Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Combo Fix Help...!


  • This topic is locked This topic is locked
11 replies to this topic

#1 Narendran

Narendran

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:40 PM

Posted 27 March 2015 - 02:10 AM

I used Combo Fix as per the advice of my friend as I thought I'm infected. The details of the log are as follows:

 

ComboFix 15-03-25.01 - PADMAM 20-03-2015   6:40.1.2 - x86
Microsoft Windows 7 Professional   6.1.7601.1.1252.91.1033.18.1983.743 [GMT 5.5:30]
Running from: d:\users\PADMAM\Downloads\ComboFix.exe
AV: Bitdefender Antivirus *Disabled/Updated* {9A0813D8-CED6-F86B-072E-28D2AF25A83D}
FW: ZoneAlarm Free Firewall Firewall *Enabled* {1B8D532F-88B1-B2AD-ED22-AED92687A1D2}
SP: Bitdefender Antispyware *Disabled/Updated* {2169F23C-E8EC-F7E5-3D9E-13A0D4A2E280}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
d:\programdata\1420838628.bdinstall.bin
d:\users\PADMAM\AppData\Roaming\Microsoft\Windows\Recent\Comfy Cakes.pif
d:\windows\system32\cyggcc_s-1.dll
d:\windows\system32\cygidn-11.dll
d:\windows\system32\cyglber-2-4-2.dll
d:\windows\system32\cygldap_r-2-4-2.dll
d:\windows\system32\cygpcre-1.dll
d:\windows\system32\cygpq-5.dll
d:\windows\system32\cygsasl2-3.dll
d:\windows\system32\cygssp-0.dll
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
.
.
(((((((((((((((((((((((((   Files Created from 2015-02-20 to 2015-03-20  )))))))))))))))))))))))))))))))
.
.
2015-03-20 01:22 . 2015-03-20 01:22 -------- d-----w- d:\users\Default\AppData\Local\temp
2015-03-20 00:16 . 2015-03-20 00:16 -------- d-----w- D:\inetpub
2015-03-19 16:02 . 2015-03-19 16:02 25 ----a-w- d:\windows\wpd99.drv
2015-03-19 16:02 . 2015-03-19 16:02 -------- d-----w- d:\programdata\pdf995
2015-03-19 16:02 . 2015-03-19 16:02 36864 ----a-w- d:\windows\system32\pdf995mon.dll
2015-03-19 16:02 . 2015-03-19 16:02 1672704 ----a-w- d:\windows\system32\pdfmona.dll
2015-03-19 13:17 . 2015-03-19 13:17 -------- d-sh--w- d:\users\PADMAM\Phone Browser
2015-03-19 13:10 . 2015-03-19 13:10 -------- d-----w- d:\users\PADMAM\AppData\Roaming\PC Suite
2015-03-19 13:10 . 2015-03-19 13:16 -------- d-----w- d:\users\PADMAM\AppData\Roaming\Nokia
2015-03-19 13:10 . 2015-03-19 13:10 -------- d-----w- d:\programdata\PC Suite
2015-03-19 13:09 . 2015-03-19 13:09 -------- d-----w- d:\program files\DIFX
2015-03-19 13:06 . 2015-03-19 13:06 -------- d-----w- d:\programdata\Installations
2015-03-19 13:05 . 2008-09-15 02:26 91136 ----a-w- d:\windows\system32\nmwcdcls.dll
2015-03-19 04:32 . 2015-03-19 04:32 -------- d-----w- d:\programdata\VirtualizedApplications
2015-03-19 02:44 . 2015-03-19 02:44 -------- d-----w- d:\users\PADMAM\AppData\Local\Steam
2015-03-19 01:13 . 2015-03-20 01:27 114904 ----a-w- d:\windows\system32\drivers\MBAMSwissArmy.sys
2015-03-19 01:12 . 2014-11-21 00:44 75480 ----a-w- d:\windows\system32\drivers\mbamchameleon.sys
2015-03-19 01:12 . 2014-11-21 00:44 51928 ----a-w- d:\windows\system32\drivers\mwac.sys
2015-03-19 01:12 . 2014-11-21 00:44 23256 ----a-w- d:\windows\system32\drivers\mbam.sys
2015-03-19 01:12 . 2015-03-19 04:48 -------- d-----w- d:\program files\Malwarebytes Anti-Malware
2015-03-19 01:12 . 2015-03-19 01:12 -------- d-----w- d:\programdata\Malwarebytes
2015-03-17 22:31 . 2015-03-17 22:31 -------- d-----w- d:\users\PADMAM\AppData\Roaming\Wise Care 365
2015-03-17 06:33 . 2015-03-19 23:29 -------- d-----w- d:\users\PADMAM\AppData\Local\VMware
2015-03-17 06:33 . 2015-03-19 23:29 -------- d-----w- d:\users\PADMAM\AppData\Roaming\VMware
2015-03-17 06:28 . 2012-06-09 14:00 334488 ----a-w- d:\windows\system32\vmnetdhcp.exe
2015-03-17 06:28 . 2012-06-09 13:59 404120 ----a-w- d:\windows\system32\vmnat.exe
2015-03-17 06:28 . 2012-06-09 13:58 26392 ----a-w- d:\windows\system32\drivers\vmnetuserif.sys
2015-03-17 06:28 . 2012-06-09 14:00 760472 ----a-w- d:\windows\system32\vnetlib.dll
2015-03-17 06:28 . 2012-06-09 13:59 24728 ----a-w- d:\windows\system32\drivers\VMkbd.sys
2015-03-17 06:27 . 2015-03-17 06:27 -------- d-----w- d:\program files\Common Files\VMware
2015-03-17 06:27 . 2015-03-20 01:25 -------- d-----w- d:\programdata\VMware
2015-03-17 06:27 . 2015-03-17 06:27 -------- d-----w- d:\program files\VMware
2015-03-11 13:49 . 2015-03-11 13:54 286720 ------w- d:\windows\Setup1.exe
2015-03-11 13:49 . 2015-03-11 13:54 73216 ----a-w- d:\windows\ST6UNST.EXE
2015-03-11 13:42 . 2015-03-11 13:53 -------- d-----w- D:\NR2.1.0
2015-03-10 18:28 . 2015-03-10 18:37 -------- d-----w- d:\program files\Photoshop
2015-03-06 08:45 . 2015-03-06 08:45 -------- d-----w- d:\program files\ImageWriter
2015-03-06 08:16 . 2015-03-06 08:16 -------- d-----w- d:\users\PADMAM\AppData\Local\DriverToolkit
2015-03-06 08:16 . 2015-03-06 08:16 -------- d-----w- d:\program files\DriverToolkit
2015-03-06 01:50 . 2015-03-16 03:45 -------- d-----w- d:\users\PADMAM\VirtualBox VMs
2015-03-05 04:42 . 2015-03-05 04:59 -------- d-----w- d:\program files\Google
2015-02-20 14:47 . 2015-02-20 14:54 -------- d-----w- d:\windows\rescache
2015-02-20 13:55 . 2015-02-20 13:55 -------- d-----w- d:\users\PADMAM\AppData\Local\Apps
2015-02-20 13:55 . 2015-03-05 04:41 -------- d-----w- d:\users\PADMAM\AppData\Local\Deployment
2015-02-20 12:12 . 2015-02-20 12:12 -------- d-----w- d:\program files\KGB Archiver
2015-02-20 12:04 . 2015-02-12 11:46 748616 ----a-w- d:\windows\system32\drivers\VBoxDrv.sys
2015-02-20 12:04 . 2015-02-12 11:46 104384 ----a-w- d:\windows\system32\drivers\VBoxUSBMon.sys
2015-02-20 07:21 . 2015-02-20 07:21 -------- d-----w- d:\users\PADMAM\AppData\Local\NeoSmart_Technologies
2015-02-20 05:14 . 2015-01-14 05:57 2894848 ----a-w- d:\windows\system32\pwNative.exe
2015-02-20 05:14 . 2013-09-30 10:56 15688 ------w- d:\windows\system32\pwdrvio.sys
2015-02-20 05:13 . 2013-09-30 10:56 10320 ------w- d:\windows\system32\pwdspio.sys
2015-02-20 05:13 . 2015-02-20 05:13 -------- d-----w- d:\program files\MiniTool Partition Wizard Free 9.0
2015-02-20 04:53 . 2015-02-20 04:53 -------- d-----w- d:\program files\NeoSmart Technologies
2015-02-20 03:07 . 2015-02-20 03:07 -------- d-----w- d:\users\hydra-7.5
2015-02-19 21:50 . 2015-02-19 21:53 -------- d-----w- d:\users\PADMAM\AppData\Roaming\FKGER_Monitor
2015-02-19 19:07 . 2015-02-19 19:07 -------- d-----w- d:\users\PADMAM\AppData\Roaming\WinPatrol
2015-02-19 19:07 . 2015-02-19 19:07 -------- d-----w- d:\program files\Ruiware
2015-02-19 13:08 . 2015-02-19 13:08 -------- d-----w- d:\program files\Check Point Software Technologies LTD
2015-02-19 13:08 . 2015-02-19 13:08 -------- d-----w- d:\users\PADMAM\AppData\Roaming\Check Point Software Technologies LTD
2015-02-19 13:07 . 2015-02-19 13:36 -------- d-----w- d:\program files\CheckPoint
2015-02-19 13:07 . 2015-02-19 13:07 -------- d-----w- d:\programdata\CheckPoint
2015-02-19 08:04 . 2015-02-19 08:04 -------- d-----w- D:\found.000
2015-02-18 19:27 . 2015-02-18 19:28 -------- d-----w- d:\users\PADMAM\.android
2015-02-18 17:32 . 2015-02-18 17:33 -------- d-----w- d:\programdata\BlueStacks
2015-02-18 17:32 . 2015-02-18 17:33 -------- d-----w- d:\program files\BlueStacks
2015-02-18 17:31 . 2015-02-18 17:31 -------- d-----w- d:\users\PADMAM\AppData\Local\Bluestacks
2015-02-18 05:47 . 2015-02-18 05:47 -------- d-----w- d:\program files\7-Zip
2015-02-18 03:51 . 2015-02-14 21:59 40999 ----a-w- d:\windows\system32\cygintl-8.dll
2015-02-18 03:51 . 2015-02-14 21:59 84519 ----a-w- d:\windows\system32\cygz.dll
2015-02-18 03:51 . 2015-02-14 21:59 393255 ----a-w- d:\windows\system32\cygssl-1.0.0.dll
2015-02-18 03:51 . 2015-02-14 21:59 382659 ----a-w- d:\windows\system32\libssh.dll
2015-02-18 03:51 . 2015-02-14 21:59 3330544 ----a-w- d:\windows\system32\cygwin1.dll
2015-02-18 03:51 . 2015-02-14 21:59 1820199 ----a-w- d:\windows\system32\cygcrypto-1.0.0.dll
2015-02-18 03:51 . 2015-02-14 21:59 1177600 ----a-w- d:\windows\system32\LIBEAY32.dll
2015-02-18 03:51 . 2015-02-14 21:59 112654 ----a-w- d:\windows\system32\libgcc_s_dw2-1.dll
2015-02-18 03:51 . 2015-02-14 21:59 108558 ----a-w- d:\windows\system32\libz.dll
2015-02-18 03:51 . 2015-02-14 21:59 1023527 ----a-w- d:\windows\system32\cygiconv-2.dll
2015-02-18 03:51 . 2015-02-14 21:59 2887197 ----a-w- d:\windows\system32\cygmysqlclient-18.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-03-17 00:53 . 2013-05-29 06:23 409088 ----a-w- d:\windows\system32\systemcpl.dll
2015-03-16 20:15 . 2015-01-09 21:24 172936 ----a-w- d:\windows\system32\drivers\gzflt.sys
2015-03-11 13:32 . 2015-03-11 13:32 1559031 ----a-w- D:\ssoem10.zip
2015-03-11 13:27 . 2015-03-11 13:28 1316716 ----a-w- D:\NR2.1.0.zip
2015-02-12 11:46 . 2015-02-12 11:46 174888 ------w- d:\windows\system32\VBoxNetFltNobj.dll
2015-02-12 11:46 . 2015-02-12 11:46 115672 ----a-w- d:\windows\system32\drivers\VBoxNetAdp.sys
2015-02-05 19:31 . 2015-02-05 19:31 548336 ----a-w- d:\windows\system32\drivers\avckf.sys
2015-02-05 19:31 . 2015-02-05 19:31 66832 ----a-w- d:\windows\system32\drivers\bdsandbox.sys
2015-02-05 19:30 . 2015-02-05 19:30 26624 ----a-w- d:\windows\system32\bdsandboxuh.dll
2015-02-05 19:29 . 2015-01-09 21:28 243456 ----a-w- d:\windows\system32\drivers\avchv.sys
2015-02-05 19:28 . 2015-01-09 21:28 1083448 ----a-w- d:\windows\system32\drivers\avc3.sys
2015-02-05 19:23 . 2015-01-09 21:28 74000 ----a-w- d:\windows\system32\bdsandboxuiskin.dll
2015-01-14 05:44 . 2015-02-06 12:50 3972544 ----a-w- d:\windows\system32\ntkrnlpa.exe
2015-01-14 05:44 . 2015-02-06 12:50 3917760 ----a-w- d:\windows\system32\ntoskrnl.exe
2015-01-14 05:44 . 2015-02-06 12:50 67512 ----a-w- d:\windows\system32\drivers\ksecdd.sys
2015-01-14 05:44 . 2015-02-06 12:50 136640 ----a-w- d:\windows\system32\drivers\ksecpkg.sys
2015-01-14 05:41 . 2015-02-06 12:50 15872 ----a-w- d:\windows\system32\sspisrv.dll
2015-01-14 05:41 . 2015-02-06 12:50 100352 ----a-w- d:\windows\system32\sspicli.dll
2015-01-14 05:41 . 2015-02-06 12:50 22016 ----a-w- d:\windows\system32\secur32.dll
2015-01-14 05:40 . 2015-02-06 12:50 1061376 ----a-w- d:\windows\system32\lsasrv.dll
2015-01-14 05:40 . 2015-02-06 12:50 22528 ----a-w- d:\windows\system32\lsass.exe
2015-01-14 05:40 . 2015-02-06 12:50 50176 ----a-w- d:\windows\system32\auditpol.exe
2015-01-14 05:38 . 2015-02-06 12:50 60416 ----a-w- d:\windows\system32\msobjs.dll
2015-01-14 05:37 . 2015-02-06 12:50 146432 ----a-w- d:\windows\system32\msaudite.dll
2015-01-14 05:36 . 2015-02-06 12:50 686080 ----a-w- d:\windows\system32\adtschema.dll
2015-01-13 02:49 . 2015-02-06 12:46 1230336 ----a-w- d:\windows\system32\WindowsCodecs.dll
2015-01-09 22:31 . 2015-01-09 22:31 72704 ----a-w- d:\windows\system32\drivers\bdvedisk.sys
2014-12-29 23:29 . 2015-02-06 12:50 370480 ----a-w- d:\windows\system32\drivers\cng.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2014-01-21 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7601.17514] . . d:\windows\System32\user32.dll
[7] 2010-11-20 . F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 . 811520 . . [6.1.7601.17514] . . d:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
[7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . d:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Bitdefender Wallet Agent"="d:\program files\Bitdefender\Bitdefender 2015\bdwtxag.exe" [2015-02-05 671400]
"WinPatrol"="d:\program files\Ruiware\WinPatrol\winpatrol.exe" [2014-07-21 1154112]
"uTorrent"="d:\users\PADMAM\AppData\Roaming\uTorrent\uTorrent.exe" [2015-03-20 1442384]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Default Manager"="d:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"Bdagent"="d:\program files\Bitdefender\Bitdefender 2015\bdagent.exe" [2015-03-16 1862056]
"ZoneAlarm"="d:\program files\CheckPoint\ZoneAlarm\zatray.exe" [2014-08-13 137352]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="d:\windows\System32\SPReview\SPReview.exe" [2013-05-30 280576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3491784500-1268680403-2365528014-1000\Scripts\Logoff\0\0]
"Script"=d:\program files\Bitdefender\Bitdefender 2015\support.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CyberGhost]
2014-11-03 03:01 410216 ----a-w- d:\program files\CyberGhost 5\CyberGhost.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMware hqtray]
2012-06-09 14:00 64152 ----a-w- d:\program files\VMware\VMware Player\hqtray.exe
.
R1 MpKsl58732b50;MpKsl58732b50;d:\windows\system32\MpEngineStore\MpKsl58732b50.sys [x]
R2 BstHdAndroidSvc;BlueStacks Android Service;d:\program files\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R2 SkypeUpdate;Skype Updater;d:\program files\Skype\Updater\Updater.exe [2013-10-23 172192]
R3 avckf;avckf;d:\windows\system32\DRIVERS\avckf.sys [2015-02-05 548336]
R3 BBUpdate;BBUpdate;d:\program files\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408]
R3 BDSandBox;BDSandBox;d:\windows\system32\drivers\bdsandbox.sys [2015-02-05 66832]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;d:\windows\system32\IEEtwCollector.exe [2014-11-22 102912]
R3 pwdspio;pwdspio;d:\windows\system32\pwdspio.sys [2013-09-30 10320]
R3 RTL8167;Realtek 8167 NT Driver;d:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
R3 TsUsbFlt;TsUsbFlt;d:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;d:\windows\system32\DRIVERS\VBoxNetAdp.sys [2015-02-12 115672]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;d:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
R3 VST_DPV;VST_DPV;d:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 VSTHWBS2;VSTHWBS2;d:\windows\system32\DRIVERS\VSTBS23.SYS [2009-07-13 266752]
R3 WatAdminSvc;Windows Activation Technologies Service;d:\windows\system32\Wat\WatAdminSvc.exe [2013-05-26 1343400]
R4 wlcrasvc;Windows Live Mesh remote connections service;d:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 avc3;avc3;d:\windows\system32\DRIVERS\avc3.sys [2015-02-05 1083448]
S0 gzflt;gzflt;d:\windows\system32\DRIVERS\gzflt.sys [2015-03-16 172936]
S0 pwdrvio;pwdrvio;d:\windows\system32\pwdrvio.sys [2013-09-30 15688]
S1 bdfwfpf;bdfwfpf;d:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [2012-10-29 93648]
S2 BBSvc;BingBar Service;d:\program files\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816]
S2 BstHdDrv;BlueStacks Hypervisor;d:\program files\BlueStacks\HD-Hypervisor-x86.sys [2015-02-03 112856]
S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;d:\program files\BlueStacks\HD-LogRotatorService.exe [2015-02-03 388824]
S2 BstHdUpdaterSvc;BlueStacks Updater Service;d:\program files\BlueStacks\HD-UpdaterService.exe [2015-02-03 794328]
S2 CGVPNCliService;CyberGhost 5 Client Service;d:\program files\CyberGhost 5\Service.exe [2014-11-03 64616]
S2 cvhsvc;Client Virtualization Handler;d:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2013-04-22 822504]
S2 MBAMScheduler;MBAMScheduler;d:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-11-21 1871160]
S2 MBAMService;MBAMService;d:\program files\Malwarebytes Anti-Malware\mbamservice.exe [2014-11-21 969016]
S2 sftlist;Application Virtualization Client;d:\program files\Microsoft Application Virtualization Client\sftlist.exe [2013-06-26 523944]
S2 UPDATESRV;Bitdefender Desktop Update Service;d:\program files\Bitdefender\Bitdefender 2015\updatesrv.exe [2014-10-27 54424]
S2 vmci;VMware vmci;d:\windows\system32\Drivers\vmci.sys [2012-06-09 70808]
S2 VMUSBArbService;VMware USB Arbitration Service;d:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [2012-06-09 539288]
S2 ZAPrivacyService;ZoneAlarm Privacy Service;d:\program files\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [2014-08-13 96272]
S3 avchv;avchv Function Driver;d:\windows\system32\DRIVERS\avchv.sys [2015-02-05 243456]
S3 MBAMProtector;MBAMProtector;d:\windows\system32\drivers\mbam.sys [2014-11-21 23256]
S3 MBAMSwissArmy;MBAMSwissArmy;d:\windows\system32\drivers\MBAMSwissArmy.sys [2015-03-20 114904]
S3 MBAMWebAccessControl;MBAMWebAccessControl;d:\windows\system32\drivers\mwac.sys [2014-11-21 51928]
S3 Sftfs;Sftfs;d:\windows\system32\DRIVERS\Sftfslh.sys [2013-06-26 583848]
S3 Sftplay;Sftplay;d:\windows\system32\DRIVERS\Sftplaylh.sys [2013-06-26 197800]
S3 Sftredir;Sftredir;d:\windows\system32\DRIVERS\Sftredirlh.sys [2013-06-26 24232]
S3 Sftvol;Sftvol;d:\windows\system32\DRIVERS\Sftvollh.sys [2013-06-26 20136]
S3 sftvsa;Application Virtualization Service Agent;d:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2013-06-26 207528]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-03-18 05:52 1061704 ----a-w- d:\program files\Google\Chrome\Application\41.0.2272.101\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-03-20 d:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- d:\program files\Google\Update\GoogleUpdate.exe [2015-03-05 04:42]
.
2015-03-20 d:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- d:\program files\Google\Update\GoogleUpdate.exe [2015-03-05 04:42]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = about:blank
mSearch Bar = hxxp://www.google.com
IE: E&xport to Microsoft Excel - d:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
LSP: d:\program files\VMware\VMware Player\vsocklib.dll
Trusted Zone: localhost
Trusted Zone: localhost
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{1DB41E8D-8802-4A7B-8461-282673E61E35}: NameServer = 8.8.8.8 8.8.4.4
FF - ProfilePath - d:\users\PADMAM\AppData\Roaming\Mozilla\Firefox\Profiles\d9bn4h4q.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=MSNTLB&PC=MSNTDF&q=
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - d:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: zonealarm.com: ffxtlbr@zonealarm.com - %profile%\extensions\ffxtlbr@zonealarm.com
FF - user.js: extensions.zonealarm.tlbrSrchUrl - hxxp://search.zonealarm.com/search?src=tb&tbid=HFA5&Lan={dfltLng}&gu=eafcccce6ced4424af55d6768dfe0e63&tu=10G9y00IT2D33N0&sku=&tstsId=&ver=&&q=
FF - user.js: extensions.zonealarm.id - a8dc0c56000000000000000000000000
FF - user.js: extensions.zonealarm.appId - {C56C48A0-DA4E-46F6-9859-1553DC865F84}
FF - user.js: extensions.zonealarm.instlDay - 16485
FF - user.js: extensions.zonealarm.vrsn - 1.8.29.17
FF - user.js: extensions.zonealarm.vrsni - 1.8.29.17
FF - user.js: extensions.zonealarm.vrsnTs - 1.8.29.1718:39
FF - user.js: extensions.zonealarm.prtnrId - checkpoint
FF - user.js: extensions.zonealarm.prdct - zonealarm
FF - user.js: extensions.zonealarm.aflt - 1001
FF - user.js: extensions.zonealarm.smplGrp - NewUSR
FF - user.js: extensions.zonealarm.tlbrId - HFA5
FF - user.js: extensions.zonealarm.instlRef - ZLN126981115819534-1001
FF - user.js: extensions.zonealarm.dfltLng - EN
FF - user.js: extensions.zonealarm.excTlbr - false
FF - user.js: extensions.zonealarm.ffxUnstlRst - false
FF - user.js: extensions.zonealarm.admin - false
FF - user.js: extensions.zonealarm.autoRvrt - false
FF - user.js: extensions.zonealarm.rvrt - false
FF - user.js: extensions.zonealarm.newTab - false
.
.
------- File Associations -------
.
inifile="%SystemRoot%\system32\NOTEPAD.EXE" %1
txtfile="%SystemRoot%\system32\NOTEPAD.EXE" %1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
AddRemove-Pdf995 - d:\program files\pdf995\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
d:\program files\Bitdefender\Bitdefender 2015\vsserv.exe
d:\windows\system32\Ati2evxx.exe
d:\windows\system32\AUDIODG.EXE
d:\windows\system32\Ati2evxx.exe
d:\program files\CheckPoint\ZoneAlarm\vsmon.exe
d:\windows\system32\vmnat.exe
d:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
d:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
d:\program files\VMware\VMware Player\vmware-authd.exe
d:\windows\system32\vmnetdhcp.exe
d:\windows\system32\taskhost.exe
d:\program files\Malwarebytes Anti-Malware\mbam.exe
d:\windows\system32\conhost.exe
d:\windows\system32\sppsvc.exe
d:\program files\BLUESTACKS\HD-AGENT.EXE
d:\program files\PowerISO\PWRISOVM.EXE
d:\program files\CCleaner\CCleaner.exe
d:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Completion time: 2015-03-20  07:05:03 - machine was rebooted
ComboFix-quarantined-files.txt  2015-03-20 01:35
.
Pre-Run: 16,825,958,400 bytes free
Post-Run: 16,226,926,592 bytes free
.
- - End Of File - - E3269A339F13455F7C49626D60560022
A36C5E4F47E84449FF07ED3517B43A31
 


