- C:\Windows\System32\tdh.dll
2013-08-29 02:13:28 878080 ----a-w- C:\Windows\System32\advapi32.dll
2013-08-29 01:51:45 3969472 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-08-29 01:51:45 3914176 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-08-29 01:50:31 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-08-29 01:50:30 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
2013-08-29 01:50:16 619520 ----a-w- C:\Windows\SysWow64\tdh.dll
2013-08-29 01:48:17 640512 ----a-w- C:\Windows\SysWow64\advapi32.dll
2013-08-29 01:48:15 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2013-08-29 00:49:53 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-08-29 00:49:52 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-08-29 00:49:52 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-08-29 00:49:49 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-08-28 01:12:33 461312 ----a-w- C:\Windows\System32\scavengeui.dll
2013-08-05 02:25:45 155584 ----a-w- C:\Windows\System32\drivers\ataport.sys
2013-08-02 02:14:57 215040 ----a-w- C:\Windows\System32\winsrv.dll
2013-08-02 02:13:34 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2013-08-02 01:50:42 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2013-08-02 01:09:17 338432 ----a-w- C:\Windows\System32\conhost.exe
2013-08-02 00:59:09 112640 ----a-w- C:\Windows\System32\smss.exe
2010-11-21 03:24:03 1169224 --sha-w- C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
.
============= FINISH: 18:38:06.48 ===============


ComboFix 14-01-23.02 - NAVEEN 25-01-2014  20:13:38.1.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.91.1033.18.8140.4137 [GMT 5.5:30]
Running from: c:\users\NAVEEN\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {179979E8-273D-D14E-0543-2861940E4886}
FW: Kaspersky Internet Security *Disabled* {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
SP: Kaspersky Internet Security *Disabled/Updated* {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\NAVEEN\AppData\Roaming\inst.exe
c:\users\NAVEEN\AppData\Roaming\KW\unrar.dll
c:\windows\iun6002.exe
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((   Files Created from 2013-12-25 to 2014-01-25  )))))))))))))))))))))))))))))))
.
.
2014-01-25 15:22 . 2014-01-25 15:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-01-23 16:14 . 2014-01-24 22:03 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0DD5DFAA-9859-4F59-9AEF-0336544FAAC1}\offreg.dll
2014-01-23 14:44 . 2014-01-23 14:44 -------- d-----w- c:\program files (x86)\ESET
2014-01-23 13:24 . 2014-01-23 13:25 -------- d-----w- c:\program files\HitmanPro
2014-01-23 13:18 . 2014-01-23 13:54 -------- d-----w- c:\programdata\HitmanPro
2014-01-23 13:17 . 2014-01-23 13:17 564312 ----a-w- c:\windows\SysWow64\hmpalert.dll
2014-01-23 13:17 . 2014-01-23 13:17 518480 ----a-w- c:\windows\system32\hmpalert.dll
2014-01-23 13:17 . 2014-01-23 13:17 17416 ----a-w- c:\windows\system32\drivers\hmpalert.sys
2014-01-23 13:17 . 2014-01-23 13:17 -------- d-----w- c:\program files (x86)\HitmanPro.Alert
2014-01-23 00:29 . 2014-01-23 02:11 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-01-23 00:24 . 2014-01-23 00:24 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-01-22 23:06 . 2014-01-22 23:06 -------- d-----w- c:\programdata\ViceVersa PRO
2014-01-22 21:56 . 2014-01-22 22:12 -------- d-----w- c:\users\NAVEEN\AppData\Roaming\dclogs
2014-01-19 21:02 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0DD5DFAA-9859-4F59-9AEF-0336544FAAC1}\mpengine.dll
2014-01-19 20:53 . 2013-11-27 01:41 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2014-01-19 20:53 . 2013-11-27 01:41 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2014-01-19 20:53 . 2013-11-27 01:41 53248 ----a-w- c:\windows\system32\drivers\usbehci.sys
2014-01-19 20:53 . 2013-11-27 01:41 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2014-01-19 20:53 . 2013-11-27 01:41 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2014-01-19 20:53 . 2013-11-27 01:41 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2014-01-19 20:53 . 2013-11-27 01:41 7808 ----a-w- c:\windows\system32\drivers\usbd.sys
2014-01-19 20:53 . 2013-11-26 11:40 376768 ----a-w- c:\windows\system32\drivers\netio.sys
2014-01-19 20:53 . 2013-11-26 10:32 3156480 ----a-w- c:\windows\system32\win32k.sys
2014-01-19 09:22 . 2014-01-19 09:22 -------- d-----w- c:\users\NAVEEN\AppData\Roaming\Malwarebytes
2014-01-19 09:22 . 2014-01-19 09:22 -------- d-----w- c:\programdata\Malwarebytes
2014-01-19 09:22 . 2013-04-04 09:20 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-01-16 15:48 . 2014-01-17 13:50 -------- d-----w- c:\users\NAVEEN\AppData\Roaming\Notepad++
2014-01-15 00:03 . 2014-01-15 00:03 -------- d-----w- C:\AMD
2014-01-13 13:28 . 2014-01-17 12:40 -------- d-----w- C:\AdwCleaner
2014-01-09 21:11 . 2014-01-09 21:11 -------- d-----w- c:\users\NAVEEN\AppData\Roaming\IObit
2014-01-09 13:59 . 2014-01-09 13:59 -------- d-----w- c:\users\NAVEEN\.android
2014-01-09 12:08 . 2014-01-09 13:21 -------- d-----w- c:\users\NAVEEN\AppData\Local\Genymobile
2014-01-09 12:07 . 2014-01-09 18:45 -------- d-----w- c:\users\NAVEEN\.VirtualBox
2014-01-09 12:06 . 2013-04-12 06:11 237840 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2014-01-09 12:06 . 2013-04-12 06:10 120080 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2014-01-08 10:49 . 2013-09-20 05:19 21040 ----a-w- c:\windows\system32\sdnclean64.exe
2014-01-06 12:11 . 2014-01-06 12:12 -------- d-----w- C:\LiberKey
2014-01-04 06:33 . 2014-01-04 06:33 -------- d-----w- C:\naveenpgmfiles
2014-01-03 12:05 . 2014-01-03 12:05 -------- d-----w- c:\programdata\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}
2014-01-03 11:49 . 2014-01-03 11:49 -------- d-----w- c:\users\NAVEEN\AppData\Roaming\Wassapp
2014-01-03 09:15 . 2014-01-03 09:15 -------- d-----w- c:\program files (x86)\BlueStacks
2014-01-03 09:13 . 2014-01-03 09:15 -------- d-----w- c:\programdata\BlueStacks
2014-01-01 06:04 . 2014-01-01 06:04 -------- d-----w- c:\program files (x86)\Hp
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-19 20:55 . 2012-04-07 00:59 86054176 ----a-w- c:\windows\system32\MRT.exe
2014-01-07 14:46 . 2012-04-07 08:36 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-01-07 14:46 . 2011-11-09 17:33 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-01-01 10:59 . 2013-06-06 12:08 178272 ----a-w- c:\windows\system32\drivers\kneps.sys
2014-01-01 10:59 . 2013-11-25 23:23 620640 ----a-w- c:\windows\system32\drivers\klif.sys
2013-12-19 01:31 . 2012-12-17 13:29 13024768 ----a-w- c:\program files (x86)\Common Files\lpuninstall.exe
2013-12-12 12:24 . 2013-12-12 12:24 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-12-12 12:24 . 2013-12-12 12:24 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-12-12 12:24 . 2013-12-12 12:24 942592 ----a-w- c:\windows\system32\jsIntl.dll
2013-12-12 12:24 . 2013-12-12 12:24 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-12-12 12:24 . 2013-12-12 12:24 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
2013-12-12 12:24 . 2013-12-12 12:24 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-12-12 12:24 . 2013-12-12 12:24 84992 ----a-w- c:\windows\system32\mshtmled.dll
2013-12-12 12:24 . 2013-12-12 12:24 83968 ----a-w- c:\windows\system32\MshtmlDac.dll
2013-12-12 12:24 . 2013-12-12 12:24 81408 ----a-w- c:\windows\system32\icardie.dll
2013-12-12 12:24 . 2013-12-12 12:24 774144 ----a-w- c:\windows\system32\jscript.dll
2013-12-12 12:24 . 2013-12-12 12:24 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-12-12 12:24 . 2013-12-12 12:24 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-12-12 12:24 . 2013-12-12 12:24 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-12-12 12:24 . 2013-12-12 12:24 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
2013-12-12 12:24 . 2013-12-12 12:24 626176 ----a-w- c:\windows\system32\msfeeds.dll
2013-12-12 12:24 . 2013-12-12 12:24 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-12-12 12:24 . 2013-12-12 12:24 62464 ----a-w- c:\windows\system32\pngfilt.dll
2013-12-12 12:24 . 2013-12-12 12:24 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2013-12-12 12:24 . 2013-12-12 12:24 61952 ----a-w- c:\windows\SysWow64\iesetup.dll
2013-12-12 12:24 . 2013-12-12 12:24 616104 ----a-w- c:\windows\system32\ieapfltr.dat
2013-12-12 12:24 . 2013-12-12 12:24 548352 ----a-w- c:\windows\system32\vbscript.dll
2013-12-12 12:24 . 2013-12-12 12:24 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-12-12 12:24 . 2013-12-12 12:24 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2013-12-12 12:24 . 2013-12-12 12:24 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-12-12 12:24 . 2013-12-12 12:24 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-12-12 12:24 . 2013-12-12 12:24 48128 ----a-w- c:\windows\system32\imgutil.dll
2013-12-12 12:24 . 2013-12-12 12:24 454656 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-12-12 12:24 . 2013-12-12 12:24 453120 ----a-w- c:\windows\system32\dxtmsft.dll
2013-12-12 12:24 . 2013-12-12 12:24 413696 ----a-w- c:\windows\system32\html.iec
2013-12-12 12:24 . 2013-12-12 12:24 40448 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2013-12-12 12:24 . 2013-12-12 12:24 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-12-12 12:24 . 2013-12-12 12:24 34816 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2013-12-12 12:24 . 2013-12-12 12:24 337408 ----a-w- c:\windows\SysWow64\html.iec
2013-12-12 12:24 . 2013-12-12 12:24 30208 ----a-w- c:\windows\system32\licmgr10.dll
2013-12-12 12:24 . 2013-12-12 12:24 296960 ----a-w- c:\windows\system32\dxtrans.dll
2013-12-12 12:24 . 2013-12-12 12:24 263376 ----a-w- c:\windows\system32\iedkcs32.dll
2013-12-12 12:24 . 2013-12-12 12:24 247808 ----a-w- c:\windows\system32\msls31.dll
2013-12-12 12:24 . 2013-12-12 12:24 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-12-12 12:24 . 2013-12-12 12:24 243200 ----a-w- c:\windows\system32\webcheck.dll
2013-12-12 12:24 . 2013-12-12 12:24 235520 ----a-w- c:\windows\system32\url.dll
2013-12-12 12:24 . 2013-12-12 12:24 235008 ----a-w- c:\windows\system32\elshyph.dll
2013-12-12 12:24 . 2013-12-12 12:24 195584 ----a-w- c:\windows\system32\msrating.dll
2013-12-12 12:24 . 2013-12-12 12:24 182272 ----a-w- c:\windows\SysWow64\msls31.dll
2013-12-12 12:24 . 2013-12-12 12:24 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-12-12 12:24 . 2013-12-12 12:24 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-12-12 12:24 . 2013-12-12 12:24 147968 ----a-w- c:\windows\system32\occache.dll
2013-12-12 12:24 . 2013-12-12 12:24 143872 ----a-w- c:\windows\system32\wextract.exe
2013-12-12 12:24 . 2013-12-12 12:24 139264 ----a-w- c:\windows\SysWow64\wextract.exe
2013-12-12 12:24 . 2013-12-12 12:24 13824 ----a-w- c:\windows\system32\mshta.exe
2013-12-12 12:24 . 2013-12-12 12:24 135680 ----a-w- c:\windows\system32\iepeers.dll
2013-12-12 12:24 . 2013-12-12 12:24 13312 ----a-w- c:\windows\SysWow64\mshta.exe
2013-12-12 12:24 . 2013-12-12 12:24 13312 ----a-w- c:\windows\system32\msfeedssync.exe
2013-12-12 12:24 . 2013-12-12 12:24 131072 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-12-12 12:24 . 2013-12-12 12:24 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-12-12 12:24 . 2013-12-12 12:24 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-12-12 12:24 . 2013-12-12 12:24 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-12-12 12:24 . 2013-12-12 12:24 105984 ----a-w- c:\windows\system32\iesysprep.dll
2013-12-12 12:24 . 2013-12-12 12:24 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-12-12 12:24 . 2013-12-12 12:24 101376 ----a-w- c:\windows\system32\inseng.dll
2013-12-10 10:23 . 2013-12-10 10:23 82816 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2013-12-10 10:23 . 2013-12-10 10:23 82816 ----a-w- c:\users\NAVEEN\AppData\Roaming\pcouffin.sys
2013-12-09 21:43 . 2013-12-09 21:43 32768 ----a-w- c:\windows\NCUNINST.EXe
2013-11-28 00:24 . 2013-11-29 16:10 175480 ----a-w- c:\windows\system32\drivers\idmwfp.sys
2013-11-26 11:54 . 2013-12-14 17:15 23183360 ----a-w- c:\windows\system32\mshtml.dll
2013-11-26 10:19 . 2013-12-14 17:15 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2013-11-26 10:18 . 2013-12-14 17:15 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2013-11-26 09:59 . 2013-12-20 00:19 27600 ----a-r- c:\windows\isk3ro.exe
2013-11-26 09:48 . 2013-12-14 17:15 66048 ----a-w- c:\windows\system32\iesetup.dll
2013-11-26 09:46 . 2013-12-14 17:15 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2013-11-26 09:41 . 2013-12-14 17:15 2764288 ----a-w- c:\windows\system32\iertutil.dll
2013-11-26 09:29 . 2013-12-14 17:15 53760 ----a-w- c:\windows\system32\jsproxy.dll
2013-11-26 09:27 . 2013-12-14 17:15 33792 ----a-w- c:\windows\system32\iernonce.dll
2013-11-26 09:23 . 2013-12-14 17:15 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-11-26 09:21 . 2013-12-14 17:15 574976 ----a-w- c:\windows\system32\ieui.dll
2013-11-26 09:18 . 2013-12-14 17:15 139264 ----a-w- c:\windows\system32\ieUnatt.exe
2013-11-26 09:18 . 2013-12-14 17:15 111616 ----a-w- c:\windows\system32\ieetwcollector.exe
2013-11-26 09:16 . 2013-12-14 17:15 708608 ----a-w- c:\windows\system32\jscript9diag.dll
2013-11-26 08:57 . 2013-12-14 17:15 218624 ----a-w- c:\windows\system32\ie4uinit.exe
2013-11-26 08:35 . 2013-12-14 17:15 5769216 ----a-w- c:\windows\system32\jscript9.dll
2013-11-26 08:28 . 2013-12-14 17:15 553472 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2013-11-26 08:16 . 2013-12-14 17:15 4243968 ----a-w- c:\windows\SysWow64\jscript9.dll
2013-11-26 08:02 . 2013-12-14 17:15 1995264 ----a-w- c:\windows\system32\inetcpl.cpl
2013-11-26 07:48 . 2013-12-14 17:15 12996608 ----a-w- c:\windows\system32\ieframe.dll
2013-11-26 07:32 . 2013-12-14 17:15 1928192 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-11-26 07:07 . 2013-12-14 17:15 2334208 ----a-w- c:\windows\system32\wininet.dll
2013-11-26 06:40 . 2013-12-14 17:15 1395200 ----a-w- c:\windows\system32\urlmon.dll
2013-11-26 06:34 . 2013-12-14 17:15 817664 ----a-w- c:\windows\system32\ieapfltr.dll
2013-11-26 06:33 . 2013-12-14 17:15 1820160 ----a-w- c:\windows\SysWow64\wininet.dll
2013-11-25 23:23 . 2013-11-25 23:23 29792 ----a-w- c:\windows\system32\drivers\klim6.sys
2013-11-25 23:23 . 2013-11-25 23:23 29280 ----a-w- c:\windows\system32\drivers\klmouflt.sys
2013-11-25 23:23 . 2013-11-25 23:23 29280 ----a-w- c:\windows\system32\drivers\klkbdflt.sys
2013-11-25 23:23 . 2013-11-25 23:23 458336 ----a-w- c:\windows\system32\drivers\kl1.sys
2013-11-23 18:26 . 2013-12-12 12:12 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-11-23 17:47 . 2013-12-12 12:12 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2010-11-21 03:24 1169224 --sha-w- c:\windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-10-05 01:19 220632 ----a-w- c:\users\NAVEEN\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-10-05 01:19 220632 ----a-w- c:\users\NAVEEN\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-10-05 01:19 220632 ----a-w- c:\users\NAVEEN\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 284440]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-10-01 343168]
"FLxHCIm64"="c:\program files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe" [2011-08-11 47616]
"HPQuickWebProxy"="c:\program files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" [2011-10-08 169528]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]
"HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-09-13 103992]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-03-05 578944]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"HideSCABattery"= 1 (0x1)
"HideSCANetwork"= 1 (0x1)
"HideSCAVolume"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ   autocheck autochk *\0autocheck 
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200449]
   Ime File REG_SZ         GoogleInputTools.ime
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.3.124.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.3.124.0\BBSvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\naveen\MalwarebytesAM\mbamscheduler.exe;c:\program files (x86)\naveen\MalwarebytesAM\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\naveen\MalwarebytesAM\mbamservice.exe;c:\program files (x86)\naveen\MalwarebytesAM\mbamservice.exe [x]
R2 MetroServ;WinMetro Service;c:\program files (x86)\naveen\WinMetro\MetroSvc.exe;c:\program files (x86)\naveen\WinMetro\MetroSvc.exe [x]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys;c:\windows\SYSNATIVE\Drivers\ssadadb.sys [x]
R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS;c:\windows\SYSNATIVE\drivers\BVRPMPR5a64.SYS [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys;c:\windows\SYSNATIVE\DRIVERS\ew_usbenumfilter.sys [x]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jucdcacm.sys [x]
R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juextctrl.sys [x]
R3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juwwanecm.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe;c:\program files\Microsoft Fix it Center\Matsvc.exe [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf.sys [x]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys;c:\windows\SYSNATIVE\DRIVERS\revoflt.sys [x]
R3 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\naveen\Spybot2\SDFSSvc.exe;c:\program files (x86)\naveen\Spybot2\SDFSSvc.exe [x]
R3 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\naveen\Spybot2\SDUpdSvc.exe;c:\program files (x86)\naveen\Spybot2\SDUpdSvc.exe [x]
R3 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\naveen\Spybot2\SDWSCSvc.exe;c:\program files (x86)\naveen\Spybot2\SDWSCSvc.exe [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssadserd.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 BingDesktopUpdate;Bing Desktop Update service;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [x]
R4 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R4 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [x]
R4 CLKMSVC10_38F51D56;CyberLink Product - 2012/06/03 05:29;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [x]
R4 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R4 HWDeviceService64.exe;HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe [x]
R4 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
R4 klflt;klflt;c:\windows\system32\DRIVERS\klflt.sys;c:\windows\SYSNATIVE\DRIVERS\klflt.sys [x]
R4 Mobile Partner. RunOuc;Mobile Partner. OUC;c:\program files (x86)\naveen\huaweiMP\UpdateDog\ouc.exe;c:\program files (x86)\naveen\huaweiMP\UpdateDog\ouc.exe [x]
R4 MoboroboDeviceService;Moborobo Device Service;c:\program files (x86)\naveen\Moborobo\MoboroboDeviceService.exe;c:\program files (x86)\naveen\Moborobo\MoboroboDeviceService.exe [x]
R4 MotoHelper.exe;Motorola Helper;c:\program files (x86)\Motorola\Moto Helper Service\MotoHelper.exe;c:\program files (x86)\Motorola\Moto Helper Service\MotoHelper.exe [x]
R4 Motorola Device Manager;Motorola Device Manager Service;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [x]
R4 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
R4 PST Service;PST Service;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [x]
R4 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe [x]
R4 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe;c:\program files (x86)\Secunia\PSI\sua.exe [x]
R4 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R4 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R4 TeamViewer9;TeamViewer 9;c:\program files (x86)\naveen\TeamViewer9\TeamViewer_Service.exe;c:\program files (x86)\naveen\TeamViewer9\TeamViewer_Service.exe [x]
R4 XMouseButton Launcher;XMouseButton Launcher;c:\program files\naveen\X-MouseBtnctrl\XMouseButtonSvc.exe;c:\program files\naveen\X-MouseBtnctrl\XMouseButtonSvc.exe [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 AntiLog32;AntiLog32;c:\windows\system32\drivers\AntiLog64.sys;c:\windows\SYSNATIVE\drivers\AntiLog64.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]
S1 klpd;klpd;c:\windows\system32\DRIVERS\klpd.sys;c:\windows\SYSNATIVE\DRIVERS\klpd.sys [x]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxUSBMon.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2012\TrueSuiteService.exe;c:\program files (x86)\HP SimplePass 2012\TrueSuiteService.exe [x]
S2 GoogleInputService;GoogleInputService;c:\program files (x86)\Google\Google Input Tools\GoogleInputService.exe;c:\program files (x86)\Google\Google Input Tools\GoogleInputService.exe [x]
S2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe;c:\program files\HitmanPro\hmpsched.exe [x]
S2 hmpalert;HitmanPro.Alert Support Driver;c:\windows\system32\drivers\hmpalert.sys;c:\windows\SYSNATIVE\drivers\hmpalert.sys [x]
S2 hmpalertsvc;HitmanPro.Alert Service;c:\program files (x86)\HitmanPro.Alert\hmpalert.exe;c:\program files (x86)\HitmanPro.Alert\hmpalert.exe [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;c:\program files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe;c:\program files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\idmwfp.sys [x]
S2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.exe [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 DKRtWrt;DKRtWrt;c:\windows\system32\DRIVERS\DKRtWrt.sys;c:\windows\SYSNATIVE\DRIVERS\DKRtWrt.sys [x]
S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys;c:\windows\SYSNATIVE\DRIVERS\FLxHCIc.sys [x]
S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\DRIVERS\FLxHCIh.sys;c:\windows\SYSNATIVE\DRIVERS\FLxHCIh.sys [x]
S3 hpCMSrv;HP Connection Manager 4 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys;c:\windows\SYSNATIVE\Drivers\pcouffin.sys [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192Ce.sys [x]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys;c:\windows\SYSNATIVE\DRIVERS\seehcri.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys;c:\windows\SYSNATIVE\DRIVERS\teamviewervpn.sys [x]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-01-14 19:10 1211672 ----a-w- c:\program files (x86)\Google\Chrome\Application\32.0.1700.76\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-01-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 14:46]
.
2014-01-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-20 15:53]
.
2014-01-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-20 15:53]
.
2014-01-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-606511456-1437241303-3617233354-1000Core.job
- c:\users\NAVEEN\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-10 18:04]
.
2014-01-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-606511456-1437241303-3617233354-1000UA.job
- c:\users\NAVEEN\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-10 18:04]
.
2014-01-24 c:\windows\Tasks\HPCeeScheduleForNAVEEN.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 12:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-10-05 01:19 244696 ----a-w- c:\users\NAVEEN\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-10-05 01:19 244696 ----a-w- c:\users\NAVEEN\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-10-05 01:19 244696 ----a-w- c:\users\NAVEEN\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-11-15 23:07 23496 ----a-w- c:\program files (x86)\naveen\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-09 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-09 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-09 416024]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-12-16 1425408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NCPluginUpdater"="c:\program files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" [2014-01-14 21720]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
mWindow Title = Windows Internet Explorer provided by MSN and Bing
mSearchAssistant = 
IE: Download all links with IDM - c:\program files (x86)\naveen\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files (x86)\naveen\Internet Download Manager\IEExt.htm
IE: LastPass - file://c:\users\NAVEEN\AppData\LocalLow\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://c:\users\NAVEEN\AppData\LocalLow\LastPass\context.html?cmd=fillforms
IE: Upload to Facebook - c:\program files (x86)\naveen\UploadRabbit\iecontext.htm
IE: {{F894E6C5-415F-4177-A452-FB29B8B09A8E} - {F894E6C5-415F-4177-A452-FB29B8B09A8E} - c:\program files (x86)\Free Video Downloader\IePluginFVD.dll
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{191C55E5-C1DC-4478-AD49-77F3638CA361}: NameServer = 8.8.8.8 218.248.241.3
TCP: Interfaces\{2517F750-4D1D-45F8-818C-40592DE6C535}: NameServer = 8.8.8.8 218.248.241.4
TCP: Interfaces\{649033BA-E433-4C5B-9C62-9A06B557BC2B}: NameServer = 218.248.255.147,218.248.255.146
TCP: Interfaces\{ABCF1B36-2DC4-4984-8B47-29297830CB67}: NameServer = 103.8.45.5 103.8.44.5
FF - ProfilePath - c:\users\NAVEEN\AppData\Roaming\Mozilla\Firefox\Profiles\ptle5mxm.default\
FF - ExtSQL: 2014-01-01 16:29; anti_banner@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF - ExtSQL: 2014-01-01 16:29; content_blocker@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF - ExtSQL: 2014-01-01 16:29; url_advisor@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF - ExtSQL: 2014-01-01 16:29; online_banking@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF - ExtSQL: 2014-01-01 16:29; virtual_keyboard@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
.
.
------- File Associations -------
.
.txt=STDUViewerFile.TXT
.
- - - - ORPHANS REMOVED - - - -
.
Notify-igfxcui - (no file)
Notify-klogon - (no file)
Notify-SDWinLogon - SDWinLogon.dll
SafeBoot-08294569.sys
SafeBoot-92378782.sys
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM_Wow6432Node-ActiveSetup-{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec
WebBrowser-{8567A644-E36C-470C-86CF-9C5B4F37DB81} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Battle Realms Winter of the Wolf (2 IN 1) Full - c:\windows\iun6002.exe
AddRemove-SP_4e24eecb - c:\program files (x86)\WebSearch\uninstall.exe
AddRemove-{7399FF79-F32D-C678-80CA-40F7E533BDE9} - c:\progra~3\INSTAL~1\{2EC1C~1\Setup.exe
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
AddRemove-GoforFiles - c:\program files (x86)\GoforFiles\uninstall.exe
AddRemove-Torch - c:\users\NAVEEN\AppData\Local\Torch\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{9F6B5CC3-5C7B-4B5C-97AF-19DEC1E380E5}"=hex:51,66,7a,6c,4c,1d,38,12,ad,5f,78,
   9b,49,12,32,0e,e8,b9,5a,9e,c4,bd,c4,f1
"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,
   89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b
"{0329E7D6-6F54-462D-93F6-F5C3118BADF2}"=hex:51,66,7a,6c,4c,1d,38,12,b8,e4,3a,
   07,66,21,43,03,ec,e0,b6,83,14,d5,e9,e6
"{32099AAC-C132-4136-9E9A-4E364A424E17}"=hex:51,66,7a,6c,4c,1d,38,12,c2,99,1a,
   36,00,8f,58,04,e1,8c,0d,76,4f,1c,0a,03
"{0055C089-8582-441B-A0BF-17B458C2A3A8}"=hex:51,66,7a,6c,4c,1d,38,12,e7,c3,46,
   04,b0,cb,75,01,df,a9,54,f4,5d,9c,e7,bc
"{0EEDB912-C5FA-486F-8334-57288578C627}"=hex:51,66,7a,6c,4c,1d,38,12,7c,ba,fe,
   0a,c8,8b,01,0d,fc,22,14,68,80,26,82,33
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
   1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{389943B0-C3A2-4E69-82CB-8596A84CB3DC}"=hex:51,66,7a,6c,4c,1d,38,12,de,40,8a,
   3c,90,8d,07,0b,fd,dd,c6,d6,ad,12,f7,c8
"{53707962-6F74-2D53-2644-206D7942484F}"=hex:51,66,7a,6c,4c,1d,38,12,0c,7a,63,
   57,46,21,3d,68,59,52,63,2d,7c,1c,0c,5b
"{5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F}"=hex:51,66,7a,6c,4c,1d,38,12,1d,cf,77,
   51,95,a1,d1,09,ee,9c,1f,b7,fe,e1,bb,5b
"{73455575-E40C-433C-9784-C78DC7761455}"=hex:51,66,7a,6c,4c,1d,38,12,1b,56,56,
   77,3e,aa,52,06,e8,92,84,cd,c2,28,50,41
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
   72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{8590886E-EC8C-43C1-A32C-E4C2B0B6395B}"=hex:51,66,7a,6c,4c,1d,38,12,00,8b,83,
   81,be,a2,af,06,dc,3a,a7,82,b5,e8,7d,4f
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
   94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{92A9ACF4-9333-43AE-9698-DB283326F87F}"=hex:51,66,7a,6c,4c,1d,38,12,9a,af,ba,
   96,01,dd,c0,06,e9,8e,98,68,36,78,bc,6b
"{95D9ECF5-2A4D-4550-BE49-70D42F71296E}"=hex:51,66,7a,6c,4c,1d,38,12,9b,ef,ca,
   91,7f,64,3e,00,c1,5f,33,94,2a,2f,6d,7a
"{9E6D0D23-3D72-4A94-AE1F-2D167624E3D9}"=hex:51,66,7a,6c,4c,1d,38,12,4d,0e,7e,
   9a,40,73,fa,0f,d1,09,6e,56,73,7a,a7,cd
"{B15BBE59-42F5-4206-B3F0-BE98F5DC4B93}"=hex:51,66,7a,6c,4c,1d,38,12,37,bd,48,
   b5,c7,0c,68,07,cc,e6,fd,d8,f0,82,0f,87
"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,
   d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{E33CF602-D945-461A-83F0-819F76A199F8}"=hex:51,66,7a,6c,4c,1d,38,12,6c,f5,2f,
   e7,77,97,74,03,fc,e6,c2,df,73,ff,dd,ec
"{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}"=hex:51,66,7a,6c,4c,1d,38,12,3b,d4,7c,
   e3,88,8f,a5,08,e0,05,da,fd,94,7c,7e,ca
"{ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7}"=hex:51,66,7a,6c,4c,1d,38,12,19,c7,a0,
   e8,38,54,d3,01,c4,41,3b,b9,ea,bd,0b,b3
"{FF7C3CF0-4B15-11D1-ABED-709549C10000}"=hex:51,66,7a,6c,4c,1d,38,12,9e,3f,6f,
   fb,27,05,bf,54,d4,fb,33,d5,4c,9f,44,14
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:ba,84,36,0b,2a,3c,ce,01
.
[HKEY_USERS\S-1-5-21-606511456-1437241303-3617233354-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):3c,8f,1e,f6,26,3d,2e,93,05,24,fd,9b,4d,91,41,fc,ee,a6,6e,aa,da,
   0b,8c,3e,c9,cc,a0,2e,3a,36,b7,8d,05,59,9e,ec,dd,33,64,89,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-606511456-1437241303-3617233354-1000_Classes\Wow6432Node\CLSID\{cfddaed4-ea6c-4cbc-babf-1937a983fc09}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:000000e3
"Therad"=dword:0000001a
"SpecVersion"=dword:00000106
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
   1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_LOCAL_MACHINE\software\BlueStacks]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-01-25  21:15:25
ComboFix-quarantined-files.txt  2014-01-25 15:45
.
Pre-Run: 5,111,652,352 bytes free
Post-Run: 1,248,591,872 bytes free
.
- - End Of File - - C2058603B2309AB51A14A78A37A039AE
 
 
 
after this i restarted my machine on my own, but could not boot in. then i turned it off by pressing and keeping down the 'power' button. then i started it. windows launched the 'startup repair utility' and tried for long in vain. then it suggested 'system restore' as a last option. i 'okayed' that and then i could boot into windows (as mentioned in my previous thread whose link i have provided above).