BC AdBot (Login to Remove)

 


#2 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,015 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:10 AM

Posted 27 March 2015 - 12:34 PM

Hello and Welcome on board ,

my Name is Machiavelli and I will assist you with your problem. Feel free to call me Makka or something like that.
If you booted into safe mode on your computer then print my instructions!
I'm in the 'Malware Staff Team' and will provide you with advice:

To remove Malware on a computer can be very complicated. Malware (malicious software) is able to hide and so I may not be able to find it so easily. In order to remove Malware from you Computer, you need to follow my instructions carefully. Don't be worried if you don't know what to do. just ask me! Please stay in contact with me until the problem is fixed.

Below are a few tips:
  • Removing Malware is usually very difficult.
    We need to search and analyse a lot of files. As this is done in our free time, please be patient especially if I don't answer every day!
  • Please follow these instructions
    If you don't follow the instructions your computer may crash. If you fix your PC by yourself, this can be very risky!
  • Please stay in contact with me until your problem is resolved
    As Malware may not be totally removed in one session or in one day, please stay in contact with me until the problem is resolved.
  • Please don't run any other tools without consulting with me as this can complicate finding and removing all Malware
    Don't run any tools while I'm fixing your PC. That is counter productive and again, will only complicate finding and removing all Malware!
  • Read my post completely
    If you don't do so, you may make mistakes that could result in your System crashing by your own actions!
 

Please download FRST (by Farbar) from the link below and save it to your Desktop.

Download Mirror #1

If you are unsure whether you have 32-Bit or 64-Bit Windows, see here
  • Disable all anti-virus and anti-malware software to prevent them inhibiting FRST in any way. If you are unsure how to do this, see THIS.
  • Double-click FRST.exe/FRST64.exe (depending on which version you downloaded) to run it. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • When the disclaimer appears, click Yes.
  • Click Scan to start FRST.
  • When FRST finishes scanning, two logs, FRST.txt and Addition.txt will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of both of these logs into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#3 Narendran

Narendran
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:40 PM

Posted 31 March 2015 - 12:56 AM

Hello and Welcome on board ,

my Name is Machiavelli and I will assist you with your problem. Feel free to call me Makka or something like that.
If you booted into safe mode on your computer then print my instructions!
I'm in the 'Malware Staff Team' and will provide you with advice:

To remove Malware on a computer can be very complicated. Malware (malicious software) is able to hide and so I may not be able to find it so easily. In order to remove Malware from you Computer, you need to follow my instructions carefully. Don't be worried if you don't know what to do. just ask me! Please stay in contact with me until the problem is fixed.

Below are a few tips:

  • Removing Malware is usually very difficult.
    We need to search and analyse a lot of files. As this is done in our free time, please be patient especially if I don't answer every day!
  • Please follow these instructions
    If you don't follow the instructions your computer may crash. If you fix your PC by yourself, this can be very risky!
  • Please stay in contact with me until your problem is resolved
    As Malware may not be totally removed in one session or in one day, please stay in contact with me until the problem is resolved.
  • Please don't run any other tools without consulting with me as this can complicate finding and removing all Malware
    Don't run any tools while I'm fixing your PC. That is counter productive and again, will only complicate finding and removing all Malware!
  • Read my post completely
    If you don't do so, you may make mistakes that could result in your System crashing by your own actions!
 

Please download FRST (by Farbar) from the link below and save it to your Desktop.

Download Mirror #1

If you are unsure whether you have 32-Bit or 64-Bit Windows, see here
  • Disable all anti-virus and anti-malware software to prevent them inhibiting FRST in any way. If you are unsure how to do this, see THIS.
  • Double-click FRST.exe/FRST64.exe (depending on which version you downloaded) to run it. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • When the disclaimer appears, click Yes.
  • Click Scan to start FRST.
  • When FRST finishes scanning, two logs, FRST.txt and Addition.txt will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of both of these logs into your next post please.

 

Hi ! Makka..! Thank U for ur very quick reply..! I never expected that...! I will surely post the logs...I downloaded FRST...!! Thanks Again...!! :)



#4 Narendran

Narendran
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:40 PM

Posted 31 March 2015 - 02:50 AM

Hi Makka...I ran FRST and The contents of the two logs are as follows...Also (Shortcuts.txt) : First The FRST.txt

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by PADMAM (administrator) on PADMAM-PC on 31-03-2015 07:25:53
Running from D:\
Loaded Profiles: PADMAM (Available profiles: PADMAM)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser not detected!)
Boot Mode: Safe Mode (minimal)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)



==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Microsoft Default Manager] => D:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)
HKLM\...\Run: [Bdagent] => D:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe [1862056 2015-03-17] (Bitdefender)
HKLM\...\Run: [ZoneAlarm] => D:\Program Files\CheckPoint\ZoneAlarm\zatray.exe [137352 2014-08-13] (Check Point Software Technologies Ltd.)
HKLM Group Policy restriction on software: %appdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.exe <====== ATTENTION
HKU\S-1-5-21-3491784500-1268680403-2365528014-1000\...\Run: [Bitdefender Wallet Agent] => D:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe [671400 2015-02-06] (Bitdefender)
HKU\S-1-5-21-3491784500-1268680403-2365528014-1000\...\Run: [WinPatrol] => D:\Program Files\Ruiware\WinPatrol\winpatrol.exe [1154112 2014-07-21] (Ruiware LLC)
HKU\S-1-5-21-3491784500-1268680403-2365528014-1000\...\Run: [uTorrent] => D:\Users\PADMAM\AppData\Roaming\uTorrent\uTorrent.exe [1442384 2015-03-20] (BitTorrent Inc.)
HKU\S-1-5-18\...\RunOnce: [SPReview] => D:\Windows\System32\SPReview\SPReview.exe [280576 2013-05-30] (Microsoft Corporation)
Startup: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BdBkpFolder ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3491784500-1268680403-2365528014-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
AutoConfigURL: [S-1-5-21-3491784500-1268680403-2365528014-1000] => http://cdn1.browsersecurity.net/safe/cloud.js?si=66807&tid=6724
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3491784500-1268680403-2365528014-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3491784500-1268680403-2365528014-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> DefaultScope {A637C377-4DE5-4091-A01C-060A6181F34F} URL = http://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {A637C377-4DE5-4091-A01C-060A6181F34F} URL = http://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3491784500-1268680403-2365528014-1000 -> DefaultScope {A637C377-4DE5-4091-A01C-060A6181F34F} URL = http://www.bing.com/search?FORM=MSNTLB&PC=MSNTDF&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3491784500-1268680403-2365528014-1000 -> {2CBB1546-D7F3-4E34-B992-B2680E2BF7ED} URL = http://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10267&src=crm&q={searchTerms}&locale=en_IN&apn_ptnrs=^AGY&apn_dtid=^YYYYYY^YY^IN&apn_uid=BCAA75DB-D8D5-4400-ACEF-9BA6E53F5E52&apn_sauid=98F68562-99A4-4F6E-A33C-032B8C7D8D2D
SearchScopes: HKU\S-1-5-21-3491784500-1268680403-2365528014-1000 -> {A637C377-4DE5-4091-A01C-060A6181F34F} URL = http://www.bing.com/search?FORM=MSNTLB&PC=MSNTDF&q={searchTerms}&src=IE-SearchBox
BHO: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> D:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll [2015-02-06] (Bitdefender)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> D:\Program Files\Windows Live\Companion\companioncore.dll [2010-09-23] (Microsoft Corporation)
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> D:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll [2012-02-10] (Microsoft Corporation.)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - D:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll [2012-02-10] (Microsoft Corporation.)
Toolbar: HKLM - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - D:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll [2015-02-06] (Bitdefender)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\Program Files\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Winsock: Catalog9 11 D:\Program Files\VMware\VMware Player\vsocklib.dll [346776] (VMware, Inc.)
Winsock: Catalog9 12 D:\Program Files\VMware\VMware Player\vsocklib.dll [346776] (VMware, Inc.)

FireFox:
========
FF ProfilePath: D:\Users\PADMAM\AppData\Roaming\Mozilla\Firefox\Profiles\d9bn4h4q.default
FF DefaultSearchEngine: Ask.com
FF DefaultSearchUrl: hxxp://www.bing.com/search?FORM=MSNTLB&PC=MSNTDF&q=
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: Ask.com
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> D:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> D:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> D:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> D:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-05] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> D:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-05] (Google Inc.)
FF user.js: detected! => D:\Users\PADMAM\AppData\Roaming\Mozilla\Firefox\Profiles\d9bn4h4q.default\user.js [2015-03-20]
FF Plugin ProgramFiles/Appdata: D:\Program Files\mozilla firefox\plugins\npnul32.dll [2010-04-01] (mozilla.org)
FF SearchPlugin: D:\Users\PADMAM\AppData\Roaming\Mozilla\Firefox\Profiles\d9bn4h4q.default\searchplugins\Ask.xml [2014-12-20]
FF SearchPlugin: D:\Users\PADMAM\AppData\Roaming\Mozilla\Firefox\Profiles\d9bn4h4q.default\searchplugins\zonealarm.xml [2015-02-19]
FF SearchPlugin: D:\Program Files\mozilla firefox\searchplugins\answers.xml [2010-04-01]
FF SearchPlugin: D:\Program Files\mozilla firefox\searchplugins\Ask.xml [2014-12-20]
FF SearchPlugin: D:\Program Files\mozilla firefox\searchplugins\creativecommons.xml [2010-04-01]
FF Extension: zonealarm.com - D:\Users\PADMAM\AppData\Roaming\Mozilla\Firefox\Profiles\d9bn4h4q.default\Extensions\ffxtlbr@zonealarm.com [2015-02-19]
FF HKLM\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - D:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension
FF Extension: Default Manager - D:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension [2010-10-01]
FF HKLM\...\Firefox\Extensions: [eoixxrm2.oye@u-yayuyiaun.edu] - D:\Users\PADMAM\AppData\Roaming\Mozilla\Firefox\Profiles\d9bn4h4q.default\extensions
FF HKLM\...\Firefox\Extensions: [oeehwhiao@ds-iyks.com] - D:\Users\PADMAM\AppData\Roaming\Mozilla\Firefox\Profiles\d9bn4h4q.default\extensions
FF HKLM\...\Firefox\Extensions: [zl1bjf@rrhee.edu] - D:\Users\PADMAM\AppData\Roaming\Mozilla\Firefox\Profiles\d9bn4h4q.default\extensions
FF HKLM\...\Firefox\Extensions: [bdwteff@bitdefender.com] - D:\Program Files\Bitdefender\Bitdefender 2015\bdwteff
FF Extension: Bitdefender Wallet - D:\Program Files\Bitdefender\Bitdefender 2015\bdwteff [2015-01-10]
FF HKU\S-1-5-21-3491784500-1268680403-2365528014-1000\...\Firefox\Extensions: [eoixxrm2.oye@u-yayuyiaun.edu] - D:\Users\PADMAM\AppData\Roaming\Mozilla\Firefox\Profiles\d9bn4h4q.default\extensions
FF HKU\S-1-5-21-3491784500-1268680403-2365528014-1000\...\Firefox\Extensions: [oeehwhiao@ds-iyks.com] - D:\Users\PADMAM\AppData\Roaming\Mozilla\Firefox\Profiles\d9bn4h4q.default\extensions
FF HKU\S-1-5-21-3491784500-1268680403-2365528014-1000\...\Firefox\Extensions: [zl1bjf@rrhee.edu] - D:\Users\PADMAM\AppData\Roaming\Mozilla\Firefox\Profiles\d9bn4h4q.default\extensions
FF Extension: No Name - C:\Program Files\IObit Apps Toolbar\FF [Not Found]

Chrome:
=======
CHR Profile: D:\Users\PADMAM\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - D:\Users\PADMAM\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-11]
CHR Extension: (Google Docs) - D:\Users\PADMAM\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-11]
CHR Extension: (Google Drive) - D:\Users\PADMAM\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-11]
CHR Extension: (YouTube) - D:\Users\PADMAM\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-11]
CHR Extension: (Google Search) - D:\Users\PADMAM\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-11]
CHR Extension: (Bitdefender Wallet) - D:\Users\PADMAM\AppData\Local\Google\Chrome\User Data\Default\Extensions\fabcmochhfpldjekobfaaggijgohadih [2015-03-11]
CHR Extension: (Google Sheets) - D:\Users\PADMAM\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-11]
CHR Extension: (Chrome Hotword Shared Module) - D:\Users\PADMAM\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-11]
CHR Extension: (Google Wallet) - D:\Users\PADMAM\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-11]
CHR Extension: (Bitdefender QuickScan) - D:\Users\PADMAM\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie [2015-03-19]
CHR Extension: (Gmail) - D:\Users\PADMAM\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-11]
CHR HKLM\...\Chrome\Extension: [fabcmochhfpldjekobfaaggijgohadih] - https://clients2.google.com/service/update2/crx

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 BstHdAndroidSvc; D:\Program Files\BlueStacks\HD-Service.exe [409304 2015-02-03] (BlueStack Systems, Inc.)
S2 BstHdLogRotatorSvc; D:\Program Files\BlueStacks\HD-LogRotatorService.exe [388824 2015-02-03] (BlueStack Systems, Inc.)
S2 BstHdUpdaterSvc; D:\Program Files\BlueStacks\HD-UpdaterService.exe [794328 2015-02-03] (BlueStack Systems, Inc.)
S2 CGVPNCliService; D:\Program Files\CyberGhost 5\Service.exe [64616 2014-11-03] (CyberGhost S.R.L)
S2 MBAMScheduler; D:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; D:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S3 Steam Client Service; D:\Program Files\Common Files\Steam\SteamService.exe [835776 2015-02-19] (Valve Corporation) [File not signed]
S3 ufad-ws60; D:\Program Files\VMware\VMware Player\vmware-ufad.exe [191024 2010-08-19] (VMware, Inc.)
S2 UPDATESRV; D:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe [54424 2014-10-27] (Bitdefender)
S2 VMAuthdService; D:\Program Files\VMware\VMware Player\vmware-authd.exe [113304 2012-06-09] (VMware, Inc.)
S2 VMnetDHCP; D:\Windows\system32\vmnetdhcp.exe [334488 2012-06-09] (VMware, Inc.)
S2 VMUSBArbService; D:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe [539288 2012-06-09] (VMware, Inc.)
S2 VMware NAT Service; D:\Windows\system32\vmnat.exe [404120 2012-06-09] (VMware, Inc.)
S2 vsmon; D:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe [3596752 2014-08-13] (Check Point Software Technologies Ltd.)
S2 VSSERV; D:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe [1308464 2015-03-17] (Bitdefender)
S3 WinDefend; D:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S2 ZAPrivacyService; D:\Program Files\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [96272 2014-08-13] (Check Point Software Technologies, Ltd.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S0 avc3; D:\Windows\System32\DRIVERS\avc3.sys [1083448 2015-02-06] (BitDefender)
R3 avchv; D:\Windows\System32\DRIVERS\avchv.sys [243456 2015-02-06] (BitDefender)
S3 avckf; D:\Windows\System32\DRIVERS\avckf.sys [548336 2015-02-06] (BitDefender)
S1 bdfwfpf; D:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [93648 2012-10-29] (BitDefender LLC)
S3 BDSandBox; D:\Windows\system32\drivers\bdsandbox.sys [66832 2015-02-06] (BitDefender SRL)
S1 bdselfpr; D:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys [135600 2013-07-26] (BitDefender LLC)
S2 BstHdDrv; D:\Program Files\BlueStacks\HD-Hypervisor-x86.sys [112856 2015-02-03] (BlueStack Systems)
S0 gzflt; D:\Windows\System32\DRIVERS\gzflt.sys [172936 2015-03-17] (BitDefender LLC)
S2 hcmon; D:\Windows\system32\drivers\hcmon.sys [32408 2012-06-09] (VMware, Inc.)
S3 MBAMProtector; D:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
S3 MBAMSwissArmy; D:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-03-24] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; D:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
R0 pwdrvio; D:\Windows\System32\pwdrvio.sys [15688 2013-09-30] ()
S3 pwdspio; D:\Windows\system32\pwdspio.sys [10320 2013-09-30] ()
S1 SCDEmu; D:\Windows\system32\Drivers\SCDEmu.sys [58908 2009-07-27] (PowerISO Computing, Inc.) [File not signed]
S3 tap0901; D:\Windows\System32\DRIVERS\tap0901.sys [35288 2013-08-22] (The OpenVPN Project)
S0 trufos; D:\Windows\System32\DRIVERS\trufos.sys [408280 2014-10-15] (BitDefender S.R.L.)
R3 vmkbd; D:\Windows\system32\drivers\VMkbd.sys [24728 2012-06-09] (VMware, Inc.)
S3 VMnetAdapter; D:\Windows\System32\DRIVERS\vmnetadapter.sys [16560 2012-06-09] (VMware, Inc.)
S2 VMnetBridge; D:\Windows\System32\DRIVERS\vmnetbridge.sys [36400 2012-06-09] (VMware, Inc.)
S2 VMnetuserif; D:\Windows\system32\drivers\vmnetuserif.sys [26392 2012-06-09] (VMware, Inc.)
S2 VMparport; D:\Windows\system32\Drivers\VMparport.sys [23832 2012-06-09] (VMware, Inc.)
S3 vmusb; D:\Windows\System32\Drivers\vmusb.sys [31280 2012-06-09] (VMware, Inc.)
S2 vmx86; D:\Windows\system32\Drivers\vmx86.sys [854296 2012-06-09] (VMware, Inc.)
S1 Vsdatant; D:\Windows\System32\DRIVERS\vsdatant.sys [456088 2014-08-13] (Check Point Software Technologies Ltd.)
S2 vstor2-ws60; D:\Program Files\VMware\VMware Player\vstor2-ws60.sys [22448 2010-08-19] (VMware, Inc.)
S3 catchme; \??\D:\Users\PADMAM\AppData\Local\Temp\catchme.sys [X]
S1 MpKsl58732b50; \??\D:\Windows\system32\MpEngineStore\MpKsl58732b50.sys [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfd.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]

========================== Drivers MD5 =======================

D:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
D:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
D:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
D:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit
D:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit
D:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit
D:\Windows\system32\drivers\afd.sys D0B388DA1D111A34366E04EB4A5DD156
D:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
D:\Windows\system32\DRIVERS\djsvs.sys ==> MD5 is legit
D:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
D:\Windows\system32\drivers\amdagp.sys ==> MD5 is legit
D:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
D:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit
D:\Windows\system32\DRIVERS\amdppm.sys ==> MD5 is legit
D:\Windows\system32\drivers\amdsata.sys D320BF87125326F996D4904FE24300FC
D:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit
D:\Windows\System32\drivers\amdxata.sys 46387FB17B086D16DEA267D5BE23A2F2
D:\Windows\system32\drivers\appid.sys ==> MD5 is legit
D:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit
D:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit
D:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
D:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
D:\Windows\System32\DRIVERS\atikmdag.sys 641449667853591A5A12CD9D0621FBA5
D:\Windows\System32\DRIVERS\avc3.sys B0B32F8514CA2CEFCCF854DAA046470C
D:\Windows\System32\DRIVERS\avchv.sys 623E8AB66FE8AF02CE71ACE0000DD042
D:\Windows\System32\DRIVERS\avckf.sys 56D43ABC156649B23ADE0D0D02C5E239
D:\Windows\system32\DRIVERS\bxvbdx.sys ==> MD5 is legit
D:\Windows\System32\DRIVERS\b57nd60x.sys ==> MD5 is legit
D:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys A858ED8F06ADD083907FB20AB4A4E82D
D:\Windows\system32\drivers\bdsandbox.sys 272C569B9D9693158B379F8D431F327D
D:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys 32A85CDD3D6A8381523CFA171BB6E44F
D:\Windows\system32\Drivers\Beep.sys ==> MD5 is legit
D:\Windows\system32\DRIVERS\blbdrive.sys ==> MD5 is legit
D:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
D:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
D:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
D:\Windows\System32\DRIVERS\bridge.sys 77361D72A04F18809D0EFB6CCEB74D4B
D:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
D:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
D:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
D:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
D:\Program Files\BlueStacks\HD-Hypervisor-x86.sys 9BECC82EB91CA123996C3E8038872C87
D:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit
D:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
D:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
D:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit
D:\Windows\System32\CLFS.sys ==> MD5 is legit
D:\Windows\system32\DRIVERS\CmBatt.sys ==> MD5 is legit
D:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
D:\Windows\System32\Drivers\cng.sys 0F43BD9A9A134AB357046CC3C07F4B5C
D:\Windows\system32\DRIVERS\compbatt.sys ==> MD5 is legit
D:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
D:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
D:\Windows\System32\drivers\csc.sys ==> MD5 is legit
D:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
D:\Windows\System32\drivers\discache.sys ==> MD5 is legit
D:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit
D:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit
D:\Windows\System32\drivers\dxgkrnl.sys 3583A5A8CC2E682BFFBD4630D0FEC08B
D:\Windows\system32\DRIVERS\evbdx.sys ==> MD5 is legit
D:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
D:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
D:\Windows\system32\Drivers\exfat.sys ==> MD5 is legit
D:\Windows\system32\Drivers\fastfat.sys ==> MD5 is legit
D:\Windows\System32\DRIVERS\fdc.sys ==> MD5 is legit
D:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
D:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
D:\Windows\System32\DRIVERS\flpydisk.sys ==> MD5 is legitB
D:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
D:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
D:\Windows\System32\DRIVERS\fssfltr.sys D909075FA72C090F27AA926C32CB4612
D:\Windows\system32\Drivers\Fs_Rec.sys 7DAE5EBCC80E45D3253F4923DC424D05
D:\Windows\System32\DRIVERS\fvevol.sys E306A24D9694C724FA2491278BF50FDB
D:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
D:\Windows\System32\DRIVERS\gzflt.sys 4B4FFD3A03B6000B907ADD67D4C97A86
D:\Windows\system32\drivers\hcmon.sys 4661E1D92579D1D85C2D3528724705C0
D:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
D:\Windows\system32\drivers\HdAudio.sys A5EF29D5315111C80A5C1ABAD14C8972
D:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit
D:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit
D:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit
D:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit
D:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
D:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
D:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
D:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
D:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
D:\Windows\system32\drivers\iaStorV.sys 5CD5F9A5444E6CDCB0AC89BD62D8B76E
D:\Windows\System32\DRIVERS\igdkmd32.sys AD626F6964F4D364D226C39E06872DD3
D:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
D:\Windows\System32\drivers\intelide.sys ==> MD5 is legit
D:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
D:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
D:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
D:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
D:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
D:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
D:\Windows\system32\drivers\msiscsi.sys EB34CE31FABD4DC4343FD2AD16D2CAF9
D:\Windows\system32\drivers\kbdclass.sys ==> MD5 is legit
D:\Windows\system32\drivers\kbdhid.sys ==> MD5 is legit
D:\Windows\System32\Drivers\ksecdd.sys 5EEE44F9D993DA597DAFE46191140505
D:\Windows\System32\Drivers\ksecpkg.sys 5BA17FFC71140674A1C285DA920E9884
D:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
D:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
D:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit
D:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
D:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
D:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
D:\Windows\system32\drivers\mbam.sys A3F4391DFDF2F9E9FE4EAD193265A5AD
D:\Windows\system32\drivers\MBAMSwissArmy.sys 8E2E9CCD873ABF180F48BCAEEEBE347D
D:\Windows\system32\drivers\mwac.sys 312CD3307F600E7CD340B79B3DCB3A01
D:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
D:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
D:\Windows\System32\drivers\modem.sys ==> MD5 is legit
D:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
D:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
D:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
D:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
D:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
D:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
D:\Windows\system32\drivers\mrxdav.sys 03F899F521D2AAED1C55008F734DF252
D:\Windows\System32\DRIVERS\mrxsmb.sys 5D16C921E3671636C0EBA3BBAAC5FD25
D:\Windows\System32\DRIVERS\mrxsmb10.sys 6D17A4791ACA19328C685D256349FEFC
D:\Windows\System32\DRIVERS\mrxsmb20.sys B81F204D146000BE76651A50670A5E9E
D:\Windows\system32\drivers\msahci.sys ==> MD5 is legit
D:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
D:\Windows\system32\Drivers\Msfs.sys ==> MD5 is legit
D:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
D:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
D:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
D:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
D:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
D:\Windows\system32\Drivers\MsRPC.sys ==> MD5 is legit
D:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
D:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
D:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
D:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
D:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
D:\Windows\System32\drivers\ndis.sys 8C9C922D71F1CD4DEF73F186416B7896
D:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
D:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
D:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
D:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
D:\Windows\system32\Drivers\NDProxy.sys ==> MD5 is legit
D:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
D:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
D:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit
D:\Windows\system32\Drivers\Npfs.sys ==> MD5 is legit
D:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
D:\Windows\system32\Drivers\Ntfs.sys C8DFF8D07755A66C7A4A738930F0FEAC
D:\Windows\system32\Drivers\Null.sys ==> MD5 is legit
D:\Windows\system32\drivers\nvraid.sys B3E25EE28883877076E0E1FF877D02E0
D:\Windows\system32\drivers\nvstor.sys 4380E59A170D88C4F1022EFF6719A8A4
D:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
D:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
D:\Windows\System32\DRIVERS\parport.sys ==> MD5 is legit
D:\Windows\System32\drivers\partmgr.sys 3F34A1B4C5F6475F320C275E63AFCE9B
D:\Windows\System32\DRIVERS\parvdm.sys ==> MD5 is legit
D:\Windows\System32\drivers\pci.sys ==> MD5 is legit
D:\Windows\System32\drivers\pciide.sys ==> MD5 is legit
D:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit
D:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
D:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
D:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
D:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit
D:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
D:\Windows\System32\pwdrvio.sys 3A6489DCB6F28970B6BBD9687777FA00
D:\Windows\system32\pwdspio.sys 9D00D015159B6ADF0980BAEEB5DCC5E4
D:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit
D:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit
D:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
D:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
D:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
D:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
D:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
D:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
D:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
D:\Windows\system32\DRIVERS\rdpbus.sys ==> MD5 is legit
D:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
D:\Windows\System32\drivers\rdpdr.sys ==> MD5 is legit
D:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
D:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
D:\Windows\system32\Drivers\RDPWD.sys CD9214A6AE17D188D17C3CF8CB9CC693
D:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
D:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
D:\Windows\System32\DRIVERS\Rtnicxp.sys 166911EADA13CD34DD8F8C667707BE94
D:\Windows\System32\DRIVERS\Rt86win7.sys 7DFD48E24479B68B258D8770121155A0
D:\Windows\system32\drivers\vms3cap.sys ==> MD5 is legit
D:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
D:\Windows\system32\Drivers\SCDEmu.sys 23AA53256CE05B975398B78A33474265
D:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
D:\Windows\system32\Drivers\secdrv.sys ==> MD5 is legit
D:\Windows\system32\DRIVERS\serenum.sys ==> MD5 is legit
D:\Windows\system32\DRIVERS\serial.sys ==> MD5 is legit
D:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit
D:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
D:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
D:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
D:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit
D:\Windows\System32\DRIVERS\Sftfslh.sys EC5C79BD81F0C55DF53F4818D4F1C2C8
D:\Windows\System32\DRIVERS\Sftplaylh.sys A224670FB892A205E4D99E06C0B85C7C
D:\Windows\System32\DRIVERS\Sftredirlh.sys 9D354D425FB55CDF0EDC7F67FBC5B04E
D:\Windows\System32\DRIVERS\Sftvollh.sys F369D6B89AA610174A4E90C8513B7C7A
D:\Windows\system32\drivers\sisagp.sys ==> MD5 is legit
D:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
D:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit
D:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
D:\Windows\system32\Drivers\spldr.sys ==> MD5 is legit
D:\Windows\System32\DRIVERS\srv.sys E4C2764065D66EA1D2D3EBC28FE99C46
D:\Windows\System32\DRIVERS\srv2.sys 03F0545BD8D4C77FA0AE1CEEDFCC71AB
D:\Windows\System32\DRIVERS\srvnet.sys BE6BD660CAA6F291AE06A718A4FA8ABC
D:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit
D:\Windows\System32\drivers\vmstorfl.sys ==> MD5 is legit
D:\Windows\system32\drivers\storvsc.sys ==> MD5 is legit
D:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
D:\Windows\System32\DRIVERS\tap0901.sys 432D9D823C4C26B6070C41BAD4404CE4
D:\Windows\System32\drivers\tcpip.sys 5579DD18546999F5D0EC39D018726C6B
D:\Windows\System32\DRIVERS\tcpip.sys 5579DD18546999F5D0EC39D018726C6B
D:\Windows\System32\drivers\tcpipreg.sys 3EEBD3BD93DA46A26E89893C7AB2FF3B
D:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
D:\Windows\System32\drivers\tdtcp.sys 2C2C5AFE7EE4F620D69C23C0617651A8
D:\Windows\System32\DRIVERS\tdx.sys 7FE680A3DFA421C4A8E4879AE4C5AAB0
D:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
D:\Windows\System32\DRIVERS\trufos.sys 1DE279C586E6320FFF2D76A93BE0FC21
D:\Windows\System32\DRIVERS\tssecsrv.sys 6C5139E4283249518F7743D7043775B3
D:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit
D:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
D:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit
D:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
D:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
D:\Windows\system32\drivers\umbus.sys ==> MD5 is legit
D:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit
D:\Windows\System32\drivers\usbaudio.sys A1977C315BF5691DA99235AA4A6907AF
D:\Windows\System32\DRIVERS\usbccgp.sys 0803FBA9FE829D61AE26EC0BCC910C46
D:\Windows\system32\drivers\usbcir.sys 2352AB5F9F8F097BF9D41D5A4718A041
D:\Windows\System32\DRIVERS\usbehci.sys D40855F89B69305140BBD7E9A3BA2DA6
D:\Windows\System32\DRIVERS\usbhub.sys EDF2DF71C4F1E13A6AC75F5224DE655A
D:\Windows\System32\DRIVERS\usbohci.sys 9828C8D14CC2676421778F0DE638CF97
D:\Windows\system32\DRIVERS\usbprint.sys ==> MD5 is legit
D:\Windows\System32\DRIVERS\usbscan.sys FC6B21DB4B5B398AB93DBE59CBF11036
D:\Windows\System32\DRIVERS\USBSTOR.SYS F991AB9CC6B908DB552166768176896A
D:\Windows\system32\drivers\usbuhci.sys 800AABFD625EEFF899F7E5496BDE37AB
D:\Windows\System32\Drivers\usbvideo.sys DE014425522610BEDCA3821BB8C0F1D5
D:\Windows\System32\DRIVERS\VBoxNetAdp.sys B3EADC8DE8311414C613A05C2C0E2862
D:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
D:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
D:\Windows\System32\drivers\vga.sys ==> MD5 is legit
D:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
D:\Windows\system32\drivers\viaagp.sys ==> MD5 is legit
D:\Windows\system32\DRIVERS\viac7.sys ==> MD5 is legit
D:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
D:\Windows\System32\drivers\vmbus.sys ==> MD5 is legit
D:\Windows\system32\drivers\VMBusHID.sys ==> MD5 is legit
D:\Windows\system32\Drivers\vmci.sys A26BAA365491C0BE4E17CBD3488BBB46
D:\Windows\system32\drivers\VMkbd.sys FAC74E007BCBB194BD70B18137276271
D:\Windows\System32\DRIVERS\vmnetadapter.sys E41704D8149992107B333CC7A52C07CC
D:\Windows\System32\DRIVERS\vmnetbridge.sys 462F2A31EA8B87A28962ACA998DF1869
D:\Windows\system32\drivers\vmnetuserif.sys 2FCE86BD45CF54CFC7C7DB9ADC1C70DD
D:\Windows\system32\Drivers\VMparport.sys 4A6ABEE58AED42D52CAB8325F87BFE38
D:\Windows\System32\Drivers\vmusb.sys AFB10AD9AA91D2F70C9F0E6BDA0D119B
D:\Windows\system32\Drivers\vmx86.sys A09C589D7492292B7A1BDEC10CEEBBE5
D:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
D:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
D:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
D:\Windows\System32\DRIVERS\vsdatant.sys 8AEDAF658E36A863DDAA06A79FADECB0
D:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit
D:\Windows\System32\DRIVERS\VSTBS23.SYS 682FCF7D2EB5158CD30408E976562408
D:\Program Files\VMware\VMware Player\vstor2-ws60.sys 98929C5C5314C4C048E2F60492C26723
D:\Windows\System32\DRIVERS\VSTDPV3.SYS CEB4E3B6890E1E42DCA6694D9E59E1A0
D:\Windows\System32\drivers\vwifibus.sys ==> MD5 is legit
D:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
D:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
D:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
D:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit
D:\Windows\System32\drivers\Wdf01000.sys 25944D2CC49E0A6C581D02A74B7D6645
D:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
D:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
D:\Windows\System32\DRIVERS\VSTCNXT3.SYS BC0C7EA89194C299F051C24119000E17
D:\Windows\system32\drivers\WinUSB.sys A67E5F9A400F3BD1BE3D80613B45F708
D:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
D:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
D:\Windows\System32\drivers\WudfPf.sys 06E6F32C8D0A3F66D956F57B43A2E070
D:\Windows\System32\DRIVERS\WUDFRd.sys 867C301E8B790040AE9CF6486E8041DF