Edited by boopme, 26 January 2014 - 09:04 PM.


Become a BleepingComputer fan on Facebook
Have you seen.....Select Real Security

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:43 PM

Posted 26 January 2014 - 10:18 PM


Hello anniyan

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 anniyan

anniyan
  • Topic Starter

  • Members
  • 222 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Under your bed, mwahahahahaha!
  • Local time:12:13 AM

Posted 27 January 2014 - 07:50 PM

i downloaded adwcleaner to desktop; i exit-ed all open programs and internet browsers including security software (kaspersky internet security 2014, hitman pro [latest] and malwarebytes antimalware [latest]); i ran adwcleaner SCAN as administrator; the internet connection was ON; it produced scan results of which all were ticked ON, though i dont know why some 'innocent' stuff were ticked ON; but i did not untick anything as i trusted the adwcleaner's developer's expertise a lot more than my beliefs, and clicked on CLEAN button; its log is below:

 

 

# AdwCleaner v3.017 - Report created 27/01/2014 at 18:29:24
# Updated 12/01/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : NAVEEN - HP-DV6TQE
# Running from : C:\Users\NAVEEN\Desktop\adwcleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Found : C:\Users\NAVEEN\AppData\Roaming\Mozilla\Firefox\Profiles\0m3qm437.no_addons\user.js
File Found : C:\Users\NAVEEN\AppData\Roaming\Mozilla\Firefox\Profiles\ptle5mxm.default\user.js
File Found : C:\Windows\System32\Tasks\GoforFilesUpdate
Folder Found : C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgpdioedihjhncjafcpgbbjdpbbkikmi
Folder Found : C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl
Folder Found C:\Program Files (x86)\1ClickDownload
Folder Found C:\Program Files (x86)\GreenTree Applications
Folder Found C:\Program Files (x86)\ss helper
Folder Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myfree codec
Folder Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speedbit Video Downloader
Folder Found C:\Users\NAVEEN\AppData\Local\Pokki
Folder Found C:\Users\NAVEEN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokki
Folder Found C:\Users\NAVEEN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\torch
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\a55df88e53eed10
Key Found : HKCU\Software\Classes\*\shell\pokki
Key Found : HKCU\Software\Classes\Folder\shell\pokki
Key Found : HKCU\Software\Classes\pokki
Key Found : HKCU\Software\GoforFiles
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0EEDB912-C5FA-486F-8334-57288578C627}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{389943B0-C3A2-4E69-82CB-8596A84CB3DC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FF7C3CF0-4B15-11D1-ABED-709549C10000}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0EEDB912-C5FA-486F-8334-57288578C627}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{389943B0-C3A2-4E69-82CB-8596A84CB3DC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FF7C3CF0-4B15-11D1-ABED-709549C10000}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\GoforFiles
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\torch
Key Found : HKCU\Software\Myfree Codec
Key Found : HKCU\Software\Pokki
Key Found : HKCU\Software\Uniblue
Key Found : [x64] HKCU\Software\GoforFiles
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Found : [x64] HKCU\Software\Myfree Codec
Key Found : [x64] HKCU\Software\Pokki
Key Found : [x64] HKCU\Software\Uniblue
Key Found : HKLM\SOFTWARE\a55df88e53eed10
Key Found : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{0EEDB912-C5FA-486F-8334-57288578C627}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{389943B0-C3A2-4E69-82CB-8596A84CB3DC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4C836512-BB70-11D2-A5A7-00105A9C91C6}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DB797690-40E0-11D2-9BD5-0060082AE372}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FD501041-8EBE-11CE-8183-00AA00577DA2}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FF7C3CF0-4B15-11D1-ABED-709549C10000}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{3BCF582D-CA87-4C6F-AF3D-B3548A976AB3}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A8E5842E-102B-4289-9D57-3B3F5B5E15D3}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{DB797681-40E0-11D2-9BD5-0060082AE372}
Key Found : HKLM\Software\GoforFiles
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\djcpfkccckpeeghiklnhienllljccglb
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ledcpigomgblcmofccnacobhmcdkpiea
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{603C4CC9-5DC6-4C44-873F-8281509DF953}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AFB904C4-C255-4540-B97E-A75A34F1FFB0}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\GoforFiles_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\GoforFiles_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\YourFile_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\YourFile_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\YourFileUpdater_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\YourFileUpdater_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FF7C3CF0-4B15-11D1-ABED-709549C10000}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_4e24eecb
Key Found : HKLM\Software\Myfree Codec
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{0EEDB912-C5FA-486F-8334-57288578C627}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{DCA1528D-A3C0-4A9F-AA6E-DCE643F91495}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{43969E3F-3E7C-4911-A8F1-79C6CA6AC731}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C815E3DA-0823-49B0-9270-D1771D58B317}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0EEDB912-C5FA-486F-8334-57288578C627}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : [x64] HKLM\SOFTWARE\Tarma Installer
Value Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16428
 
 
-\\ Mozilla Firefox v24.0 (en-US)
 
[ File : C:\Users\NAVEEN\AppData\Roaming\Mozilla\Firefox\Profiles\0m3qm437.no_addons\prefs.js ]
 
 
[ File : C:\Users\NAVEEN\AppData\Roaming\Mozilla\Firefox\Profiles\ptle5mxm.default\prefs.js ]
 
Line Found : user_pref("extensions.hide_caption.plus.look.tab_marginTop_delta", 0);
Line Found : user_pref("extensions.hide_caption.plus.look.tab_marginTop_delta_nomax", 0);
 
-\\ Google Chrome v32.0.1700.76
 
[ File : C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [14553 octets] - [13/01/2014 18:58:50]
AdwCleaner[R1].txt - [10957 octets] - [14/01/2014 03:41:48]
AdwCleaner[R2].txt - [9129 octets] - [17/01/2014 18:08:25]
AdwCleaner[R3].txt - [8395 octets] - [27/01/2014 18:29:24]
AdwCleaner[S0].txt - [15338 octets] - [13/01/2014 19:05:41]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R3].txt - [8516 octets] ##########
 
 
 
 
# AdwCleaner v3.017 - Report created 27/01/2014 at 18:34:06
# Updated 12/01/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : NAVEEN - HP-DV6TQE
# Running from : C:\Users\NAVEEN\Desktop\adwcleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myfree codec
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speedbit Video Downloader
Folder Deleted : C:\Program Files (x86)\1ClickDownload
Folder Deleted : C:\Program Files (x86)\GreenTree Applications
Folder Deleted : C:\Program Files (x86)\ss helper
Folder Deleted : C:\Users\NAVEEN\AppData\Local\Pokki
Folder Deleted : C:\Users\NAVEEN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokki
Folder Deleted : C:\Users\NAVEEN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\torch
Folder Deleted : C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgpdioedihjhncjafcpgbbjdpbbkikmi
Folder Deleted : C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl
File Deleted : C:\Users\NAVEEN\AppData\Roaming\Mozilla\Firefox\Profiles\0m3qm437.no_addons\user.js
File Deleted : C:\Users\NAVEEN\AppData\Roaming\Mozilla\Firefox\Profiles\ptle5mxm.default\user.js
File Deleted : C:\Windows\System32\Tasks\GoforFilesUpdate
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\djcpfkccckpeeghiklnhienllljccglb
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ledcpigomgblcmofccnacobhmcdkpiea
Key Deleted : HKCU\Software\Classes\*\shell\pokki
Key Deleted : HKCU\Software\Classes\Folder\shell\pokki
Key Deleted : HKCU\Software\Classes\pokki
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\GoforFiles_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\GoforFiles_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\YourFile_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\YourFile_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\YourFileUpdater_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\YourFileUpdater_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_4e24eecb
Key Deleted : HKCU\Software\a55df88e53eed10
Key Deleted : HKLM\SOFTWARE\a55df88e53eed10
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0EEDB912-C5FA-486F-8334-57288578C627}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{389943B0-C3A2-4E69-82CB-8596A84CB3DC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4C836512-BB70-11D2-A5A7-00105A9C91C6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DB797690-40E0-11D2-9BD5-0060082AE372}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD501041-8EBE-11CE-8183-00AA00577DA2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FF7C3CF0-4B15-11D1-ABED-709549C10000}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3BCF582D-CA87-4C6F-AF3D-B3548A976AB3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A8E5842E-102B-4289-9D57-3B3F5B5E15D3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB797681-40E0-11D2-9BD5-0060082AE372}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FF7C3CF0-4B15-11D1-ABED-709549C10000}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0EEDB912-C5FA-486F-8334-57288578C627}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{389943B0-C3A2-4E69-82CB-8596A84CB3DC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FF7C3CF0-4B15-11D1-ABED-709549C10000}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0EEDB912-C5FA-486F-8334-57288578C627}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{389943B0-C3A2-4E69-82CB-8596A84CB3DC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FF7C3CF0-4B15-11D1-ABED-709549C10000}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{603C4CC9-5DC6-4C44-873F-8281509DF953}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AFB904C4-C255-4540-B97E-A75A34F1FFB0}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{0EEDB912-C5FA-486F-8334-57288578C627}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{DCA1528D-A3C0-4A9F-AA6E-DCE643F91495}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{43969E3F-3E7C-4911-A8F1-79C6CA6AC731}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C815E3DA-0823-49B0-9270-D1771D58B317}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0EEDB912-C5FA-486F-8334-57288578C627}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKCU\Software\GoforFiles
Key Deleted : HKCU\Software\Myfree Codec
Key Deleted : HKCU\Software\Pokki
Key Deleted : HKCU\Software\Uniblue
Key Deleted : HKLM\Software\GoforFiles
Key Deleted : HKLM\Software\Myfree Codec
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\GoforFiles
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\torch
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16428
 
 
-\\ Mozilla Firefox v24.0 (en-US)
 
[ File : C:\Users\NAVEEN\AppData\Roaming\Mozilla\Firefox\Profiles\0m3qm437.no_addons\prefs.js ]
 
 
[ File : C:\Users\NAVEEN\AppData\Roaming\Mozilla\Firefox\Profiles\ptle5mxm.default\prefs.js ]
 
Line Deleted : user_pref("extensions.hide_caption.plus.look.tab_marginTop_delta", 0);
Line Deleted : user_pref("extensions.hide_caption.plus.look.tab_marginTop_delta_nomax", 0);
 
-\\ Google Chrome v32.0.1700.76
 
[ File : C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [14553 octets] - [13/01/2014 18:58:50]
AdwCleaner[R1].txt - [10957 octets] - [14/01/2014 03:41:48]
AdwCleaner[R2].txt - [9129 octets] - [17/01/2014 18:08:25]
AdwCleaner[R3].txt - [8672 octets] - [27/01/2014 18:29:24]
AdwCleaner[S0].txt - [15338 octets] - [13/01/2014 19:05:41]
AdwCleaner[S1].txt - [8440 octets] - [27/01/2014 18:34:06]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [8500 octets] ##########
 
 
 
then i downloaded 'junkware removal tool' to desktop; i exit-ed all open programs and internet browsers including security software (kaspersky internet security 2014, hitman pro [latest] and malwarebytes antimalware [latest]); i ran 'junkware removal tool' SCAN as administrator;  the internet connection was ON; its log is below:
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows 7 Home Premium x64
Ran by NAVEEN on Mon-27-01-2014 at 18:42:10.55
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon-27-01-2014 at 18:50:07.69
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Become a BleepingComputer fan on Facebook
Have you seen.....Select Real Security

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:43 PM

Posted 27 January 2014 - 08:17 PM


Hello anniyan

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 anniyan

anniyan
  • Topic Starter

  • Members
  • 222 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Under your bed, mwahahahahaha!
  • Local time:12:13 AM

Posted 27 January 2014 - 08:18 PM

status now:

with reference to my "problem description" in

http://www.bleepingcomputer.com/forums/t/520666/i-am-not-sure-if-i-am-infected-but-100-sure-that-my-machine-has-some-problem/

 

i am not sure if those were solved; coz i am currently a bit held up now to determine clearly the situation; but i am sure that problem 1 and problem 12 persist (my router LEDs show fast and continuous data exchange without reason, once i connect to the internet; during that time even if i disconnect the router's ethernet connection to my laptop, that corresponding LED is turned off, yet the LED that indicates the connection of the router to the ISP blinks vigorously for a long time [i dont know why, maybe the remote hacker's computer continues to request data from my laptop { just guessing, sorry }] and in accordance with this, my internet usage details obtained from my ISP show huge transfer of data). i will check the other problems tonight (when i get free) and report to you. meanwhile can you analyse whatever i have reported so far and guide me as to what i should do next? thank you :)



Become a BleepingComputer fan on Facebook
Have you seen.....Select Real Security

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:43 PM

Posted 27 January 2014 - 08:51 PM

Hello anniyan


I will need to see the combofix report before I can report anything


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 anniyan

anniyan
  • Topic Starter

  • Members
  • 222 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Under your bed, mwahahahahaha!
  • Local time:12:13 AM

Posted 29 January 2014 - 08:09 AM

ran combofix after disabling all security programs, but forgot to turn off windows defender; log is below:

 

 