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== Three Months Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-31 07:25 - 2015-03-31 07:27 - 00034453 _____ () D:\FRST.txt
2015-03-31 07:25 - 2015-03-31 07:25 - 00000000 ____D () D:\FRST
2015-03-24 22:09 - 2015-03-24 22:08 - 01135104 _____ (Farbar) D:\FRST.exe
2015-03-24 16:04 - 2010-09-20 13:05 - 06664704 _____ (Hazar & Co.) D:\Users\PADMAM\Desktop\RemoveWAT 2.2.6.exe
2015-03-24 16:03 - 2011-11-18 17:01 - 00000000 ____D () D:\Users\PADMAM\Desktop\Wat Remover 2.2.6
2015-03-24 14:25 - 2015-03-24 14:34 - 00000000 ____D () D:\ProgramData\PopCap Games
2015-03-24 14:04 - 2015-03-24 16:09 - 00000224 _____ () D:\Windows\setupact.log
2015-03-24 14:04 - 2015-03-24 16:07 - 00001252 _____ () D:\Windows\WindowsUpdate.log
2015-03-24 14:04 - 2015-03-24 14:04 - 00000000 _____ () D:\Windows\setuperr.log
2015-03-24 14:03 - 2015-03-24 14:04 - 00414496 _____ () D:\Windows\system32\FNTCACHE.DAT
2015-03-24 11:59 - 2015-03-24 11:59 - 00110448 _____ () D:\Users\PADMAM\AppData\Local\GDIPFONTCACHEV1.DAT
2015-03-24 11:59 - 2015-03-24 11:59 - 00001590 _____ () D:\Windows\DPINST.LOG
2015-03-24 11:35 - 2015-03-24 11:35 - 00002030 _____ () D:\Users\Public\Desktop\VistaGlazz.lnk
2015-03-24 11:35 - 2015-03-24 11:35 - 00000000 ____D () D:\ProgramData\Microsoft\Windows\Start Menu\Programs\CodeGazer
2015-03-24 11:35 - 2015-03-24 11:35 - 00000000 ____D () D:\Program Files\CodeGazer
2015-03-24 11:23 - 2010-02-04 04:17 - 00000000 ____D () D:\Users\PADMAM\Desktop\Theme Optioanal Extras
2015-03-24 11:23 - 2010-02-04 01:51 - 00000000 ____D () D:\Users\PADMAM\Desktop\Midnight Theme
2015-03-24 11:11 - 2015-03-24 11:20 - 28978294 _____ () D:\Users\PADMAM\Downloads\Midnight_For_Windows_7_by_MrGRiM01.7z
2015-03-24 11:10 - 2010-11-24 00:47 - 00000000 ____D () D:\Users\PADMAM\Desktop\start orb
2015-03-24 11:10 - 2010-11-24 00:46 - 00000000 ____D () D:\Users\PADMAM\Desktop\theme
2015-03-24 11:08 - 2015-03-24 11:08 - 02334521 _____ () D:\Users\PADMAM\Downloads\red_night_by_wnapoli-d33gr5u.rar
2015-03-24 04:37 - 2015-03-24 04:37 - 00012257 _____ () D:\Users\PADMAM\Downloads\Street.Fighter.X.Tekken - SKIDROW.torrent
2015-03-20 09:30 - 2015-03-20 09:31 - 00000000 ____D () D:\Program Files\TAP-Windows
2015-03-20 07:05 - 2015-03-20 07:05 - 00022204 _____ () D:\ComboFix.txt
2015-03-20 06:37 - 2011-06-26 12:15 - 00256000 _____ () D:\Windows\PEV.exe
2015-03-20 06:37 - 2010-11-07 22:50 - 00208896 _____ () D:\Windows\MBR.exe
2015-03-20 06:37 - 2009-04-20 10:26 - 00060416 _____ (NirSoft) D:\Windows\NIRCMD.exe
2015-03-20 06:37 - 2000-08-31 05:30 - 00518144 _____ (SteelWerX) D:\Windows\SWREG.exe
2015-03-20 06:37 - 2000-08-31 05:30 - 00406528 _____ (SteelWerX) D:\Windows\SWSC.exe
2015-03-20 06:37 - 2000-08-31 05:30 - 00098816 _____ () D:\Windows\sed.exe
2015-03-20 06:37 - 2000-08-31 05:30 - 00080412 _____ () D:\Windows\grep.exe
2015-03-20 06:37 - 2000-08-31 05:30 - 00068096 _____ () D:\Windows\zip.exe
2015-03-20 06:23 - 2015-03-20 07:05 - 00000000 ____D () D:\Qoobox
2015-03-20 06:21 - 2015-03-20 07:02 - 00000000 ____D () D:\Windows\erdnt
2015-03-20 06:16 - 2015-03-20 06:18 - 05615749 ____R (Swearware) D:\Users\PADMAM\Downloads\ComboFix.exe
2015-03-20 05:46 - 2015-03-20 05:46 - 00000000 ____D () D:\inetpub
2015-03-20 03:56 - 2015-03-20 03:56 - 00002038 __RSH () D:\ProgramData\ntuser.pol
2015-03-20 03:47 - 2015-03-20 03:52 - 13945728 _____ () D:\Users\PADMAM\Downloads\BDAntiCryptoWall_Release.exe
2015-03-19 21:32 - 2015-03-19 21:34 - 00000000 ____D () D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Software995
2015-03-19 21:32 - 2015-03-19 21:32 - 01672704 _____ (TODO: <Company name>) D:\Windows\system32\pdfmona.dll
2015-03-19 21:32 - 2015-03-19 21:32 - 00036864 _____ () D:\Windows\system32\pdf995mon.dll
2015-03-19 21:32 - 2015-03-19 21:32 - 00000025 _____ () D:\Windows\wpd99.drv
2015-03-19 21:32 - 2015-03-19 21:32 - 00000000 ____D () D:\ProgramData\pdf995
2015-03-19 21:29 - 2015-03-19 21:32 - 05676376 _____ () D:\Users\PADMAM\Downloads\pdf995s.exe
2015-03-19 21:26 - 2015-03-19 21:28 - 08346528 _____ () D:\Users\PADMAM\Downloads\ps2pdf995.exe
2015-03-19 18:47 - 2015-03-19 18:47 - 00000000 __SHD () D:\Users\PADMAM\Phone Browser
2015-03-19 18:40 - 2015-03-19 18:46 - 00000000 ____D () D:\Users\PADMAM\AppData\Roaming\Nokia
2015-03-19 18:40 - 2015-03-19 18:40 - 00000000 ____D () D:\Users\PADMAM\AppData\Roaming\PC Suite
2015-03-19 18:40 - 2015-03-19 18:40 - 00000000 ____D () D:\ProgramData\PC Suite
2015-03-19 18:39 - 2015-03-19 18:39 - 00000000 ____D () D:\Program Files\DIFX
2015-03-19 18:36 - 2015-03-19 18:36 - 00000000 ____D () D:\ProgramData\Installations
2015-03-19 18:35 - 2008-09-15 07:56 - 00091136 _____ (Nokia) D:\Windows\system32\nmwcdcls.dll
2015-03-19 10:02 - 2015-03-19 10:02 - 00000000 ____D () D:\ProgramData\VirtualizedApplications
2015-03-19 08:14 - 2015-03-19 08:14 - 00000000 ____D () D:\Users\PADMAM\AppData\Local\Steam
2015-03-19 06:43 - 2015-03-24 11:47 - 00114904 _____ (Malwarebytes Corporation) D:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-19 06:42 - 2015-03-19 10:18 - 00001069 _____ () D:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-03-19 06:42 - 2015-03-19 10:18 - 00000000 ____D () D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-19 06:42 - 2015-03-19 10:18 - 00000000 ____D () D:\Program Files\Malwarebytes Anti-Malware
2015-03-19 06:42 - 2015-03-19 06:42 - 00000000 ____D () D:\ProgramData\Malwarebytes
2015-03-19 06:42 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) D:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-19 06:42 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) D:\Windows\system32\Drivers\mwac.sys
2015-03-19 06:42 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) D:\Windows\system32\Drivers\mbam.sys
2015-03-19 06:27 - 2015-03-19 06:27 - 00011468 _____ () D:\Users\PADMAM\Downloads\[kickass.to]malwarebytes.anti.malware.premium.2.0.2.1012.final.incl.keys.scenedl.torrent
2015-03-19 05:57 - 2015-03-19 05:57 - 00184192 _____ () D:\Users\PADMAM\Downloads\qsinstaller.exe
2015-03-18 23:38 - 2015-03-18 23:41 - 09733468 _____ () D:\Users\PADMAM\Downloads\Window xp SP3 X64 Highly Compressed Only 10MB.rar
2015-03-18 04:31 - 2015-03-18 04:31 - 00005390 _____ () D:\Users\PADMAM\Downloads\[kickass.to]playing.it.my.way.sachin.tendulkar.torrent
2015-03-18 04:01 - 2015-03-18 04:01 - 01261288 _____ (WiseCleaner.com ) D:\Users\PADMAM\Downloads\WMOSetup.exe
2015-03-18 04:01 - 2015-03-18 04:01 - 00000000 ____D () D:\Users\PADMAM\AppData\Roaming\Wise Care 365
2015-03-17 12:07 - 2015-03-18 23:45 - 00000000 ____D () D:\Users\PADMAM\Documents\Virtual Machines
2015-03-17 12:03 - 2015-03-20 04:59 - 00000000 ____D () D:\Users\PADMAM\AppData\Roaming\VMware
2015-03-17 12:03 - 2015-03-20 04:59 - 00000000 ____D () D:\Users\PADMAM\AppData\Local\VMware
2015-03-17 11:58 - 2012-06-09 19:30 - 00760472 _____ (VMware, Inc.) D:\Windows\system32\vnetlib.dll
2015-03-17 11:58 - 2012-06-09 19:30 - 00334488 _____ (VMware, Inc.) D:\Windows\system32\vmnetdhcp.exe
2015-03-17 11:58 - 2012-06-09 19:29 - 00404120 _____ (VMware, Inc.) D:\Windows\system32\vmnat.exe
2015-03-17 11:58 - 2012-06-09 19:29 - 00024728 _____ (VMware, Inc.) D:\Windows\system32\Drivers\VMkbd.sys
2015-03-17 11:58 - 2012-06-09 19:28 - 00026392 _____ (VMware, Inc.) D:\Windows\system32\Drivers\vmnetuserif.sys
2015-03-17 11:57 - 2015-03-24 16:14 - 00000000 ____D () D:\ProgramData\VMware
2015-03-17 11:57 - 2015-03-17 11:57 - 00001994 _____ () D:\Users\Public\Desktop\VMware Player.lnk
2015-03-17 11:57 - 2015-03-17 11:57 - 00000000 ____D () D:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware
2015-03-17 11:57 - 2015-03-17 11:57 - 00000000 ____D () D:\Program Files\VMware
2015-03-17 11:57 - 2015-03-17 11:57 - 00000000 ____D () D:\Program Files\Common Files\VMware
2015-03-17 11:23 - 2015-03-17 11:54 - 109243168 _____ (VMware, Inc.) D:\Users\PADMAM\Downloads\VMware-player-3.1.6-744570.exe
2015-03-17 11:14 - 2015-03-17 11:14 - 00000000 ____D () D:\Users\PADMAM\Downloads\WWE
2015-03-17 11:08 - 2015-03-17 11:12 - 00000000 ____D () D:\Users\PADMAM\Downloads\Softwares
2015-03-17 11:06 - 2015-03-17 11:13 - 00000000 ____D () D:\Users\PADMAM\Downloads\Torrentz
2015-03-16 06:09 - 2015-03-16 06:09 - 359661568 _____ () D:\android-x86-4.4-r1.iso
2015-03-11 20:40 - 2015-03-10 08:03 - 01307661 _____ () D:\Windows XP SP3 DVD (www.abhi2you.blogspot.in).rar
2015-03-11 19:19 - 2015-03-11 19:24 - 00286720 ____N (Microsoft Corporation) D:\Windows\Setup1.exe
2015-03-11 19:19 - 2015-03-11 19:24 - 00073216 _____ (Microsoft Corporation) D:\Windows\ST6UNST.EXE
2015-03-11 19:02 - 2015-03-11 19:02 - 01559031 _____ () D:\ssoem10.zip
2015-03-11 05:33 - 2015-03-11 05:33 - 00029335 _____ () D:\Users\PADMAM\.spyglass.properties
2015-03-11 05:32 - 2015-03-11 05:32 - 00005412 _____ () D:\Users\PADMAM\.buzzbundle.properties
2015-03-11 01:29 - 2015-03-11 05:39 - 00427481 _____ () D:\Users\PADMAM\.websiteauditor.properties
2015-03-11 01:24 - 2015-03-11 05:35 - 00087175 _____ () D:\Users\PADMAM\.linkassistant.properties
2015-03-11 00:44 - 2015-03-11 00:44 - 00000000 ____D () D:\ProgramData\Sun
2015-03-11 00:06 - 2015-03-18 05:38 - 00001066 _____ () D:\Users\Public\Desktop\Photoshop CS6.lnk
2015-03-11 00:05 - 2015-03-11 00:05 - 00000000 ____D () D:\ProgramData\Google
2015-03-10 23:58 - 2015-03-11 00:07 - 00000000 ____D () D:\Program Files\Photoshop
2015-03-09 18:01 - 2015-03-09 20:55 - 309324974 _____ (Oleg N. Scherbakov) D:\Users\PADMAM\Desktop\Photoshop CS6.exe
2015-03-06 14:15 - 2015-03-06 14:15 - 00000000 ____D () D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image Writer
2015-03-06 14:15 - 2015-03-06 14:15 - 00000000 ____D () D:\Program Files\ImageWriter
2015-03-06 13:46 - 2015-03-06 13:46 - 00001034 _____ () D:\Users\Public\Desktop\DriverToolkit.lnk
2015-03-06 13:46 - 2015-03-06 13:46 - 00000000 ____D () D:\Users\PADMAM\AppData\Local\DriverToolkit
2015-03-06 13:46 - 2015-03-06 13:46 - 00000000 ____D () D:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverToolkit
2015-03-06 13:46 - 2015-03-06 13:46 - 00000000 ____D () D:\Program Files\DriverToolkit
2015-03-06 07:20 - 2015-03-16 09:15 - 00000000 ____D () D:\Users\PADMAM\VirtualBox VMs
2015-03-05 10:30 - 2015-03-18 11:29 - 00002134 _____ () D:\Users\Public\Desktop\Google Chrome.lnk
2015-03-05 10:30 - 2015-03-05 10:30 - 00000000 ____D () D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-03-05 10:12 - 2015-03-24 16:17 - 00000886 _____ () D:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-05 10:12 - 2015-03-24 16:13 - 00000882 _____ () D:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-05 10:12 - 2015-03-05 10:29 - 00000000 ____D () D:\Program Files\Google
2015-02-20 20:17 - 2015-02-20 20:24 - 00000000 ____D () D:\Windows\rescache
2015-02-20 19:25 - 2015-03-05 10:11 - 00000000 ____D () D:\Users\PADMAM\AppData\Local\Deployment
2015-02-20 19:25 - 2015-02-20 19:25 - 00000000 ____D () D:\Users\PADMAM\AppData\Local\Apps\2.0
2015-02-20 18:20 - 2015-02-20 18:20 - 00000000 ____D () D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Universal Extractor
2015-02-20 17:42 - 2015-02-20 17:42 - 00000000 ____D () D:\ProgramData\Microsoft\Windows\Start Menu\Programs\KGB Archiver
2015-02-20 17:42 - 2015-02-20 17:42 - 00000000 ____D () D:\Program Files\KGB Archiver
2015-02-20 17:34 - 2015-02-12 17:16 - 00748616 _____ (Oracle Corporation) D:\Windows\system32\Drivers\VBoxDrv.sys
2015-02-20 17:34 - 2015-02-12 17:16 - 00104384 _____ (Oracle Corporation) D:\Windows\system32\Drivers\VBoxUSBMon.sys
2015-02-20 13:27 - 2015-02-20 13:27 - 00024576 _____ () D:\Users\PADMAM\Documents\EasyBCD Backup (2015-02-20) (4).bcd
2015-02-20 13:27 - 2015-02-20 13:27 - 00024576 _____ () D:\Users\PADMAM\Documents\EasyBCD Backup (2015-02-20) (3).bcd
2015-02-20 13:27 - 2015-02-20 13:27 - 00024576 _____ () D:\Users\PADMAM\Documents\EasyBCD Backup (2015-02-20) (2).bcd
2015-02-20 12:51 - 2015-02-20 12:51 - 00000000 ____D () D:\Users\PADMAM\AppData\Local\NeoSmart_Technologies
2015-02-20 10:44 - 2015-01-14 11:27 - 02894848 _____ () D:\Windows\system32\pwNative.exe
2015-02-20 10:44 - 2013-09-30 16:26 - 00015688 ____N () D:\Windows\system32\pwdrvio.sys
2015-02-20 10:43 - 2015-02-20 10:43 - 00001146 _____ () D:\Users\Public\Desktop\MiniTool Partition Wizard Free.lnk
2015-02-20 10:43 - 2015-02-20 10:43 - 00000000 ____D () D:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiniTool Partition Wizard Free 9.0
2015-02-20 10:43 - 2015-02-20 10:43 - 00000000 ____D () D:\Program Files\MiniTool Partition Wizard Free 9.0
2015-02-20 10:43 - 2013-09-30 16:26 - 00010320 ____N () D:\Windows\system32\pwdspio.sys
2015-02-20 10:24 - 2015-02-20 10:24 - 00024576 _____ () D:\Users\PADMAM\Documents\EasyBCD Backup (2015-02-20).bcd
2015-02-20 10:23 - 2015-02-20 10:23 - 00001180 _____ () D:\Users\Public\Desktop\EasyBCD 2.2.lnk
2015-02-20 10:23 - 2015-02-20 10:23 - 00000000 ____D () D:\ProgramData\Microsoft\Windows\Start Menu\Programs\NeoSmart Technologies
2015-02-20 10:23 - 2015-02-20 10:23 - 00000000 ____D () D:\Program Files\NeoSmart Technologies
2015-02-20 08:37 - 2015-03-20 07:05 - 00000000 ____D () D:\Users\hydra-7.5
2015-02-20 08:37 - 2015-02-20 08:37 - 00000000 ____D () D:\Users\hydra-7.5\usr
2015-02-20 08:37 - 2015-02-20 08:37 - 00000000 ____D () D:\Users\hydra-7.5\hydra
2015-02-20 08:37 - 2013-08-25 19:41 - 00000235 _____ () D:\Users\hydra-7.5\readme.txt
2015-02-20 03:20 - 2015-03-18 11:10 - 00000000 ____D () D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Keyl0gger
2015-02-20 03:20 - 2015-02-20 03:23 - 00000000 ____D () D:\Users\PADMAM\AppData\Roaming\FKGER_Monitor
2015-02-20 00:37 - 2015-02-20 00:37 - 00000000 ____D () D:\Users\PADMAM\AppData\Roaming\WinPatrol
2015-02-20 00:37 - 2015-02-20 00:37 - 00000000 ____D () D:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
2015-02-20 00:37 - 2015-02-20 00:37 - 00000000 ____D () D:\Program Files\Ruiware
2015-02-19 19:06 - 2015-03-06 09:49 - 00431452 _____ () D:\Windows\system32\Drivers\vsconfig.xml
2015-02-19 19:06 - 2015-02-19 19:06 - 00000732 _____ () D:\Users\Public\Desktop\ZoneAlarm Security.lnk
2015-02-19 19:06 - 2015-02-19 19:06 - 00000000 ____D () D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point
2015-02-19 18:38 - 2015-02-19 18:38 - 00000000 ____D () D:\Users\PADMAM\AppData\Roaming\Check Point Software Technologies LTD
2015-02-19 18:38 - 2015-02-19 18:38 - 00000000 ____D () D:\Program Files\Check Point Software Technologies LTD
2015-02-19 18:37 - 2015-02-19 19:06 - 00000000 ____D () D:\Program Files\CheckPoint
2015-02-19 18:37 - 2015-02-19 18:37 - 00000000 ____D () D:\ProgramData\CheckPoint
2015-02-19 13:34 - 2015-02-19 13:34 - 00000000 ____D () D:\found.000
2015-02-19 11:43 - 2015-03-19 21:02 - 00007600 _____ () D:\Users\PADMAM\AppData\Local\Resmon.ResmonCfg
2015-02-19 00:57 - 2015-02-19 00:58 - 00000000 ____D () D:\Users\PADMAM\.android
2015-02-18 23:04 - 2015-02-18 23:04 - 00001770 _____ () D:\Users\Public\Desktop\Start BlueStacks.lnk
2015-02-18 23:04 - 2015-02-18 23:04 - 00001733 _____ () D:\Users\Public\Desktop\Apps.lnk
2015-02-18 23:02 - 2015-02-18 23:03 - 00000000 ____D () D:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks
2015-02-18 23:02 - 2015-02-18 23:03 - 00000000 ____D () D:\ProgramData\BlueStacks
2015-02-18 23:02 - 2015-02-18 23:03 - 00000000 ____D () D:\Program Files\BlueStacks
2015-02-18 23:01 - 2015-02-18 23:01 - 00000000 ____D () D:\Users\PADMAM\AppData\Local\Bluestacks
2015-02-18 11:17 - 2015-02-18 11:17 - 00000000 ____D () D:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2015-02-18 11:17 - 2015-02-18 11:17 - 00000000 ____D () D:\Program Files\7-Zip
2015-02-18 09:21 - 2015-02-15 03:29 - 03330544 _____ (Red Hat) D:\Windows\system32\cygwin1.dll
2015-02-18 09:21 - 2015-02-15 03:29 - 02887197 _____ () D:\Windows\system32\cygmysqlclient-18.dll
2015-02-18 09:21 - 2015-02-15 03:29 - 01820199 _____ (The OpenSSL Project, http://www.openssl.org/) D:\Windows\system32\cygcrypto-1.0.0.dll
2015-02-18 09:21 - 2015-02-15 03:29 - 01177600 _____ (The OpenSSL Project, http://www.openssl.org/) D:\Windows\system32\LIBEAY32.dll
2015-02-18 09:21 - 2015-02-15 03:29 - 01023527 _____ (Free Software Foundation) D:\Windows\system32\cygiconv-2.dll
2015-02-18 09:21 - 2015-02-15 03:29 - 00393255 _____ (The OpenSSL Project, http://www.openssl.org/) D:\Windows\system32\cygssl-1.0.0.dll
2015-02-18 09:21 - 2015-02-15 03:29 - 00382659 _____ () D:\Windows\system32\libssh.dll
2015-02-18 09:21 - 2015-02-15 03:29 - 00112654 _____ () D:\Windows\system32\libgcc_s_dw2-1.dll
2015-02-18 09:21 - 2015-02-15 03:29 - 00108558 _____ () D:\Windows\system32\libz.dll
2015-02-18 09:21 - 2015-02-15 03:29 - 00084519 _____ () D:\Windows\system32\cygz.dll
2015-02-18 09:21 - 2015-02-15 03:29 - 00040999 _____ (Free Software Foundation) D:\Windows\system32\cygintl-8.dll
2015-02-12 17:16 - 2015-02-12 17:16 - 00174888 ____N (Oracle Corporation) D:\Windows\system32\VBoxNetFltNobj.dll
2015-02-12 17:16 - 2015-02-12 17:16 - 00115672 _____ (Oracle Corporation) D:\Windows\system32\Drivers\VBoxNetAdp.sys
2015-02-07 02:42 - 2015-02-07 02:42 - 00000000 ____D () D:\bd7b8d7c932bd6628bfba5fbd219
2015-02-06 18:20 - 2015-01-14 11:14 - 03972544 _____ (Microsoft Corporation) D:\Windows\system32\ntkrnlpa.exe
2015-02-06 18:20 - 2015-01-14 11:14 - 03917760 _____ (Microsoft Corporation) D:\Windows\system32\ntoskrnl.exe
2015-02-06 18:20 - 2015-01-14 11:14 - 00136640 _____ (Microsoft Corporation) D:\Windows\system32\Drivers\ksecpkg.sys
2015-02-06 18:20 - 2015-01-14 11:14 - 00067512 _____ (Microsoft Corporation) D:\Windows\system32\Drivers\ksecdd.sys
2015-02-06 18:20 - 2015-01-14 11:11 - 00100352 _____ (Microsoft Corporation) D:\Windows\system32\sspicli.dll
2015-02-06 18:20 - 2015-01-14 11:11 - 00022016 _____ (Microsoft Corporation) D:\Windows\system32\secur32.dll
2015-02-06 18:20 - 2015-01-14 11:11 - 00015872 _____ (Microsoft Corporation) D:\Windows\system32\sspisrv.dll
2015-02-06 18:20 - 2015-01-14 11:10 - 01061376 _____ (Microsoft Corporation) D:\Windows\system32\lsasrv.dll
2015-02-06 18:20 - 2015-01-14 11:10 - 00050176 _____ (Microsoft Corporation) D:\Windows\system32\auditpol.exe
2015-02-06 18:20 - 2015-01-14 11:10 - 00022528 _____ (Microsoft Corporation) D:\Windows\system32\lsass.exe
2015-02-06 18:20 - 2015-01-14 11:08 - 00060416 _____ (Microsoft Corporation) D:\Windows\system32\msobjs.dll
2015-02-06 18:20 - 2015-01-14 11:07 - 00146432 _____ (Microsoft Corporation) D:\Windows\system32\msaudite.dll
2015-02-06 18:20 - 2015-01-14 11:06 - 00686080 _____ (Microsoft Corporation) D:\Windows\system32\adtschema.dll
2015-02-06 18:20 - 2014-12-30 04:59 - 00370480 _____ (Microsoft Corporation) D:\Windows\system32\Drivers\cng.sys
2015-02-06 18:16 - 2015-01-13 08:19 - 01230336 _____ (Microsoft Corporation) D:\Windows\system32\WindowsCodecs.dll
2015-02-06 01:01 - 2015-03-18 07:29 - 00000000 ____D () D:\Users\PADMAM\AppData\Local\CyberGhost
2015-02-06 01:01 - 2015-02-06 01:01 - 00548336 _____ (BitDefender) D:\Windows\system32\Drivers\avckf.sys
2015-02-06 01:01 - 2015-02-06 01:01 - 00066832 _____ (BitDefender SRL) D:\Windows\system32\Drivers\bdsandbox.sys
2015-02-06 01:00 - 2015-02-06 01:00 - 00026624 _____ (BitDefender SRL) D:\Windows\system32\bdsandboxuh.dll
2015-02-06 00:56 - 2015-02-06 00:58 - 00000000 ____D () D:\Program Files\CyberGhost 5
2015-02-06 00:56 - 2015-02-06 00:56 - 00001890 _____ () D:\Users\PADMAM\Desktop\CyberGhost 5.lnk
2015-02-06 00:56 - 2015-02-06 00:56 - 00000000 ____D () D:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberGhost 5
2015-01-30 14:20 - 2004-11-30 15:59 - 00172032 _____ (Microsoft Corporation) D:\amcap2a.exe
2015-01-30 11:41 - 2015-01-30 11:41 - 00000000 ____D () D:\Users\PADMAM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Advanced Port Scanner
2015-01-30 11:41 - 2015-01-30 11:41 - 00000000 ____D () D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Port Scanner
2015-01-30 11:41 - 2015-01-30 11:41 - 00000000 ____D () D:\Program Files\Advanced Port Scanner
2015-01-30 11:07 - 2015-01-30 11:07 - 00000000 ____D () D:\Users\PADMAM\Documents\Freemake
2015-01-30 11:07 - 2015-01-30 11:07 - 00000000 ____D () D:\ProgramData\Freemake
2015-01-30 03:31 - 2015-01-30 07:52 - 00000000 ____D () D:\Users\PADMAM\AppData\Local\Razer
2015-01-30 03:30 - 2015-01-30 07:52 - 00000000 ____D () D:\ProgramData\Razer
2015-01-30 03:29 - 2015-01-30 03:33 - 00000000 ____D () D:\Users\PADMAM\Documents\NFS Most Wanted
2015-01-10 10:33 - 2015-01-10 10:33 - 00000000 ____D () D:\ProgramData\bdch
2015-01-10 06:53 - 2015-01-10 06:54 - 00000574 _____ () D:\Windows\system32\bdsandbox.txt
2015-01-10 06:20 - 2015-01-10 06:20 - 00000000 __SHD () D:\Users\PADMAM\AppData\Local\EmieBrowserModeList
2015-01-10 04:01 - 2015-01-10 04:01 - 00072704 _____ (BitDefender) D:\Windows\system32\Drivers\bdvedisk.sys
2015-01-10 03:56 - 2014-12-19 08:13 - 00164864 _____ (Microsoft Corporation) D:\Windows\system32\profsvc.dll
2015-01-10 03:56 - 2014-12-11 23:17 - 00046592 _____ (Microsoft Corporation) D:\Windows\system32\TSWbPrxy.exe
2015-01-10 03:56 - 2014-12-06 09:20 - 00242688 _____ (Microsoft Corporation) D:\Windows\system32\nlasvc.dll
2015-01-10 03:55 - 2014-12-19 07:04 - 00116224 _____ (Microsoft Corporation) D:\Windows\system32\Drivers\mrxdav.sys
2015-01-10 03:28 - 2015-01-10 03:28 - 00000385 _____ () D:\Users\PADMAM\AppData\Roaminguser_gensett.xml
2015-01-10 03:26 - 2015-01-10 03:26 - 00000385 _____ () D:\Windows\system32\user_gensett.xml
2015-01-10 02:59 - 2015-01-10 02:59 - 00002131 _____ () D:\Users\Public\Desktop\Bitdefender Antivirus Plus 2015.lnk
2015-01-10 02:59 - 2015-01-10 02:59 - 00000308 ____H () D:\bdr-cf01
2015-01-10 02:59 - 2015-01-10 02:59 - 00000000 ____H () D:\Windows\system32\Drivers\Msft_Kernel_avchv_01009.Wdf
2015-01-10 02:59 - 2015-01-10 02:59 - 00000000 ____D () D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 2015
2015-01-10 02:59 - 2009-07-14 12:27 - 01461992 _____ (Microsoft Corporation) D:\Windows\system32\WdfCoInstaller01009.dll
2015-01-10 02:58 - 2015-02-06 00:59 - 00243456 _____ (BitDefender) D:\Windows\system32\Drivers\avchv.sys
2015-01-10 02:58 - 2015-02-06 00:58 - 01083448 _____ (BitDefender) D:\Windows\system32\Drivers\avc3.sys
2015-01-10 02:58 - 2015-02-06 00:53 - 00074000 _____ (BitDefender SRL) D:\Windows\system32\bdsandboxuiskin.dll
2015-01-10 02:58 - 2015-01-10 03:30 - 00000000 ____D () D:\ProgramData\BDLogging
2015-01-10 02:58 - 2015-01-10 03:03 - 00000000 ____D () D:\Users\PADMAM\AppData\Roaming\Bitdefender
2015-01-10 02:58 - 2015-01-10 02:59 - 00253404 ____H () D:\bdr-ld01
2015-01-10 02:58 - 2015-01-10 02:59 - 00009216 ____H () D:\bdr-ld01.mbr
2015-01-10 02:58 - 2014-07-04 17:47 - 39361413 ____H () D:\bdr-im01.gz
2015-01-10 02:58 - 2012-08-15 15:28 - 02294848 ____H () D:\bdr-bz01
2015-01-10 02:58 - 2007-04-11 11:11 - 00511328 _____ (Microsoft Corporation) D:\Windows\capicom.dll
2015-01-10 02:54 - 2015-03-17 01:45 - 00172936 _____ (BitDefender LLC) D:\Windows\system32\Drivers\gzflt.sys
2015-01-10 02:54 - 2015-01-10 03:00 - 00000000 ____D () D:\ProgramData\Bitdefender
2015-01-10 02:54 - 2015-01-10 02:54 - 00000000 ____D () D:\Program Files\Bitdefender
2015-01-10 02:54 - 2014-10-15 17:14 - 00408280 _____ (BitDefender S.R.L.) D:\Windows\system32\Drivers\trufos.sys
2015-01-10 02:53 - 2015-03-19 05:57 - 00000000 ____D () D:\Users\PADMAM\AppData\Roaming\QuickScan
2015-01-10 02:47 - 2015-01-10 02:54 - 00000000 ____D () D:\Program Files\Common Files\Bitdefender
2015-01-09 19:16 - 2015-01-09 19:17 - 00722947 _____ () D:\Users\PADMAM\Downloads\VID-20141001-WA0000.mp4
2015-01-09 16:11 - 2015-01-09 16:11 - 00000673 _____ () D:\Users\Public\Desktop\Need for Speed™ Carbon.lnk