ComboFix 14-01-27.02 - NAVEEN 29-01-2014   3:02.1.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.91.1033.18.8140.6085 [GMT 5.5:30]
Running from: c:\users\NAVEEN\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {179979E8-273D-D14E-0543-2861940E4886}
FW: Kaspersky Internet Security *Disabled* {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
SP: Kaspersky Internet Security *Disabled/Updated* {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\NAVEEN\AppData\Roaming\dclogs
c:\users\NAVEEN\AppData\Roaming\inst.exe
c:\users\NAVEEN\AppData\Roaming\KW
c:\users\NAVEEN\AppData\Roaming\KW\bl0001.dat
c:\users\NAVEEN\AppData\Roaming\KW\bl0002.dat
c:\users\NAVEEN\AppData\Roaming\KW\bl0003.dat
c:\users\NAVEEN\AppData\Roaming\KW\bl0004.dat
c:\users\NAVEEN\AppData\Roaming\KW\bl0005.dat
c:\users\NAVEEN\AppData\Roaming\KW\bl0006.dat
c:\users\NAVEEN\AppData\Roaming\KW\bl0007.dat
c:\users\NAVEEN\AppData\Roaming\KW\bl0008.dat
c:\users\NAVEEN\AppData\Roaming\KW\bl0009.dat
c:\users\NAVEEN\AppData\Roaming\KW\bl0010.dat
c:\users\NAVEEN\AppData\Roaming\KW\bl0011.dat
c:\users\NAVEEN\AppData\Roaming\KW\bl0012.dat
c:\users\NAVEEN\AppData\Roaming\KW\bl0013.dat
c:\users\NAVEEN\AppData\Roaming\KW\bl0014.dat
c:\users\NAVEEN\AppData\Roaming\KW\bl0015.dat
c:\users\NAVEEN\AppData\Roaming\KW\bl0016.dat
c:\users\NAVEEN\AppData\Roaming\KW\bl0017.dat
c:\users\NAVEEN\AppData\Roaming\KW\bl0018.dat
c:\users\NAVEEN\AppData\Roaming\KW\bl0019.dat
c:\users\NAVEEN\AppData\Roaming\KW\bl0020.dat
c:\users\NAVEEN\AppData\Roaming\KW\bl0021.dat
c:\users\NAVEEN\AppData\Roaming\KW\bl0022.dat
c:\users\NAVEEN\AppData\Roaming\KW\bl0023.dat
c:\users\NAVEEN\AppData\Roaming\KW\bl0024.dat
c:\users\NAVEEN\AppData\Roaming\KW\bl0025.dat
c:\users\NAVEEN\AppData\Roaming\KW\bl0026.dat
c:\users\NAVEEN\AppData\Roaming\KW\bl0027.dat
c:\users\NAVEEN\AppData\Roaming\KW\bl0028.dat
c:\users\NAVEEN\AppData\Roaming\KW\bl0029.dat
c:\users\NAVEEN\AppData\Roaming\KW\bl0030.dat
c:\users\NAVEEN\AppData\Roaming\KW\bl0031.dat
c:\users\NAVEEN\AppData\Roaming\KW\max_drv.sys
c:\users\NAVEEN\AppData\Roaming\KW\unrar.dll
c:\windows\iun6002.exe
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((   Files Created from 2013-12-28 to 2014-01-28  )))))))))))))))))))))))))))))))
.
.
2014-01-28 21:58 . 2014-01-28 21:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-01-25 18:58 . 2014-01-25 18:58 -------- d-----w- c:\users\NAVEEN\AppData\Roaming\Oracle
2014-01-25 18:29 . 2014-01-25 18:29 -------- d-----w- c:\program files (x86)\Common Files\Java
2014-01-25 18:29 . 2014-01-25 18:29 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-01-25 18:17 . 2014-01-25 18:56 -------- d-----w- c:\programdata\Oracle
2014-01-24 23:28 . 2014-01-24 23:28 987425 ----a-w- C:\SecurityCheck.exe
2014-01-23 16:14 . 2014-01-28 21:46 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0DD5DFAA-9859-4F59-9AEF-0336544FAAC1}\offreg.dll
2014-01-23 14:44 . 2014-01-23 14:44 -------- d-----w- c:\program files (x86)\ESET
2014-01-23 13:24 . 2014-01-23 13:25 -------- d-----w- c:\program files\HitmanPro
2014-01-23 13:18 . 2014-01-23 13:54 -------- d-----w- c:\programdata\HitmanPro
2014-01-23 13:17 . 2014-01-23 13:17 564312 ----a-w- c:\windows\SysWow64\hmpalert.dll
2014-01-23 13:17 . 2014-01-23 13:17 518480 ----a-w- c:\windows\system32\hmpalert.dll
2014-01-23 13:17 . 2014-01-23 13:17 17416 ----a-w- c:\windows\system32\drivers\hmpalert.sys
2014-01-23 13:17 . 2014-01-23 13:17 -------- d-----w- c:\program files (x86)\HitmanPro.Alert
2014-01-23 00:29 . 2014-01-23 02:11 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-01-23 00:24 . 2014-01-23 00:24 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-01-22 23:06 . 2014-01-22 23:06 -------- d-----w- c:\programdata\ViceVersa PRO
2014-01-19 21:02 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0DD5DFAA-9859-4F59-9AEF-0336544FAAC1}\mpengine.dll
2014-01-19 20:53 . 2013-11-27 01:41 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2014-01-19 20:53 . 2013-11-27 01:41 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2014-01-19 20:53 . 2013-11-27 01:41 53248 ----a-w- c:\windows\system32\drivers\usbehci.sys
2014-01-19 20:53 . 2013-11-27 01:41 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2014-01-19 20:53 . 2013-11-27 01:41 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2014-01-19 20:53 . 2013-11-27 01:41 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2014-01-19 20:53 . 2013-11-27 01:41 7808 ----a-w- c:\windows\system32\drivers\usbd.sys
2014-01-19 20:53 . 2013-11-26 11:40 376768 ----a-w- c:\windows\system32\drivers\netio.sys
2014-01-19 20:53 . 2013-11-26 10:32 3156480 ----a-w- c:\windows\system32\win32k.sys
2014-01-19 09:22 . 2014-01-26 10:44 -------- d-----w- c:\users\NAVEEN\AppData\Roaming\Malwarebytes
2014-01-19 09:22 . 2014-01-19 09:22 -------- d-----w- c:\programdata\Malwarebytes
2014-01-19 09:22 . 2013-04-04 09:20 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-01-16 15:48 . 2014-01-17 13:50 -------- d-----w- c:\users\NAVEEN\AppData\Roaming\Notepad++
2014-01-15 00:03 . 2014-01-15 00:03 -------- d-----w- C:\AMD
2014-01-13 13:28 . 2014-01-27 13:05 -------- d-----w- C:\AdwCleaner
2014-01-09 21:11 . 2014-01-09 21:11 -------- d-----w- c:\users\NAVEEN\AppData\Roaming\IObit
2014-01-09 13:59 . 2014-01-09 13:59 -------- d-----w- c:\users\NAVEEN\.android
2014-01-09 12:08 . 2014-01-09 13:21 -------- d-----w- c:\users\NAVEEN\AppData\Local\Genymobile
2014-01-09 12:07 . 2014-01-09 18:45 -------- d-----w- c:\users\NAVEEN\.VirtualBox
2014-01-09 12:06 . 2013-04-12 06:11 237840 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2014-01-09 12:06 . 2013-04-12 06:10 120080 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2014-01-08 10:49 . 2013-09-20 05:19 21040 ----a-w- c:\windows\system32\sdnclean64.exe
2014-01-06 12:11 . 2014-01-06 12:12 -------- d-----w- C:\LiberKey
2014-01-04 06:33 . 2014-01-04 06:33 -------- d-----w- C:\naveenpgmfiles
2014-01-03 12:05 . 2014-01-03 12:05 -------- d-----w- c:\programdata\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}
2014-01-03 11:49 . 2014-01-03 11:49 -------- d-----w- c:\users\NAVEEN\AppData\Roaming\Wassapp
2014-01-03 09:15 . 2014-01-03 09:15 -------- d-----w- c:\program files (x86)\BlueStacks
2014-01-03 09:13 . 2014-01-03 09:15 -------- d-----w- c:\programdata\BlueStacks
2014-01-01 06:04 . 2014-01-01 06:04 -------- d-----w- c:\program files (x86)\Hp
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-19 20:55 . 2012-04-07 00:59 86054176 ----a-w- c:\windows\system32\MRT.exe
2014-01-07 14:46 . 2012-04-07 08:36 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-01-07 14:46 . 2011-11-09 17:33 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-01-01 10:59 . 2013-06-06 12:08 178272 ----a-w- c:\windows\system32\drivers\kneps.sys
2014-01-01 10:59 . 2013-11-25 23:23 620640 ----a-w- c:\windows\system32\drivers\klif.sys
2013-12-19 01:31 . 2012-12-17 13:29 13024768 ----a-w- c:\program files (x86)\Common Files\lpuninstall.exe
2013-12-12 12:24 . 2013-12-12 12:24 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-12-12 12:24 . 2013-12-12 12:24 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-12-12 12:24 . 2013-12-12 12:24 942592 ----a-w- c:\windows\system32\jsIntl.dll
2013-12-12 12:24 . 2013-12-12 12:24 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-12-12 12:24 . 2013-12-12 12:24 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
2013-12-12 12:24 . 2013-12-12 12:24 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-12-12 12:24 . 2013-12-12 12:24 84992 ----a-w- c:\windows\system32\mshtmled.dll
2013-12-12 12:24 . 2013-12-12 12:24 83968 ----a-w- c:\windows\system32\MshtmlDac.dll
2013-12-12 12:24 . 2013-12-12 12:24 81408 ----a-w- c:\windows\system32\icardie.dll
2013-12-12 12:24 . 2013-12-12 12:24 774144 ----a-w- c:\windows\system32\jscript.dll
2013-12-12 12:24 . 2013-12-12 12:24 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-12-12 12:24 . 2013-12-12 12:24 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-12-12 12:24 . 2013-12-12 12:24 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-12-12 12:24 . 2013-12-12 12:24 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
2013-12-12 12:24 . 2013-12-12 12:24 626176 ----a-w- c:\windows\system32\msfeeds.dll
2013-12-12 12:24 . 2013-12-12 12:24 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-12-12 12:24 . 2013-12-12 12:24 62464 ----a-w- c:\windows\system32\pngfilt.dll
2013-12-12 12:24 . 2013-12-12 12:24 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2013-12-12 12:24 . 2013-12-12 12:24 61952 ----a-w- c:\windows\SysWow64\iesetup.dll
2013-12-12 12:24 . 2013-12-12 12:24 616104 ----a-w- c:\windows\system32\ieapfltr.dat
2013-12-12 12:24 . 2013-12-12 12:24 548352 ----a-w- c:\windows\system32\vbscript.dll
2013-12-12 12:24 . 2013-12-12 12:24 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-12-12 12:24 . 2013-12-12 12:24 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2013-12-12 12:24 . 2013-12-12 12:24 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-12-12 12:24 . 2013-12-12 12:24 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-12-12 12:24 . 2013-12-12 12:24 48128 ----a-w- c:\windows\system32\imgutil.dll
2013-12-12 12:24 . 2013-12-12 12:24 454656 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-12-12 12:24 . 2013-12-12 12:24 453120 ----a-w- c:\windows\system32\dxtmsft.dll
2013-12-12 12:24 . 2013-12-12 12:24 413696 ----a-w- c:\windows\system32\html.iec
2013-12-12 12:24 . 2013-12-12 12:24 40448 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2013-12-12 12:24 . 2013-12-12 12:24 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-12-12 12:24 . 2013-12-12 12:24 34816 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2013-12-12 12:24 . 2013-12-12 12:24 337408 ----a-w- c:\windows\SysWow64\html.iec
2013-12-12 12:24 . 2013-12-12 12:24 30208 ----a-w- c:\windows\system32\licmgr10.dll
2013-12-12 12:24 . 2013-12-12 12:24 296960 ----a-w- c:\windows\system32\dxtrans.dll
2013-12-12 12:24 . 2013-12-12 12:24 263376 ----a-w- c:\windows\system32\iedkcs32.dll
2013-12-12 12:24 . 2013-12-12 12:24 247808 ----a-w- c:\windows\system32\msls31.dll
2013-12-12 12:24 . 2013-12-12 12:24 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-12-12 12:24 . 2013-12-12 12:24 243200 ----a-w- c:\windows\system32\webcheck.dll
2013-12-12 12:24 . 2013-12-12 12:24 235520 ----a-w- c:\windows\system32\url.dll
2013-12-12 12:24 . 2013-12-12 12:24 235008 ----a-w- c:\windows\system32\elshyph.dll
2013-12-12 12:24 . 2013-12-12 12:24 195584 ----a-w- c:\windows\system32\msrating.dll
2013-12-12 12:24 . 2013-12-12 12:24 182272 ----a-w- c:\windows\SysWow64\msls31.dll
2013-12-12 12:24 . 2013-12-12 12:24 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-12-12 12:24 . 2013-12-12 12:24 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-12-12 12:24 . 2013-12-12 12:24 147968 ----a-w- c:\windows\system32\occache.dll
2013-12-12 12:24 . 2013-12-12 12:24 143872 ----a-w- c:\windows\system32\wextract.exe
2013-12-12 12:24 . 2013-12-12 12:24 139264 ----a-w- c:\windows\SysWow64\wextract.exe
2013-12-12 12:24 . 2013-12-12 12:24 13824 ----a-w- c:\windows\system32\mshta.exe
2013-12-12 12:24 . 2013-12-12 12:24 135680 ----a-w- c:\windows\system32\iepeers.dll
2013-12-12 12:24 . 2013-12-12 12:24 13312 ----a-w- c:\windows\SysWow64\mshta.exe
2013-12-12 12:24 . 2013-12-12 12:24 13312 ----a-w- c:\windows\system32\msfeedssync.exe
2013-12-12 12:24 . 2013-12-12 12:24 131072 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-12-12 12:24 . 2013-12-12 12:24 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-12-12 12:24 . 2013-12-12 12:24 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-12-12 12:24 . 2013-12-12 12:24 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-12-12 12:24 . 2013-12-12 12:24 105984 ----a-w- c:\windows\system32\iesysprep.dll
2013-12-12 12:24 . 2013-12-12 12:24 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-12-12 12:24 . 2013-12-12 12:24 101376 ----a-w- c:\windows\system32\inseng.dll
2013-12-10 10:23 . 2013-12-10 10:23 82816 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2013-12-10 10:23 . 2013-12-10 10:23 82816 ----a-w- c:\users\NAVEEN\AppData\Roaming\pcouffin.sys
2013-12-09 21:43 . 2013-12-09 21:43 32768 ----a-w- c:\windows\NCUNINST.EXe
2013-11-28 00:24 . 2013-11-29 16:10 175480 ----a-w- c:\windows\system32\drivers\idmwfp.sys
2013-11-26 11:54 . 2013-12-14 17:15 23183360 ----a-w- c:\windows\system32\mshtml.dll
2013-11-26 10:19 . 2013-12-14 17:15 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2013-11-26 10:18 . 2013-12-14 17:15 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2013-11-26 09:59 . 2013-12-20 00:19 27600 ----a-r- c:\windows\isk3ro.exe
2013-11-26 09:48 . 2013-12-14 17:15 66048 ----a-w- c:\windows\system32\iesetup.dll
2013-11-26 09:46 . 2013-12-14 17:15 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2013-11-26 09:41 . 2013-12-14 17:15 2764288 ----a-w- c:\windows\system32\iertutil.dll
2013-11-26 09:29 . 2013-12-14 17:15 53760 ----a-w- c:\windows\system32\jsproxy.dll
2013-11-26 09:27 . 2013-12-14 17:15 33792 ----a-w- c:\windows\system32\iernonce.dll
2013-11-26 09:23 . 2013-12-14 17:15 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-11-26 09:21 . 2013-12-14 17:15 574976 ----a-w- c:\windows\system32\ieui.dll
2013-11-26 09:18 . 2013-12-14 17:15 139264 ----a-w- c:\windows\system32\ieUnatt.exe
2013-11-26 09:18 . 2013-12-14 17:15 111616 ----a-w- c:\windows\system32\ieetwcollector.exe
2013-11-26 09:16 . 2013-12-14 17:15 708608 ----a-w- c:\windows\system32\jscript9diag.dll
2013-11-26 08:57 . 2013-12-14 17:15 218624 ----a-w- c:\windows\system32\ie4uinit.exe
2013-11-26 08:35 . 2013-12-14 17:15 5769216 ----a-w- c:\windows\system32\jscript9.dll
2013-11-26 08:28 . 2013-12-14 17:15 553472 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2013-11-26 08:16 . 2013-12-14 17:15 4243968 ----a-w- c:\windows\SysWow64\jscript9.dll
2013-11-26 08:02 . 2013-12-14 17:15 1995264 ----a-w- c:\windows\system32\inetcpl.cpl
2013-11-26 07:48 . 2013-12-14 17:15 12996608 ----a-w- c:\windows\system32\ieframe.dll
2013-11-26 07:32 . 2013-12-14 17:15 1928192 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-11-26 07:07 . 2013-12-14 17:15 2334208 ----a-w- c:\windows\system32\wininet.dll
2013-11-26 06:40 . 2013-12-14 17:15 1395200 ----a-w- c:\windows\system32\urlmon.dll
2013-11-26 06:34 . 2013-12-14 17:15 817664 ----a-w- c:\windows\system32\ieapfltr.dll
2013-11-26 06:33 . 2013-12-14 17:15 1820160 ----a-w- c:\windows\SysWow64\wininet.dll
2013-11-25 23:23 . 2013-11-25 23:23 29792 ----a-w- c:\windows\system32\drivers\klim6.sys
2013-11-25 23:23 . 2013-11-25 23:23 29280 ----a-w- c:\windows\system32\drivers\klmouflt.sys
2013-11-25 23:23 . 2013-11-25 23:23 29280 ----a-w- c:\windows\system32\drivers\klkbdflt.sys
2013-11-25 23:23 . 2013-11-25 23:23 458336 ----a-w- c:\windows\system32\drivers\kl1.sys
2013-11-23 18:26 . 2013-12-12 12:12 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-11-23 17:47 . 2013-12-12 12:12 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2010-11-21 03:24 1169224 --sha-w- c:\windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-10-05 01:19 220632 ----a-w- c:\users\NAVEEN\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-10-05 01:19 220632 ----a-w- c:\users\NAVEEN\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-10-05 01:19 220632 ----a-w- c:\users\NAVEEN\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 284440]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-10-01 343168]
"FLxHCIm64"="c:\program files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe" [2011-08-11 47616]
"HPQuickWebProxy"="c:\program files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" [2011-10-08 169528]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]
"HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-09-13 103992]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-03-05 578944]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"HideSCABattery"= 1 (0x1)
"HideSCANetwork"= 1 (0x1)
"HideSCAVolume"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\igfxcui]
 [BU]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ   autocheck autochk *\0autocheck 
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200449]
   Ime File REG_SZ         GoogleInputTools.ime
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.3.124.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.3.124.0\BBSvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\naveen\MalwarebytesAM\mbamscheduler.exe;c:\program files (x86)\naveen\MalwarebytesAM\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\naveen\MalwarebytesAM\mbamservice.exe;c:\program files (x86)\naveen\MalwarebytesAM\mbamservice.exe [x]
R2 MetroServ;WinMetro Service;c:\program files (x86)\naveen\WinMetro\MetroSvc.exe;c:\program files (x86)\naveen\WinMetro\MetroSvc.exe [x]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys;c:\windows\SYSNATIVE\Drivers\ssadadb.sys [x]
R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS;c:\windows\SYSNATIVE\drivers\BVRPMPR5a64.SYS [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys;c:\windows\SYSNATIVE\DRIVERS\ew_usbenumfilter.sys [x]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jucdcacm.sys [x]
R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juextctrl.sys [x]
R3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juwwanecm.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe;c:\program files\Microsoft Fix it Center\Matsvc.exe [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf.sys [x]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys;c:\windows\SYSNATIVE\DRIVERS\revoflt.sys [x]
R3 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\naveen\Spybot2\SDFSSvc.exe;c:\program files (x86)\naveen\Spybot2\SDFSSvc.exe [x]
R3 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\naveen\Spybot2\SDUpdSvc.exe;c:\program files (x86)\naveen\Spybot2\SDUpdSvc.exe [x]
R3 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\naveen\Spybot2\SDWSCSvc.exe;c:\program files (x86)\naveen\Spybot2\SDWSCSvc.exe [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssadserd.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 BingDesktopUpdate;Bing Desktop Update service;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [x]
R4 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R4 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [x]
R4 CLKMSVC10_38F51D56;CyberLink Product - 2012/06/03 05:29;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [x]
R4 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R4 HWDeviceService64.exe;HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe [x]
R4 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
R4 klflt;klflt;c:\windows\system32\DRIVERS\klflt.sys;c:\windows\SYSNATIVE\DRIVERS\klflt.sys [x]
R4 Mobile Partner. RunOuc;Mobile Partner. OUC;c:\program files (x86)\naveen\huaweiMP\UpdateDog\ouc.exe;c:\program files (x86)\naveen\huaweiMP\UpdateDog\ouc.exe [x]
R4 MoboroboDeviceService;Moborobo Device Service;c:\program files (x86)\naveen\Moborobo\MoboroboDeviceService.exe;c:\program files (x86)\naveen\Moborobo\MoboroboDeviceService.exe [x]
R4 MotoHelper.exe;Motorola Helper;c:\program files (x86)\Motorola\Moto Helper Service\MotoHelper.exe;c:\program files (x86)\Motorola\Moto Helper Service\MotoHelper.exe [x]
R4 Motorola Device Manager;Motorola Device Manager Service;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [x]
R4 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
R4 PST Service;PST Service;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [x]
R4 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe [x]
R4 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe;c:\program files (x86)\Secunia\PSI\sua.exe [x]
R4 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R4 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R4 TeamViewer9;TeamViewer 9;c:\program files (x86)\naveen\TeamViewer9\TeamViewer_Service.exe;c:\program files (x86)\naveen\TeamViewer9\TeamViewer_Service.exe [x]
R4 XMouseButton Launcher;XMouseButton Launcher;c:\program files\naveen\X-MouseBtnctrl\XMouseButtonSvc.exe;c:\program files\naveen\X-MouseBtnctrl\XMouseButtonSvc.exe [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 AntiLog32;AntiLog32;c:\windows\system32\drivers\AntiLog64.sys;c:\windows\SYSNATIVE\drivers\AntiLog64.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]
S1 klpd;klpd;c:\windows\system32\DRIVERS\klpd.sys;c:\windows\SYSNATIVE\DRIVERS\klpd.sys [x]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxUSBMon.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2012\TrueSuiteService.exe;c:\program files (x86)\HP SimplePass 2012\TrueSuiteService.exe [x]
S2 GoogleInputService;GoogleInputService;c:\program files (x86)\Google\Google Input Tools\GoogleInputService.exe;c:\program files (x86)\Google\Google Input Tools\GoogleInputService.exe [x]
S2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe;c:\program files\HitmanPro\hmpsched.exe [x]
S2 hmpalert;HitmanPro.Alert Support Driver;c:\windows\system32\drivers\hmpalert.sys;c:\windows\SYSNATIVE\drivers\hmpalert.sys [x]
S2 hmpalertsvc;HitmanPro.Alert Service;c:\program files (x86)\HitmanPro.Alert\hmpalert.exe;c:\program files (x86)\HitmanPro.Alert\hmpalert.exe [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;c:\program files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe;c:\program files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\idmwfp.sys [x]
S2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.exe [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 DKRtWrt;DKRtWrt;c:\windows\system32\DRIVERS\DKRtWrt.sys;c:\windows\SYSNATIVE\DRIVERS\DKRtWrt.sys [x]
S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys;c:\windows\SYSNATIVE\DRIVERS\FLxHCIc.sys [x]
S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\DRIVERS\FLxHCIh.sys;c:\windows\SYSNATIVE\DRIVERS\FLxHCIh.sys [x]
S3 hpCMSrv;HP Connection Manager 4 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys;c:\windows\SYSNATIVE\Drivers\pcouffin.sys [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192Ce.sys [x]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys;c:\windows\SYSNATIVE\DRIVERS\seehcri.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys;c:\windows\SYSNATIVE\DRIVERS\teamviewervpn.sys [x]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
start [BU]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-01-14 19:10 1211672 ----a-w- c:\program files (x86)\Google\Chrome\Application\32.0.1700.76\Installer\chrmstp.exe
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}]
msiexec [BU]
.
Contents of the 'Scheduled Tasks' folder
.
2014-01-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-20 15:53]
.
2014-01-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-20 15:53]
.
2014-01-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-606511456-1437241303-3617233354-1000Core.job
- c:\users\NAVEEN\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-10 18:04]
.
2014-01-28 c:\windows\Tasks\HPCeeScheduleForNAVEEN.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 12:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-10-05 01:19 244696 ----a-w- c:\users\NAVEEN\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-10-05 01:19 244696 ----a-w- c:\users\NAVEEN\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-10-05 01:19 244696 ----a-w- c:\users\NAVEEN\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-11-15 23:07 23496 ----a-w- c:\program files (x86)\naveen\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-09 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-09 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-09 416024]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-12-16 1425408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NCPluginUpdater"="c:\program files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" [2014-01-14 21720]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
mWindow Title = Windows Internet Explorer provided by MSN and Bing
mSearchAssistant = 
IE: Download all links with IDM - c:\program files (x86)\naveen\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files (x86)\naveen\Internet Download Manager\IEExt.htm
IE: LastPass - file://c:\users\NAVEEN\AppData\LocalLow\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://c:\users\NAVEEN\AppData\LocalLow\LastPass\context.html?cmd=fillforms
IE: Upload to Facebook - c:\program files (x86)\naveen\UploadRabbit\iecontext.htm
IE: {{F894E6C5-415F-4177-A452-FB29B8B09A8E} - {F894E6C5-415F-4177-A452-FB29B8B09A8E} - c:\program files (x86)\Free Video Downloader\IePluginFVD.dll
TCP: Interfaces\{191C55E5-C1DC-4478-AD49-77F3638CA361}: NameServer = 8.8.8.8 218.248.241.3
TCP: Interfaces\{2517F750-4D1D-45F8-818C-40592DE6C535}: NameServer = 8.8.8.8 218.248.241.4
TCP: Interfaces\{649033BA-E433-4C5B-9C62-9A06B557BC2B}: NameServer = 218.248.255.147,218.248.255.146
TCP: Interfaces\{ABCF1B36-2DC4-4984-8B47-29297830CB67}: NameServer = 103.8.45.5 103.8.44.5
FF - ProfilePath - c:\users\NAVEEN\AppData\Roaming\Mozilla\Firefox\Profiles\ptle5mxm.default\
FF - ExtSQL: 2014-01-01 16:29; anti_banner@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF - ExtSQL: 2014-01-01 16:29; content_blocker@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF - ExtSQL: 2014-01-01 16:29; url_advisor@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF - ExtSQL: 2014-01-01 16:29; online_banking@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF - ExtSQL: 2014-01-01 16:29; virtual_keyboard@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
.
.
------- File Associations -------
.
.txt=STDUViewerFile.TXT
.
- - - - ORPHANS REMOVED - - - -
.
Notify-klogon - (no file)
Notify-SDWinLogon - SDWinLogon.dll
WebBrowser-{8567A644-E36C-470C-86CF-9C5B4F37DB81} - (no file)
AddRemove-Battle Realms Winter of the Wolf (2 IN 1) Full - c:\windows\iun6002.exe
AddRemove-{1a413f37-ed88-4fec-9666-5c48dc4b7bb7} - c:\program files (x86)\GreenTree Applications\YTD Video Downloader\uninstall.exe
AddRemove-{7399FF79-F32D-C678-80CA-40F7E533BDE9} - c:\progra~3\INSTAL~1\{2EC1C~1\Setup.exe
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
AddRemove-PokkiDownloadHelper - c:\users\NAVEEN\AppData\Local\Pokki\Download Helper\PokkiDownloadHelper.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{9F6B5CC3-5C7B-4B5C-97AF-19DEC1E380E5}"=hex:51,66,7a,6c,4c,1d,38,12,ad,5f,78,
   9b,49,12,32,0e,e8,b9,5a,9e,c4,bd,c4,f1
"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,
   89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b
"{0329E7D6-6F54-462D-93F6-F5C3118BADF2}"=hex:51,66,7a,6c,4c,1d,38,12,b8,e4,3a,
   07,66,21,43,03,ec,e0,b6,83,14,d5,e9,e6
"{32099AAC-C132-4136-9E9A-4E364A424E17}"=hex:51,66,7a,6c,4c,1d,38,12,c2,99,1a,
   36,00,8f,58,04,e1,8c,0d,76,4f,1c,0a,03
"{0055C089-8582-441B-A0BF-17B458C2A3A8}"=hex:51,66,7a,6c,4c,1d,38,12,e7,c3,46,
   04,b0,cb,75,01,df,a9,54,f4,5d,9c,e7,bc
"{0EEDB912-C5FA-486F-8334-57288578C627}"=hex:51,66,7a,6c,4c,1d,38,12,7c,ba,fe,
   0a,c8,8b,01,0d,fc,22,14,68,80,26,82,33
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
   1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{389943B0-C3A2-4E69-82CB-8596A84CB3DC}"=hex:51,66,7a,6c,4c,1d,38,12,de,40,8a,
   3c,90,8d,07,0b,fd,dd,c6,d6,ad,12,f7,c8
"{53707962-6F74-2D53-2644-206D7942484F}"=hex:51,66,7a,6c,4c,1d,38,12,0c,7a,63,
   57,46,21,3d,68,59,52,63,2d,7c,1c,0c,5b
"{5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F}"=hex:51,66,7a,6c,4c,1d,38,12,1d,cf,77,
   51,95,a1,d1,09,ee,9c,1f,b7,fe,e1,bb,5b
"{73455575-E40C-433C-9784-C78DC7761455}"=hex:51,66,7a,6c,4c,1d,38,12,1b,56,56,
   77,3e,aa,52,06,e8,92,84,cd,c2,28,50,41
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
   72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{8590886E-EC8C-43C1-A32C-E4C2B0B6395B}"=hex:51,66,7a,6c,4c,1d,38,12,00,8b,83,
   81,be,a2,af,06,dc,3a,a7,82,b5,e8,7d,4f
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
   94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{92A9ACF4-9333-43AE-9698-DB283326F87F}"=hex:51,66,7a,6c,4c,1d,38,12,9a,af,ba,
   96,01,dd,c0,06,e9,8e,98,68,36,78,bc,6b
"{95D9ECF5-2A4D-4550-BE49-70D42F71296E}"=hex:51,66,7a,6c,4c,1d,38,12,9b,ef,ca,
   91,7f,64,3e,00,c1,5f,33,94,2a,2f,6d,7a
"{9E6D0D23-3D72-4A94-AE1F-2D167624E3D9}"=hex:51,66,7a,6c,4c,1d,38,12,4d,0e,7e,
   9a,40,73,fa,0f,d1,09,6e,56,73,7a,a7,cd
"{B15BBE59-42F5-4206-B3F0-BE98F5DC4B93}"=hex:51,66,7a,6c,4c,1d,38,12,37,bd,48,
   b5,c7,0c,68,07,cc,e6,fd,d8,f0,82,0f,87
"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,
   d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{E33CF602-D945-461A-83F0-819F76A199F8}"=hex:51,66,7a,6c,4c,1d,38,12,6c,f5,2f,
   e7,77,97,74,03,fc,e6,c2,df,73,ff,dd,ec
"{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}"=hex:51,66,7a,6c,4c,1d,38,12,3b,d4,7c,
   e3,88,8f,a5,08,e0,05,da,fd,94,7c,7e,ca
"{ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7}"=hex:51,66,7a,6c,4c,1d,38,12,19,c7,a0,
   e8,38,54,d3,01,c4,41,3b,b9,ea,bd,0b,b3
"{FF7C3CF0-4B15-11D1-ABED-709549C10000}"=hex:51,66,7a,6c,4c,1d,38,12,9e,3f,6f,
   fb,27,05,bf,54,d4,fb,33,d5,4c,9f,44,14
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:ba,84,36,0b,2a,3c,ce,01
.
[HKEY_USERS\S-1-5-21-606511456-1437241303-3617233354-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):3c,8f,1e,f6,26,3d,2e,93,05,24,fd,9b,4d,91,41,fc,ee,a6,6e,aa,da,
   0b,8c,3e,c9,cc,a0,2e,3a,36,b7,8d,05,59,9e,ec,dd,33,64,89,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-606511456-1437241303-3617233354-1000_Classes\Wow6432Node\CLSID\{cfddaed4-ea6c-4cbc-babf-1937a983fc09}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:000000e3
"Therad"=dword:0000001a
"SpecVersion"=dword:00000106
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
   1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_LOCAL_MACHINE\software\BlueStacks]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-01-29  03:58:57
ComboFix-quarantined-files.txt  2014-01-28 22:28
ComboFix2.txt  2014-01-25 15:45
.
Pre-Run: 7,926,734,848 bytes free
Post-Run: 7,623,176,192 bytes free
.
- - End Of File - - E378D2E68CC608397730C4D2E0EE6689
 
 
 
 
 
after this was over completely i restarted my machine; then i remembered that i did not turn off windows defender; so did that and ran combofix again; but this time windows popped up a message box saying pev.3xe stopped working and after that combofix hung in the "preparing log report............." stage for really long time; so i closed it; here is the log:
 
 
ComboFix 14-01-27.02 - NAVEEN 29-01-2014   5:00:59.2.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.91.1033.18.8140.5243 [GMT 5.5:30]
Running from: C:\Users\NAVEEN\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {179979E8-273D-D14E-0543-2861940E4886}
FW: Kaspersky Internet Security *Disabled* {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
SP: Kaspersky Internet Security *Disabled/Updated* {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
 
(((((((((((((((((((((((((   Files Created from 2013-12-28 to 2014-01-28  )))))))))))))))))))))))))))))))
 
 
2014-01-28 23:50:46 . 2014-01-28 23:50:46 -------- d-----w- C:\Users\Default\AppData\Local\temp
2014-01-25 18:58:00 . 2014-01-25 18:58:00 -------- d-----w- C:\Users\NAVEEN\AppData\Roaming\Oracle
2014-01-25 18:29:52 . 2014-01-25 18:29:52 -------- d-----w- C:\Program Files (x86)\Common Files\Java
2014-01-25 18:29:30 . 2014-01-25 18:29:16 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-01-25 18:17:48 . 2014-01-25 18:56:48 -------- d-----w- C:\ProgramData\Oracle
2014-01-24 23:28:11 . 2014-01-24 23:28:26 987425 ----a-w- C:\SecurityCheck.exe
2014-01-23 14:44:05 . 2014-01-23 14:44:05 -------- d-----w- C:\Program Files (x86)\ESET
2014-01-23 13:24:46 . 2014-01-23 13:25:35 -------- d-----w- C:\Program Files\HitmanPro
2014-01-23 13:18:10 . 2014-01-23 13:54:07 -------- d-----w- C:\ProgramData\HitmanPro
2014-01-23 13:17:11 . 2014-01-23 13:17:11 564312 ----a-w- C:\Windows\SysWow64\hmpalert.dll
2014-01-23 13:17:11 . 2014-01-23 13:17:11 518480 ----a-w- C:\Windows\system32\hmpalert.dll
2014-01-23 13:17:11 . 2014-01-23 13:17:11 17416 ----a-w- C:\Windows\system32\drivers\hmpalert.sys
2014-01-23 13:17:11 . 2014-01-23 13:17:11 -------- d-----w- C:\Program Files (x86)\HitmanPro.Alert
2014-01-23 00:29:35 . 2014-01-23 02:11:16 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-01-23 00:24:41 . 2014-01-23 00:24:41 91352 ----a-w- C:\Windows\system32\drivers\mbamchameleon.sys
2014-01-22 23:06:34 . 2014-01-22 23:06:34 -------- d-----w- C:\ProgramData\ViceVersa PRO
2014-01-19 21:02:04 . 2013-12-04 03:28:24 10315576 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0DD5DFAA-9859-4F59-9AEF-0336544FAAC1}\mpengine.dll
2014-01-19 20:53:47 . 2013-11-27 01:41:37 343040 ----a-w- C:\Windows\system32\drivers\usbhub.sys
2014-01-19 20:53:47 . 2013-11-27 01:41:15 99840 ----a-w- C:\Windows\system32\drivers\usbccgp.sys
2014-01-19 20:53:47 . 2013-11-27 01:41:11 53248 ----a-w- C:\Windows\system32\drivers\usbehci.sys
2014-01-19 20:53:47 . 2013-11-27 01:41:11 325120 ----a-w- C:\Windows\system32\drivers\usbport.sys
2014-01-19 20:53:47 . 2013-11-27 01:41:09 25600 ----a-w- C:\Windows\system32\drivers\usbohci.sys
2014-01-19 20:53:47 . 2013-11-27 01:41:06 30720 ----a-w- C:\Windows\system32\drivers\usbuhci.sys
2014-01-19 20:53:47 . 2013-11-27 01:41:03 7808 ----a-w- C:\Windows\system32\drivers\usbd.sys
2014-01-19 20:53:46 . 2013-11-26 11:40:00 376768 ----a-w- C:\Windows\system32\drivers\netio.sys
2014-01-19 20:53:46 . 2013-11-26 10:32:56 3156480 ----a-w- C:\Windows\system32\win32k.sys
2014-01-19 09:22:27 . 2014-01-26 10:44:58 -------- d-----w- C:\Users\NAVEEN\AppData\Roaming\Malwarebytes
2014-01-19 09:22:04 . 2014-01-19 09:22:04 -------- d-----w- C:\ProgramData\Malwarebytes
2014-01-19 09:22:03 . 2013-04-04 09:20:32 25928 ----a-w- C:\Windows\system32\drivers\mbam.sys
2014-01-16 15:48:25 . 2014-01-17 13:50:16 -------- d-----w- C:\Users\NAVEEN\AppData\Roaming\Notepad++
2014-01-15 00:03:53 . 2014-01-15 00:03:53 -------- d-----w- C:\AMD
2014-01-13 13:28:19 . 2014-01-27 13:05:19 -------- d-----w- C:\AdwCleaner
2014-01-09 21:11:34 . 2014-01-09 21:11:34 -------- d-----w- C:\Users\NAVEEN\AppData\Roaming\IObit
2014-01-09 13:59:27 . 2014-01-09 13:59:28 -------- d-----w- C:\Users\NAVEEN\.android
2014-01-09 12:08:40 . 2014-01-09 13:21:06 -------- d-----w- C:\Users\NAVEEN\AppData\Local\Genymobile
2014-01-09 12:07:21 . 2014-01-09 18:45:40 -------- d-----w- C:\Users\NAVEEN\.VirtualBox
2014-01-09 12:06:15 . 2013-04-12 06:11:58 237840 ----a-w- C:\Windows\system32\drivers\VBoxDrv.sys
2014-01-09 12:06:01 . 2013-04-12 06:10:18 120080 ----a-w- C:\Windows\system32\drivers\VBoxUSBMon.sys
2014-01-08 10:49:10 . 2013-09-20 05:19:34 21040 ----a-w- C:\Windows\system32\sdnclean64.exe
2014-01-06 12:11:17 . 2014-01-06 12:12:13 -------- d-----w- C:\LiberKey
2014-01-04 06:33:46 . 2014-01-04 06:33:46 -------- d-----w- C:\naveenpgmfiles
2014-01-03 12:05:00 . 2014-01-03 12:05:00 -------- d-----w- C:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}
2014-01-03 11:49:05 . 2014-01-03 11:49:05 -------- d-----w- C:\Users\NAVEEN\AppData\Roaming\Wassapp
2014-01-03 09:15:03 . 2014-01-03 09:15:05 -------- d-----w- C:\Program Files (x86)\BlueStacks
2014-01-03 09:13:31 . 2014-01-03 09:15:29 -------- d-----w- C:\ProgramData\BlueStacks
2014-01-01 06:04:27 . 2014-01-01 06:04:27 -------- d-----w- C:\Program Files (x86)\Hp
.
 
 
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
 
 
 
then rebooted the machine and tried the same again; same story again; here is the log:
 
 
ComboFix 14-01-27.02 - NAVEEN 29-01-2014   7:42:51.3.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.91.1033.18.8140.5168 [GMT 5.5:30]
Running from: C:\Users\NAVEEN\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {179979E8-273D-D14E-0543-2861940E4886}
FW: Kaspersky Internet Security *Disabled* {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
SP: Kaspersky Internet Security *Disabled/Updated* {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
 
(((((((((((((((((((((((((   Files Created from 2013-12-28 to 2014-01-29  )))))))))))))))))))))))))))))))
 
 
2014-01-29 02:26:28 . 2014-01-29 02:26:28 -------- d-----w- C:\Users\Default\AppData\Local\temp
2014-01-25 18:58:00 . 2014-01-25 18:58:00 -------- d-----w- C:\Users\NAVEEN\AppData\Roaming\Oracle
2014-01-25 18:29:52 . 2014-01-25 18:29:52 -------- d-----w- C:\Program Files (x86)\Common Files\Java
2014-01-25 18:29:30 . 2014-01-25 18:29:16 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-01-25 18:17:48 . 2014-01-25 18:56:48 -------- d-----w- C:\ProgramData\Oracle
2014-01-24 23:28:11 . 2014-01-24 23:28:26 987425 ----a-w- C:\SecurityCheck.exe
2014-01-23 14:44:05 . 2014-01-23 14:44:05 -------- d-----w- C:\Program Files (x86)\ESET
2014-01-23 13:24:46 . 2014-01-23 13:25:35 -------- d-----w- C:\Program Files\HitmanPro
2014-01-23 13:18:10 . 2014-01-23 13:54:07 -------- d-----w- C:\ProgramData\HitmanPro
2014-01-23 13:17:11 . 2014-01-23 13:17:11 564312 ----a-w- C:\Windows\SysWow64\hmpalert.dll
2014-01-23 13:17:11 . 2014-01-23 13:17:11 518480 ----a-w- C:\Windows\system32\hmpalert.dll
2014-01-23 13:17:11 . 2014-01-23 13:17:11 17416 ----a-w- C:\Windows\system32\drivers\hmpalert.sys
2014-01-23 13:17:11 . 2014-01-23 13:17:11 -------- d-----w- C:\Program Files (x86)\HitmanPro.Alert
2014-01-23 00:29:35 . 2014-01-23 02:11:16 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-01-23 00:24:41 . 2014-01-23 00:24:41 91352 ----a-w- C:\Windows\system32\drivers\mbamchameleon.sys
2014-01-22 23:06:34 . 2014-01-22 23:06:34 -------- d-----w- C:\ProgramData\ViceVersa PRO
2014-01-19 21:02:04 . 2013-12-04 03:28:24 10315576 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0DD5DFAA-9859-4F59-9AEF-0336544FAAC1}\mpengine.dll
2014-01-19 20:53:47 . 2013-11-27 01:41:37 343040 ----a-w- C:\Windows\system32\drivers\usbhub.sys
2014-01-19 20:53:47 . 2013-11-27 01:41:15 99840 ----a-w- C:\Windows\system32\drivers\usbccgp.sys
2014-01-19 20:53:47 . 2013-11-27 01:41:11 53248 ----a-w- C:\Windows\system32\drivers\usbehci.sys
2014-01-19 20:53:47 . 2013-11-27 01:41:11 325120 ----a-w- C:\Windows\system32\drivers\usbport.sys
2014-01-19 20:53:47 . 2013-11-27 01:41:09 25600 ----a-w- C:\Windows\system32\drivers\usbohci.sys
2014-01-19 20:53:47 . 2013-11-27 01:41:06 30720 ----a-w- C:\Windows\system32\drivers\usbuhci.sys
2014-01-19 20:53:47 . 2013-11-27 01:41:03 7808 ----a-w- C:\Windows\system32\drivers\usbd.sys
2014-01-19 20:53:46 . 2013-11-26 11:40:00 376768 ----a-w- C:\Windows\system32\drivers\netio.sys
2014-01-19 20:53:46 . 2013-11-26 10:32:56 3156480 ----a-w- C:\Windows\system32\win32k.sys
2014-01-19 09:22:27 . 2014-01-26 10:44:58 -------- d-----w- C:\Users\NAVEEN\AppData\Roaming\Malwarebytes
2014-01-19 09:22:04 . 2014-01-19 09:22:04 -------- d-----w- C:\ProgramData\Malwarebytes
2014-01-19 09:22:03 . 2013-04-04 09:20:32 25928 ----a-w- C:\Windows\system32\drivers\mbam.sys
2014-01-16 15:48:25 . 2014-01-17 13:50:16 -------- d-----w- C:\Users\NAVEEN\AppData\Roaming\Notepad++
2014-01-15 00:03:53 . 2014-01-15 00:03:53 -------- d-----w- C:\AMD
2014-01-13 13:28:19 . 2014-01-27 13:05:19 -------- d-----w- C:\AdwCleaner
2014-01-09 21:11:34 . 2014-01-09 21:11:34 -------- d-----w- C:\Users\NAVEEN\AppData\Roaming\IObit
2014-01-09 13:59:27 . 2014-01-09 13:59:28 -------- d-----w- C:\Users\NAVEEN\.android
2014-01-09 12:08:40 . 2014-01-09 13:21:06 -------- d-----w- C:\Users\NAVEEN\AppData\Local\Genymobile
2014-01-09 12:07:21 . 2014-01-09 18:45:40 -------- d-----w- C:\Users\NAVEEN\.VirtualBox
2014-01-09 12:06:15 . 2013-04-12 06:11:58 237840 ----a-w- C:\Windows\system32\drivers\VBoxDrv.sys
2014-01-09 12:06:01 . 2013-04-12 06:10:18 120080 ----a-w- C:\Windows\system32\drivers\VBoxUSBMon.sys
2014-01-08 10:49:10 . 2013-09-20 05:19:34 21040 ----a-w- C:\Windows\system32\sdnclean64.exe
2014-01-06 12:11:17 . 2014-01-06 12:12:13 -------- d-----w- C:\LiberKey
2014-01-04 06:33:46 . 2014-01-04 06:33:46 -------- d-----w- C:\naveenpgmfiles
2014-01-03 12:05:00 . 2014-01-03 12:05:00 -------- d-----w- C:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}
2014-01-03 11:49:05 . 2014-01-03 11:49:05 -------- d-----w- C:\Users\NAVEEN\AppData\Roaming\Wassapp
2014-01-03 09:15:03 . 2014-01-03 09:15:05 -------- d-----w- C:\Program Files (x86)\BlueStacks
2014-01-03 09:13:31 . 2014-01-03 09:15:29 -------- d-----w- C:\ProgramData\BlueStacks
2014-01-01 06:04:27 . 2014-01-01 06:04:27 -------- d-----w- C:\Program Files (x86)\Hp
.
 
 
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
 
2014-01-19 20:55:25 . 2012-04-07 00:59:08 86054176 ----a-w- C:\Windows\system32\MRT.exe
2014-01-07 14:46:41 . 2012-04-07 08:36:04 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-01-07 14:46:41 . 2011-11-09 17:33:13 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-01-01 10:59:02 . 2013-06-06 12:08:20 178272 ----a-w- C:\Windows\system32\drivers\kneps.sys
2014-01-01 10:59:00 . 2013-11-25 23:23:10 620640 ----a-w- C:\Windows\system32\drivers\klif.sys
2013-12-19 01:31:45 . 2012-12-17 13:29:05 13024768 ----a-w- C:\Program Files (x86)\Common Files\lpuninstall.exe
2013-12-12 12:24:42 . 2013-12-12 12:24:42 940032 ----a-w- C:\Windows\system32\MsSpellCheckingFacility.exe
2013-12-12 12:24:42 . 2013-12-12 12:24:42 194048 ----a-w- C:\Windows\SysWow64\elshyph.dll
2013-12-12 12:24:35 . 2013-12-12 12:24:35 942592 ----a-w- C:\Windows\system32\jsIntl.dll
2013-12-12 12:24:35 . 2013-12-12 12:24:35 90112 ----a-w- C:\Windows\system32\SetIEInstalledDate.exe
2013-12-12 12:24:35 . 2013-12-12 12:24:35 86016 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-12-12 12:24:35 . 2013-12-12 12:24:35 86016 ----a-w- C:\Windows\system32\RegisterIEPKEYs.exe
2013-12-12 12:24:35 . 2013-12-12 12:24:35 84992 ----a-w- C:\Windows\system32\mshtmled.dll
2013-12-12 12:24:35 . 2013-12-12 12:24:35 83968 ----a-w- C:\Windows\system32\MshtmlDac.dll
2013-12-12 12:24:35 . 2013-12-12 12:24:35 81408 ----a-w- C:\Windows\system32\icardie.dll
2013-12-12 12:24:35 . 2013-12-12 12:24:35 774144 ----a-w- C:\Windows\system32\jscript.dll
2013-12-12 12:24:35 . 2013-12-12 12:24:35 77312 ----a-w- C:\Windows\system32\tdc.ocx
2013-12-12 12:24:35 . 2013-12-12 12:24:35 74240 ----a-w- C:\Windows\SysWow64\SetIEInstalledDate.exe
2013-12-12 12:24:35 . 2013-12-12 12:24:35 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-12-12 12:24:35 . 2013-12-12 12:24:35 645120 ----a-w- C:\Windows\SysWow64\jsIntl.dll
2013-12-12 12:24:35 . 2013-12-12 12:24:35 626176 ----a-w- C:\Windows\system32\msfeeds.dll
2013-12-12 12:24:35 . 2013-12-12 12:24:35 62464 ----a-w- C:\Windows\SysWow64\tdc.ocx
2013-12-12 12:24:35 . 2013-12-12 12:24:35 62464 ----a-w- C:\Windows\system32\pngfilt.dll
2013-12-12 12:24:35 . 2013-12-12 12:24:35 61952 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2013-12-12 12:24:35 . 2013-12-12 12:24:35 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-12-12 12:24:35 . 2013-12-12 12:24:35 616104 ----a-w- C:\Windows\system32\ieapfltr.dat
2013-12-12 12:24:35 . 2013-12-12 12:24:35 548352 ----a-w- C:\Windows\system32\vbscript.dll
2013-12-12 12:24:35 . 2013-12-12 12:24:35 52224 ----a-w- C:\Windows\system32\msfeedsbs.dll
2013-12-12 12:24:35 . 2013-12-12 12:24:35 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2013-12-12 12:24:35 . 2013-12-12 12:24:35 48640 ----a-w- C:\Windows\SysWow64\mshtmler.dll
2013-12-12 12:24:35 . 2013-12-12 12:24:35 48640 ----a-w- C:\Windows\system32\mshtmler.dll
2013-12-12 12:24:35 . 2013-12-12 12:24:35 48128 ----a-w- C:\Windows\system32\imgutil.dll
2013-12-12 12:24:35 . 2013-12-12 12:24:35 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-12-12 12:24:35 . 2013-12-12 12:24:35 453120 ----a-w- C:\Windows\system32\dxtmsft.dll
2013-12-12 12:24:35 . 2013-12-12 12:24:35 413696 ----a-w- C:\Windows\system32\html.iec
2013-12-12 12:24:35 . 2013-12-12 12:24:35 40448 ----a-w- C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-12-12 12:24:35 . 2013-12-12 12:24:35 36352 ----a-w- C:\Windows\SysWow64\imgutil.dll
2013-12-12 12:24:35 . 2013-12-12 12:24:35 34816 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2013-12-12 12:24:35 . 2013-12-12 12:24:35 337408 ----a-w- C:\Windows\SysWow64\html.iec
2013-12-12 12:24:35 . 2013-12-12 12:24:35 30208 ----a-w- C:\Windows\system32\licmgr10.dll
2013-12-12 12:24:35 . 2013-12-12 12:24:35 296960 ----a-w- C:\Windows\system32\dxtrans.dll
2013-12-12 12:24:35 . 2013-12-12 12:24:35 263376 ----a-w- C:\Windows\system32\iedkcs32.dll
2013-12-12 12:24:35 . 2013-12-12 12:24:35 247808 ----a-w- C:\Windows\system32\msls31.dll
2013-12-12 12:24:35 . 2013-12-12 12:24:35 24576 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2013-12-12 12:24:35 . 2013-12-12 12:24:35 243200 ----a-w- C:\Windows\system32\webcheck.dll
2013-12-12 12:24:35 . 2013-12-12 12:24:35 235520 ----a-w- C:\Windows\system32\url.dll
2013-12-12 12:24:35 . 2013-12-12 12:24:35 235008 ----a-w- C:\Windows\system32\elshyph.dll
2013-12-12 12:24:35 . 2013-12-12 12:24:35 195584 ----a-w- C:\Windows\system32\msrating.dll
2013-12-12 12:24:35 . 2013-12-12 12:24:35 182272 ----a-w- C:\Windows\SysWow64\msls31.dll
2013-12-12 12:24:35 . 2013-12-12 12:24:35 167424 ----a-w- C:\Windows\system32\iexpress.exe
2013-12-12 12:24:35 . 2013-12-12 12:24:35 151552 ----a-w- C:\Windows\SysWow64\iexpress.exe
2013-12-12 12:24:35 . 2013-12-12 12:24:35 147968 ----a-w- C:\Windows\system32\occache.dll
2013-12-12 12:24:35 . 2013-12-12 12:24:35 143872 ----a-w- C:\Windows\system32\wextract.exe
2013-12-12 12:24:35 . 2013-12-12 12:24:35 139264 ----a-w- C:\Windows\SysWow64\wextract.exe
2013-12-12 12:24:35 . 2013-12-12 12:24:35 13824 ----a-w- C:\Windows\system32\mshta.exe
2013-12-12 12:24:35 . 2013-12-12 12:24:35 135680 ----a-w- C:\Windows\system32\iepeers.dll
2013-12-12 12:24:35 . 2013-12-12 12:24:35 13312 ----a-w- C:\Windows\SysWow64\mshta.exe
2013-12-12 12:24:35 . 2013-12-12 12:24:35 13312 ----a-w- C:\Windows\system32\msfeedssync.exe
2013-12-12 12:24:35 . 2013-12-12 12:24:35 131072 ----a-w- C:\Windows\system32\IEAdvpack.dll
2013-12-12 12:24:35 . 2013-12-12 12:24:35 1228800 ----a-w- C:\Windows\system32\mshtmlmedia.dll
2013-12-12 12:24:35 . 2013-12-12 12:24:35 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2013-12-12 12:24:35 . 2013-12-12 12:24:35 111616 ----a-w- C:\Windows\SysWow64\IEAdvpack.dll
2013-12-12 12:24:35 . 2013-12-12 12:24:35 105984 ----a-w- C:\Windows\system32\iesysprep.dll
2013-12-12 12:24:35 . 2013-12-12 12:24:35 1051136 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2013-12-12 12:24:35 . 2013-12-12 12:24:35 101376 ----a-w- C:\Windows\system32\inseng.dll
2013-12-10 10:23:39 . 2013-12-10 10:23:39 82816 ----a-w- C:\Windows\system32\drivers\pcouffin.sys
2013-12-10 10:23:39 . 2013-12-10 10:23:39 82816 ----a-w- C:\Users\NAVEEN\AppData\Roaming\pcouffin.sys
2013-12-09 21:43:26 . 2013-12-09 21:43:26 32768 ----a-w- C:\Windows\NCUNINST.EXe
2013-11-28 00:24:18 . 2013-11-29 16:10:36 175480 ----a-w- C:\Windows\system32\drivers\idmwfp.sys
2013-11-26 11:54:49 . 2013-12-14 17:15:22 23183360 ----a-w- C:\Windows\system32\mshtml.dll
2013-11-26 10:19:07 . 2013-12-14 17:15:25 2724864 ----a-w- C:\Windows\system32\mshtml.tlb
2013-11-26 10:18:23 . 2013-12-14 17:15:24 4096 ----a-w- C:\Windows\system32\ieetwcollectorres.dll
2013-11-26 09:59:43 . 2013-12-20 00:19:18 27600 ----a-r- C:\Windows\isk3ro.exe
2013-11-26 09:48:07 . 2013-12-14 17:15:23 66048 ----a-w- C:\Windows\system32\iesetup.dll
2013-11-26 09:46:25 . 2013-12-14 17:15:22 48640 ----a-w- C:\Windows\system32\ieetwproxystub.dll
2013-11-26 09:41:43 . 2013-12-14 17:15:21 2764288 ----a-w- C:\Windows\system32\iertutil.dll
2013-11-26 09:29:38 . 2013-12-14 17:15:23 53760 ----a-w- C:\Windows\system32\jsproxy.dll
2013-11-26 09:27:54 . 2013-12-14 17:15:23 33792 ----a-w- C:\Windows\system32\iernonce.dll
2013-11-26 09:23:02 . 2013-12-14 17:15:25 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-11-26 09:21:24 . 2013-12-14 17:15:23 574976 ----a-w- C:\Windows\system32\ieui.dll
2013-11-26 09:18:39 . 2013-12-14 17:15:23 139264 ----a-w- C:\Windows\system32\ieUnatt.exe
2013-11-26 09:18:09 . 2013-12-14 17:15:22 111616 ----a-w- C:\Windows\system32\ieetwcollector.exe
2013-11-26 09:16:57 . 2013-12-14 17:15:22 708608 ----a-w- C:\Windows\system32\jscript9diag.dll
2013-11-26 08:57:44 . 2013-12-14 17:15:23 218624 ----a-w- C:\Windows\system32\ie4uinit.exe
2013-11-26 08:35:02 . 2013-12-14 17:15:18 5769216 ----a-w- C:\Windows\system32\jscript9.dll
2013-11-26 08:28:16 . 2013-12-14 17:15:22 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2013-11-26 08:16:12 . 2013-12-14 17:15:18 4243968 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-11-26 08:02:16 . 2013-12-14 17:15:20 1995264 ----a-w- C:\Windows\system32\inetcpl.cpl
2013-11-26 07:48:24 . 2013-12-14 17:15:20 12996608 ----a-w- C:\Windows\system32\ieframe.dll
2013-11-26 07:32:06 . 2013-12-14 17:15:20 1928192 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-11-26 07:07:57 . 2013-12-14 17:15:20 2334208 ----a-w- C:\Windows\system32\wininet.dll
2013-11-26 06:40:01 . 2013-12-14 17:15:20 1395200 ----a-w- C:\Windows\system32\urlmon.dll
2013-11-26 06:34:27 . 2013-12-14 17:15:22 817664 ----a-w- C:\Windows\system32\ieapfltr.dll
2013-11-26 06:33:33 . 2013-12-14 17:15:21 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-11-25 23:23:10 . 2013-11-25 23:23:10 29792 ----a-w- C:\Windows\system32\drivers\klim6.sys
2013-11-25 23:23:10 . 2013-11-25 23:23:10 29280 ----a-w- C:\Windows\system32\drivers\klmouflt.sys
2013-11-25 23:23:10 . 2013-11-25 23:23:10 29280 ----a-w- C:\Windows\system32\drivers\klkbdflt.sys
2013-11-25 23:23:04 . 2013-11-25 23:23:04 458336 ----a-w- C:\Windows\system32\drivers\kl1.sys
2013-11-23 18:26:20 . 2013-12-12 12:12:56 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2013-11-23 17:47:34 . 2013-12-12 12:12:56 465920 ----a-w- C:\Windows\system32\WMPhoto.dll
2010-11-21 03:24:03 1169224 --sha-w- C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
 
 
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
 
 
*Note* empty entries & legit default entries are not shown 
REGEDIT4
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-10-05 01:19:05 220632 ----a-w- C:\Users\NAVEEN\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-10-05 01:19:05 220632 ----a-w- C:\Users\NAVEEN\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-10-05 01:19:05 220632 ----a-w- C:\Users\NAVEEN\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2010-11-21 03:24:51 1475584]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 04:40:12 284440]
"StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-10-01 08:03:32 343168]
"FLxHCIm64"="C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe" [2011-08-11 19:14:30 47616]
"HPQuickWebProxy"="C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" [2011-10-08 03:10:48 169528]
"HPOSD"="C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 22:48:44 379960]
"HPConnectionManager"="C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-09-13 11:20:08 103992]
"HP Quick Launch"="C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-03-05 08:08:38 578944]
"amd_dc_opt"="C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 08:23:10 77824]
 
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2010-11-21 03:24:51 1475584]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
 
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"HideSCABattery"= 1 (0x1)
"HideSCANetwork"= 1 (0x1)
"HideSCAVolume"= 1 (0x1)
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\igfxcui]
 [BU]
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
 
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ   autocheck autochk *\0autocheck 
 
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200449]
   Ime File REG_SZ         GoogleInputTools.ime
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
 
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
 
R2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BBSvc.exe;C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BBSvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\naveen\MalwarebytesAM\mbamscheduler.exe;C:\Program Files (x86)\naveen\MalwarebytesAM\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;C:\Program Files (x86)\naveen\MalwarebytesAM\mbamservice.exe;C:\Program Files (x86)\naveen\MalwarebytesAM\mbamservice.exe [x]
R2 MetroServ;WinMetro Service;C:\Program Files (x86)\naveen\WinMetro\MetroSvc.exe;C:\Program Files (x86)\naveen\WinMetro\MetroSvc.exe [x]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\system32\Drivers\ssadadb.sys;C:\Windows\SYSNATIVE\Drivers\ssadadb.sys [x]
R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;C:\Windows\system32\drivers\BVRPMPR5a64.SYS;C:\Windows\SYSNATIVE\drivers\BVRPMPR5a64.SYS [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;C:\Windows\system32\DRIVERS\ew_hwusbdev.sys;C:\Windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 ew_usbenumfilter;huawei_CompositeFilter;C:\Windows\system32\DRIVERS\ew_usbenumfilter.sys;C:\Windows\SYSNATIVE\DRIVERS\ew_usbenumfilter.sys [x]
R3 huawei_cdcacm;huawei_cdcacm;C:\Windows\system32\DRIVERS\ew_jucdcacm.sys;C:\Windows\SYSNATIVE\DRIVERS\ew_jucdcacm.sys [x]
R3 huawei_ext_ctrl;huawei_ext_ctrl;C:\Windows\system32\DRIVERS\ew_juextctrl.sys;C:\Windows\SYSNATIVE\DRIVERS\ew_juextctrl.sys [x]
R3 huawei_wwanecm;huawei_wwanecm;C:\Windows\system32\DRIVERS\ew_juwwanecm.sys;C:\Windows\SYSNATIVE\DRIVERS\ew_juwwanecm.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\system32\IEEtwCollector.exe;C:\Windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MatSvc;Microsoft Automated Troubleshooting Service;C:\Program Files\Microsoft Fix it Center\Matsvc.exe;C:\Program Files\Microsoft Fix it Center\Matsvc.exe [x]
R3 MBAMProtector;MBAMProtector;C:\Windows\system32\drivers\mbam.sys;C:\Windows\SYSNATIVE\drivers\mbam.sys [x]
R3 NPF;NetGroup Packet Filter Driver;C:\Windows\system32\drivers\npf.sys;C:\Windows\SYSNATIVE\drivers\npf.sys [x]
R3 PSI;PSI;C:\Windows\system32\DRIVERS\psi_mf.sys;C:\Windows\SYSNATIVE\DRIVERS\psi_mf.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys;C:\Windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Revoflt;Revoflt;C:\Windows\system32\DRIVERS\revoflt.sys;C:\Windows\SYSNATIVE\DRIVERS\revoflt.sys [x]
R3 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\naveen\Spybot2\SDFSSvc.exe;C:\Program Files (x86)\naveen\Spybot2\SDFSSvc.exe [x]
R3 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\naveen\Spybot2\SDUpdSvc.exe;C:\Program Files (x86)\naveen\Spybot2\SDUpdSvc.exe [x]
R3 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\naveen\Spybot2\SDWSCSvc.exe;C:\Program Files (x86)\naveen\Spybot2\SDWSCSvc.exe [x]
R3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS;C:\Windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS;C:\Windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS;C:\Windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\system32\DRIVERS\ssadbus.sys;C:\Windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\system32\DRIVERS\ssadmdfl.sys;C:\Windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\system32\DRIVERS\ssadmdm.sys;C:\Windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);C:\Windows\system32\DRIVERS\ssadserd.sys;C:\Windows\SYSNATIVE\DRIVERS\ssadserd.sys [x]
R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys;C:\Windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys;C:\Windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe;C:\Windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 BingDesktopUpdate;Bing Desktop Update service;C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe;C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [x]
R4 BstHdAndroidSvc;BlueStacks Android Service;C:\Program Files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android;C:\Program Files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R4 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe;C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [x]
R4 CLKMSVC10_38F51D56;CyberLink Product - 2012/06/03 05:29:34;C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe;C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [x]
R4 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R4 HWDeviceService64.exe;HWDeviceService64.exe;C:\ProgramData\DatacardService\HWDeviceService64.exe;C:\ProgramData\DatacardService\HWDeviceService64.exe [x]
R4 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
R4 klflt;klflt;C:\Windows\system32\DRIVERS\klflt.sys;C:\Windows\SYSNATIVE\DRIVERS\klflt.sys [x]
R4 Mobile Partner. RunOuc;Mobile Partner. OUC;C:\Program Files (x86)\naveen\huaweiMP\UpdateDog\ouc.exe;C:\Program Files (x86)\naveen\huaweiMP\UpdateDog\ouc.exe [x]
R4 MoboroboDeviceService;Moborobo Device Service;C:\Program Files (x86)\naveen\Moborobo\MoboroboDeviceService.exe;C:\Program Files (x86)\naveen\Moborobo\MoboroboDeviceService.exe [x]
R4 MotoHelper.exe;Motorola Helper;C:\Program Files (x86)\Motorola\Moto Helper Service\MotoHelper.exe;C:\Program Files (x86)\Motorola\Moto Helper Service\MotoHelper.exe [x]
R4 Motorola Device Manager;Motorola Device Manager Service;C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe;C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [x]
R4 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe;C:\Program Files (x86)\Nero\Update\NASvc.exe [x]
R4 PST Service;PST Service;C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe;C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [x]
R4 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\PSIA.exe;C:\Program Files (x86)\Secunia\PSI\PSIA.exe [x]
R4 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe;C:\Program Files (x86)\Secunia\PSI\sua.exe [x]
R4 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe;C:\Program Files (x86)\Skype\Updater\Updater.exe [x]
R4 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R4 TeamViewer9;TeamViewer 9;C:\Program Files (x86)\naveen\TeamViewer9\TeamViewer_Service.exe;C:\Program Files (x86)\naveen\TeamViewer9\TeamViewer_Service.exe [x]
R4 XMouseButton Launcher;XMouseButton Launcher;C:\Program Files\naveen\X-MouseBtnctrl\XMouseButtonSvc.exe;C:\Program Files\naveen\X-MouseBtnctrl\XMouseButtonSvc.exe [x]
S0 sptd;sptd;C:\Windows\\SystemRoot\System32\Drivers\sptd.sys;C:\Windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 AntiLog32;AntiLog32;C:\Windows\system32\drivers\AntiLog64.sys;C:\Windows\SYSNATIVE\drivers\AntiLog64.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys;C:\Windows\SYSNATIVE\DRIVERS\klim6.sys [x]
S1 klpd;klpd;C:\Windows\system32\DRIVERS\klpd.sys;C:\Windows\SYSNATIVE\DRIVERS\klpd.sys [x]
S1 kltdi;kltdi;C:\Windows\system32\DRIVERS\kltdi.sys;C:\Windows\SYSNATIVE\DRIVERS\kltdi.sys [x]
S1 kneps;kneps;C:\Windows\system32\DRIVERS\kneps.sys;C:\Windows\SYSNATIVE\DRIVERS\kneps.sys [x]
S1 VBoxDrv;VirtualBox Service;C:\Windows\system32\DRIVERS\VBoxDrv.sys;C:\Windows\SYSNATIVE\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;C:\Windows\system32\DRIVERS\VBoxUSBMon.sys;C:\Windows\SYSNATIVE\DRIVERS\VBoxUSBMon.sys [x]
S2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe;C:\Program Files\IDT\WDM\AESTSr64.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe;C:\Windows\SYSNATIVE\atiesrxx.exe [x]
S2 BstHdDrv;BlueStacks Hypervisor;C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys;C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x]
S2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe;C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe [x]
S2 GoogleInputService;GoogleInputService;C:\Program Files (x86)\Google\Google Input Tools\GoogleInputService.exe;C:\Program Files (x86)\Google\Google Input Tools\GoogleInputService.exe [x]
S2 HitmanProScheduler;HitmanPro Scheduler;C:\Program Files\HitmanPro\hmpsched.exe;C:\Program Files\HitmanPro\hmpsched.exe [x]
S2 hmpalert;HitmanPro.Alert Support Driver;C:\Windows\system32\drivers\hmpalert.sys;C:\Windows\SYSNATIVE\drivers\hmpalert.sys [x]
S2 hmpalertsvc;HitmanPro.Alert Service;C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe;C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [x]
S2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]
S2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe;C:\Windows\SYSNATIVE\Hpservice.exe [x]
S2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe;C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [x]
S2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 IDMWFP;IDMWFP;C:\Windows\system32\DRIVERS\idmwfp.sys;C:\Windows\SYSNATIVE\DRIVERS\idmwfp.sys [x]
S2 jhi_service;Intel® Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [x]
S2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.exe;C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.exe [x]
S3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys;C:\Windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 DKRtWrt;DKRtWrt;C:\Windows\system32\DRIVERS\DKRtWrt.sys;C:\Windows\SYSNATIVE\DRIVERS\DKRtWrt.sys [x]
S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;C:\Windows\system32\DRIVERS\FLxHCIc.sys;C:\Windows\SYSNATIVE\DRIVERS\FLxHCIc.sys [x]
S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;C:\Windows\system32\DRIVERS\FLxHCIh.sys;C:\Windows\SYSNATIVE\DRIVERS\FLxHCIh.sys [x]
S3 hpCMSrv;HP Connection Manager 4 Service;C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe;C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [x]
S3 huawei_enumerator;huawei_enumerator;C:\Windows\system32\DRIVERS\ew_jubusenum.sys;C:\Windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
S3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys;C:\Windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 intelkmd;intelkmd;C:\Windows\system32\DRIVERS\igdpmd64.sys;C:\Windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\Windows\system32\DRIVERS\klkbdflt.sys;C:\Windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\system32\DRIVERS\klmouflt.sys;C:\Windows\SYSNATIVE\DRIVERS\klmouflt.sys [x]
S3 pcouffin;VSO Software pcouffin;C:\Windows\system32\Drivers\pcouffin.sys;C:\Windows\SYSNATIVE\Drivers\pcouffin.sys [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys;C:\Windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys;C:\Windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\system32\DRIVERS\rtl8192Ce.sys;C:\Windows\SYSNATIVE\DRIVERS\rtl8192Ce.sys [x]
S3 seehcri;Sony Ericsson seehcri Device Driver;C:\Windows\system32\DRIVERS\seehcri.sys;C:\Windows\SYSNATIVE\DRIVERS\seehcri.sys [x]
S3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys;C:\Windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys;C:\Windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys;C:\Windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys;C:\Windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 teamviewervpn;TeamViewer VPN Adapter;C:\Windows\system32\DRIVERS\teamviewervpn.sys;C:\Windows\SYSNATIVE\DRIVERS\teamviewervpn.sys [x]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;C:\Windows\system32\DRIVERS\VBoxNetAdp.sys;C:\Windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;C:\Windows\system32\DRIVERS\VBoxNetFlt.sys;C:\Windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
start [BU]
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-01-14 19:10:38 1211672 ----a-w- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\Installer\chrmstp.exe
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}]
msiexec [BU]
 
Contents of the 'Scheduled Tasks' folder
 
2014-01-29 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-20 15:54:00 . 2013-04-20 15:53:55]
 
2014-01-27 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-606511456-1437241303-3617233354-1000Core.job
- C:\Users\NAVEEN\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-10 18:04:49 . 2013-02-10 18:04:30]
 
 
--------- X64 Entries -----------
 
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-10-05 01:19:04 244696 ----a-w- C:\Users\NAVEEN\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-10-05 01:19:04 244696 ----a-w- C:\Users\NAVEEN\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-10-05 01:19:04 244696 ----a-w- C:\Users\NAVEEN\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-11-15 23:07:38 23496 ----a-w- C:\Program Files (x86)\naveen\Internet Download Manager\IDMShellExt64.dll
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2011-08-09 17:03:22 167704]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2011-08-09 17:02:48 392472]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2011-08-09 17:03:00 416024]
"SynTPEnh"="C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SysTrayApp"="C:\Program Files\IDT\WDM\sttray64.exe" [2012-12-16 12:32:52 1425408]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NCPluginUpdater"="C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" [2014-01-14 15:54:42 21720]
 
 
 
 
status now:
same as in
 
 
i request your valuable guidance.