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-24 16:17 - 2013-06-14 16:55 - 00000000 ____D () D:\Users\PADMAM\AppData\Roaming\uTorrent
2015-03-24 16:10 - 2009-07-14 10:23 - 00000006 ____H () D:\Windows\Tasks\SA.DAT
2015-03-24 15:31 - 2010-10-01 13:51 - 00808678 _____ () D:\Windows\system32\PerfStringBackup.INI
2015-03-24 15:29 - 1980-01-01 00:00 - 00000000 ____D () D:\Users\PADMAM\Desktop\PVR
2015-03-24 11:58 - 2009-07-14 08:07 - 00000000 ____D () D:\Windows\system32\LogFiles
2015-03-24 11:47 - 2014-08-03 14:28 - 00000433 _____ () D:\Windows\system32\Drivers\etc\hosts.ics
2015-03-24 11:21 - 2009-07-14 10:04 - 00024944 ____H () D:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-24 11:21 - 2009-07-14 10:04 - 00024944 ____H () D:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-24 09:50 - 2014-08-03 10:41 - 00000000 ____D () D:\Program Files\Steam
2015-03-24 09:40 - 2010-10-02 03:12 - 00000000 ____D () D:\Windows\Panther
2015-03-20 07:05 - 2009-07-14 08:07 - 00000000 __RHD () D:\Users\Default
2015-03-20 07:05 - 2009-07-14 08:07 - 00000000 ___RD () D:\Users\Public
2015-03-20 06:58 - 2009-07-14 07:34 - 00000215 _____ () D:\Windows\system.ini
2015-03-20 06:53 - 2009-07-14 07:33 - 50593792 _____ () D:\Windows\system32\config\SOFTWARE.bak
2015-03-20 06:53 - 2009-07-14 07:33 - 23068672 _____ () D:\Windows\system32\config\SYSTEM.bak
2015-03-20 06:53 - 2009-07-14 07:33 - 01048576 _____ () D:\Windows\system32\config\DEFAULT.bak
2015-03-20 06:53 - 2009-07-14 07:33 - 00262144 _____ () D:\Windows\system32\config\SECURITY.bak
2015-03-20 06:53 - 2009-07-14 07:33 - 00262144 _____ () D:\Windows\system32\config\SAM.bak
2015-03-20 06:47 - 2013-05-26 21:13 - 00000000 ____D () D:\ProgramData\TEMP
2015-03-20 05:47 - 2009-07-14 08:07 - 00000000 ____D () D:\Windows\system32\inetsrv
2015-03-20 04:57 - 2014-02-23 20:39 - 00000000 ____D () D:\Users\PADMAM\Calibre Library
2015-03-20 03:29 - 2013-05-25 20:43 - 00000000 ____D () D:\Users\PADMAM
2015-03-20 03:26 - 2009-07-14 10:22 - 00000000 ____D () D:\Windows\Offline Web Pages
2015-03-20 03:26 - 2009-07-14 08:07 - 00000000 ____D () D:\Windows\Help
2015-03-19 20:54 - 2014-09-23 07:55 - 00000000 ____D () D:\Users\PADMAM\AppData\Roaming\FirefoxToolbar
2015-03-19 20:10 - 2009-07-14 08:07 - 00000000 ___HD () D:\Windows\system32\GroupPolicy
2015-03-19 20:06 - 2013-06-22 19:25 - 00000000 ____D () D:\Program Files\Adobe
2015-03-19 20:05 - 2013-06-02 12:10 - 00000000 ____D () D:\Users\PADMAM\AppData\Local\Adobe
2015-03-19 18:38 - 2014-05-07 14:34 - 00000000 ____D () D:\Users\PADMAM\AppData\Roaming\vlc
2015-03-19 09:50 - 2009-07-14 08:07 - 00000000 ____D () D:\Windows\Registration
2015-03-19 08:15 - 2014-08-03 10:41 - 00000000 ____D () D:\Program Files\Common Files\Steam
2015-03-19 07:20 - 2014-12-21 08:24 - 00000000 __SHD () D:\ProgramData\GTWRUT
2015-03-19 06:18 - 2009-07-14 08:07 - 00000000 ____D () D:\Windows\system
2015-03-19 06:15 - 2013-08-18 19:10 - 00000000 ____D () D:\QUARANTINE
2015-03-18 19:30 - 2013-06-07 10:31 - 00000000 ____D () D:\Windows\Minidump
2015-03-16 19:18 - 2013-05-25 20:51 - 00000000 ____D () D:\Users\PADMAM\AppData\Local\Google
2015-03-11 00:08 - 2013-06-02 12:10 - 00000000 ____D () D:\Users\PADMAM\AppData\Roaming\Adobe
2015-03-11 00:05 - 2013-06-22 19:25 - 00000000 ____D () D:\Program Files\Common Files\Adobe
2015-03-11 00:03 - 2014-09-23 07:32 - 00000000 ____D () D:\ProgramData\Adobe
2015-03-05 08:56 - 2009-07-14 08:07 - 00000000 ____D () D:\Windows\system32\NDF

==================== Files in the root of some directories =======

2013-11-17 14:36 - 2014-06-29 16:00 - 0005632 _____ () D:\Users\PADMAM\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-02-19 11:43 - 2015-03-19 21:02 - 0007600 _____ () D:\Users\PADMAM\AppData\Local\Resmon.ResmonCfg

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

D:\Windows\explorer.exe => File is digitally signed
D:\Windows\system32\winlogon.exe => File is digitally signed
D:\Windows\system32\wininit.exe => File is digitally signed
D:\Windows\system32\svchost.exe => File is digitally signed
D:\Windows\system32\services.exe => File is digitally signed
D:\Windows\system32\User32.dll => File is digitally signed
D:\Windows\system32\userinit.exe => File is digitally signed
D:\Windows\system32\rpcss.dll => File is digitally signed
D:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

==================== BCD ================================

Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  boot
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
default                 {current}
resumeobject            {8610e562-c5bd-11e2-aaa5-9e20ffeb28e9}
displayorder            {current}
toolsdisplayorder       {bdbdbd00-6057-11e0-a7f3-ce9adfd72001}
                        {memdiag}
timeout                 30
displaybootmenu         Yes

Windows Boot Loader
-------------------
identifier              {current}
device                  partition=D:
path                    \Windows\system32\winload.exe
description             Windows 7
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {8610e564-c5bd-11e2-aaa5-9e20ffeb28e9}
recoveryenabled         Yes
osdevice                partition=D:
systemroot              \Windows
resumeobject            {8610e562-c5bd-11e2-aaa5-9e20ffeb28e9}
nx                      OptIn

Windows Boot Loader
-------------------
identifier              {8610e564-c5bd-11e2-aaa5-9e20ffeb28e9}
device                  ramdisk=[D:]\Recovery\8610e564-c5bd-11e2-aaa5-9e20ffeb28e9\Winre.wim,{8610e565-c5bd-11e2-aaa5-9e20ffeb28e9}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[D:]\Recovery\8610e564-c5bd-11e2-aaa5-9e20ffeb28e9\Winre.wim,{8610e565-c5bd-11e2-aaa5-9e20ffeb28e9}
systemroot              \windows
nx                      OptIn
winpe                   Yes

Resume from Hibernate
---------------------
identifier              {8610e562-c5bd-11e2-aaa5-9e20ffeb28e9}
device                  partition=D:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=D:
filepath                \hiberfil.sys
pae                     Yes
debugoptionenabled      No

Windows Memory Tester
---------------------
identifier              {memdiag}
device                  boot
path                    \Boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes

Real-mode Boot Sector
---------------------
identifier              {bdbdbd00-6057-11e0-a7f3-ce9adfd72001}
device                  partition=D:
path                    \bdr-ld01.mbr
description             Bitdefender Rescue Mode - Windows 7 Professional SP 1 (x86)

EMS Settings
------------
identifier              {emssettings}
bootems                 Yes

Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200

RAM Defects
-----------
identifier              {badmemory}

Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}

Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}

Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200

Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}

Device options
--------------
identifier              {8610e565-c5bd-11e2-aaa5-9e20ffeb28e9}
description             Ramdisk Options
ramdisksdidevice        partition=D:
ramdisksdipath          \Recovery\8610e564-c5bd-11e2-aaa5-9e20ffeb28e9\boot.sdi



LastRegBack: 2015-03-05 07:58

==================== End Of Log ============================

 

 

Now the Addition.txt :

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-03-2015
Ran by PADMAM at 2015-03-31 07:28:18
Running from D:\
Boot Mode: Safe Mode (minimal)
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Bitdefender Antivirus (Enabled - Up to date) {9A0813D8-CED6-F86B-072E-28D2AF25A83D}
AS: Bitdefender Antispyware (Enabled - Up to date) {2169F23C-E8EC-F7E5-3D9E-13A0D4A2E280}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ZoneAlarm Free Firewall Firewall (Enabled) {1B8D532F-88B1-B2AD-ED22-AED92687A1D2}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-3491784500-1268680403-2365528014-1000\...\uTorrent) (Version: 3.4.2.39710 - BitTorrent Inc.)
7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
Action! (HKLM\...\Mirillis Action!) (Version: 1.18.0 - Mirillis)
Advanced Port Scanner v1.3 (HKLM\...\Advanced Port Scanner v1.3) (Version:  - )
Angry Birds Seasons (HKLM\...\{FDC4C499-7B67-4A58-A30B-E1276C26BFEF}) (Version: 2.3.0 - Rovio)
Bing Bar (HKLM\...\{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}) (Version: 7.1.361.0 - Microsoft Corporation)
Bitdefender Antivirus Plus 2015 (HKLM\...\Bitdefender) (Version: 18.20.0.1429 - Bitdefender)
BlueStacks App Player (HKLM\...\BlueStacks App Player) (Version: 0.9.11.4119 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM\...\{E78B4959-B348-4913-874B-FF982378E035}) (Version: 0.9.11.4119 - BlueStack Systems, Inc.)
calibre (HKLM\...\{DFF135C9-274E-443B-B2D1-FF0FD93EE790}) (Version: 0.7.53 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 4.12 - Piriform)
CyberGhost 5 (HKLM\...\CyberGhost 5_is1) (Version:  - CyberGhost S.R.L.)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Defraggler (HKLM\...\Defraggler) (Version: 2.17 - Piriform)
Driver Booster (HKLM\...\Driver Booster_is1) (Version: 1.3 - IObit)
DriverToolkit version 8.4.0.0 (HKLM\...\{D66BF89F-B0A2-48F5-A2E4-242EB645AB76}_is1) (Version: 8.4.0.0 - Megaify Software)
EasyBCD 2.2 (HKLM\...\EasyBCD) (Version: 2.2 - NeoSmart Technologies)
Google Chrome (HKLM\...\Google Chrome) (Version: 41.0.2272.101 - Google Inc.)
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
KGB Archiver (a freeware zip software application) version 1.2. (HKLM\...\KGB Archiver_is1) (Version:  - )
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2010 (HKLM\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (HKLM\...\PROPLUS) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
MiniTool Partition Wizard Free 9.0 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version:  - MiniTool Solution Ltd.)
Mozilla Firefox (3.6.3) (HKLM\...\Mozilla Firefox (3.6.3)) (Version: 3.6.3 (en-US) - Mozilla)
MSVC80_x86 (Version: 1.0.1.0 - Nokia) Hidden
Need for Speed™ Carbon (HKLM\...\{259C0ABB-A3B2-4D70-008F-BF7EE491B70B}) (Version:  - )
NHM Writer Beta (HKLM\...\NHM Writer_is1) (Version:  - New Horizon Media Pvt Ltd)
Opera 10.00 (HKLM\...\{FC66E05E-8D39-47A6-8D07-759F33727EB0}) (Version: 10.00 - Opera Software ASA)
PCSX2 - Playstation 2 Emulator (HKLM\...\pcsx2-r4600) (Version:  - )
PCSX2 - Playstation 2 Emulator (HKLM\...\pcsx2-r5875) (Version:  - )
Pirates of the Caribbean - At Worlds End (HKLM\...\{01CBFCE7-95AD-40F3-BC63-C46EFB2FC9C4}) (Version: 1.0 - Disney Interactive Studios) <==== ATTENTION!
PowerISO (HKLM\...\PowerISO) (Version:  - )
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
Skype™ 6.14 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Speccy (HKLM\...\Speccy) (Version: 1.25 - Piriform)
Steam (HKLM\...\Steam) (Version:  - Valve Corporation)
Subway Surfers 1.0 (HKLM\...\Subway Surfers 1.0) (Version: 1.0 - Cat-A-Cat)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
Total Video Converter 3.71 100812 (HKLM\...\Total Video Converter 3.71_is1) (Version:  - EffectMatrix Inc.)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VistaGlazz 2.0 (HKLM\...\VistaGlazz_is1) (Version: 2.0 - CodeGazer)
VLC media player 2.0.8 (HKLM\...\VLC media player) (Version: 2.0.8 - VideoLAN)
VMware Player (HKLM\...\VMware_Player) (Version: 3.1.6.30422 - VMware, Inc)
VMware Player (Version: 3.1.6.30422 - VMware, Inc.) Hidden
Win32DiskImager version 0.9.5 (HKLM\...\{D074CE74-912A-4AD3-A0BF-3937D9D01F17}_is1) (Version: 0.9.5 - ImageWriter Developers)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
YTD Video Downloader 4.0 (HKLM\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 4.0 - GreenTree Applications SRL) <==== ATTENTION
ZoneAlarm Firewall (Version: 13.3.209.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Free Firewall (HKLM\...\ZoneAlarm Free Firewall) (Version: 13.3.209.000 - Check Point)
ZoneAlarm Security (Version: 13.3.209.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Security Toolbar  (HKU\S-1-5-21-3491784500-1268680403-2365528014-1000\...\zonealarm) (Version: 1.8.29.17 - Check Point Software Technologies LTD)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

17-03-2015 17:02:39 Removed McAfee Agent.
19-03-2015 18:34:15 Installed Nokia Connectivity Cable Driver
19-03-2015 18:51:27 Removed Nokia Connectivity Cable Driver
19-03-2015 18:52:35 Removed PC Connectivity Solution
19-03-2015 20:04:07 Removed Adobe Download Assistant
20-03-2015 05:39:58 Windows Modules Installer
20-03-2015 05:44:56 Windows Modules Installer

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 07:34 - 2015-03-20 06:57 - 00000027 ____A D:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {08BE17A9-12C9-42DF-A173-E325A42FD13C} - System32\Tasks\{9022FE36-7955-445C-91F7-69290544E102} => pcalua.exe -a G:\Setup.exe -d G:\
Task: {0C085A4A-66BD-4E4A-9EC0-69D52CFD8A28} - System32\Tasks\{ED7BB8EF-7D59-4E1E-BBFA-A929346274AE} => pcalua.exe -a "G:\SG 1931,1921\audio\Setup.exe" -d "G:\SG 1931,1921\audio"
Task: {1A705045-A6A2-4F60-8A87-E121FF0A6CB0} - System32\Tasks\Driver Booster SkipUAC (PADMAM) => D:\Program Files\IObit\Driver Booster\DriverBooster.exe [2014-03-07] (IObit)
Task: {1B001DB8-AFB1-41DB-A01D-AA3E68BDC98F} - System32\Tasks\{70FB3E7D-AE40-4DBE-8ECF-47663A181B00} => D:\Program Files\Realtek AC97\SoundMan.exe
Task: {1C79D0F5-7352-40F3-8542-146835112105} - System32\Tasks\{DFAC57D0-8D16-426D-B7EC-670042D48DCE} => F:\PES2010 (G)\Crack\pes2010.exe [2009-10-19] (Konami Digital Entertainment Co., Ltd.)
Task: {234A2895-0919-44AC-92F6-14DB65C55CBC} - System32\Tasks\Driver Booster Update => D:\Program Files\IObit\Driver Booster\AutoUpdate.exe [2014-03-07] (IObit)
Task: {29982749-4EA0-4607-B466-AB4C7549E682} - System32\Tasks\{720A21B9-5F4F-4FEB-8F63-05B04145D8D1} => Iexplore.exe http://www.skype.com/go/downloading?source=lightinstaller&amp;ver=6.3.0.107&amp;LastError=12002
Task: {34F86356-51CD-4B45-945E-59A5675F5F5E} - System32\Tasks\{4317AC11-4FDE-4ECE-B9CA-4423EEA7DE0D} => pcalua.exe -a "E:\Fifa 08\Install.exe" -d "E:\Fifa 08"
Task: {3E4DABDA-7A2A-4C05-B6E6-B9422D8D486F} - System32\Tasks\GoogleUpdateTaskMachineCore => D:\Program Files\Google\Update\GoogleUpdate.exe [2015-03-05] (Google Inc.)
Task: {62D46669-7377-4413-9819-39C89999610B} - System32\Tasks\{2DE4F5D6-C91F-4360-BA27-44AED1504684} => pcalua.exe -a "G:\SG 1931,1921\sp26612 - Agere Modem Drivers.exe" -d "G:\SG 1931,1921"
Task: {640B6747-9D8F-4E77-9E51-531AC52876ED} - System32\Tasks\User_Feed_Synchronization-{E05BD53F-55BE-4FD5-AB3E-AAF284007120} => C:\Windows\system32\msfeedssync.exe
Task: {71FA7BD7-B1B3-45F6-AAA7-05DFB2DAEEBA} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => D:\Windows\system32\Wat\WatAdminSvc.exe
Task: {76166196-5EFD-4722-8AC2-3B81505F048C} - System32\Tasks\{FE32C9BB-A8F0-45CA-A634-661587A41FBB} => F:\PES2010 (G)\Crack\pes2010.exe [2009-10-19] (Konami Digital Entertainment Co., Ltd.)
Task: {76669FD4-135E-47ED-9DDF-337E6236A32D} - System32\Tasks\{77863DEF-8B7D-43D0-9133-EC132600705D} => D:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVH.EXE [2013-07-23] (Microsoft Corporation)
Task: {770F1055-DD67-4A33-941A-0694584668DD} - System32\Tasks\{616FA31E-2A5A-4F63-A82B-7FA6D9CFDB15} => pcalua.exe -a "D:\Program Files\Electronic Arts\Need for Speed Carbon\eauninstall.exe" -d "D:\Program Files\Electronic Arts\Need for Speed Carbon"
Task: {7D577A87-0CC0-47D4-8873-9F731D1A60F9} - System32\Tasks\{310BA31E-8981-4398-8AEF-380B7669ADFD} => D:\Program Files\Realtek AC97\SoundMan.exe
Task: {7FA2CD5A-1F7D-4C5A-A017-2A0E330E5DE5} - System32\Tasks\{7FDA4D35-9B7D-4609-8862-D0688219D06B} => C:\Program Files\Rovio\Angry Birds\AngryBirds.exe
Task: {850FB7D9-263F-4564-B15B-839791CCBBC1} - System32\Tasks\{7951EEA6-48C6-453A-8612-F91A10F14BC7} => pcalua.exe -a D:\Users\PADMAM\Downloads\VMware-player-7.1.0-2496824.exe -d D:\Users\PADMAM\Downloads
Task: {921BC845-FDD2-4433-B6E4-5767EFC54289} - System32\Tasks\Driver Booster Scan => D:\Program Files\IObit\Driver Booster\Scheduler.exe [2014-03-07] (IObit)
Task: {9D26699C-EC44-4AC9-B43D-62C53DE61DA6} - System32\Tasks\{3C541D51-B981-4893-87DB-0B64F78B1952} => pcalua.exe -a "G:\PC Suite\US.exe" -d "G:\PC Suite"
Task: {C776A896-F618-4A11-AE8D-D8E6D1FD869B} - System32\Tasks\{CF0F8A72-8279-4FB5-9422-025F972C6878} => Iexplore.exe http://ui.skype.com/ui/0/6.3.0.107/en/abandoninstall?source=lightinstaller&amp;page=tsMain
Task: {CDF880E0-0855-4182-A385-59AC5EB99452} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {D1F4F5EE-F36C-4FBD-8E89-59948CC8E86A} - System32\Tasks\CCleanerSkipUAC => D:\Program Files\CCleaner\CCleaner.exe [2014-03-18] (Piriform Ltd)
Task: {D61FA201-2345-433C-B031-B430A3C5E2E6} - System32\Tasks\{C6A8B9FB-1F10-4B3D-9553-58874828C718} => D:\Users\PADMAM\Desktop\thc-hydra-windows-master\hydra.exe
Task: {D6C194FA-9AB8-4620-B7FC-C1D0E32BF2B2} - System32\Tasks\GoogleUpdateTaskMachineUA => D:\Program Files\Google\Update\GoogleUpdate.exe [2015-03-05] (Google Inc.)
Task: {D73CE652-FA44-4B74-9628-4CA5A5EF182D} - System32\Tasks\{2CA08F1F-E054-47B6-BD83-1A041E523409} => C:\Program Files\Rovio\Angry Birds\AngryBirds.exe
Task: {E15D4D75-C4C5-4D8C-8942-21B7FA8B62DA} - System32\Tasks\{39193DC1-0AC4-4FF7-8DF6-AA3346DA4298} => Iexplore.exe http://www.skype.com/go/downloading?source=lightinstaller&amp;ver=6.3.0.107&amp;LastError=12002

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: D:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => D:\Program Files\Google\Update\GoogleUpdate.exe
Task: D:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => D:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============


==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: D:\ProgramData\TEMP:56E2E879
AlternateDataStreams: D:\ProgramData\TEMP:58D8F144
AlternateDataStreams: D:\Users\PADMAM\Downloads\BDAntiCryptoWall_Release.exe:BDU
AlternateDataStreams: D:\Users\PADMAM\Downloads\ComboFix.exe:BDU
AlternateDataStreams: D:\Users\PADMAM\Downloads\pdf995s.exe:BDU
AlternateDataStreams: D:\Users\PADMAM\Downloads\ps2pdf995.exe:BDU
AlternateDataStreams: D:\Users\PADMAM\Downloads\qsinstaller.exe:BDU

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="1"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3491784500-1268680403-2365528014-1000\Control Panel\Desktop\\Wallpaper -> D:\Users\PADMAM\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: Media is not connected to internet.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: CyberGhost => "D:\Program Files\CyberGhost 5\CyberGhost.EXE" /autostart
MSCONFIG\startupreg: VMware hqtray => "D:\Program Files\VMware\VMware Player\hqtray.exe"

==================== Accounts: =============================

Administrator (S-1-5-21-3491784500-1268680403-2365528014-500 - Administrator - Disabled)
Guest (S-1-5-21-3491784500-1268680403-2365528014-501 - Limited - Disabled)
PADMAM (S-1-5-21-3491784500-1268680403-2365528014-1000 - Administrator - Enabled) => D:\Users\PADMAM
__vmware_user__ (S-1-5-21-3491784500-1268680403-2365528014-1003 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/24/2015 04:18:13 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.

Context: Windows Application, SystemIndex Catalog


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/24/2015 04:18:13 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: The Windows Search Service cannot load the property store information.

Context: Windows Application, SystemIndex Catalog


Details:
    The content index server cannot update or access information because of a database error.  Stop and restart the search service.  If the problem persists, reset and recrawl the content index.  In some cases it may be necessary to delete and recreate the content index.  (HRESULT : 0x8004117f) (0x8004117f)

Error: (03/24/2015 04:18:13 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: The search service has detected corrupted data files in the index {id=1100}. The service will attempt to automatically correct this problem by rebuilding the index.


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/24/2015 04:18:11 PM) (Source: Windows Search Service) (EventID: 9000) (User: )
Description: The Windows Search Service cannot open the Jet property store.


Details:
    0x%08x (0x8004117f - The content index server cannot update or access information because of a database error.  Stop and restart the search service.  If the problem persists, reset and recrawl the content index.  In some cases it may be necessary to delete and recreate the content index.  (HRESULT : 0x8004117f))

Error: (03/24/2015 04:15:55 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (03/24/2015 04:08:03 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = D:\Windows\servicing\TrustedInstaller.exe; Description = Windows Modules Installer; Error = 0x8007043c).

Error: (03/24/2015 04:03:00 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x80070005.

Error: (03/24/2015 03:50:30 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x80070005.

Error: (03/24/2015 03:47:06 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x80070005.

Error: (03/24/2015 02:04:52 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x80070005.


System errors:
=============
Error: (03/31/2015 07:25:24 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (03/31/2015 07:25:24 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (03/31/2015 07:25:24 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (03/31/2015 07:25:24 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (03/31/2015 07:25:24 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (03/31/2015 07:25:24 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (03/31/2015 07:25:24 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (03/31/2015 07:25:24 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (03/31/2015 07:25:21 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (03/31/2015 07:25:21 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: Intel® Pentium® D CPU 2.80GHz
Percentage of memory in use: 21%
Total physical RAM: 1983.43 MB
Available physical RAM: 1562.27 MB
Total Pagefile: 4957.43 MB
Available Pagefile: 4578.55 MB
Total Virtual: 2047.88 MB
Available Virtual: 1884.23 MB

==================== Drives ================================

Drive d: (Naren) (Fixed) (Total:64.71 GB) (Free:16.19 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (Invincible) (Fixed) (Total:39.06 GB) (Free:5.07 GB) NTFS
Drive f: (Local Disk) (Fixed) (Total:31.85 GB) (Free:0.89 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: B874B874)
Partition 1: (Active) - (Size=64.7 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=70.9 GB) - (Type=OF Extended)

==================== End Of Log ============================

 

 

 

Shortcuts.txt

Users shortcut scan result (x86) Version: 11-03-2015
Ran by PADMAM at 2015-03-31 07:29:15
Running from D:\
Boot Mode: Safe Mode (minimal)
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)