Become a BleepingComputer fan on Facebook
Have you seen.....Select Real Security

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:43 PM

Posted 29 January 2014 - 01:16 PM


Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.These logs are looking allot better. But we still have some work to do.


uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job
  • Programs to remove

    • BitTorrent
      BitTorrent Acceleration Patch
      Search Assistant WebSearch 1.74
      Shareaza 2.6.0.0
      Torch



  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Clean Out Temp Files
  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here CCleaner
    • Run the installer to install the application.
    • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
    • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
    • Click Run Cleaner.
    • Close CCleaner.
: Malwarebytes' Anti-Malware :
  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.



Download HijackThis
  • Go Here to download HijackThis program
  • Save HijackThis to your desktop.
  • Right Click on Hijackthis and select "Run as Admin" (XP users just need to double click to run)
  • Click on "Do A system scan and save a logfile" (if you do not see "Do A system scan and save a logfile" then click on main menu)
  • copy and paste hijackthis report into the topic
"information and logs"
  • In your next post I need the following
    • Log From MBAM
    • report from Hijackthis
    • let me know of any problems you may have had
    • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 anniyan

anniyan
  • Topic Starter

  • Members
  • 222 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Under your bed, mwahahahahaha!
  • Local time:12:13 AM

Posted 29 January 2014 - 06:36 PM

hi,
your opinion on why i combofix could not complete its run on its 2nd and 3rd times as in my previous post?
 
1) i have Revo uninstaller pro already.
though the steps you have mentioned about using revo did not coincide with mine (maybe coz of difference in versions), i figured out what was applicable to mine and uninstalled the following programs including their leftovers:
 
- uTorrent turbo booster
- BitTorrent
- BitTorrent Acceleration Patch
- Shareaza 2.6.0.0
- pfportchecker (from portforward.com)
- PFStaticIP (from portforward.com)
 
in revo i could not find (i dont know why; can you guide me about removing these?):
 
- Torch
- Search Assistant WebSearch 1.74
 
BTW, is Torch browser malware? there is no clear idea about this in the internet.
 
also i found some entries in Revo which brought up doubts if they are malware:
 
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3677D4D8-E5E0-49FC-B86E-06541CF00BBE} which points to C:\Program Files (x86)\Hewlett-Packard\OpenSource\
 
- C:\Users\NAVEEN\AppData\Local\Yandex\
- C:\Users\NAVEEN\AppData\Local\ChemTable Software\Reg Organizer
- C:\Users\NAVEEN\AppData\Local\Jaksta_Technologies_Pty_L
- C:\Users\NAVEEN\AppData\Local\www.obnovi-soft.ru\ObnoviSoft.exe_Url_vqsl5v0hfwcrrov3n0vrbmjx2kggua0d
- C:\Users\NAVEEN\AppData\Local\Xpom
 
- C:\Program Files (x86)\OpenAL
whose alarming license terms read as below: (!)
 
"Creative Labs, Inc. is providing you with this OpenAL32.dll installer and other OpenAL files ("Software").  You may use and freely integrate with your software applications and distribute such throughout the world at no cost or further obligation to Creative.
NO WARRANTY 
ANY USE BY YOU OF THE SOFTWARE IS AT YOUR OWN RISK. THE SOFTWARE IS PROVIDED FOR USE "AS IS" WITHOUT WARRANTY OF ANY KIND. TO THE MAXIMUM EXTENT PERMITTED BY LAW, CREATIVE DISCLAIMS ALL WARRANTIES OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, WITHOUT LIMITATION, IMPLIED WARRANTIES OR CONDITIONS OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. CREATIVE IS NOT OBLIGATED TO PROVIDE ANY UPDATES OR UPGRADES TO THE SOFTWARE. No other entity or person is authorized to expand or alter this warranty or any other provisions herein. Creative does not warrant that the functions contained in the Software will meet your requirements or that the operation of the Software will be uninterrupted or error-free or free from MALICIOUS CODE. For purposes of this paragraph, "malicious code" means any program code designed to contaminate other computer programs or computer data, consume computer resources, modify, destroy, record, or transmit data, or in some other fashion usurp the normal operation of the computer, computer system, or computer network, including viruses, Trojan horses, droppers, worms, logic bombs, and the like. You assume full responsibility for the selection of the Software to achieve your intended results, and for the downloading, use and results obtained from the Software.  You also assume the entire risk as it applies to the quality and performance of the Software. IN NO EVENT WILL CREATIVE'S LIABILITY TO YOU OR ANY OTHER PERSON EVER EXCEED THE AMOUNT PAID BY YOU TO USE THE SOFTWARE, REGARDLESS OF THE FORM OF THE CLAIM."
 
 
i dont know anything about these or how they came into my machine, so i request your expertise on this. 
on a side note i would like your opinion on what portforward.com and its products to 'open ports' and 'fix a static IP', mean in layman's language, coz my searches in the internet returned results which were in geek language. (they were installed 2 years back by my cousin who uses torrents much; he said that he installed them to make torrents faster; is that true?
 
2) i used to run ccleaner regularly already. now i did exactly what was told about running it except that i did not delete:
- the download history in IE and recent documents in windows explorer and 
- the usage data of imgburn, isobuster, notepad++, bittorrent, IDM, skype applications and 
- the browsing history and download history in firefox, chrome and opera.
is that ok?
 
3)i am already using Malwarebytes Anti-Malware (Trial) with latest databases. i did what you had instructed; its log is below:
 
 
Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org
 
Database version: v2014.01.29.09
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
NAVEEN :: HP-DV6TQE [administrator]
 
Protection: Enabled
 
Thu-30-01-2014 03:20:29
mbam-log-2014-01-30 (03-20-29).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 229655
Time elapsed: 6 minute(s), 21 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
 
 
 
4) i ran the hijackthis (downloaded from the link in your previous post, though there is a new version in the official Trendmicro website, coz i was not sure if that is ok) with all software closed and all security products(kis 2014, mbam[latest], spybot, zemana antilogger, windows defender, windows firewall exit-ed; its log is below (i could not find the "information and logs" topic in this forum):
 
 
 
 
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 04:29:48, on Thu-30-01-2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16428)
Boot mode: Normal
Windows folder: C:\Windows
System folder: C:\Windows\SYSTEM32
Hosts file: C:\Windows\System32\drivers\etc\hosts
 
Running processes:
C:\Program Files (x86)\HP SimplePass 2012\TouchControl.exe
C:\Program Files (x86)\Google\Google Input Tools\GoogleInputHandler.exe
C:\Program Files (x86)\Google\Google Input Tools\GoogleInputHandler.exe
C:\Program Files (x86)\HP SimplePass 2012\BioMonitor.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\wmiav.exe
C:\Program Files (x86)\naveen\Internet Download Manager\IDMan.exe
C:\Program Files (x86)\naveen\Internet Download Manager\IEMonitor.exe
C:\Users\NAVEEN\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Users\NAVEEN\Desktop\New folder\HijackThis.exe
 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\naveen\Internet Download Manager\IDMIECC.dll (filesize 401944 bytes, MD5 F472B5134EE85D514AE1E565F9140A8D)
O2 - BHO: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll (filesize 1432224 bytes, MD5 51C123A2F833440A24878756D114F8C1)
O2 - BHO: ContentBlockerBrowserHelperObject - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (filesize 655040 bytes, MD5 590BD5987781975030FD15014E1F00B1)
O2 - BHO: (no name) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - (no file)
O2 - BHO: VirtualKeyboardBrowserHelperObject - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (filesize 1194176 bytes, MD5 4DFC8220312A50342A9FF1D25E1002F5)
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7u51\bin\ssv.dll (filesize 462760 bytes, MD5 14F5ED2452EE5EF1A711F60C07DD463C)
O2 - BHO: TSBHO Class - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2012\IEBHO.dll (filesize 1613640 bytes, MD5 7298CCAC2381A4F1936DD136701A7B85)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (filesize 441592 bytes, MD5 E527FAC0EC3AA363C09C2E0AD13BC882)
O2 - BHO: LastPass Vault - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\naveen\LastPass\LPToolbar.dll (filesize 611840 bytes, MD5 3AAC2AB1D19DC0442D7EEEF043EB7E74)
O2 - BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (filesize 455360 bytes, MD5 B9F2A22659B14D6396CC2B789D77BE2B)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7u51\bin\jp2ssv.dll (filesize 171944 bytes, MD5 23CF598C517104D3B0A55863875BE534)
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (filesize 793280 bytes, MD5 D878C098AA3A3EB6D266B631D61F5D64)
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (filesize 286520 bytes, MD5 5E1A9965470B82F3C0B0ED3820D6CEEF)
O2 - BHO: ChromeFrame BHO - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome Frame\Application\32.0.1700.102\npchrome_frame.dll (filesize 2215192 bytes, MD5 94BBD1913700FA58CE6945DB365FA17F)
O3 - Toolbar: LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\naveen\LastPass\LPToolbar.dll (filesize 611840 bytes, MD5 3AAC2AB1D19DC0442D7EEEF043EB7E74)
O3 - Toolbar: Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll (filesize 1432224 bytes, MD5 51C123A2F833440A24878756D114F8C1)
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exeC:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun (filesize 343168 bytes, MD5 72CB79095A1D491B0BBC26D7008FCA4C)
O4 - HKLM\..\Run: [FLxHCIm64] "C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe" (filesize 47616 bytes, MD5 E10A7E5DCF6B2BEB234724B08A14DB53)
O4 - HKLM\..\Run: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" (filesize 169528 bytes, MD5 6C3DBE1AB6E79D29C53A2242044DCC76)
O4 - HKLM\..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exeC:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
O4 - HKLM\..\Run: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exeC:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exeC:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exeC:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (filesize 1475584 bytes, MD5 E3BF29CED96790CDAAFA981FFDDF53A3)
O4 - HKUS\S-1-5-18\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Default user')
O8 - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\naveen\Internet Download Manager\IEGetAll.htm (filesize 283 bytes, MD5 648E7B2602158D2FF9197D664F59B28B)
O8 - Extra context menu item: Download with IDM - C:\Program Files (x86)\naveen\Internet Download Manager\IEExt.htm (filesize 277 bytes, MD5 7EE0CC294B365F8FC4FAB2F06E01AC95)
O8 - Extra context menu item: LastPass - file://C:\Users\NAVEEN\AppData\LocalLow\LastPass\context.html?cmd=lastpass
O8 - Extra context menu item: LastPass Fill Forms - file://C:\Users\NAVEEN\AppData\LocalLow\LastPass\context.html?cmd=fillforms
O8 - Extra context menu item: Upload to Facebook - C:\Program Files (x86)\naveen\UploadRabbit\iecontext.htm (filesize 910 bytes, MD5 BB54BE95DDA8D8BC284E3758F1CD70D0)
O9 - Extra button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (filesize 1194176 bytes, MD5 4DFC8220312A50342A9FF1D25E1002F5)
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (filesize 200704 bytes, MD5 3061F2ED98C3D1757EE0A37F09E6D0BC)
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (filesize 200704 bytes, MD5 3061F2ED98C3D1757EE0A37F09E6D0BC)
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (filesize 23456 bytes, MD5 A49C8B3BC30C516C82C08ACCC851F93D)
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (filesize 23456 bytes, MD5 A49C8B3BC30C516C82C08ACCC851F93D)
O9 - Extra button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\naveen\LastPass\LPToolbar.dll (filesize 611840 bytes, MD5 3AAC2AB1D19DC0442D7EEEF043EB7E74)
O9 - Extra 'Tools' menuitem: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\naveen\LastPass\LPToolbar.dll (filesize 611840 bytes, MD5 3AAC2AB1D19DC0442D7EEEF043EB7E74)
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (filesize 4529272 bytes, MD5 5FA9A7808F1CECA8E46DBF2FF81769D2)
O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O9 - Extra button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (filesize 793280 bytes, MD5 D878C098AA3A3EB6D266B631D61F5D64)
O9 - Extra button: Free Video Downloader - {F894E6C5-415F-4177-A452-FB29B8B09A8E} - C:\Program Files (x86)\Free Video Downloader\IePluginFVD.dll (filesize 1498112 bytes, MD5 BC33A4DCF019CB7829E7673130B0A93D)
O9 - Extra 'Tools' menuitem: Find and Download Video - {F894E6C5-415F-4177-A452-FB29B8B09A8E} - C:\Program Files (x86)\Free Video Downloader\IePluginFVD.dll (filesize 1498112 bytes, MD5 BC33A4DCF019CB7829E7673130B0A93D)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{191C55E5-C1DC-4478-AD49-77F3638CA361}: NameServer = 8.8.8.8 218.248.241.3
O17 - HKLM\System\CCS\Services\Tcpip\..\{2517F750-4D1D-45F8-818C-40592DE6C535}: NameServer = 8.8.8.8 218.248.241.4
O17 - HKLM\System\CCS\Services\Tcpip\..\{649033BA-E433-4C5B-9C62-9A06B557BC2B}: NameServer = 218.248.255.147,218.248.255.146
O17 - HKLM\System\CCS\Services\Tcpip\..\{ABCF1B36-2DC4-4984-8B47-29297830CB67}: NameServer = 103.8.45.5 103.8.44.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{191C55E5-C1DC-4478-AD49-77F3638CA361}: NameServer = 8.8.8.8 218.248.241.3
O17 - HKLM\System\CS2\Services\Tcpip\..\{191C55E5-C1DC-4478-AD49-77F3638CA361}: NameServer = 8.8.8.8 218.248.241.3
O18 - Protocol: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome Frame\Application\32.0.1700.102\npchrome_frame.dll (filesize 2215192 bytes, MD5 94BBD1913700FA58CE6945DB365FA17F)
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (filesize 4529272 bytes, MD5 5FA9A7808F1CECA8E46DBF2FF81769D2)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (filesize 1996392 bytes, MD5 4F04EF75D315039E3665B035FA086D38)
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (filesize 50688 bytes, MD5 90EE8DFAE644F46BC917A712953E7423)
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeC:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exeC:\Program Files\IDT\WDM\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Kaspersky Anti-Virus Service (avp) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exeC:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\naveen\Diskeeper\DkService.exeC:\Program Files\naveen\Diskeeper\DkService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: TrueSuiteService (FPLService) - HP - C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exeC:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe
O23 - Service: GoogleInputService - Google Inc - C:\Program Files (x86)\Google\Google Input Tools\GoogleInputService.exeC:\Program Files (x86)\Google\Google Input Tools\GoogleInputService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exeC:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exeC:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HitmanPro Scheduler (HitmanProScheduler) - SurfRight B.V. - C:\Program Files\HitmanPro\hmpsched.exeC:\Program Files\HitmanPro\hmpsched.exe
O23 - Service: HitmanPro.Alert Service (hmpalertsvc) - SurfRight B.V. - C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exeC:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exeC:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exeC:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
O23 - Service: HP Connection Manager 4 Service (hpCMSrv) - Hewlett-Packard Development Company L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exeC:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exeC:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exeC:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: HP Support Solutions Framework Service (HPSupportSolutionsFrameworkService) - Hewlett-Packard Company - C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exeC:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exeC:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exeC:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeC:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel® Identity Protection Technology Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exeC:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\naveen\MalwarebytesAM\mbamscheduler.exeC:\Program Files (x86)\naveen\MalwarebytesAM\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\naveen\MalwarebytesAM\mbamservice.exeC:\Program Files (x86)\naveen\MalwarebytesAM\mbamservice.exe
O23 - Service: WinMetro Service (MetroServ) - IObit - C:\Program Files (x86)\naveen\WinMetro\MetroSvc.exeC:\Program Files (x86)\naveen\WinMetro\MetroSvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\naveen\Spybot2\SDFSSvc.exeC:\Program Files (x86)\naveen\Spybot2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\naveen\Spybot2\SDUpdSvc.exeC:\Program Files (x86)\naveen\Spybot2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\naveen\Spybot2\SDWSCSvc.exeC:\Program Files (x86)\naveen\Spybot2\SDWSCSvc.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exeC:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
 
--
End of file - 22032 bytes
 
 
5) when i purchased my laptop from HP, the HDD came with 3 partitions:
C where windows came installed by default and where my personal files are
D which contains the HP Recovery data and where i dont store anything else
E which contains the HP Tools and where i dont store anything else
 
i) sometime later there came from nowhere, a partition Q of zero bytes capacity. (i dont know anything about this or how it came into my machine, so i request your expertise on this. is this due to malware?)
 
ii) would the D and E partitions have been malware-infected too? can i use them to clean-install windows just in the rare case that windows becomes unbootable during the cleaning process? (knowing beforehand just as a backup plan)


Become a BleepingComputer fan on Facebook
Have you seen.....Select Real Security

#10 anniyan

anniyan
  • Topic Starter

  • Members
  • 222 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Under your bed, mwahahahahaha!
  • Local time:12:13 AM

Posted 29 January 2014 - 08:09 PM

status now:

same as in 

http://www.bleepingcomputer.com/forums/t/522168/very-infected-machine-with-an-assortment-of-malware/#entry3272224

 

my internet connection is being r*p*d. my entire allotted usage is being eaten up by that hacker

 

:'( i am very much alarmed if my machine can be repaired instead of a full-format-clean-installation 



Become a BleepingComputer fan on Facebook
Have you seen.....Select Real Security

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:43 PM

Posted 29 January 2014 - 08:43 PM


Hello anniyan



Please download Farbar Recovery Scan Tool and save it to your desktop.


Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 anniyan

anniyan
  • Topic Starter

  • Members
  • 222 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Under your bed, mwahahahahaha!
  • Local time:12:13 AM

Posted 29 January 2014 - 08:58 PM

ok, i will do that ASAP. BTW, can i request your expertise on my questions in my previous post?



Become a BleepingComputer fan on Facebook
Have you seen.....Select Real Security

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:43 PM

Posted 29 January 2014 - 09:52 PM

I am not for sure about it - I am hoping to gain some insight with the FRST program
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 anniyan

anniyan
  • Topic Starter

  • Members
  • 222 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Under your bed, mwahahahahaha!
  • Local time:12:13 AM

Posted 30 January 2014 - 08:17 AM

[attachment=146548:Addition.txt]i ran the FRST (downloaded from the link in your previous post) with internet turned ON  and all softwares closed and all security products (kis 2014, mbam[latest], spybot, zemana antilogger, windows defender, windows firewall exit-ed; its log is below:

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-01-2014 01

Ran by NAVEEN (administrator) on HP-DV6TQE on 30-01-2014 18:02:02
Running from C:\Users\NAVEEN\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(HP) C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(AMD) C:\Windows\System32\atieclxx.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(SurfRight B.V.) C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Google Inc) C:\Program Files (x86)\Google\Google Input Tools\GoogleInputService.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Google Inc.) C:\Program Files (x86)\Google\Google Input Tools\GoogleInputHandler.exe
(HP) C:\Program Files (x86)\HP SimplePass 2012\TouchControl.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(HP) C:\Program Files (x86)\HP SimplePass 2012\BioMonitor.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Windows ® Win 7 DDK provider) C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPConnectionManager.exe
(Diskeeper Corporation) C:\Program Files\naveen\Diskeeper\DkService.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.EXE
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\wmiav.exe
(Tonec Inc.) C:\Program Files (x86)\naveen\Internet Download Manager\IDMan.exe
(Tonec Inc.) C:\Program Files (x86)\naveen\Internet Download Manager\IEMonitor.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-12-16] (IDT, Inc.)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-20] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-10-01] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [FLxHCIm64] - C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe [47616 2011-08-12] (Windows ® Win 7 DDK provider)
HKLM-x32\...\Run: [HPQuickWebProxy] - C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe [169528 2011-10-08] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HPOSD] - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-20] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HPConnectionManager] - C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [103992 2011-09-13] (Hewlett-Packard Development Company L.P.)
HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [amd_dc_opt] - C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-01-14] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [NoInternetOpenWith] 1
HKCU\...\Policies\Explorer: [NoResolveSearch] 1
HKCU\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKCU\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKCU\...\Policies\Explorer: [HideSCABattery] 1
HKCU\...\Policies\Explorer: [HideSCANetwork] 1
HKCU\...\Policies\Explorer: [HideSCAVolume] 1
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: IDM integration (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\naveen\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
BHO: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll (Microsoft Corporation.)
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: TrueSuite Website Log On - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2012\x64\IEBHO.dll (HP)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: LastPass Vault - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\naveen\LastPass\LPToolbar_x64.dll (LastPass)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: IDM integration (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\naveen\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
BHO-x32: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: No Name - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} -  No File
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7u51\bin\ssv.dll (Oracle Corporation)
BHO-x32: TrueSuite Website Log On - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2012\IEBHO.dll (HP)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: LastPass Vault - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\naveen\LastPass\LPToolbar.dll (LastPass)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7u51\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
BHO-x32: ChromeFrame BHO - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome Frame\Application\32.0.1700.102\npchrome_frame.dll (Google Inc.)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\naveen\LastPass\LPToolbar_x64.dll (LastPass)
Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\naveen\LastPass\LPToolbar.dll (LastPass)
Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - No Name - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} -  No File
Toolbar: HKCU - No Name - {8567A644-E36C-470C-86CF-9C5B4F37DB81} -  No File
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome Frame\Application\32.0.1700.102\npchrome_frame.dll (Google Inc.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{191C55E5-C1DC-4478-AD49-77F3638CA361}: [NameServer]8.8.8.8 218.248.241.3
Tcpip\..\Interfaces\{2517F750-4D1D-45F8-818C-40592DE6C535}: [NameServer]8.8.8.8 218.248.241.4
Tcpip\..\Interfaces\{649033BA-E433-4C5B-9C62-9A06B557BC2B}: [NameServer]218.248.255.147,218.248.255.146
Tcpip\..\Interfaces\{ABCF1B36-2DC4-4984-8B47-29297830CB67}: [NameServer]103.8.45.5 103.8.44.5
 
FireFox:
========
FF ProfilePath: C:\Users\NAVEEN\AppData\Roaming\Mozilla\Firefox\Profiles\0m3qm437.no_addons
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @lastpass.com/NPLastPass - C:\Program Files (x86)\naveen\LastPass\nplastpass64.dll (LastPass)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect - C:\Program Files (x86)\naveen\adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=1.2.22 - C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7u51\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7u51\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass - C:\Program Files (x86)\naveen\LastPass\nplastpass.dll (LastPass)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM - C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect - C:\Program Files (x86)\naveen\adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\NAVEEN\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\NAVEEN\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\NAVEEN\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\NAVEEN\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\NAVEEN\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\NAVEEN\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: facebook.com/fbDesktopPlugin - C:\Users\NAVEEN\AppData\Local\Facebook\Messenger\2.1.4651.0\npFbDesktopPlugin.dll (Facebook, Inc.)
FF Plugin HKCU: pokki.com/PokkiDownloadHelper - C:\Users\NAVEEN\AppData\Local\Pokki\Download Helper\npPokkiDownloadHelper.1.2.0.78.dll No File
FF Plugin ProgramFiles/Appdata: C:\Users\NAVEEN\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\NAVEEN\AppData\Roaming\mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin ProgramFiles/Appdata: C:\Users\NAVEEN\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF Extension: SearchNewTab - C:\Users\NAVEEN\AppData\Roaming\Mozilla\Firefox\Profiles\0m3qm437.no_addons\Extensions\9uaak2dh@m-lgthcx.org [2013-10-24]
FF Extension: LastPass - C:\Users\NAVEEN\AppData\Roaming\Mozilla\Firefox\Profiles\0m3qm437.no_addons\Extensions\support@lastpass.com [2013-12-19]
FF Extension: Universal Downloader - C:\Users\NAVEEN\AppData\Roaming\Mozilla\Firefox\Profiles\0m3qm437.no_addons\Extensions\{9051303c-7e41-4311-a783-d6fe5ef2832d} [2013-08-03]
FF HKLM-x32\...\Firefox\Extensions: [freevideodownloader@firefox.plugin] - C:\Program Files (x86)\Free Video Downloader\FirefoxExtension\
FF Extension: FreeVideoDownloader - C:\Program Files (x86)\Free Video Downloader\FirefoxExtension\ []
FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2013-12-30]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2013-12-30]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2013-12-30]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2013-12-30]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2013-12-30]
FF HKCU\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\NAVEEN\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\NAVEEN\AppData\Roaming\IDM\idmmzcc5 [2013-12-07]
FF HKCU\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\NAVEEN\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\NAVEEN\AppData\Roaming\IDM\idmmzcc5 [2013-12-07]
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\naveen\Mozilla Firefox\firefox.exe
 
Chrome: 
=======
CHR HomePage: 
CHR DefaultSearchKeyword: google.co.in
CHR Extension: (tabtiles) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaeapgfkbbbdpbfjmpcblemfajmkiddh [2013-12-31]
CHR Extension: (Magic Actions for YouTube™) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif [2013-12-11]
CHR Extension: (Tab Expose) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\ackpfhlmgjdjlohhjmbacaajbmkkklnp [2013-10-18]
CHR Extension: (HP Product Detection Plugin) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\aelbknmfcacjffmgnoaaonhgoghlmlkp [2013-12-10]
CHR Extension: (Step Up) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeofbbncdbpiijefkppficgeplocopco [2013-12-11]
CHR Extension: (Torrent Search) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\afbpdhiclgghnffhkinjikglgmolhpee [2013-10-17]
CHR Extension: (Scroll Bar 1 (Blue)) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\affmlfjaccgajlhglnhfhfaiohelbmec [2013-10-18]
CHR Extension: (Multi Search) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\afmdpmddiokpdknaeofdnlclbpgehhce [2013-12-31]
CHR Extension: (RapidShare DownloadHelper) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\afpbkpjjkfakdcakapanjoeijlphieei [2013-10-17]
CHR Extension: (Ancient History Encyclopedia) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahggffalhoajbhlaogbplamaaghnncle [2013-10-17]
CHR Extension: (Facebook Notifications) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\ainkhhbgcdbenmmbaoacambbhjfgnmmm [2013-10-17]
CHR Extension: (DownloadAll) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajffocjdcmpgjmdfdfkdfdbkjafbkcke [2013-12-30]
CHR Extension: (Fabulous) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\ambjmeohlajelahhhniggkkceagdlcgj [2013-12-11]
CHR Extension: (TooManyTabs for Chrome) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\amigcgbheognjmfkaieeeadojiibgbdp [2013-10-17]
CHR Extension: (Flash Video Download) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\anadfmbemnidomdljfcdgdoomhghoclk [2013-10-29]
CHR Extension: (Shortcuts for Google™) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\baohinapilmkigilbbbcccncoljkdpnd [2013-10-17]
CHR Extension: (DepositFiles Assistant) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbbfhfedohkembgalegpclejohlieklk [2013-10-18]
CHR Extension: (Metro Start) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbhdfpmfdplolnnkpdepnelcfdmikjfd [2013-10-17]
CHR Extension: (Join Windows) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\bckmemeadiidpmgdfcimoclbbhfpjggb [2013-12-11]
CHR Extension: (Awesome Button Bar) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcmfandagknmpnambbppcpgclkccgigb [2013-10-17]
CHR Extension: (Bookmark Sentry (scanner)) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdglbbcbmgnimogcmcdenggkpdmihlga [2013-10-17]
CHR Extension: (IM+) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfdplllgoohfmnpnbplklnkegbffnheo [2013-10-18]
CHR Extension: (Fauxbar Lite) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfimmnpbjccjihohjkimphfmmebffbmk [2013-10-17]
CHR Extension: (SocialReviver) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfipfkeoidmndggnnpobeenlamiclald [2013-10-17]
CHR Extension: (WOT) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2013-10-18]
CHR Extension: (Sothink Flash Downloader for Chrome) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\biceobciobbhhkplgocbaigojbnepcoi [2013-10-17]
CHR Extension: (Sidewise Tree Style Tabs) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\biiammgklaefagjclmnlialkmaemifgo [2013-10-17]
CHR Extension: (Fileserve Assistant) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjjmhhjpilaceffoeimlcofeldkopfid [2013-10-17]
CHR Extension: (Browser Clipboard) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkghojmamekkhbgcjmegbmnfclpfihem [2013-12-31]
CHR Extension: (V9 Speed Dial) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\blbjjfligogmnhbmgkljhpekjgklcplf [2013-10-27]
CHR Extension: (4Shared Assistant) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\blimndomboblbleeepfbhonajddgnpic [2013-10-18]
CHR Extension: (Minimalist for Everything) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmihblnpomgpjkfddepdpdafhhepdbek [2013-10-18]
CHR Extension: (Facebook Chat Platinum App) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmpnafcjlfbbbecpghoohlldegnmlgbc [2013-10-18]
CHR Extension: (Stash) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnhjedgfogckebfhnlicnkbdjlmpibck [2013-10-17]
CHR Extension: (Help Us) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnpoljjfiofmcgcieodbmidlaeknbgbh [2013-12-24]
CHR Extension: (Search It!) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\bojojkkfhcebglmfbmaplhfkjfhaefaj [2013-10-18]
CHR Extension: (Wikipedia Beautifier) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpeggllelmdpefcfoeafbliiihbmhfjd [2013-10-17]
CHR Extension: (Chrome YouTube Downloader) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbdjiinahkdjdcdlgfimlcolkjpbooja [2013-10-29]
CHR Extension: (Quick Login for Google Accounts) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbgngpehipfmfmpjmhonhacgbkjpdidp [2013-10-17]
CHR Extension: (ZipTabs) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccnanbffbfbcgfmmkgejodommhidpjba [2013-10-17]
CHR Extension: (Tabmark) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccnlpdoodckhmcemfkcnneelppjalcci [2013-10-17]
CHR Extension: (Bus Times for Google Chrome™) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdlihfihjchaaogjjafjlnbihhbmabmk [2013-10-17]
CHR Extension: (New Tab Switcher) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\cennbgefcoienkekinfphonifhkdhikj [2013-10-17]
CHR Extension: (Adblock Plus) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-10-17]
CHR Extension: (AddThis - Share & Bookmark (new)) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbogdmdefihhljhfeiklfiedefalcde [2013-10-17]
CHR Extension: (Download FB Album mod) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgjnhhjpfcdhbhlcmmjppicjmgfkppok [2013-10-17]
CHR Extension: (Metro New Tab Page) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\chcnifjbmpcbjclkmpblgapodnmmbfcm [2013-10-17]
CHR Extension: (Scroll To Top Button) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\chiikmhgllekggjhdfjhajkfdkcngplp [2013-11-13]
CHR Extension: (OneTab) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall [2013-12-14]
CHR Extension: (Facebook Messenger Platinum) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\cimnghcocaaocjcffibpccpldmabjigb [2013-10-18]
CHR Extension: (Photo Downloader for Instagram™) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckjednilicaopeimldnhnlhojcpgelfe [2013-10-17]
CHR Extension: (Image Downloader) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnpniohnfphhjihaiiggeabnkjhpaldj [2013-10-18]
CHR Extension: (Filesonic Assistant) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobdchfgdhankppekdelnfbdmdpjkaj [2013-10-17]
CHR Extension: (Tab Manager) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\coonecdghnepgiblpccbbihiahajndda [2013-10-18]
CHR Extension: (Image-Toolbar (beta)) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpgaepnhfockgofcejphihfafgmenofb [2013-12-31]
CHR Extension: (Awesome Bookmarks Widget [ANTP]) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpomkeboefacdfaoklfekfleengjeodf [2013-10-17]
CHR Extension: (Tab List) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\dafbjaojfddcknamegleglagibnmhmcm [2013-11-16]
CHR Extension: (Search by Image (by Google)) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm [2013-10-17]
CHR Extension: (Easy Facebook) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\danmhhjgepihbfkobjnpglmbpdcakjnm [2013-12-11]
CHR Extension: (Email this page (by Google)) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbeoemfhkdniadbojeencpkgmobndpai [2013-10-17]
CHR Extension: (Video download helper) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbkchnicaiglcjpgbmpfmoafckkomdcm [2013-10-26]
CHR Extension: (Smart Pause for YouTube) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcflkimagfnicklojfonbbcppnikogih [2013-10-17]
CHR Extension: (Kaspersky URL Advisor) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2014-01-13]
CHR Extension: (Website Logon) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\debkinhcgejcbfgjiaalomcmkedjmiaa [2014-01-13]
CHR Extension: (Read Later Fast) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\decdfngdidijkdjgbknlnepdljfaepji [2013-12-30]
CHR Extension: (TalkOver) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\delpbdlkcecolofdmliogalocflicbka [2013-10-17]
CHR Extension: (Easy-share Assistant) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\denmpkopclembbpahghcehidcgabijel [2013-10-17]
CHR Extension: (Swap My Cookies) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\dffhipnliikkblkhpjapbecpmoilcama [2013-10-18]
CHR Extension: (New Tab Plus) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgmpjohfgidbnmmihaholohmeccijgog [2013-10-27]
CHR Extension: (Speed Dial) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgpdioedihjhncjafcpgbbjdpbbkikmi [2013-10-18]
CHR Extension: (Tampermonkey) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2013-10-17]
CHR Extension: (Gmelius) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\dheionainndbbpoacpnopgmnihkcmnkl [2013-10-17]
CHR Extension: (Knew Tab - New Tab Page) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\dihdhbgblcanlnofljpmhmlhhlfmpdji [2013-10-17]
CHR Extension: (Listango Bookmark Manager) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmbdkkenkdllkpiognpnmlaglmojagnh [2013-10-27]
CHR Extension: (KeyRocket for Gmail™) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmocchgkijnbjdjkmlglaemjhhdiobbp [2013-10-17]
CHR Extension: (MaskMe) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpkiidbpeijnaaacjlfnijncdlkicejg [2013-10-17]
CHR Extension: (Prevent Duplicate Tabs) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\eangilbdbecadgeclbehnkibpmedaoih [2013-10-17]
CHR Extension: (PageEdit) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\ebkclgoaabaibghklgknnjdemknjaeic [2013-10-17]
CHR Extension: (Session Buddy) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2013-12-11]
CHR Extension: (Tabs Plus) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\edooipcjkkbjmnogkdcahgmhbniipefp [2013-10-17]
CHR Extension: (Torrent Turbo Search App) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\eegbffmjdkflkcfncpfjjbggbdlnbdif [2013-10-17]
CHR Extension: (Search All) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\eekjldapjblgadclklmgolijbagmdnfk [2013-10-17]
CHR Extension: (Picture in Picture Viewer) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaagmolahogmekmnmkigonhfcdiemnl [2014-01-11]
CHR Extension: (Tabs Outliner) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\eggkanocgddhmamlbiijnphhppkpkmkl [2013-10-17]
CHR Extension: (Emoticons for Facebook 2014) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\eglcenooiidilocknfekamnbedelddch [2013-12-24]
CHR Extension: (Tab-Sidebar) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\egmcoemabahnkbkfgdifiafkhebcfpfo [2013-10-17]
CHR Extension: (Home - New Tab Page) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehhkfhegcenpfoanmgfpfhnmdmflkbgk [2013-10-17]
CHR Extension: (Mega Button) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehjoabpkbidaaiikahbmfebfabbchoca [2013-10-17]
CHR Extension: (Black Menu for Google™) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\eignhdfgaldabilaaegmdfbajngjmoke [2013-10-17]
CHR Extension: (Gmail Offline) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2013-12-18]
CHR Extension: (Tab Glutton) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekfmaibfpamaegficfifofnlhalkbdfm [2013-10-17]
CHR Extension: (Video Downloader professional) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2013-11-16]
CHR Extension: (MediaPlus) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\emaamodndfmmmcjepfigalbjjjemadom [2014-01-11]
CHR Extension: (Picture Downloader Professional) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\eodejnpnekkneapkicljnillpeodnlak [2013-11-16]
CHR Extension: (Desktop Notification) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\eolcdjljdddgjncegiephdcedfcmnohf [2013-10-17]
CHR Extension: (DoNotTrackMe: Online Privacy Protection) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd [2013-10-17]
CHR Extension: (Tab Title Search) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbgmfenfjogaoibifpgolehkibnfalgn [2013-10-18]
CHR Extension: (Tab Switch Plus) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\fceaihjgiakjanbleilonfehdeggomlg [2013-10-17]
CHR Extension: (PicMonkey) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgdgokchhicmaiacmgegjnppjkgogdhm [2013-10-18]
CHR Extension: (Image collector extension) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhffefhdkeibnkdldinbncimlojchnie [2013-12-11]
CHR Extension: (Save AS MHTML) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhkmpddbiciimgibbkmimhfognpknmeo [2013-10-17]
CHR Extension: (Scrapbook) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\fihabipakbgncingdhhdidlbhneeicne [2013-10-17]
CHR Extension: (Free Smileys & Emoticons) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl [2013-10-17]
CHR Extension: (Chrome Toolbox (by Google)) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjccknnhdnkbanjilpjddjhmkghmachn [2013-12-11]
CHR Extension: (ClickHint) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjlfhmodommidkcahnnjohgpnkemocna [2013-10-27]
CHR Extension: (Uploading.com Download Manager) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\fleecfcggellpkecmpeahieebiinjebd [2013-10-17]
CHR Extension: (cottonTracks) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\flmfagndkngjknjjcoejaihmibcfcjdh [2013-12-11]
CHR Extension: (IE Tab Multi (Enhance)) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnfnbeppfinmnjnjhedifcfllpcfgeea [2013-10-17]
CHR Extension: (Tab Shutter) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\foblfhmnbnejkppgafdeickmaampcbfl [2013-10-18]
CHR Extension: (Facebook Friend Inviter) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\fojfflomljfbdfdcfmiihnijjfnnakdn [2013-10-17]
CHR Extension: (Facebook Troll Chat) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\fomihjhobickimkgnkijacheiciiaocc [2013-12-24]
CHR Extension: (PhotoLive - Download Facebook Photos!) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpjnpabklnaaifclgealaepelncljadk [2013-10-17]
CHR Extension: (Close Tabs) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\gadafnnkijfmbbmeielphlapddbmgbgo [2013-10-17]
CHR Extension: (Tab Organizer) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbaokejhnafeofbniplkljehipcekkbh [2013-10-18]
CHR Extension: (Switch to Tab) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbfhhcljihbgcobpfnceegfmooomhhli [2013-12-11]
CHR Extension: (IBA Opt-out (by Google)) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbiekjoijknlhijdjbaadobpkdhmoebb [2013-10-17]
CHR Extension: (HTTPS Everywhere) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2013-10-18]
CHR Extension: (Facebook One) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\gceeodfjmkoilhaoehbnhofdpobaohnm [2013-10-18]
CHR Extension: (Facebook for Chrome) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdalhedleemkkdjddjgfjmcnbpejpapp [2013-10-17]
CHR Extension: (Chrome Web Store Launcher (by Google)) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\gecgipfabdickgidpmbicneamekgbaej [2013-12-31]
CHR Extension: (Vimeo™ Download Videos) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\geeljcibkkackafmeepgadbfgmpjmdeg [2013-12-30]
CHR Extension: (Mail Checker Plus for Google Mail™) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\gffjhibehnempbkeheiccaincokdjbfe [2013-10-17]
CHR Extension: (Bulk Download Images(ZIG)) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfjhimhkjmipphnaminnnnjpnlneeplk [2013-10-17]
CHR Extension: (Facebook Chat Notification) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggekjaligipajhljkbemifjgmlpcfkao [2013-10-18]
CHR Extension: (Flash Video Downloader) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggkfikfcbnpfoicfjammigpnakpogebh [2013-10-29]
CHR Extension: (Trillian) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggmpcjeojalofoofdhnblpcalbhlkdjg [2013-10-17]
CHR Extension: (Tokonda Messenger) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghonobjagekcnpkhcpjekbbejnjdlomg [2013-10-17]
CHR Extension: (Extension Automation) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghopjgdkodchjclkkfdekhjfomdbakkb [2013-10-17]
CHR Extension: (Mayaface) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\giidbggjmimockeeoojjahgpnjepfnec [2013-10-17]
CHR Extension: (TabSwitcher) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkdkligmcadfbagoeggeohelmgalchcn [2013-10-17]
CHR Extension: (Yesware Email Tracking) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkjnkapjmjfpipfcccnjbjcbgdnahpjp [2013-12-31]
CHR Extension: (Hola Better Internet) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2013-10-25]
CHR Extension: (Tab Grouper) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\glfmdmkkhokfolknaabkokpcibhlagen [2013-12-30]
CHR Extension: (Tab Explorer) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlhgebbcabblbgcnonmkphgoliibjee [2013-10-17]
CHR Extension: (Visual Tabs) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmpnbibondcjmkmmdmdjahgoglpendge [2013-10-18]
CHR Extension: (Skype Invisible Status Detector) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnjfelcdaefdjkhcpgmlppbfmfinmblc [2013-10-18]
CHR Extension: (Menu button) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\goblmaagcgfbjlaahdohiomenekdpnci [2013-12-31]
CHR Extension: (Chromium Scrapbook) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\gokffdfnlmampchciemmflgbckijpmlb [2013-10-17]
CHR Extension: (Wappalyzer) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\gppongmhjkpfnbhagpmjfkannfbllamg [2013-10-17]
CHR Extension: (VideoScavenger) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\hafhfiojhopgadpicnniadilbbpnokmk [2014-01-11]
CHR Extension: (Safe Money) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh [2014-01-13]
CHR Extension: (CheckBoxer) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbcmphdngimjobnagjpaeckfeokalnce [2013-10-18]
CHR Extension: (AppJump App Launcher and Organizer) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\hccbinpobnjcpckmcfngmdpnbnjpmcbd [2013-10-17]
CHR Extension: (Hover Free) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcmnnggnaofmhflgomfjfbndngdoogkj [2014-01-19]
CHR Extension: (Black Menu for Wikipedia) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdghceafmahkdiaoenecabpfokplecfi [2013-10-18]
CHR Extension: (Unsocialize: The Link Unsocializer) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdogcpghhdcocgdjogbglgejhdeedijn [2013-10-18]
CHR Extension: (LastPass) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2013-12-19]
CHR Extension: (Avocado) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\heafkbodmcooembdkjoklfenoiiehdpi [2013-10-17]
CHR Extension: (Dangerous Websites Blocker) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail [2014-01-13]
CHR Extension: (Facebook Chat ) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipoomnhnjhbkfmihpnkebcbdocfndgo [2013-10-17]
CHR Extension: (SuperSorter) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjebfgojnlefhdgmomncgjglmdckngij [2013-10-18]
CHR Extension: (Marvel Comics) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjhfaknohpjconjoefidanhihokmkice [2013-10-17]
CHR Extension: (Disconnect Search) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmobfennjmjnkdbklhcnnfbhfibedgkk [2013-12-24]
CHR Extension: (HP Clipper) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnidgijpdkcllgahokbfikmhbhpajihp [2014-01-15]
CHR Extension: (TabJump - Intelligent Tab Navigator) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokofmgcicpnjchllaccgedmmmbbnbmf [2013-10-18]
CHR Extension: (Allow Right-Click) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\hompjdfbfmmmgflfjdlnkohcplmboaeo [2013-10-17]
CHR Extension: (Breadcrumb Navigator) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\hphdahmligbkhjoedbpeoigbmopehdhm [2013-10-17]
CHR Extension: (Close Tab) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\hpmolahefgjbmidmoifolgpjkmhdmalf [2013-10-17]
CHR Extension: (Project Tab Manager) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\iapdnheekciiecjijobcglkcgeckpoia [2013-10-27]
CHR Extension: (Chrome Scribe) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibdohpjgnbegifgcfggobebebabjppgh [2013-10-17]
CHR Extension: (Meta-Tile Widget [ANTP]) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibhffciboaodhfapmcpckhbdpbjjppan [2013-10-17]
CHR Extension: (Facebook Messenger Platinum App) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\icffcngoggobfihnaemmbkbkgdmfcaac [2013-10-17]
CHR Extension: (New Tab Page for FVD Speed Dial) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\idgeoanibcknhniccgaoaiolihidecjn [2013-10-17]
CHR Extension: (Stealthy) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieaebnkibonmpbhdaanjkmedikadnoje [2013-10-17]
CHR Extension: (Social Fixer for Facebook) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifmhoabcaeehkljcfclfiieohkohdgbb [2013-10-17]
CHR Extension: (Tabsets) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifohmndbcefggppiblfofpbkmdfmeing [2013-12-30]
CHR Extension: (Pretty Facebook Chat) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihamlfilbdodiokndlfmmlpjlnopaobi [2013-10-17]
CHR Extension: (PageArchiver) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihkkeoeinpbomhnpkmmkpggkaefincbn [2013-10-18]
CHR Extension: (Color Piano!) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihmigmmflfcbhdpdgbkkeojchjhhphnh [2013-10-17]
CHR Extension: (fbQuickLogin for multiple Facebook™ accounts) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihpcdjelcodenkpfkbaficnkgkmljjbf [2013-10-17]
CHR Extension: (Count Tabs) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\iinajggebnpcjfblgfiajejickbbenck [2013-12-11]
CHR Extension: (Help Us) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikcbmifabipijpdhibbmbhfnnkcokjaa [2013-12-24]
CHR Extension: (My Bookmarks Alpha) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikdimglfjnihmbkaghnpcedcjddghcal [2013-10-27]
CHR Extension: (Recycle Bin) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikfbchidonfnclempkcojlpijhmoalhi [2013-12-11]
CHR Extension: (StartHQ) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilcpdgfepihaomggobhmfiimflngbcoh [2013-10-17]
CHR Extension: (uSelect iDownload) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\ileabdhfjmgaognikmjgmhhkjffggejc [2013-10-18]
CHR Extension: (Megashares Assistant) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\imekpndeepojaannmghefjiommejejkd [2013-10-18]
CHR Extension: (Yet Another New Tab Page) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\imfkhhcponjpjhfpaccepedaabjclbjj [2013-10-27]
CHR Extension: (Friendsheet) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\imgdajpfdoigbkampcackkhhnmjgailp [2013-12-09]
CHR Extension: (VerticalTabs) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\imimolldggofidcmfdkcffpjcgaggoaf [2013-10-17]
CHR Extension: (Deathamns) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\immpkjjlgappgfkkfieppnmlhakdmaab [2013-11-16]
CHR Extension: (Tabs Manager) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioigddmjfpphkbamgbaolfkpifddnaje [2013-10-17]
CHR Extension: (Talk to Type) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioofjgndhocbegkdmlenfhmfbidepgma [2013-10-17]
CHR Extension: (Tab Extract) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\iphchnegaodmijmkdlbhbanjhfphhikp [2013-10-17]
CHR Extension: (WhatFont) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\jabopobgcpjmedljpbcaablpmlmfcogm [2013-12-27]
CHR Extension: (Facebook for Chrome™ Plus) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\jafknefnkiolhmhbdpojkpdempbdmfap [2013-10-17]
CHR Extension: (Virtual Keyboard) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2014-01-13]
CHR Extension: (Dynamic Language Tools) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbnobcphncooboncogejlkafgdfllcnb [2013-10-18]
CHR Extension: (Album Downloader for Facebook™) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcheapnmfbmcccnbjhhkmleoiljgpmkl [2013-10-18]
CHR Extension: (APK Downloader) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdpglblnnaocjhfenhockgamhoogihfi [2014-01-09]
CHR Extension: (IDM Integration Module) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeaohhlajejodfjadcponpnjgkiikocn [2014-01-13]
CHR Extension: (500px Downloader Extension) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\jedpblpgnmmbijeohcckjadlblfnmihe [2014-01-15]
CHR Extension: (Eagull) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\jefmfopneeokimmfhhchichliigkjbhm [2013-10-18]
CHR Extension: (Facebook Like Button) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\jehaijobeonhempacbjelicepjkhoidi [2013-10-18]
CHR Extension: (SingleFile Core) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\jemlklgaibiijojffihnhieihhagocma [2013-10-17]
CHR Extension: (Disconnect) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo [2013-12-24]
CHR Extension: (theTabs) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfnlopknndedplkhcjphlnedcmnegcmo [2013-10-17]
CHR Extension: (What's Up! for Facebook) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfpagmmlamidmboalapfceemnalecboh [2013-10-17]
CHR Extension: (Everything Went Black for Google Plus™) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgmiebnbonaoadomjpcllgigbenhbeff [2013-10-18]
CHR Extension: (HTML5ify) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\jikbjpjgjmmdhcmlagappehlpiljoaop [2013-10-17]
CHR Extension: (VideoDownloadConverter) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkmljihjgjdghdhggolmhbjekicljfci [2014-01-11]
CHR Extension: (CrxMouse) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlgkpaicikihijadgifklkbpdajbkhjo [2013-10-17]
CHR Extension: (Metalink Downloader) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnpljlobbiggcdikagmiepniibjdinap [2013-10-18]
CHR Extension: (Bananatag for Gmail) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpbnpbfpgjkblmejlgkfkekajajhjcid [2013-12-31]
CHR Extension: (Speed Dial 2) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpfpebmajhhopeonhlcgidhclcccjcik [2013-10-18]
CHR Extension: (IP Address) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpnjjlbngpejmmhgcaagljaomgnginml [2013-10-17]
CHR Extension: (Facebook Platinum) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfodbocncpdocjdknjadipkgbbagld [2013-10-17]
CHR Extension: (Shareaholic for Google Chrome™) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmipnjdeifmobkhgogdnomkihhgojep [2013-10-18]
CHR Extension: (StumbleUpon) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcahibnffhnnjcedflmchmokndkjnhpg [2013-10-17]
CHR Extension: (One key Manger) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfjmkgngkgpgjdoealkmmajmmhpnffoj [2013-10-27]
CHR Extension: (Facebook Notifications) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgcbemnjmjdplnanhpjkmapflmbmoggm [2013-10-17]
CHR Extension: (Start - A Better New Tab) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgifkabikplflflabkllnpidlbjjpgbp [2014-01-20]
CHR Extension: (Chromium Wheel Smooth Scroller) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\khpcanbeojalbkpgpmjpdkjnkfcgfkhb [2013-12-11]
CHR Extension: (Awesome Facebook Widget [ANTP]) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\klpmobilbpcccgegofocnlfmallakegc [2013-10-17]
CHR Extension: (Tabs saver) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmabfaomlcjlnplkoflgenkmmpilmead [2013-12-30]
CHR Extension: (OpenIn) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\knmnnnlapfmlljjjbdojfpbeadolmmdo [2013-12-11]
CHR Extension: (Save as PDF) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpdjmbiefanbdgnkcikhllpmjnnllbbc [2013-10-24]
CHR Extension: (Windows Live Messenger Extension) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpifmiaadiihnkolggaepacodfmgceki [2013-10-18]
CHR Extension: (BugMeNot Lite) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\lackfehpdclhclidcbbfcemcpolgdgnb [2014-01-15]
CHR Extension: (JDownloader Integration for Google Chrome™) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\laeghehalempfenbefbjbhccjcoakpmm [2013-10-17]
CHR Extension: (ChromeAbout) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\lchdnjgmgkfapbhmmbnhhnnnpgceahcj [2013-12-11]
CHR Extension: (TagSpaces) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldalmgifdlgpiiadeccbcjojljeanhjk [2014-01-15]
CHR Extension: (Talk.to: Fast, Fun Texting) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldncbajhimfkpnilofhdaogjdmjldchj [2013-10-17]
CHR Extension: (Easy Check) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldopaogbegnhconlboidfjcmidndkbeg [2013-12-11]
CHR Extension: (FVD Downloader) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp [2013-10-17]
CHR Extension: (Linkclump) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfpjkncokllnfokkgpkobnkbkmelfefj [2014-01-15]
CHR Extension: (Unfriend Alerts) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgbeldbnadmemecalekdfnffgobkpafc [2013-10-24]
CHR Extension: (Facebook Album & Photo Manager) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgiedegfmekolcplboelnmfoiefpcpfg [2013-12-09]
CHR Extension: (Tab Sugar (alpha version)) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\libokbfffpaopdjmeofdfpmlanaenaje [2013-10-17]
CHR Extension: (DownAll) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljkdhninipglbomdgpakmhfbbggcfmog [2013-10-17]
CHR Extension: (iStart - new tab page, in metro style) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkgdlmlmcijgnglfcophfjhafiafhkae [2013-10-17]
CHR Extension: (Speed Dial [FVD] - New Tab Page, 3D, Sync...) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\llaficoajjainaijghjlofdfmbjpebpa [2013-10-17]
CHR Extension: (Extensions Manager (aka Switcher)) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpleipinonnoibneeejgjnoeekmbopbc [2013-10-18]
CHR Extension: (Download Master) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcceagdollnkjlogmdckgjakjapmkdjf [2013-10-17]
CHR Extension: (Google Input Tools) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\mclkkofklkfljcocdinagocijmpgbhab [2013-10-17]
CHR Extension: (Boomerang for Gmail) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdanidgdpmkimeiiojknlnekblgmpdll [2013-10-18]
CHR Extension: (Facebook Messenger) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdapmeleikeppmfgadilffngabfpibok [2013-10-17]
CHR Extension: (Amazing Tab Shortcuts) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\mecfgphfppeggakljpnmgfaokfcfjkef [2013-10-17]
CHR Extension: (Tab Manager and Organizer) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\memamffhfcodpkacigemlanlbfpmmnbb [2013-10-18]
CHR Extension: (Humble New Tab Page) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfgdmpfihlmdekaclngibpjhdebndhdj [2013-12-11]
CHR Extension: (FlashControl) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfidmkgnfgnkihnjeklbekckimkipmoe [2013-10-17]
CHR Extension: (Boss Alert) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfonmmgkaaohgbhkjocjfojgiblcogid [2013-10-17]
CHR Extension: (Awesome New Tab Page™) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgmiemnjjchgkmgbeljfocdjjnpjnmcg [2013-10-17]
CHR Extension: (Reload All Tabs) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\midkcinmplflbiflboepnahkboeonkam [2013-10-17]
CHR Extension: (Search Box) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\mknehpjhljpfaghmicofickbkdagooni [2013-10-17]
CHR Extension: (FastestFox for Chrome) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm [2013-10-17]
CHR Extension: (Inside Metro) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\mncaaockncadogpkmfdnjdekdmjhgmbp [2013-10-17]
CHR Extension: (The Organizer App) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\mojbcnggdpdncbogdacfjmkfohidokhd [2013-10-27]
CHR Extension: (SingleFile) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpiodijhokgodhhofbcjdecpffjipkle [2013-10-17]
CHR Extension: (Popup my Bookmarks) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\mppflflkbbafeopeoeigkbbdjdbeifni [2013-10-27]
CHR Extension: (Youtube™ Preview - Is it worth watching?) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\nacgopecogaedhhjdfondlcobjofdhap [2013-12-09]
CHR Extension: (Facebook Notification) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\nakcdjppphfncpeiahacjifkklnhbcgl [2013-10-17]
CHR Extension: (Power-Ups for YouTube™) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\nalagllbblcejhhmeffeiofclifnpbeo [2014-01-11]
CHR Extension: (Friend Photos) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\napdndejjkkdkfanaaecgdnccaojhbon [2013-12-09]
CHR Extension: (HD Facebook Video Downloader) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbaekgmbkigogkeofkobbhobinbbljpg [2013-12-09]
CHR Extension: (GetThemAll Downloader) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbkekaeindpfpcoldfckljplboolgkfm [2014-01-11]
CHR Extension: (Incredible StartPage - Productive Start Page for Chrome!) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncdfeghkpohnalmpblddmnppfooljekh [2013-12-31]
CHR Extension: (X New Tab Page(Extension)) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\nejjhhjbbdlbnpfhbclcilanmofmgdlk [2013-10-17]
CHR Extension: (Snooze) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\nekjcdbkiijlhgcnamgmlolahpkbimjk [2013-10-18]
CHR Extension: (New Tab Page reImagined) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\neonhjemlhmbajdlgmdfihfplekppkkm [2013-10-17]
CHR Extension: (Rajini Truths) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfgbmljjmhbobohlpdmdfdggnkflcjkb [2013-10-17]
CHR Extension: (Awesome Window & Tab Manager) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfjaddknccljfohoaekkibpcceeenkah [2013-10-17]
CHR Extension: (My IP) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngoobajnfjihppliahmnfpninhgokkcb [2013-10-18]
CHR Extension: (One-Click Extensions Manager) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\niemebbfnfbjfojajlmnbiikmcpjkkja [2013-10-17]
CHR Extension: (TabsPlus) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikomkkhhpfoeamojhhgpfkpkdlfhfii [2013-10-18]
CHR Extension: (Pocket (formerly Read It Later)) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2013-10-17]
CHR Extension: (Secure Downloader) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\njbcfghpoodhahbegndmbojmgkibhiol [2013-11-16]
CHR Extension: (+Photo Zoom) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\njoglkofocgopmdfjnbifnicbickbola [2013-10-17]
CHR Extension: (Facebook Notifications) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmameahlembdcigphohgiodcgjomcgeo [2013-10-18]
CHR Extension: (MuteTab) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmkbaaijgpppbokgnhhoakihofedkgcc [2013-12-09]
CHR Extension: (Google Wallet) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-30]
CHR Extension: (videowith.me) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnmplobonmiaimjkgpogicmbdniljimn [2013-10-17]
CHR Extension: (Hotfile Assistant) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\nolkgckmklodjpickkpjnjjlecbdcgcd [2013-10-18]
CHR Extension: (SwiftPreview) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\nphfkpgklibhnhgegdblhnhicgfginnj [2013-10-17]
CHR Extension: (Fruumo - New Tab Page) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\npknnddabjhdijgmmbocdicnknegobkm [2013-10-17]
CHR Extension: (Facebook Notification Icon) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\nppacfaaefecjbkedjbhflkbfkjnhkje [2013-10-18]
CHR Extension: (Photo download for Facebook) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\oaeofonahpollpigknepbpnabhgbpcjc [2014-01-12]
CHR Extension: (Paltalk Express) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\oainjhllibnjfalecnohojnocpcobgpn [2013-10-17]
CHR Extension: (Recursive Bookmark Sorter) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\oalceifbkhhehhinpifagdnickeeehlk [2013-10-27]
CHR Extension: (Better History) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\obciceimmggglbmelaidpjlmodcebijb [2013-10-17]
CHR Extension: (imo messenger) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocaebkdojpikfmhmnekiflipcicedobi [2013-10-17]
CHR Extension: (Recent Tabs) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocllfmhjhfmogablefmibmjcodggknml [2013-10-17]
CHR Extension: (Pic Axess) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocohfaagigpnckfcloeoopcjicocgegm [2013-10-17]
CHR Extension: (Too Tabs Manager) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\odaphbmjbeecgjcakjjlhkiigpnfkflb [2013-10-17]
CHR Extension: (Notifications, Alerts for Facebook by Skipity) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\oedkanpedollcnbnjidogjdadcfoggpg [2013-10-17]
CHR Extension: (Neater Bookmarks) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofgjggbjanlhbgaemjbkiegeebmccifi [2013-10-17]
CHR Extension: (Bolt Save and Share) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofmipocdiiichlijcngflajilbpkkfhj [2013-10-18]
CHR Extension: (Modern New Tab Page) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogllliimbhgmclkgjldeffhjbhaenapo [2013-10-18]
CHR Extension: (GimeTalk) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohjeinnjnocnmdnonaeljnibijjejdcn [2013-10-17]
CHR Extension: (Rapidshare Assistant) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\oieaikheajbadikhlmalglmgdkmbbjnj [2013-10-17]
CHR Extension: (Awesome New Tab Page 2(EXT)) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\oijkglihmcefogkmgibpajfaiekekllk [2013-10-27]
CHR Extension: (Pig Toolbox (Super Gestures)) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiplkfaidhjklglajdpfehoagkmlcakh [2013-12-11]
CHR Extension: (YouTube Options (Full Version)) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojmgeoecaejeajjegjmijbcifhkbmgjd [2013-10-29]
CHR Extension: (Google Quick Scroll) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\okanipcmceoeemlbjnmnbdibhgpbllgc [2013-10-17]
CHR Extension: (Keyconfig) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\okneonigbfnolfkmfgjmaeniipdjkgkl [2013-10-18]
CHR Extension: (OneClick Cleaner for Chrome) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\oncckmaelaecccmaniihojgeopkcajfh [2013-10-17]
CHR Extension: (Pervasive GRE) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\oniippcgggpbkcdjekknhmoeambkohmn [2013-12-27]
CHR Extension: (Tabs Menu) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\onmccepingjlmohgnacaibdllchkmamd [2013-12-11]
CHR Extension: (new metroTab) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\oogmkbpkoblajkomflhkkdmbfggdmefd [2013-10-17]
CHR Extension: (Rollip - Photo Effects) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\ooikhmcdpofogemaldinihdhidaokcmp [2013-10-17]
CHR Extension: (Tab Bundle) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\opglbdmblimolebijlohmopkjgnndbmk [2013-10-27]
CHR Extension: (Instagram for Chrome) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\opnbmdkdflhjiclaoiiifmheknpccalb [2013-10-18]
CHR Extension: (Notification Sounds for Facebook) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\oppjbaijagamhfnfaegamdfkjgaccbkk [2013-12-11]
CHR Extension: (Auto Download for Filesonic, Rapidshare etc.) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbckjfkhmpfjnhghgmmkbhdpinbmjpeg [2013-10-18]
CHR Extension: (Facebook Re-Design) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcfchajmhnaohgaaadcppliodkmjjpng [2014-01-11]
CHR Extension: (Click&Clean App) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp [2013-10-17]
CHR Extension: (Last Tab Keepalive) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\pekhngokoehglkdkciedpimjddpbkcod [2013-10-17]
CHR Extension: (Top Sites Widget [ANTP]) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelajmednaeapedcjbgfefjjegbipcdo [2013-10-17]
CHR Extension: (Better Facebook Gallery) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfminakhmgplohaiaclohnofbanpdgam [2013-10-17]
CHR Extension: (Outlook.com) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfpeapihoiogbcmdmnibeplnikfnhoge [2013-10-17]
CHR Extension: (Psykopaint) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjchkcfmigkkhedgjedmffdepgmpfil [2013-10-17]
CHR Extension: (Tab Grouper) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjkncjgjecdkffkdkngkinoggpcgifd [2013-10-18]
CHR Extension: (Windows Live Messenger for Chrome) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\phianocfbbhoobabhjihfoalgnadopoj [2013-10-18]
CHR Extension: (Cool Bookmarks) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\pigddkfphpigmofokfkmdboepfpamcpg [2013-10-27]
CHR Extension: (Anti-Banner) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2014-01-13]
CHR Extension: (Show Title Tag) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkbffbhglicfngmppdlpmpblfgnkdgio [2013-10-18]
CHR Extension: (tabbr) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlmkddpdkjapnghefahkniilfnodcol [2013-12-31]
CHR Extension: (mdash) - C:\Users\NAVEEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppbcfphbnnogiehjafnpkjpngkclfdmm [2013-10-27]
CHR HKCU\...\Chrome\Extension: [kdnpfbghejbddakgogiibkcfcblmeaci] - C:\Users\NAVEEN\AppData\Local\CRE\kdnpfbghejbddakgogiibkcfcblmeaci.crx [2013-10-27]
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2013-11-26]
CHR HKLM-x32\...\Chrome\Extension: [debkinhcgejcbfgjiaalomcmkedjmiaa] - C:\Program Files (x86)\HP SimplePass 2012\tschrome.crx [2011-08-25]
CHR HKLM-x32\...\Chrome\Extension: [ggkfikfcbnpfoicfjammigpnakpogebh] - "C:\Program Files (x86)\FVD Suite\addons\chrome\fvdext.crx" [2011-08-25]
CHR HKLM-x32\...\Chrome\Extension: [gpicboiclhmnllnjdcfcffifpoaebgkm] - C:\Program Files (x86)\Freecorder extension\Freecorder.crx [2011-08-25]
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx [2013-11-26]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx [2013-11-26]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx [2013-11-26]
CHR HKLM-x32\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\naveen\Internet Download Manager\IDMGCExt.crx [2013-11-29]
CHR HKLM-x32\...\Chrome\Extension: [kdnpfbghejbddakgogiibkcfcblmeaci] - C:\Users\NAVEEN\AppData\Local\CRE\kdnpfbghejbddakgogiibkcfcblmeaci.crx [2013-11-29]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-04-15]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx [2013-11-26]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Services (Whitelisted) =================
 