Shortcut: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ImageReady 7.0 ME.lnk -> D:\Program Files\Adobe\Photoshop 7.0 ME\ImageReady.exe (Adobe Systems Incorporated)
Shortcut: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop 7.0 ME.lnk -> D:\Program Files\Adobe\Photoshop 7.0 ME\Photoshop.exe (Adobe Systems, Incorporated)
Shortcut: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk -> D:\Windows\ehome\ehshell.exe (Microsoft Corporation)
Shortcut: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2010.lnk -> D:\Windows\Installer\{95140000-0070-0000-0000-0000000FF1CE}\oobeicon.exe ()
Shortcut: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk -> D:\Program Files\Opera\opera.exe (Opera Software)
Shortcut: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk -> D:\Windows\System32\WindowsAnytimeUpgradeUI.exe (Microsoft Corporation)
Shortcut: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk -> D:\Program Files\DVD Maker\DVDMaker.exe (Microsoft Corporation)
Shortcut: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk -> D:\Program Files\Windows Live\Mail\wlmail.exe (Microsoft Corporation)
Shortcut: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk -> D:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
Shortcut: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk -> D:\Program Files\Windows Live\Photo Gallery\MovieMaker.exe (Microsoft Corporation)
Shortcut: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk -> D:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe (Microsoft Corporation)
Shortcut: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\YTD Video Downloader\Uninstall.lnk -> D:\Program Files\GreenTree Applications\YTD Video Downloader\Uninstall.exe ()
Shortcut: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\YTD Video Downloader\YTD Video Downloader.lnk -> D:\Program Files\GreenTree Applications\YTD Video Downloader\ytd.exe (GreenTree Applications SRL)
Shortcut: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol\Uninstall WinPatrol.lnk -> D:\ProgramData\InstallMate\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}\Setup.exe (No File)
Shortcut: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol\WinPatrol Explorer.lnk -> D:\Program Files\Ruiware\WinPatrol\WinPatrolEx.exe (Ruiware LLC)
Shortcut: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol\WinPatrol Help.lnk -> D:\Program Files\Ruiware\WinPatrol\features.html ()
Shortcut: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol\WinPatrol.lnk -> D:\Program Files\Ruiware\WinPatrol\WinPatrol.exe (Ruiware LLC)
Shortcut: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live\Windows Live Family Safety.lnk -> D:\Windows\Installer\{F53D678E-238F-4A71-9742-08BB6774E9DC}\fssicon.ico ()
Shortcut: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live\Windows Live Mesh.lnk -> D:\Program Files\Windows Live\Mesh\WLSync.exe (Microsoft Corporation)
Shortcut: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live\Windows Live Writer.lnk -> D:\Program Files\Windows Live\Writer\WindowsLiveWriter.exe (Microsoft Corp.)
Shortcut: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware\VMware Player.lnk -> D:\Program Files\VMware\VMware Player\vmplayer.exe (VMware, Inc.)
Shortcut: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Documentation.lnk -> D:\Program Files\VideoLAN\VLC\Documentation.url ()
Shortcut: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Release Notes.lnk -> D:\Program Files\VideoLAN\VLC\NEWS.txt ()
Shortcut: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VideoLAN Website.lnk -> D:\Program Files\VideoLAN\VLC\VideoLAN Website.url ()
Shortcut: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player.lnk -> D:\Program Files\VideoLAN\VLC\vlc.exe (VideoLAN)
Shortcut: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Universal Extractor\Uninstall Universal Extractor.lnk -> D:\Program Files\Universal Extractor\unins000.exe (No File)
Shortcut: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Universal Extractor\Universal Extractor Preferences.lnk -> D:\Program Files\Universal Extractor\UniExtract.exe (No File)
Shortcut: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Universal Extractor\Universal Extractor.lnk -> D:\Program Files\Universal Extractor\UniExtract.exe (No File)
Shortcut: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total Video Converter\Media Burner.lnk -> D:\Program Files\Total Video Converter\MediaBurner.exe (iTinySoft)
Shortcut: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total Video Converter\Total Video Converter on the Web.lnk -> D:\Program Files\Total Video Converter\tvc.url ()
Shortcut: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total Video Converter\Total Video Converter.lnk -> D:\Program Files\Total Video Converter\tvcshell.exe ()
Shortcut: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total Video Converter\Total Video Player.lnk -> D:\Program Files\Total Video Converter\tvp.exe ()
Shortcut: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total Video Converter\Uninstall Total Video Converter.lnk -> D:\Program Files\Total Video Converter\unins000.exe ()
Shortcut: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam\Steam.lnk -> D:\Program Files\Steam\Steam.exe (Valve Corporation)
Shortcut: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy\Speccy.lnk -> D:\Program Files\Speccy\Speccy.exe (Piriform Ltd)
Shortcut: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy\Uninstall Speccy.lnk -> D:\Program Files\Speccy\uninst.exe (Piriform Ltd)
Shortcut: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype\Skype.lnk -> D:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
Shortcut: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva\Recuva.lnk -> D:\Program Files\Recuva\recuva.exe (Piriform Ltd)
Shortcut: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva\Uninstall Recuva.lnk -> D:\Program Files\Recuva\uninst.exe (Piriform Ltd)
Shortcut: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO\PowerISO Help.lnk -> D:\Program Files\PowerISO\PowerISO.chm ()
Shortcut: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO\PowerISO Virtual Drive Manager.lnk -> D:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
Shortcut: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO\PowerISO.lnk -> D:\Program Files\PowerISO\PowerISO.exe (PowerISO Computing, Inc.)
Shortcut: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO\Uninstall PowerISO.lnk -> D:\Program Files\PowerISO\uninstall.exe ()
Shortcut: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCSX2\Frequently Asked Questions.lnk -> D:\Program Files\PCSX2 1.2.1\Docs\PCSX2_FAQ.pdf ()
Shortcut: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCSX2\PCSX2 1.2.1 (r5875).lnk -> D:\Program Files\PCSX2 1.2.1\pcsx2-r5875.exe ()
Shortcut: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCSX2\Readme.lnk -> D:\Program Files\PCSX2 1.2.1\Docs\PCSX2_Readme.pdf ()
Shortcut: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCSX2\Uninstall PCSX2 1.2.1 (r5875).lnk -> D:\Program Files\PCSX2 1.2.1\Uninst-pcsx2-r5875.exe ()
Shortcut: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\NHM Writer\NHM Writer.lnk -> D:\Program Files\NHM Writer\NhmWriter.exe (New Horizon Media)
Shortcut: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\NHM Writer\Uninstall NHM Writer.lnk -> D:\Program Files\NHM Writer\unins000.exe ()
Shortcut: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\NeoSmart Technologies\EasyBCD\EasyBCD 2.2.lnk -> D:\Program Files\NeoSmart Technologies\EasyBCD\EasyBCD.exe (NeoSmart Technologies)
Shortcut: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\NeoSmart Technologies\EasyBCD\Uninstall EasyBCD.lnk -> D:\Program Files\NeoSmart Technologies\EasyBCD\uninstall.exe ()
Shortcut: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox\Mozilla Firefox.lnk -> D:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mirillis\Action!\Action!.lnk -> D:\Program Files\Mirillis\Action!\Action.exe (Mirillis Ltd.)
Shortcut: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mirillis\Action!\User Manual.lnk -> D:\Program Files\Mirillis\Action!\Action!_User_Manual.pdf ()
Shortcut: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiniTool Partition Wizard Free 9.0\MiniTool Partition Wizard Free.lnk -> D:\Program Files\MiniTool Partition Wizard Free 9.0\loader.exe ()
Shortcut: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiniTool Partition Wizard Free 9.0\MiniTool Partition Wizard Help.lnk -> D:\Program Files\MiniTool Partition Wizard Free 9.0\pw.chm ()
Shortcut: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiniTool Partition Wizard Free 9.0\Uninstall MiniTool Partition Wizard Free.lnk -> D:\Program Files\MiniTool Partition Wizard Free 9.0\unins000.exe ()
Shortcut: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk -> D:\Program Files\Microsoft Silverlight\5.1.30514.0\Silverlight.Configuration.exe (Microsoft Corporation)
Shortcut: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Access 2007.lnk -> D:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\accicons.exe ()
Shortcut: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Excel 2007.lnk -> D:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\xlicons.exe ()
Shortcut: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office InfoPath 2007.lnk -> D:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\inficon.exe ()
Shortcut: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Outlook 2007.lnk -> D:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\outicon.exe ()
Shortcut: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office PowerPoint 2007.lnk -> D:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pptico.exe ()
Shortcut: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Publisher 2007.lnk -> D:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pubs.exe ()
Shortcut: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Word 2007.lnk -> D:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe ()
Shortcut: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Digital Certificate for VBA Projects.lnk -> D:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\misc.exe ()
Shortcut: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Clip Organizer.lnk -> D:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\cagicon.exe ()
Shortcut: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office 2007 Language Settings.lnk -> D:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\misc.exe ()
Shortcut: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Diagnostics.lnk -> D:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\misc.exe ()
Shortcut: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Picture Manager.lnk -> D:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\oisicon.exe ()
Shortcut: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk -> D:\Program Files\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes Corporation)
Shortcut: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Uninstall Malwarebytes Anti-Malware.lnk -> D:\Program Files\Malwarebytes Anti-Malware\unins000.exe ()
Shortcut: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk -> D:\Program Files\Malwarebytes Anti-Malware\Chameleon\Windows\chameleon.chm ()
Shortcut: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Create Recovery Disc.lnk -> D:\Windows\System32\recdisc.exe (Microsoft Corporation)
Shortcut: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Remote Assistance.lnk -> D:\Windows\System32\msra.exe (Microsoft Corporation)
Shortcut: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\KGB Archiver\Get Google's FREE Software Pack!.lnk -> D:\Program Files\KGB Archiver\Get Google Pack.url ()
Shortcut: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\KGB Archiver\Get Great Movie and TV Series Downloads.lnk -> D:\Program Files\KGB Archiver\Movie Downloads.url ()
Shortcut: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\KGB Archiver\Get Paid to Take Surveys!.lnk -> D:\Program Files\KGB Archiver\Surveys.url ()
Shortcut: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\KGB Archiver\License Agreement.lnk -> D:\Program Files\KGB Archiver\license.txt ()
Shortcut: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\KGB Archiver\Privacy Policy.lnk -> D:\Program Files\KGB Archiver\Privacy Policy.url ()
Shortcut: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\KGB Archiver\Run KGB Archiver.lnk -> D:\Program Files\KGB Archiver\kgb_arch_conf.exe (Tomasz Pawlak)
Shortcut: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\KGB Archiver\Uninstall Instructions.lnk -> D:\Program Files\KGB Archiver\Uninstall Instructions.txt ()
Shortcut: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\KGB Archiver\Uninstall.lnk -> D:\Program Files\KGB Archiver\unins000.exe ()
Shortcut: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image Writer\Uninstall Win32DiskImager.lnk -> D:\Program Files\ImageWriter\unins000.exe ()
Shortcut: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image Writer\Win32DiskImager.lnk -> D:\Program Files\ImageWriter\Win32DiskImager.exe ()
Shortcut: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> D:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Keyl0gger\Free Keyl0gger.lnk -> E:\CCleaner Professional Plus 4.12 Final Incl Crack - SceneDL\FKGER_Monitor\service.exe ()
Shortcut: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts\Need for Speed™ Carbon\Microsoft DirectX EULA.lnk -> E:\Need for Speed Carbon\Support\en-uk_eula.txt ()
Shortcut: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts\Need for Speed™ Carbon\Need for Speed™ Carbon.lnk -> E:\Need for Speed Carbon\NFSC.exe ()
Shortcut: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts\Need for Speed™ Carbon\Read Me.lnk -> E:\Need for Speed Carbon\Support\en-uk\readme.txt ()
Shortcut: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts\Need for Speed™ Carbon\Technical Support.lnk -> E:\Need for Speed Carbon\Support\European Help Files\EA_Help_Select.htm ()
Shortcut: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts\Need for Speed™ Carbon\Uninstall Need for Speed™ Carbon.lnk -> E:\Need for Speed Carbon\eauninstall.exe (Electronic Arts Inc.)
Shortcut: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverToolkit\DriverToolkit.lnk -> D:\Program Files\DriverToolkit\DriverToolkit.exe (Megaify Software Co., Ltd.)
Shortcut: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverToolkit\Uninstall DriverToolkit.lnk -> D:\Program Files\DriverToolkit\unins000.exe ()
Shortcut: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster\Driver Booster.lnk -> D:\Program Files\IObit\Driver Booster\SkipUacExec.exe (IObit)
Shortcut: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster\Uninstall Driver Booster.lnk -> D:\Program Files\IObit\Driver Booster\unins000.exe ()
Shortcut: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Disney Interactive Studios\Pirates of the Caribbean - At Worlds End\Pirates of the Caribbean - At Worlds End Help.lnk -> C:\Program Files\Disney Interactive Studios\Pirates of the Caribbean - At Worlds End\eManualEN.chm (No File)
Shortcut: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Disney Interactive Studios\Pirates of the Caribbean - At Worlds End\Pirates of the Caribbean - At Worlds End.lnk -> C:\Program Files\Disney Interactive Studios\Pirates of the Caribbean - At Worlds End\At Worlds End.exe (No File)
Shortcut: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Disney Interactive Studios\Pirates of the Caribbean - At Worlds End\Register Pirates of the Caribbean - At Worlds End.lnk -> C:\Program Files\Disney Interactive Studios\Pirates of the Caribbean - At Worlds End\eReg\DSN1.exe (No File)
Shortcut: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Defraggler\Defraggler.lnk -> D:\Program Files\Defraggler\Defraggler.exe (Piriform Ltd)
Shortcut: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Defraggler\Uninstall Defraggler.lnk -> D:\Program Files\Defraggler\uninst.exe (Piriform Ltd)
Shortcut: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberGhost 5\CyberGhost 5.lnk -> D:\Program Files\CyberGhost 5\CyberGhost.exe (CyberGhost S.R.L.)
Shortcut: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberGhost 5\Uninstall CyberGhost 5.lnk -> D:\Program Files\CyberGhost 5\unins000.exe ()
Shortcut: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\ConvertMovie 4.4\ConvertMovie 4.4 Help.lnk -> D:\Program Files\ConvertMovie 4.4\convertmovie.chm (No File)
Shortcut: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\ConvertMovie 4.4\ConvertMovie 4.4 Homepage.lnk -> D:\Program Files\ConvertMovie 4.4\ConvertMovie 4.4.url (No File)
Shortcut: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\ConvertMovie 4.4\ConvertMovie 4.4.lnk -> D:\Program Files\ConvertMovie 4.4\ConvertMovie.exe (No File)
Shortcut: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\ConvertMovie 4.4\Uninstall ConvertMovie 4.4.lnk -> D:\Program Files\ConvertMovie 4.4\uninst.exe (No File)
Shortcut: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\CodeGazer\VistaGlazz\Uninstall VistaGlazz.lnk -> D:\Program Files\CodeGazer\VistaGlazz\unins000.exe ()
Shortcut: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\CodeGazer\VistaGlazz\Visit product website.lnk -> D:\Program Files\CodeGazer\VistaGlazz\Product.url ()
Shortcut: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\CodeGazer\VistaGlazz\VistaGlazz help.lnk -> D:\Program Files\CodeGazer\VistaGlazz\VistaGlazz.chm ()
Shortcut: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\CodeGazer\VistaGlazz\VistaGlazz.lnk -> D:\Program Files\CodeGazer\VistaGlazz\VistaGlazz.exe (CodeGazer)
Shortcut: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point\ZoneAlarm\ZoneAlarm Diagnostics Tool.lnk -> D:\Program Files\CheckPoint\ZoneAlarm\diagnostics\DiagnosticsCaptureTool.exe (Check Point Software Technologies Ltd.)
Shortcut: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point\ZoneAlarm\ZoneAlarm Logs.lnk -> D:\ProgramData\CheckPoint\ZoneAlarm\Logs ()
Shortcut: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point\ZoneAlarm\ZoneAlarm Security.lnk -> D:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies Ltd.)
Shortcut: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner.lnk -> D:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd)
Shortcut: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\Uninstall CCleaner.lnk -> D:\Program Files\CCleaner\uninst.exe (Piriform Ltd)
Shortcut: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management\calibre - E-book management.lnk -> D:\Program Files\Calibre2\calibre.exe ()
Shortcut: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management\E-book viewer.lnk -> D:\Program Files\Calibre2\ebook-viewer.exe ()
Shortcut: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management\LRF viewer.lnk -> D:\Program Files\Calibre2\lrfviewer.exe ()
Shortcut: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks\Start BlueStacks.lnk -> D:\Program Files\BlueStacks\HD-StartLauncher.exe (BlueStack Systems, Inc.)
Shortcut: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 2015\Bitdefender Antivirus Plus 2015.lnk -> D:\Program Files\Bitdefender\Bitdefender 2015\seccenter.exe (Bitdefender)
Shortcut: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 2015\Bitdefender Safepay.lnk -> D:\Program Files\Bitdefender\Bitdefender 2015\obk.exe (Bitdefender)
Shortcut: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 2015\Help.lnk -> D:\Program Files\Bitdefender\Bitdefender 2015\support\offlinemanual\html\index.html ()
Shortcut: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 2015\Readme.lnk -> D:\Program Files\Bitdefender\Bitdefender 2015\_enhtml\readme.html ()
Shortcut: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 2015\Repair or Uninstall.lnk -> D:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\installer.exe (Bitdefender)
Shortcut: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Port Scanner\Advanced Port Scanner.lnk -> D:\Program Files\Advanced Port Scanner\Advanced Port Scanner.exe ()
Shortcut: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Port Scanner\Help.lnk -> D:\Program Files\Advanced Port Scanner\Advanced Port Scanner.chm ()
Shortcut: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Port Scanner\Uninstall.lnk -> D:\Program Files\Advanced Port Scanner\uninstal.exe ()
Shortcut: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> D:\Windows\System32\comexp.msc ()
Shortcut: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Data Sources (ODBC).lnk -> D:\Windows\System32\odbcad32.exe (Microsoft Corporation)
Shortcut: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> D:\Windows\System32\iscsicpl.exe (Microsoft Corporation)
Shortcut: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> D:\Windows\System32\MdSched.exe (Microsoft Corporation)
Shortcut: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Print Management.lnk -> D:\Windows\System32\printmanagement.msc ()
Shortcut: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> D:\Windows\System32\services.msc ()
Shortcut: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> D:\Windows\System32\msconfig.exe (Microsoft Corporation)
Shortcut: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk -> D:\Windows\System32\WF.msc ()
Shortcut: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Calculator.lnk -> D:\Windows\System32\calc.exe (Microsoft Corporation)
Shortcut: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\displayswitch.lnk -> D:\Windows\System32\displayswitch.exe (Microsoft Corporation)
Shortcut: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\NetworkProjection.lnk -> D:\Windows\System32\NetProj.exe (Microsoft Corporation)
Shortcut: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> D:\Windows\System32\mspaint.exe (Microsoft Corporation)
Shortcut: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> D:\Windows\System32\mstsc.exe (Microsoft Corporation)
Shortcut: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> D:\Windows\System32\SnippingTool.exe (Microsoft Corporation)
Shortcut: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sound Recorder.lnk -> D:\Windows\System32\SoundRecorder.exe (Microsoft Corporation)
Shortcut: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk -> D:\Windows\System32\StikyNot.exe (Microsoft Corporation)
Shortcut: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sync Center.lnk -> D:\Windows\System32\mobsync.exe (Microsoft Corporation)
Shortcut: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> D:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)
Shortcut: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE.lnk -> D:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk -> D:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> D:\Windows\System32\charmap.exe (Microsoft Corporation)
Shortcut: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\dfrgui.lnk -> D:\Windows\System32\dfrgui.exe (Microsoft Corporation)
Shortcut: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Disk Cleanup.lnk -> D:\Windows\System32\cleanmgr.exe (Microsoft Corporation)
Shortcut: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Information.lnk -> D:\Windows\System32\msinfo32.exe (Microsoft Corporation)
Shortcut: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Restore.lnk -> D:\Windows\System32\rstrui.exe (Microsoft Corporation)
Shortcut: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer Reports.lnk -> D:\Windows\System32\migwiz\PostMig.exe (Microsoft Corporation)
Shortcut: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer.lnk -> D:\Windows\System32\migwiz\migwiz.exe (Microsoft Corporation)
Shortcut: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip\7-Zip File Manager.lnk -> D:\Program Files\7-Zip\7zFM.exe (Igor Pavlov)
Shortcut: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip\7-Zip Help.lnk -> D:\Program Files\7-Zip\7-zip.chm ()
Shortcut: D:\ProgramData\Microsoft\Windows\GameExplorer\{94D270A7-9F54-4D29-BAB6-145E60126E51}\PlayTasks\0\Play.lnk -> D:\Program Files\Rovio\Angry Birds Seasons\AngryBirdsSeasons.exe (No File)
Shortcut: D:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> D:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: D:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> D:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: D:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> D:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: D:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> D:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: D:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> D:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: D:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> D:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: D:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> D:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: D:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\VMware Player.lnk -> D:\Program Files\VMware\VMware Player\vmplayer.exe (VMware, Inc.)
Shortcut: D:\Users\PADMAM\Links\Desktop.lnk -> D:\Users\PADMAM\Desktop ()
Shortcut: D:\Users\PADMAM\Links\Downloads.lnk -> D:\Users\PADMAM\Downloads ()
Shortcut: D:\Users\PADMAM\Desktop\Action!.lnk -> D:\Program Files\Mirillis\Action!\dontcrack.exe (Mirillis Ltd.)
Shortcut: D:\Users\PADMAM\Desktop\CyberGhost 5.lnk -> D:\Program Files\CyberGhost 5\CyberGhost.exe (CyberGhost S.R.L.)
Shortcut: D:\Users\PADMAM\Desktop\Subway Surfers.lnk -> D:\Games\Subway Surfers\Subway_Surfers.exe ()
Shortcut: D:\Users\PADMAM\Desktop\Total Video Converter.lnk -> D:\Program Files\Total Video Converter\tvcshell.exe ()
Shortcut: D:\Users\PADMAM\Desktop\µTorrent.lnk -> D:\Users\PADMAM\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
Shortcut: D:\Users\PADMAM\Desktop\Naren\Adobe Download Assistant.lnk -> D:\Program Files\Adobe Download Assistant\Adobe Download Assistant.exe (No File)
Shortcut: D:\Users\PADMAM\Desktop\Naren\BuzzBundle.lnk -> D:\Program Files\Link-AssistantCom\BuzzBundle\bin\buzzbundle.exe (No File)
Shortcut: D:\Users\PADMAM\Desktop\Naren\HSS-3.42-install-plain-702-plain.exe - Shortcut.lnk -> D:\Users\PADMAM\Downloads\Documents\HSS-3.42-install-plain-702-plain.exe ()
Shortcut: D:\Users\PADMAM\Desktop\Naren\LinkAssistant.lnk -> D:\Program Files\Link-AssistantCom\LinkAssistant\bin\linkassistant.exe (No File)
Shortcut: D:\Users\PADMAM\Desktop\Naren\PCSX2 0.9.8 (r4600).lnk -> D:\Program Files\PCSX2 0.9.8\pcsx2-r4600.exe ()
Shortcut: D:\Users\PADMAM\Desktop\Naren\Rank Tracker.lnk -> D:\Program Files\Link-AssistantCom\Rank Tracker\bin\ranktracker.exe (No File)
Shortcut: D:\Users\PADMAM\Desktop\Naren\SEO SpyGlass.lnk -> D:\Program Files\Link-AssistantCom\SEO SpyGlass\bin\seospyglass.exe (No File)
Shortcut: D:\Users\PADMAM\Desktop\Naren\Total Video Player.lnk -> D:\Program Files\Total Video Converter\tvp.exe ()
Shortcut: D:\Users\PADMAM\Desktop\Naren\WebSite Auditor.lnk -> D:\Program Files\Link-AssistantCom\WebSite Auditor\bin\websiteauditor.exe (No File)
Shortcut: D:\Users\PADMAM\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk -> D:\Users\PADMAM\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
Shortcut: D:\Users\PADMAM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> D:\Program Files\Internet Explorer\iexplore.exe (No File)
Shortcut: D:\Users\PADMAM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Subway Surfers 1.0\Cat-A-Cat GAMES.lnk -> D:\Games\Subway Surfers\d.url ()
Shortcut: D:\Users\PADMAM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Subway Surfers 1.0\Subway Surfers.lnk -> D:\Games\Subway Surfers\Subway_Surfers.exe ()
Shortcut: D:\Users\PADMAM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Subway Surfers 1.0\Uninstall.lnk -> D:\Games\Subway Surfers\Uninstall.exe ()
Shortcut: D:\Users\PADMAM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> D:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: D:\Users\PADMAM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> D:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: D:\Users\PADMAM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> D:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: D:\Users\PADMAM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> D:\Program Files\Internet Explorer\iexplore.exe (No File)
Shortcut: D:\Users\PADMAM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> D:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: D:\Users\PADMAM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> D:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: D:\Users\PADMAM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> D:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: D:\Users\PADMAM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> D:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: D:\Users\PADMAM\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\CyberGhost 5.lnk -> D:\Program Files\CyberGhost 5\CyberGhost.exe (CyberGhost S.R.L.)
Shortcut: D:\Users\PADMAM\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> D:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: D:\Users\PADMAM\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> D:\Program Files\Internet Explorer\iexplore.exe (No File)
Shortcut: D:\Users\PADMAM\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk -> D:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: D:\Users\PADMAM\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Opera.lnk -> D:\Program Files\Opera\opera.exe (Opera Software)
Shortcut: D:\Users\PADMAM\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\VMware Player.lnk -> D:\Program Files\VMware\VMware Player\vmplayer.exe (VMware, Inc.)
Shortcut: D:\Users\PADMAM\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk -> D:\Users\PADMAM\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
Shortcut: D:\Users\PADMAM\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\7z Setup SFX (x86) (2).lnk -> D:\Users\PADMAM\Desktop\Photoshop_cs6_se_30.04.2013.exe (No File)
Shortcut: D:\Users\PADMAM\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\7z Setup SFX (x86).lnk -> D:\Users\PADMAM\Desktop\Photoshop_cs6_se_30.04.2013.exe (No File)
Shortcut: D:\Users\PADMAM\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Action!.lnk -> D:\Program Files\Mirillis\Action!\dontcrack.exe (Mirillis Ltd.)
Shortcut: D:\Users\PADMAM\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> D:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: D:\Users\PADMAM\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\MiniTool Partition Wizard Free.lnk -> D:\Program Files\MiniTool Partition Wizard Free 9.0\loader.exe ()
Shortcut: D:\Users\PADMAM\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Start BlueStacks.lnk -> D:\Program Files\BlueStacks\HD-StartLauncher.exe (BlueStack Systems, Inc.)
Shortcut: D:\Users\PADMAM\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\VMware Player.lnk -> D:\Program Files\VMware\VMware Player\vmplayer.exe (VMware, Inc.)
Shortcut: D:\Users\PADMAM\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk -> D:\Windows\System32\control.exe (Microsoft Corporation)
Shortcut: D:\Users\PADMAM\AppData\Local\Microsoft\Windows\GameExplorer\{28CEF319-2C1E-4D6A-9783-5ED67F0CACF4}\PlayTasks\0\Play.lnk -> F:\Vice_City_ulimate\gta-vc.exe ()
Shortcut: D:\Users\PADMAM\AppData\Local\Microsoft\Windows\GameExplorer\{05C7D228-A0E8-41A5-AA3B-A097D320C2BC}\PlayTasks\0\Play.lnk -> E:\Need for Speed Carbon\NFSC.exe ()
Shortcut: D:\Users\Public\Desktop\Apps.lnk -> D:\Users\Public\Libraries\Apps.library-ms ()
Shortcut: D:\Users\Public\Desktop\Bitdefender Antivirus Plus 2015.lnk -> D:\Program Files\Bitdefender\Bitdefender 2015\seccenter.exe (Bitdefender)
Shortcut: D:\Users\Public\Desktop\Calibre - E-book management.lnk -> D:\Program Files\Calibre2\calibre.exe ()
Shortcut: D:\Users\Public\Desktop\CCleaner.lnk -> D:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd)
Shortcut: D:\Users\Public\Desktop\Defraggler.lnk -> D:\Program Files\Defraggler\Defraggler.exe (Piriform Ltd)
Shortcut: D:\Users\Public\Desktop\Driver Booster.lnk -> D:\Program Files\IObit\Driver Booster\SkipUacExec.exe (IObit)
Shortcut: D:\Users\Public\Desktop\DriverToolkit.lnk -> D:\Program Files\DriverToolkit\DriverToolkit.exe (Megaify Software Co., Ltd.)
Shortcut: D:\Users\Public\Desktop\EasyBCD 2.2.lnk -> D:\Program Files\NeoSmart Technologies\EasyBCD\EasyBCD.exe (NeoSmart Technologies)
Shortcut: D:\Users\Public\Desktop\Google Chrome.lnk -> D:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: D:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk -> D:\Program Files\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes Corporation)
Shortcut: D:\Users\Public\Desktop\MiniTool Partition Wizard Free.lnk -> D:\Program Files\MiniTool Partition Wizard Free 9.0\loader.exe ()
Shortcut: D:\Users\Public\Desktop\Need for Speed™ Carbon.lnk -> E:\Need for Speed Carbon\NFSC.exe ()
Shortcut: D:\Users\Public\Desktop\NHM Writer.lnk -> D:\Program Files\NHM Writer\NhmWriter.exe (New Horizon Media)
Shortcut: D:\Users\Public\Desktop\PCSX2 1.2.1 (r5875).lnk -> D:\Program Files\PCSX2 1.2.1\pcsx2-r5875.exe ()
Shortcut: D:\Users\Public\Desktop\Photoshop CS6.lnk -> D:\Program Files\Photoshop\Photoshop.exe (Adobe Systems, Incorporated)
Shortcut: D:\Users\Public\Desktop\PowerISO.lnk -> D:\Program Files\PowerISO\PowerISO.exe (PowerISO Computing, Inc.)
Shortcut: D:\Users\Public\Desktop\Recuva.lnk -> D:\Program Files\Recuva\recuva.exe (Piriform Ltd)
Shortcut: D:\Users\Public\Desktop\Skype.lnk -> D:\Windows\Installer\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}\SkypeIcon.exe ()
Shortcut: D:\Users\Public\Desktop\Speccy.lnk -> D:\Program Files\Speccy\Speccy.exe (Piriform Ltd)
Shortcut: D:\Users\Public\Desktop\Start BlueStacks.lnk -> D:\Program Files\BlueStacks\HD-StartLauncher.exe (BlueStack Systems, Inc.)
Shortcut: D:\Users\Public\Desktop\Steam.lnk -> D:\Program Files\Steam\Steam.exe (Valve Corporation)
Shortcut: D:\Users\Public\Desktop\VistaGlazz.lnk -> D:\Program Files\CodeGazer\VistaGlazz\VistaGlazz.exe (CodeGazer)
Shortcut: D:\Users\Public\Desktop\VLC media player.lnk -> D:\Program Files\VideoLAN\VLC\vlc.exe (VideoLAN)
Shortcut: D:\Users\Public\Desktop\VMware Player.lnk -> D:\Program Files\VMware\VMware Player\vmplayer.exe (VMware, Inc.)
Shortcut: D:\Users\Public\Desktop\YTD Video Downloader.lnk -> D:\Program Files\GreenTree Applications\YTD Video Downloader\ytd.exe (GreenTree Applications SRL)
Shortcut: D:\Users\Public\Desktop\ZoneAlarm Security.lnk -> D:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies Ltd.)