S2 avp; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-11-26] (Kaspersky Lab ZAO)
S4 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [151656 2012-03-30] (Microsoft Corp.)
S4 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [402192 2013-12-20] (BlueStack Systems, Inc.)
S4 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [385808 2013-12-20] (BlueStack Systems, Inc.)
S4 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [244720 2012-02-08] (CyberLink)
R2 Diskeeper; C:\Program Files\naveen\Diskeeper\DkService.exe [2648952 2012-07-28] (Diskeeper Corporation)
S4 FolderSize; C:\Program Files (x86)\naveen\FolderSize\FolderSizeSvc.exe [116224 2010-04-06] (Brio)
R2 FPLService; C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe [260424 2011-08-26] (HP)
R2 GoogleInputService; C:\Program Files (x86)\Google\Google Input Tools\GoogleInputService.exe [164888 2013-06-15] (Google Inc)
S4 HDDlife HDD Access service; C:\Program Files (x86)\Common Files\BinarySense\hldasvc.exe [2095368 2013-02-14] (BinarySense, Inc.)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [109352 2014-01-23] (SurfRight B.V.)
R2 hmpalertsvc; C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [1830768 2014-01-23] (SurfRight B.V.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [46904 2013-12-17] (Hewlett-Packard Company)
S4 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
S3 MatSvc; C:\Program Files\Microsoft Fix it Center\Matsvc.exe [343856 2011-06-13] (Microsoft Corporation)
S2 MBAMScheduler; C:\Program Files (x86)\naveen\MalwarebytesAM\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\naveen\MalwarebytesAM\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S2 MetroServ; C:\Program Files (x86)\naveen\WinMetro\MetroSvc.exe [314176 2013-01-25] (IObit)
S4 Mobile Partner. RunOuc; C:\Program Files (x86)\naveen\huaweiMP\UpdateDog\ouc.exe [650240 2013-03-01] ()
S4 MoboroboDeviceService; C:\Program Files (x86)\naveen\Moborobo\MoboroboDeviceService.exe [71976 2013-04-03] ()
S4 MotoHelper.exe; C:\Program Files (x86)\Motorola\Moto Helper Service\MotoHelper.exe [6656 2010-09-14] (Motorola)
S4 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [120728 2012-10-24] ()
S4 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.)
S3 SDScannerService; C:\Program Files (x86)\naveen\Spybot2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
S3 SDUpdateService; C:\Program Files (x86)\naveen\Spybot2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
S3 SDWSCService; C:\Program Files (x86)\naveen\Spybot2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
S4 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1225312 2012-11-26] (Secunia)
S4 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [659040 2012-11-26] (Secunia)
S4 TeamViewer9; C:\Program Files (x86)\naveen\TeamViewer9\TeamViewer_Service.exe [5341536 2013-12-17] (TeamViewer GmbH)
S4 XMouseButton Launcher; C:\Program Files\naveen\X-MouseBtnctrl\XMouseButtonSvc.exe [87040 2012-06-23] (Highresolution Enterprises)
 
==================== Drivers (Whitelisted) ====================
 
R1 AntiLog32; C:\Windows\system32\drivers\AntiLog64.sys [49240 2013-09-20] (Zemana Ltd.)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [114448 2013-12-20] (BlueStack Systems)
R3 DKRtWrt; C:\Windows\System32\DRIVERS\DKRtWrt.sys [44624 2011-02-14] (Diskeeper Corporation)
R3 FLxHCIh; C:\Windows\System32\DRIVERS\FLxHCIh.sys [77040 2012-11-08] (Fresco Logic)
R2 hmpalert; C:\Windows\system32\drivers\hmpalert.sys [17416 2014-01-23] ()
S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [241152 2012-12-03] (Huawei Technologies Co., Ltd.)
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-11-26] (Kaspersky Lab ZAO)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [112224 2013-06-08] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [620640 2014-01-01] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-11-26] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2013-11-26] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-11-26] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2014-01-01] (Kaspersky Lab ZAO)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.)
R3 seehcri; C:\Windows\System32\DRIVERS\seehcri.sys [34032 2012-07-24] (Sony Ericsson Mobile Communications)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [526392 2013-12-15] ()
U3 ax6bupep; C:\Windows\System32\Drivers\ax6bupep.sys [0 ] (Advanced Micro Devices)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
 
========================== Drivers MD5 =======================
 
C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Accelerometer.sys 5C368F4B04ED2A923E6AFCA2D37BAFF5
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys 79059559E89D06E8B80CE2944BE20228
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\atikmdag.sys 06778049A44C316E8D016039B9D14667
C:\Windows\System32\DRIVERS\atikmpag.sys 94B4028F0EEA1F166D78186A254676B5
C:\Windows\system32\drivers\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\System32\Drivers\ssadadb.sys 4DE0D5D747A73797C95A97DCCE5018B5
C:\Windows\system32\drivers\AntiLog64.sys 2BD7BADC93C9E54FE366561DB6677B0D
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bcmwl664.sys 9E84A931DBEE0292E38ED672F6293A99
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\system32\drivers\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bridge.sys 5C2F352A4E961D72518261257AAE204B
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys 75EEDB477B68CF35D82F0654266053CE
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\system32\drivers\BVRPMPR5a64.SYS 9887CA12F407D7FBC7F48F3678F5F0B6
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\clwvd.sys A4DC4C58F4B8D798E5F5D59099ADCF8A
C:\Windows\system32\drivers\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys EBF28856F69CF094A902F884CF989706
C:\Windows\System32\drivers\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\DKRtWrt.sys 20C394C80113D77406DF8F1ADC720B01
C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys 53BD875C7C0808235BFB803C1A8BE009
C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ew_hwusbdev.sys 86F7951BBCEE4A86E79A97306BD14318
C:\Windows\System32\DRIVERS\ew_usbenumfilter.sys FF82FE59664304F75FC56EC0E92796F0
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\FLxHCIc.sys 5F3982B51A5DF6F7FF5FD3A4CE0BFF5D
C:\Windows\System32\DRIVERS\FLxHCIh.sys 1ACB3F124140A2EAB5A1E36286E37C0D
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\fssfltr.sys B16B626996C74B564005BA855C5DEE90
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\hmpalert.sys 4C66CCE36DE9DBC28E61F9B74062206A
C:\Windows\System32\DRIVERS\hpdskflt.sys 4E0BEC0F78096FFD6D3314B497FC49D3
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ew_jucdcacm.sys 4205571B46BAF3A43D43A9804810DF9A
C:\Windows\System32\DRIVERS\ew_jubusenum.sys F6C1661C55EAAD2DD9FBB37D5DF1A011
C:\Windows\System32\DRIVERS\ew_juextctrl.sys F7D991E5EA0433DBAEEE186CAD2BEBC9
C:\Windows\System32\DRIVERS\ew_juwwanecm.sys 06D9644E6BD7AD1C18B78D4D4EE87586
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\iaStor.sys 2FDAEC4B02729C48C0FD1B0B4695995B
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\System32\DRIVERS\idmwfp.sys 929DF302F15BFE24AC66EF45D858C413
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\IntcDAud.sys FC727061C0F47C8059E88E05D5C8E381
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\igdpmd64.sys 33FAA40B288002C89529DBD14F3AB72C
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\system32\drivers\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kl1.sys 795EC29BA21F1D948FD6FD740C00B599
C:\Windows\System32\DRIVERS\klflt.sys 3EC077D42C42DEEBF8F6B44C51E91C5B
C:\Windows\System32\DRIVERS\klif.sys 0C306F25D23CDF4D9FBFD1F74441A603
C:\Windows\System32\DRIVERS\klim6.sys 31B69BFF28348503E4BD10C2A4F66D05
C:\Windows\System32\DRIVERS\klkbdflt.sys AEB50941C6D67128B14F88DB9917C4E0
C:\Windows\System32\DRIVERS\klmouflt.sys 72CF64FBF38CD681FA7F37176047E967
C:\Windows\System32\DRIVERS\klpd.sys 8C0EC95AD65A0DE3D6C040591D02BF02
C:\Windows\System32\DRIVERS\kltdi.sys 4828B3D2BC89B05E07101C6E60CE0A6A
C:\Windows\System32\DRIVERS\kneps.sys 91BC1C5B00275A4D7FD669EFF0DDEB2A
C:\Windows\System32\Drivers\ksecdd.sys 8F489706472F7E9A06BAAA198703FA64
C:\Windows\System32\Drivers\ksecpkg.sys 868A2CAAB12EFC7A021682BCA0EEC54C
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mbam.sys 0BB97D43299910CBFBA59C461B99B910
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HECIx64.sys A6518DCC42F7A6E999BB3BEA8FD87567
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\motmodem.sys 785B2CBA23D374649D98715C3EE17B2A
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys 1A4F75E63C9FB84B85DFFC6B63FD5404
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\drivers\npf.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys B98F8C6E31CD07B2E6F71F7F648E38C0
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nvm62x64.sys A85B4F2EF3A7304A5399EF0526423040
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\drivers\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\Drivers\pcouffin.sys AF7CE12C4F3DC8CB2B07685C916BBCFE
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\psi_mf.sys FB46E9A827A8799EBD7BFA9128C91F37
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\drivers\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpvideominiport.sys 313F68E1A3E6345A4F47A36B07062F34
C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\revoflt.sys 9C3AC71A9934B884FAC567A8807E9C4D
C:\Windows\System32\DRIVERS\RtsPStor.sys 1F5E7AF59B390261A85F5BEDB1BB88B3
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Rt64win7.sys ED5873F7DFB2F96D37F13322211B6BDC
C:\Windows\System32\DRIVERS\rtl8192Ce.sys F33E70E48A54A7A1BFBEEB4F3B273E4A
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\Drivers\SCDEmu.sys 3570E8B9016621C5BC8754B026DDB3B8
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\sdbus.sys 111E0EBC0AD79CB0FA014B907B231CF0
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\seehcri.sys EDE7A1D2715AAC2190D51DC07AFD44E3
C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Sftfslh.sys 2046AA7491DE7EFA4D70E615D9BC9D09
C:\Windows\System32\DRIVERS\Sftplaylh.sys 0E0446BC4D51BE4263ACB7E33491191C
C:\Windows\System32\DRIVERS\Sftredirlh.sys C5FB982CD266E604ED3142102C26D62C
C:\Windows\System32\DRIVERS\Sftvollh.sys 2575511AF67AA1FA068CCC4918E2C2A3
C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\Drivers\sptd.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\VSTAZL6.SYS 0C4540311E11664B245A263E1154CEF8
C:\Windows\System32\DRIVERS\VSTDPV6.SYS 02071D207A9858FBE3A48CBFD59C4A04
C:\Windows\System32\DRIVERS\VSTCNXT6.SYS 18E40C245DBFAF36FD0134A7EF2DF396
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\System32\DRIVERS\ssadbus.sys 8F8324ED1DE63FFC7B1A02CD2D963C72
C:\Windows\System32\DRIVERS\ssadmdfl.sys 58221EFCB74167B73667F0024C661CE0
C:\Windows\System32\DRIVERS\ssadmdm.sys 4DA7C71BFAC5AD71255B7E4CAB980163
C:\Windows\System32\DRIVERS\ssadserd.sys D33D1BD3EC0E766211A234F56A12726D
C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\stwrt64.sys 6F69D75F50E8FAF1003AA6CFB18B91EC
C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\SynTP.sys AC3CC98B1BDB6540021D3FFB105AC2B9
C:\Windows\System32\DRIVERS\tap0901.sys F9BE29D5E097F03F81D3CD12B794CB66
C:\Windows\System32\drivers\tcpip.sys 40AF23633D197905F03AB5628C558C51
C:\Windows\System32\DRIVERS\tcpip.sys 40AF23633D197905F03AB5628C558C51
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\teamviewervpn.sys F5520DBB47C60EE83024B38720ABDA24
C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys 4CE278FC9671BA81A138D70823FCAA09
C:\Windows\System32\drivers\tsusbflt.sys 17C6B51CBCCDED95B3CC14E22791F85E
C:\Windows\system32\drivers\TsUsbGD.sys AD64450A4ABE076F5CB34CC08EEACB07
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbccgp.sys DCA68B0943D6FA415F0C56C92158A83A
C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
C:\Windows\system32\drivers\usbehci.sys 18A85013A3E0F7E1755365D287443965
C:\Windows\System32\DRIVERS\usbhub.sys 8D1196CFBB223621F2C67D45710F25BA
C:\Windows\system32\drivers\usbohci.sys 765A92D428A8DB88B960DA5A8D6089DC
C:\Windows\system32\drivers\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\system32\drivers\usbuhci.sys DD253AFC3BC6CBA412342DE60C3647F3
C:\Windows\System32\Drivers\usbvideo.sys 1F775DA4CF1A3A1834207E975A72E9D7
C:\Windows\System32\DRIVERS\VBoxDrv.sys AD6D273E646B94BB6668C8CB439CFBD3
C:\Windows\System32\DRIVERS\VBoxNetAdp.sys B0A8C5BC95689A130F9E05492341833D
C:\Windows\System32\DRIVERS\VBoxNetFlt.sys 2966838EDAFBEB2819D127BF7D23F27B
C:\Windows\System32\DRIVERS\VBoxUSBMon.sys E5C140160617B2B0545B4051AA9507FF
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys DF8126BD41180351A093A3AD2FC8903B
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifimp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUSB.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659
C:\Windows\System32\Drivers\ax6bupep.sys 
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-01-30 18:02 - 2014-01-30 18:07 - 00099492 _____ C:\Users\NAVEEN\Desktop\FRST.txt
2014-01-30 18:01 - 2014-01-30 18:02 - 00000000 ____D C:\FRST
2014-01-30 07:28 - 2014-01-30 17:52 - 02079744 _____ (Farbar) C:\Users\NAVEEN\Desktop\FRST64.exe
2014-01-30 07:01 - 2014-01-30 07:01 - 00003822 _____ C:\Users\NAVEEN\Desktop\Urban Dictionary_ prig.ogg
2014-01-30 05:58 - 2014-01-30 06:05 - 24797984 _____ (NETGEAR Inc.) C:\Users\NAVEEN\Desktop\NETGEARGenie-install.exe
2014-01-30 04:11 - 2014-01-30 04:12 - 00850404 _____ C:\Users\NAVEEN\Desktop\Way2SMS-v1-28_2.apk
2014-01-30 01:08 - 2014-01-30 01:09 - 00764315 _____ C:\Users\NAVEEN\Desktop\Digital Entertainment World.mp4
2014-01-30 00:11 - 2014-01-30 00:20 - 15361078 _____ C:\Users\NAVEEN\Desktop\External hard drive buying advice - PC Advisor.mp4
2014-01-29 07:41 - 2014-01-29 08:15 - 00000000 ____D C:\ComboFix
2014-01-29 04:23 - 2014-01-29 04:24 - 04950661 _____ C:\Users\NAVEEN\Desktop\121ba0e4-e184-4834-a56c-0ff3dccf7a56_0.wmv
2014-01-29 02:43 - 2014-01-29 02:43 - 00000000 ____D C:\Users\NAVEEN\Desktop\MalwareBytes AntiMalware Pro - Keys_files
2014-01-29 01:48 - 2014-01-29 01:48 - 00000000 ____D C:\Users\NAVEEN\Desktop\job
2014-01-29 01:44 - 2014-01-30 17:46 - 00000000 ____D C:\Users\NAVEEN\Desktop\29 1 14 var ub
2014-01-28 04:42 - 2014-01-28 04:47 - 00000000 ____D C:\Users\NAVEEN\Desktop\gnayiru malar dhina thandhi xx
2014-01-27 18:50 - 2014-01-27 18:50 - 00000634 _____ C:\JRT.txt
2014-01-27 17:11 - 2014-01-27 17:13 - 00000000 ____D C:\Users\NAVEEN\Desktop\evac 26 1 14 ub var
2014-01-26 00:28 - 2014-01-26 00:28 - 00000000 ____D C:\Users\NAVEEN\AppData\Roaming\Oracle
2014-01-25 23:59 - 2014-01-25 23:59 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-01-25 23:59 - 2014-01-25 23:59 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-01-25 23:59 - 2014-01-25 23:59 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-01-25 23:59 - 2014-01-25 23:59 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-25 23:47 - 2014-01-26 00:26 - 00000000 ____D C:\ProgramData\Oracle
2014-01-25 22:26 - 2014-01-25 22:26 - 00008626 _____ C:\ListParts64 Result.txt
2014-01-25 20:09 - 2014-01-30 17:10 - 00000000 ____D C:\Qoobox
2014-01-25 20:09 - 2011-06-26 12:15 - 00256000 _____ C:\Windows\PEV.exe
2014-01-25 20:09 - 2010-11-07 22:50 - 00208896 _____ C:\Windows\MBR.exe
2014-01-25 20:09 - 2009-04-20 10:26 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-01-25 20:09 - 2000-08-31 05:30 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-01-25 20:09 - 2000-08-31 05:30 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-01-25 20:09 - 2000-08-31 05:30 - 00098816 _____ C:\Windows\sed.exe
2014-01-25 20:09 - 2000-08-31 05:30 - 00080412 _____ C:\Windows\grep.exe
2014-01-25 20:09 - 2000-08-31 05:30 - 00068096 _____ C:\Windows\zip.exe
2014-01-25 20:07 - 2014-01-29 03:51 - 00000000 ____D C:\Windows\erdnt
2014-01-25 19:54 - 2014-01-25 19:54 - 00018444 _____ C:\eset fulscan 25 1 14.txt
2014-01-25 04:58 - 2014-01-25 04:58 - 00987425 _____ C:\SecurityCheck.exe
2014-01-25 04:04 - 2014-01-25 22:36 - 00000000 ____D C:\Users\NAVEEN\Desktop\DwnlData
2014-01-24 15:28 - 2014-01-24 15:28 - 00002864 _____ C:\eset1 scan result.txt
2014-01-23 20:41 - 2014-01-30 17:46 - 00000000 ____D C:\Users\NAVEEN\Desktop\security software
2014-01-23 20:14 - 2014-01-23 20:14 - 00000000 ____D C:\Program Files (x86)\ESET
2014-01-23 19:24 - 2014-01-23 19:53 - 00002628 _____ C:\Windows\system32\.crusader
2014-01-23 18:55 - 2014-01-23 18:57 - 00001893 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2014-01-23 18:55 - 2014-01-23 18:57 - 00001893 _____ C:\ProgramData\Desktop\HitmanPro.lnk
2014-01-23 18:54 - 2014-01-23 18:55 - 00000000 ____D C:\Program Files\HitmanPro
2014-01-23 18:48 - 2014-01-23 19:24 - 00000000 ____D C:\ProgramData\HitmanPro
2014-01-23 18:47 - 2014-01-23 18:47 - 00564312 _____ (SurfRight) C:\Windows\SysWOW64\hmpalert.dll
2014-01-23 18:47 - 2014-01-23 18:47 - 00518480 _____ (SurfRight) C:\Windows\system32\hmpalert.dll
2014-01-23 18:47 - 2014-01-23 18:47 - 00017416 _____ C:\Windows\system32\Drivers\hmpalert.sys
2014-01-23 18:47 - 2014-01-23 18:47 - 00000000 ____D C:\Program Files (x86)\HitmanPro.Alert
2014-01-23 05:59 - 2014-01-23 07:41 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-01-23 05:54 - 2014-01-23 05:54 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-01-23 04:36 - 2014-01-23 04:36 - 00000000 ____D C:\ProgramData\ViceVersa PRO
2014-01-20 02:26 - 2014-01-20 02:26 - 00010842 _____ C:\attach.txt
2014-01-20 02:26 - 2014-01-20 02:25 - 00043029 _____ C:\dds.txt
2014-01-20 02:23 - 2013-11-27 07:11 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-20 02:23 - 2013-11-27 07:11 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-20 02:23 - 2013-11-27 07:11 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-20 02:23 - 2013-11-27 07:11 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-20 02:23 - 2013-11-27 07:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-20 02:23 - 2013-11-27 07:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-20 02:23 - 2013-11-27 07:11 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-20 02:23 - 2013-11-26 17:10 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-20 02:23 - 2013-11-26 16:02 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-19 14:52 - 2014-01-26 16:14 - 00000000 ____D C:\Users\NAVEEN\AppData\Roaming\Malwarebytes
2014-01-19 14:52 - 2014-01-19 14:52 - 00001100 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-01-19 14:52 - 2014-01-19 14:52 - 00001100 _____ C:\ProgramData\Desktop\Malwarebytes Anti-Malware.lnk
2014-01-19 14:52 - 2014-01-19 14:52 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-19 14:52 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-01-17 16:05 - 2014-01-17 16:05 - 00000000 ____D C:\Users\NAVEEN\Desktop\dheeraj assignment
2014-01-16 21:18 - 2014-01-17 19:20 - 00000000 ____D C:\Users\NAVEEN\AppData\Roaming\Notepad++
2014-01-16 21:18 - 2014-01-16 21:18 - 00001116 _____ C:\Users\NAVEEN\Desktop\Notepad++.lnk
2014-01-16 21:18 - 2014-01-16 21:18 - 00000000 ____D C:\Users\NAVEEN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
2014-01-15 05:33 - 2014-01-15 05:33 - 00000000 ____D C:\AMD
2014-01-13 18:58 - 2014-01-27 18:35 - 00000000 ____D C:\AdwCleaner
2014-01-10 02:46 - 2014-01-25 23:56 - 00000000 ____D C:\Users\NAVEEN\Desktop\evac dsktp ub2sort
2014-01-10 02:41 - 2014-01-10 02:41 - 00003156 _____ C:\Windows\System32\Tasks\WinMetro Updater
2014-01-10 02:41 - 2014-01-10 02:41 - 00000000 ____D C:\Users\NAVEEN\AppData\Roaming\IObit
2014-01-09 21:59 - 2014-01-09 21:59 - 00002923 _____ C:\Users\NAVEEN\Desktop\abt.txt
2014-01-09 19:29 - 2014-01-09 19:29 - 00000000 ____D C:\Users\NAVEEN\.android
2014-01-09 17:38 - 2014-01-09 18:51 - 00000000 ____D C:\Users\NAVEEN\AppData\Local\Genymobile
2014-01-09 17:37 - 2014-01-10 00:15 - 00000000 ____D C:\Users\NAVEEN\.VirtualBox
2014-01-09 17:36 - 2013-04-12 11:41 - 00237840 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxDrv.sys
2014-01-09 17:36 - 2013-04-12 11:40 - 00120080 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxUSBMon.sys
2014-01-08 17:36 - 2014-01-08 17:24 - 00454602 ____R C:\Windows\system32\Drivers\etc\hosts.20140108-173646.backup
2014-01-08 16:53 - 2014-01-08 16:53 - 00000000 ____D C:\Users\NAVEEN\Documents\ProcAlyzer Dumps
2014-01-08 16:19 - 2014-01-08 16:19 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2014-01-08 16:19 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-01-07 20:55 - 2014-01-07 20:55 - 00001254 _____ C:\Windows\system32\US_Navy_060618-N-8492C-212_An_Air_Force_B-2_bomber_along_with_other_aircrafts_from_the_Air_Force,_Navy_and_Marine_Corps_fly_over_the_Kitty_Hawk,_Ronald_Reagan_and_Abraham_Lincoln_Carrier_Strike_g.jpg.lnk
2014-01-07 03:13 - 2014-01-07 03:13 - 01093466 _____ C:\Users\NAVEEN\Desktop\OneTab bkup 7 1 14.htm
2014-01-07 03:13 - 2014-01-07 03:13 - 00000000 ____D C:\Users\NAVEEN\Desktop\OneTab bkup 7 1 14_files
2014-01-06 17:41 - 2014-01-06 17:42 - 00000000 ____D C:\LiberKey
2014-01-04 12:04 - 2014-01-04 12:04 - 00000000 ____D C:\Users\NAVEEN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windroy
2014-01-04 12:03 - 2014-01-04 12:03 - 00000000 ____D C:\naveenpgmfiles
2014-01-03 17:35 - 2014-01-03 17:35 - 00000000 ____D C:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}
2014-01-03 17:19 - 2014-01-03 17:19 - 00000000 ____D C:\Users\NAVEEN\AppData\Roaming\Wassapp
2014-01-03 14:45 - 2014-01-03 14:45 - 00000000 ____D C:\Program Files (x86)\BlueStacks
2014-01-03 14:43 - 2014-01-03 14:45 - 00000000 ____D C:\ProgramData\BlueStacks
2014-01-01 11:34 - 2014-01-01 11:34 - 00000000 ____D C:\Program Files (x86)\Hp
2013-12-31 08:09 - 2013-12-31 08:09 - 00000607 _____ C:\Users\NAVEEN\Downloads\download.php
2013-12-31 08:09 - 2013-12-31 08:09 - 00000577 _____ C:\Users\NAVEEN\Downloads\cookies_file.txt
 
==================== One Month Modified Files and Folders =======
 
2014-01-30 18:07 - 2014-01-30 18:02 - 00099492 _____ C:\Users\NAVEEN\Desktop\FRST.txt
2014-01-30 18:02 - 2014-01-30 18:01 - 00000000 ____D C:\FRST
2014-01-30 17:52 - 2014-01-30 07:28 - 02079744 _____ (Farbar) C:\Users\NAVEEN\Desktop\FRST64.exe
2014-01-30 17:46 - 2014-01-29 01:44 - 00000000 ____D C:\Users\NAVEEN\Desktop\29 1 14 var ub
2014-01-30 17:46 - 2014-01-23 20:41 - 00000000 ____D C:\Users\NAVEEN\Desktop\security software
2014-01-30 17:35 - 2012-11-11 23:49 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-30 17:33 - 2012-08-04 16:45 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2014-01-30 17:10 - 2014-01-25 20:09 - 00000000 ____D C:\Qoobox
2014-01-30 17:07 - 2009-07-14 10:15 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-30 17:07 - 2009-07-14 10:15 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-30 17:04 - 2012-03-14 06:35 - 02054503 _____ C:\Windows\WindowsUpdate.log
2014-01-30 16:59 - 2012-09-19 19:50 - 00100040 _____ C:\Windows\PFRO.log
2014-01-30 16:59 - 2012-09-12 20:03 - 00008858 _____ C:\Windows\setupact.log
2014-01-30 16:59 - 2009-07-14 10:38 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-30 07:51 - 2012-10-23 17:03 - 00000860 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-606511456-1437241303-3617233354-1000Core.job
2014-01-30 07:51 - 2012-04-09 04:24 - 00000000 ____D C:\Users\NAVEEN\AppData\Roaming\DMCache
2014-01-30 07:01 - 2014-01-30 07:01 - 00003822 _____ C:\Users\NAVEEN\Desktop\Urban Dictionary_ prig.ogg
2014-01-30 06:05 - 2014-01-30 05:58 - 24797984 _____ (NETGEAR Inc.) C:\Users\NAVEEN\Desktop\NETGEARGenie-install.exe
2014-01-30 04:12 - 2014-01-30 04:11 - 00850404 _____ C:\Users\NAVEEN\Desktop\Way2SMS-v1-28_2.apk
2014-01-30 04:01 - 2012-04-09 04:24 - 00000000 ____D C:\Users\NAVEEN\AppData\Roaming\IDM
2014-01-30 02:13 - 2012-08-24 17:43 - 00000000 ____D C:\Users\NAVEEN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Portforward.com
2014-01-30 02:13 - 2012-04-09 04:24 - 00000000 ____D C:\Program Files (x86)\naveen
2014-01-30 02:09 - 2013-01-15 06:44 - 00000000 ____D C:\Users\NAVEEN\AppData\Roaming\uTorrent Turbo Booster
2014-01-30 02:00 - 2012-04-12 02:58 - 00000000 ____D C:\Users\NAVEEN\AppData\Local\Adobe
2014-01-30 01:53 - 2009-07-14 10:43 - 00783596 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-30 01:35 - 2012-08-24 04:58 - 00000000 ____D C:\Users\NAVEEN\AppData\Roaming\Shareaza
2014-01-30 01:35 - 2012-08-24 04:58 - 00000000 ____D C:\Users\NAVEEN\AppData\Local\Shareaza
2014-01-30 01:12 - 2012-04-20 06:42 - 00000000 ____D C:\Program Files\naveen
2014-01-30 01:09 - 2014-01-30 01:08 - 00764315 _____ C:\Users\NAVEEN\Desktop\Digital Entertainment World.mp4
2014-01-30 00:20 - 2014-01-30 00:11 - 15361078 _____ C:\Users\NAVEEN\Desktop\External hard drive buying advice - PC Advisor.mp4
2014-01-29 18:38 - 2012-06-16 03:49 - 00000000 ____D C:\Users\NAVEEN\AppData\Local\ClipboardManager
2014-01-29 18:33 - 2012-04-07 07:45 - 00000000 ____D C:\Users\NAVEEN\AppData\Local\Apps\2.0
2014-01-29 08:15 - 2014-01-29 07:41 - 00000000 ____D C:\ComboFix
2014-01-29 07:58 - 2009-07-14 08:04 - 00000215 _____ C:\Windows\system.ini
2014-01-29 07:52 - 2012-04-12 02:04 - 00000000 ____D C:\Users\NAVEEN\AppData\Local\CrashDumps
2014-01-29 04:24 - 2014-01-29 04:23 - 04950661 _____ C:\Users\NAVEEN\Desktop\121ba0e4-e184-4834-a56c-0ff3dccf7a56_0.wmv
2014-01-29 03:51 - 2014-01-25 20:07 - 00000000 ____D C:\Windows\erdnt
2014-01-29 02:43 - 2014-01-29 02:43 - 00000000 ____D C:\Users\NAVEEN\Desktop\MalwareBytes AntiMalware Pro - Keys_files
2014-01-29 01:48 - 2014-01-29 01:48 - 00000000 ____D C:\Users\NAVEEN\Desktop\job
2014-01-28 06:52 - 2012-05-07 00:48 - 00000000 ____D C:\Users\NAVEEN\AppData\Roaming\SoftGrid Client
2014-01-28 04:47 - 2014-01-28 04:42 - 00000000 ____D C:\Users\NAVEEN\Desktop\gnayiru malar dhina thandhi xx
2014-01-28 03:45 - 2012-04-07 13:25 - 00000000 ____D C:\Users\NAVEEN\Documents\Youcam
2014-01-28 02:56 - 2012-05-18 04:43 - 00000132 _____ C:\Users\NAVEEN\AppData\Roaming\Adobe PNG Format CS6 Prefs
2014-01-27 22:49 - 2012-04-05 20:32 - 00000000 ____D C:\Users\NAVEEN
2014-01-27 22:43 - 2012-07-20 19:40 - 00001456 _____ C:\Users\NAVEEN\AppData\Local\Adobe Save for Web 13.0 Prefs
2014-01-27 18:50 - 2014-01-27 18:50 - 00000634 _____ C:\JRT.txt
2014-01-27 18:35 - 2014-01-13 18:58 - 00000000 ____D C:\AdwCleaner
2014-01-27 17:13 - 2014-01-27 17:11 - 00000000 ____D C:\Users\NAVEEN\Desktop\evac 26 1 14 ub var
2014-01-27 17:13 - 2013-11-04 00:22 - 00000000 ____D C:\Users\NAVEEN\.umplayer
2014-01-26 23:02 - 2012-04-09 01:31 - 00000000 ____D C:\Users\NAVEEN\AppData\Roaming\Skype
2014-01-26 16:32 - 2012-04-07 13:58 - 00000000 ____D C:\Users\NAVEEN\AppData\Roaming\Mozilla
2014-01-26 16:14 - 2014-01-19 14:52 - 00000000 ____D C:\Users\NAVEEN\AppData\Roaming\Malwarebytes
2014-01-26 14:56 - 2012-04-08 13:17 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2014-01-26 11:51 - 2009-07-14 08:50 - 00000000 ____D C:\Windows\registration
2014-01-26 00:28 - 2014-01-26 00:28 - 00000000 ____D C:\Users\NAVEEN\AppData\Roaming\Oracle
2014-01-26 00:26 - 2014-01-25 23:47 - 00000000 ____D C:\ProgramData\Oracle
2014-01-25 23:59 - 2014-01-25 23:59 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-01-25 23:59 - 2014-01-25 23:59 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-01-25 23:59 - 2014-01-25 23:59 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-01-25 23:59 - 2014-01-25 23:59 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-25 23:59 - 2013-03-24 18:16 - 00000000 ____D C:\Program Files (x86)\Java
2014-01-25 23:56 - 2014-01-10 02:46 - 00000000 ____D C:\Users\NAVEEN\Desktop\evac dsktp ub2sort
2014-01-25 23:54 - 2013-12-08 04:29 - 00000000 ____D C:\Users\NAVEEN\Desktop\dlods
2014-01-25 22:36 - 2014-01-25 04:04 - 00000000 ____D C:\Users\NAVEEN\Desktop\DwnlData
2014-01-25 22:26 - 2014-01-25 22:26 - 00008626 _____ C:\ListParts64 Result.txt
2014-01-25 21:16 - 2013-08-22 20:49 - 00000000 ____D C:\Users\Administrator
2014-01-25 19:54 - 2014-01-25 19:54 - 00018444 _____ C:\eset fulscan 25 1 14.txt
2014-01-25 04:58 - 2014-01-25 04:58 - 00987425 _____ C:\SecurityCheck.exe
2014-01-25 03:14 - 2013-07-06 23:59 - 00000000 ____D C:\Users\NAVEEN\AppData\Local\MPlayer
2014-01-24 17:11 - 2012-07-13 21:36 - 00000000 ____D C:\Users\NAVEEN\Documents\Evaer
2014-01-24 15:28 - 2014-01-24 15:28 - 00002864 _____ C:\eset1 scan result.txt
2014-01-23 20:14 - 2014-01-23 20:14 - 00000000 ____D C:\Program Files (x86)\ESET
2014-01-23 19:53 - 2014-01-23 19:24 - 00002628 _____ C:\Windows\system32\.crusader
2014-01-23 19:24 - 2014-01-23 18:48 - 00000000 ____D C:\ProgramData\HitmanPro
2014-01-23 18:57 - 2014-01-23 18:55 - 00001893 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2014-01-23 18:57 - 2014-01-23 18:55 - 00001893 _____ C:\ProgramData\Desktop\HitmanPro.lnk
2014-01-23 18:55 - 2014-01-23 18:54 - 00000000 ____D C:\Program Files\HitmanPro
2014-01-23 18:47 - 2014-01-23 18:47 - 00564312 _____ (SurfRight) C:\Windows\SysWOW64\hmpalert.dll
2014-01-23 18:47 - 2014-01-23 18:47 - 00518480 _____ (SurfRight) C:\Windows\system32\hmpalert.dll
2014-01-23 18:47 - 2014-01-23 18:47 - 00017416 _____ C:\Windows\system32\Drivers\hmpalert.sys
2014-01-23 18:47 - 2014-01-23 18:47 - 00000000 ____D C:\Program Files (x86)\HitmanPro.Alert
2014-01-23 07:41 - 2014-01-23 05:59 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-01-23 05:54 - 2014-01-23 05:54 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-01-23 04:36 - 2014-01-23 04:36 - 00000000 ____D C:\ProgramData\ViceVersa PRO
2014-01-23 04:32 - 2013-09-24 00:16 - 00000000 ____D C:\Users\NAVEEN\Documents\ViceVersa PRO
2014-01-23 03:06 - 2013-12-08 03:36 - 00000000 ____D C:\Users\NAVEEN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ashampoo
2014-01-23 03:05 - 2012-04-30 18:33 - 00000000 ____D C:\ProgramData\Adobe
2014-01-23 03:05 - 2011-11-09 23:18 - 00000000 ____D C:\Program Files (x86)\Adobe
2014-01-23 02:41 - 2012-10-09 17:20 - 00000000 ____D C:\Users\NAVEEN\AppData\Roaming\GameCenter
2014-01-20 14:15 - 2009-07-14 10:15 - 04892056 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-20 02:31 - 2013-08-09 20:48 - 00000000 ____D C:\Windows\system32\MRT
2014-01-20 02:26 - 2014-01-20 02:26 - 00010842 _____ C:\attach.txt
2014-01-20 02:25 - 2014-01-20 02:26 - 00043029 _____ C:\dds.txt
2014-01-20 02:25 - 2012-04-07 06:29 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-19 14:52 - 2014-01-19 14:52 - 00001100 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-01-19 14:52 - 2014-01-19 14:52 - 00001100 _____ C:\ProgramData\Desktop\Malwarebytes Anti-Malware.lnk
2014-01-19 14:52 - 2014-01-19 14:52 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-17 19:20 - 2014-01-16 21:18 - 00000000 ____D C:\Users\NAVEEN\AppData\Roaming\Notepad++
2014-01-17 17:26 - 2013-01-05 05:01 - 00000000 ____D C:\user files
2014-01-17 16:19 - 2012-04-05 20:42 - 00058800 _____ C:\Users\NAVEEN\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-17 16:05 - 2014-01-17 16:05 - 00000000 ____D C:\Users\NAVEEN\Desktop\dheeraj assignment
2014-01-16 21:18 - 2014-01-16 21:18 - 00001116 _____ C:\Users\NAVEEN\Desktop\Notepad++.lnk
2014-01-16 21:18 - 2014-01-16 21:18 - 00000000 ____D C:\Users\NAVEEN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
2014-01-15 05:33 - 2014-01-15 05:33 - 00000000 ____D C:\AMD
2014-01-11 23:58 - 2012-06-14 00:57 - 00000000 ____D C:\ProgramData\InstallMate
2014-01-10 02:41 - 2014-01-10 02:41 - 00003156 _____ C:\Windows\System32\Tasks\WinMetro Updater
2014-01-10 02:41 - 2014-01-10 02:41 - 00000000 ____D C:\Users\NAVEEN\AppData\Roaming\IObit
2014-01-10 02:41 - 2012-10-05 16:01 - 00000000 ____D C:\ProgramData\IObit
2014-01-10 00:15 - 2014-01-09 17:37 - 00000000 ____D C:\Users\NAVEEN\.VirtualBox
2014-01-09 21:59 - 2014-01-09 21:59 - 00002923 _____ C:\Users\NAVEEN\Desktop\abt.txt
2014-01-09 19:29 - 2014-01-09 19:29 - 00000000 ____D C:\Users\NAVEEN\.android
2014-01-09 18:51 - 2014-01-09 17:38 - 00000000 ____D C:\Users\NAVEEN\AppData\Local\Genymobile
2014-01-08 17:36 - 2009-07-14 08:04 - 00454602 ____R C:\Windows\system32\Drivers\etc\hosts.20140108-200456.backup
2014-01-08 17:24 - 2014-01-08 17:36 - 00454602 ____R C:\Windows\system32\Drivers\etc\hosts.20140108-173646.backup
2014-01-08 17:08 - 2012-10-15 21:05 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2014-01-08 16:53 - 2014-01-08 16:53 - 00000000 ____D C:\Users\NAVEEN\Documents\ProcAlyzer Dumps
2014-01-08 16:19 - 2014-01-08 16:19 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2014-01-07 20:55 - 2014-01-07 20:55 - 00001254 _____ C:\Windows\system32\US_Navy_060618-N-8492C-212_An_Air_Force_B-2_bomber_along_with_other_aircrafts_from_the_Air_Force,_Navy_and_Marine_Corps_fly_over_the_Kitty_Hawk,_Ronald_Reagan_and_Abraham_Lincoln_Carrier_Strike_g.jpg.lnk
2014-01-07 20:16 - 2012-04-07 14:06 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-01-07 20:16 - 2011-11-09 23:03 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-07 17:54 - 2013-07-17 18:39 - 00003150 _____ C:\Windows\System32\Tasks\MirageAgent
2014-01-07 15:59 - 2012-05-10 04:18 - 00000000 ____D C:\Windows\pss
2014-01-07 03:13 - 2014-01-07 03:13 - 01093466 _____ C:\Users\NAVEEN\Desktop\OneTab bkup 7 1 14.htm
2014-01-07 03:13 - 2014-01-07 03:13 - 00000000 ____D C:\Users\NAVEEN\Desktop\OneTab bkup 7 1 14_files
2014-01-06 17:42 - 2014-01-06 17:41 - 00000000 ____D C:\LiberKey
2014-01-04 12:04 - 2014-01-04 12:04 - 00000000 ____D C:\Users\NAVEEN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windroy
2014-01-04 12:03 - 2014-01-04 12:03 - 00000000 ____D C:\naveenpgmfiles
2014-01-03 18:37 - 2011-11-09 23:23 - 00000000 ____D C:\Windows\System32\Tasks\Hewlett-Packard
2014-01-03 18:34 - 2011-02-11 00:53 - 00000000 ____D C:\SWSetup
2014-01-03 17:37 - 2009-07-14 08:50 - 00000000 ____D C:\Windows\Help
2014-01-03 17:36 - 2011-11-09 23:23 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2014-01-03 17:36 - 2011-11-09 22:59 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2014-01-03 17:35 - 2014-01-03 17:35 - 00000000 ____D C:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}
2014-01-03 17:19 - 2014-01-03 17:19 - 00000000 ____D C:\Users\NAVEEN\AppData\Roaming\Wassapp
2014-01-03 17:16 - 2012-06-14 05:38 - 00000000 ____D C:\Users\NAVEEN\AppData\Local\Downloaded Installations
2014-01-03 14:45 - 2014-01-03 14:45 - 00000000 ____D C:\Program Files (x86)\BlueStacks
2014-01-03 14:45 - 2014-01-03 14:43 - 00000000 ____D C:\ProgramData\BlueStacks
2014-01-03 14:45 - 2009-07-14 08:50 - 00000000 __RHD C:\Users\Public\Libraries
2014-01-03 14:43 - 2013-02-13 22:59 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2014-01-01 16:29 - 2013-11-26 04:53 - 00620640 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2014-01-01 16:29 - 2013-06-06 17:38 - 00178272 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kneps.sys
2014-01-01 11:34 - 2014-01-01 11:34 - 00000000 ____D C:\Program Files (x86)\Hp
2013-12-31 08:09 - 2013-12-31 08:09 - 00000607 _____ C:\Users\NAVEEN\Downloads\download.php
2013-12-31 08:09 - 2013-12-31 08:09 - 00000577 _____ C:\Users\NAVEEN\Downloads\cookies_file.txt
 
Files to move or delete:
====================
C:\ProgramData\ISTask.dll
C:\ProgramData\PKP_DLdu.DAT
C:\ProgramData\PKP_DLer.DAT
C:\Users\NAVEEN\fbchathistory.dat
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== BCD ================================
 
Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=\Device\HarddiskVolume1
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
extendedinput           Yes
default                 {current}
resumeobject            {158181c0-9a00-11db-8a1d-b11d19fd3102}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30
customactions           0x1000085000001
                        0x5400000f
custom:5400000f         {af0267f3-6d70-11e1-97dc-cf23f06ae1fa}
 
Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {af0267f3-6d70-11e1-97dc-cf23f06ae1fa}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {158181c0-9a00-11db-8a1d-b11d19fd3102}
nx                      OptIn
usefirmwarepcisettings  No
 
Windows Boot Loader
-------------------
identifier              {572bcd60-ffa7-11d9-aae0-0007e994107d}
device                  ramdisk=[boot]\sources\boot.wim,{ramdiskoptions}
path                    \windows\system32\boot\winload.exe
description             Microsoft Windows PE 2.0 
osdevice                ramdisk=[boot]\sources\boot.wim,{ramdiskoptions}
systemroot              \windows
detecthal               Yes
winpe                   Yes
ems                     Yes
 
Windows Boot Loader
-------------------
identifier              {af0267f3-6d70-11e1-97dc-cf23f06ae1fa}
device                  ramdisk=[D:]\Recovery\WindowsRE\Winre.wim,{af0267f4-6d70-11e1-97dc-cf23f06ae1fa}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[D:]\Recovery\WindowsRE\Winre.wim,{af0267f4-6d70-11e1-97dc-cf23f06ae1fa}
systemroot              \windows
nx                      OptIn
winpe                   Yes
 
Resume from Hibernate
---------------------
identifier              {158181c0-9a00-11db-8a1d-b11d19fd3102}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No
 
Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=\Device\HarddiskVolume1
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes
 
Real-mode Boot Sector
---------------------
identifier              {af0267f0-6d70-11e1-97dc-cf23f06ae1fa}
device                  partition=C:
path                    \SWSetup\VF\Seagate Update\LoadVF.bin
description             en-US
 
Real-mode Boot Sector
---------------------
identifier              {af0267f1-6d70-11e1-97dc-cf23f06ae1fa}
device                  partition=C:
path                    \SWSetup\VF\Seagate Update\LoadVF.bin
description             en-US
 
EMS Settings
------------
identifier              {emssettings}
bootems                 Yes
 
Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200
 
RAM Defects
-----------
identifier              {badmemory}
 
Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}
 
Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}
 
Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200
 
Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}
 
Setup Ramdisk Options
---------------------
identifier              {ramdiskoptions}
description             Ramdisk Options
ramdisksdidevice        boot
ramdisksdipath          \boot\boot.sdi
 
Device options
--------------
identifier              {af0267f4-6d70-11e1-97dc-cf23f06ae1fa}
description             Ramdisk Options
ramdisksdidevice        partition=D:
ramdisksdipath          \Recovery\WindowsRE\boot.sdi
 
 
 
LastRegBack: 2014-01-23 16:12
 
==================== End Of Log ============================


Become a BleepingComputer fan on Facebook
Have you seen.....Select Real Security

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:43 PM

Posted 30 January 2014 - 01:24 PM

  • Download ListParts64 to your Desktop.
  • Double click ListParts64.exe to launch the program.
  • Press the Scan button.
  • When finished scanning it will make a log Result.txt on your Desktop.
  • Please post me the contents of the log.


Edited by gringo_pr, 30 January 2014 - 01:29 PM.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users