ShortcutWithArgument: D:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk -> D:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DefaultPrograms
ShortcutWithArgument: D:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk -> D:\Windows\System32\wuapp.exe (Microsoft Corporation) -> startmenu
ShortcutWithArgument: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Default Manager.lnk -> D:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation) -> -settings
ShortcutWithArgument: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk -> D:\Program Files\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Reset VLC media player preferences and cache files.lnk -> D:\Program Files\VideoLAN\VLC\vlc.exe (VideoLAN) -> --reset-config --reset-plugins-cache vlc://quit
ShortcutWithArgument: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player skinned.lnk -> D:\Program Files\VideoLAN\VLC\vlc.exe (VideoLAN) -> -Iskins
ShortcutWithArgument: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox\Mozilla Firefox (Safe Mode).lnk -> D:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> -safe-mode
ShortcutWithArgument: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (English)\Microsoft Excel Starter 2010.lnk -> D:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVH.EXE (Microsoft Corporation) -> "Microsoft Excel Starter 2010 9014006604090000"
ShortcutWithArgument: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (English)\Microsoft Word Starter 2010.lnk -> D:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVH.EXE (Microsoft Corporation) -> "Microsoft Word Starter 2010 9014006604090000"
ShortcutWithArgument: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (English)\Microsoft Office 2010 Tools\Microsoft Clip Organizer.lnk -> D:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVH.EXE (Microsoft Corporation) -> "Microsoft Clip Organizer 9014006604090000"
ShortcutWithArgument: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (English)\Microsoft Office 2010 Tools\Microsoft Office 2010 Upload Center.lnk -> D:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVH.EXE (Microsoft Corporation) -> "Microsoft Office 2010 Upload Center 9014006604090000"
ShortcutWithArgument: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (English)\Microsoft Office 2010 Tools\Microsoft Office Picture Manager.lnk -> D:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVH.EXE (Microsoft Corporation) -> "Microsoft Office Picture Manager 9014006604090000"
ShortcutWithArgument: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (English)\Microsoft Office 2010 Tools\Microsoft Office Starter To-Go Device Manager 2010.lnk -> D:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVH.EXE (Microsoft Corporation) -> "Microsoft Office Starter To-Go Device Manager 2010 9014006604090000"
ShortcutWithArgument: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Backup and Restore Center.lnk -> D:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.BackupAndRestore
ShortcutWithArgument: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts\Need for Speed™ Carbon\Electronic Registration.lnk -> E:\Need for Speed Carbon\Support\EReg.exe (Electronic Arts Inc.) -> "nfsc.exe"
ShortcutWithArgument: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts\Need for Speed™ Carbon\Need for Speed™ Carbon Safemode.lnk -> E:\Need for Speed Carbon\NFSC.exe () -> /s
ShortcutWithArgument: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Disney Interactive Studios\Pirates of the Caribbean - At Worlds End\Uninstall Pirates of the Caribbean - At Worlds End.lnk -> D:\Program Files\InstallShield Installation Information\{01CBFCE7-95AD-40F3-BC63-C46EFB2FC9C4}\setup.exe (Macrovision Corporation) -> -runfromtemp -l0x0009 Pirates of the Caribbean - At Worlds End
ShortcutWithArgument: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> D:\Windows\System32\compmgmt.msc () -> /s
ShortcutWithArgument: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> D:\Windows\System32\eventvwr.msc () -> /s
ShortcutWithArgument: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> D:\Windows\System32\perfmon.msc () -> /s
ShortcutWithArgument: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk -> D:\Windows\System32\secpol.msc () -> /s
ShortcutWithArgument: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> D:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell Modules.lnk -> D:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) -> -NoExit -ImportSystemModules
ShortcutWithArgument: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Mobility Center.lnk -> D:\Windows\System32\mblctr.exe (Microsoft Corporation) -> /open
ShortcutWithArgument: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Welcome Center.lnk -> D:\Windows\System32\rundll32.exe (Microsoft Corporation) -> %SystemRoot%\system32\OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcut
ShortcutWithArgument: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Resource Monitor.lnk -> D:\Windows\System32\perfmon.exe (Microsoft Corporation) -> /res
ShortcutWithArgument: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Task Scheduler.lnk -> D:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Speech Recognition.lnk -> D:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX
ShortcutWithArgument: D:\ProgramData\BlueStacks\UserData\Library\My Apps\Appstore.lnk -> D:\Program Files\BlueStacks\HD-RunApp.exe (BlueStack Systems, Inc.) -> -p com.amazon.venezia -a com.amazon.venezia.Venezia
ShortcutWithArgument: D:\ProgramData\BlueStacks\UserData\Library\My Apps\Facebook.lnk -> D:\Program Files\BlueStacks\HD-RunApp.exe (BlueStack Systems, Inc.) -> -p com.facebook.katana -a com.facebook.katana.LoginActivity
ShortcutWithArgument: D:\ProgramData\BlueStacks\UserData\Library\My Apps\Help.lnk -> D:\Program Files\BlueStacks\HD-RunApp.exe (BlueStack Systems, Inc.) -> -p com.bluestacks.help -a com.bluestacks.help.HelpActivity
ShortcutWithArgument: D:\ProgramData\BlueStacks\UserData\Library\My Apps\Hill Climb Racing.lnk -> D:\Program Files\BlueStacks\HD-RunApp.exe (BlueStack Systems, Inc.) -> -p com.fingersoft.hillclimb -a com.fingersoft.game.MainActivity
ShortcutWithArgument: D:\ProgramData\BlueStacks\UserData\Library\My Apps\s2p.lnk -> D:\Program Files\BlueStacks\HD-RunApp.exe (BlueStack Systems, Inc.) -> -p com.bluestacks.s2p2083 -a .Main
ShortcutWithArgument: D:\ProgramData\BlueStacks\UserData\Library\My Apps\Twitter.lnk -> D:\Program Files\BlueStacks\HD-RunApp.exe (BlueStack Systems, Inc.) -> -p com.twitter.android -a com.twitter.android.StartActivity
ShortcutWithArgument: D:\ProgramData\BlueStacks\UserData\Library\My Apps\WhatsApp.lnk -> D:\Program Files\BlueStacks\HD-RunApp.exe (BlueStack Systems, Inc.) -> -p com.whatsapp -a com.whatsapp.Main
ShortcutWithArgument: D:\ProgramData\BlueStacks\UserData\Library\App Stores\1Mobile Market.lnk -> D:\Program Files\BlueStacks\HD-RunApp.exe (BlueStack Systems, Inc.) -> -p me.onemobile.android -a me.onemobile.android.MainPagerActivity
ShortcutWithArgument: D:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> D:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: D:\Users\PADMAM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> D:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: D:\Users\PADMAM\AppData\Roaming\Microsoft\Windows\SendTo\Skype.lnk -> D:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.) -> /sendto:


InternetURL: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\YTD Video Downloader\Web site.url -> hxxp://www.youtubedownloadersite.com/
InternetURL: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\YTD Video Downloader\YTD Video Downloader Help.url -> hxxp://www.youtubedownloadersite.com/help.html
InternetURL: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam\Steam Support Center.url -> hxxp://support.steampowered.com/
InternetURL: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy\Speccy Homepage.url -> hxxp://www.piriform.com/speccy
InternetURL: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva\Recuva Homepage.url -> hxxp://www.piriform.com/recuva
InternetURL: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\NHM Writer\NHM Writer on the Web.url -> hxxp://software.nhm.in
InternetURL: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiniTool Partition Wizard Free 9.0\MiniTool Partition Wizard Free on the Web.url -> hxxp://www.partitionwizard.com
InternetURL: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image Writer\Win32DiskImager on the Web.url -> hxxp://win32diskimager.sourceforge.net
InternetURL: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts\Need for Speed™ Carbon\Check For Update.url -> hxxp://patches.ea.com/nfs_carbon/home.html
InternetURL: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverToolkit\DriverToolkit on the Web.url -> hxxp://www.drivertoolkit.com
InternetURL: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Defraggler\Defraggler Homepage.url -> hxxp://www.piriform.com/defraggler
InternetURL: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner Homepage.url -> hxxp://www.piriform.com/ccleaner
InternetURL: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management\Get Involved.url -> hxxp://calibre-ebook.com/get-involved
InternetURL: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management\User Manual.url -> hxxp://calibre-ebook.com/user_manual
InternetURL: D:\Users\PADMAM\Favorites\HCL Corp Website.url -> hxxp://www.hcl.in/
InternetURL: D:\Users\PADMAM\Favorites\HCL Store.url -> hxxp://www.hclstore.in/
InternetURL: D:\Users\PADMAM\Favorites\HCL Support Website.url -> hxxp://www.hclsupportservice.com/
InternetURL: D:\Users\PADMAM\Favorites\The NeoSmart Files.url -> hxxp://neosmart.net/blog/feed/
InternetURL: D:\Users\PADMAM\Favorites\Windows Live\Get Windows Live.url -> hxxp://go.microsoft.com/fwlink/?LinkId=69172
InternetURL: D:\Users\PADMAM\Favorites\Windows Live\Windows Live Gallery.url -> hxxp://go.microsoft.com/fwlink/?LinkId=70742
InternetURL: D:\Users\PADMAM\Favorites\Windows Live\Windows Live Mail.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68925
InternetURL: D:\Users\PADMAM\Favorites\Windows Live\Windows Live Spaces.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68927
InternetURL: D:\Users\PADMAM\Favorites\MSN Websites\MSN Autos.url -> hxxp://go.microsoft.com/fwlink/?LinkId=55143
InternetURL: D:\Users\PADMAM\Favorites\MSN Websites\MSN Entertainment.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68924
InternetURL: D:\Users\PADMAM\Favorites\MSN Websites\MSN Money.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68923
InternetURL: D:\Users\PADMAM\Favorites\MSN Websites\MSN Sports.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68921
InternetURL: D:\Users\PADMAM\Favorites\MSN Websites\MSN.url -> hxxp://go.microsoft.com/fwlink/?LinkId=54729
InternetURL: D:\Users\PADMAM\Favorites\MSN Websites\MSNBC News.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68922
InternetURL: D:\Users\PADMAM\Favorites\Microsoft Websites\IE Add-on site.url -> hxxp://go.microsoft.com/fwlink/?LinkId=50893
InternetURL: D:\Users\PADMAM\Favorites\Microsoft Websites\IE site on Microsoft.com.url -> hxxp://go.microsoft.com/fwlink/?linkid=44661
InternetURL: D:\Users\PADMAM\Favorites\Microsoft Websites\Microsoft At Home.url -> hxxp://go.microsoft.com/fwlink/?linkid=55424
InternetURL: D:\Users\PADMAM\Favorites\Microsoft Websites\Microsoft At Work.url -> hxxp://go.microsoft.com/fwlink/?linkid=68920
InternetURL: D:\Users\PADMAM\Favorites\Microsoft Websites\Microsoft Store.url -> hxxp://go.microsoft.com/fwlink/?linkid=140813
InternetURL: D:\Users\PADMAM\Favorites\Links\Suggested Sites.url -> https://ieonline.microsoft.com/#ieslice
InternetURL: D:\Users\PADMAM\Favorites\Links\Web Slice Gallery.url -> hxxp://go.microsoft.com/fwlink/?LinkId=121315
InternetURL: D:\Users\PADMAM\Desktop\Wat Remover 2.2.6\Softwareheel.url -> hxxp://www.softwareheel.blogspot.com/

==================== End of log =============================
 

 

Thanx in advance...!



#5 Narendran

Narendran
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:40 PM

Posted 31 March 2015 - 02:52 AM

Ialso have another doubt. Now my Win 7 is soooo slow...! And any program I run ends up in Not Responding. Even Windows Explorer..My Startup is Pretty clean and I run CCleaner in a regular way. And my virus and Malware Definitions are up to date...What may be the cause of this problem...?



#6 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,015 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:10 AM

Posted 31 March 2015 - 06:43 AM

Step 1: Adwarecleaner

Please download AdwCleaner (by Xplode) from the link below and save it to your Desktop:

Download Mirror #1
  • Right-click on AdwCleaner.exe and select Run as administrator. (If you have Windows XP the just run it)
  • Click Scan and let the scan run.
  • When it finishes, click Clean, following the on screen prompts
  • After your computer reboots, a log will open. Please Copy (Ctrl+C) and Paste (Ctrl+V) this into your next post.
  • Note: The log can also be found in here: C:\AdwCleaner\

    Step 2: Malwarebytes

    Iconic_normal.png Please download Malwarebytes Anti-Malware to your desktop
    • Double-click mbam-setup-version.exe and follow the prompts to install the program.
    • At the end, be sure a check-mark is placed next to the following:
      • Enable free trial of Malwarebytes Anti-Malware Premium
      • Launch Malwarebytes Anti-Malware
    • Then click Finish.
    • If an update is found, you will be prompted to download and install the latest version.
    • Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
    • When the scan is complete , make sure that everything is set to "Quarantine", and click Apply Actions.
    • Reboot your computer if prompted.
    Extra Note:

    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

    The log is available throughout History ->Application logs. Please post it contents in your next reply.

    Step 3: Junkware Removal Tool

    thisisujrt.gif  Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
    Step 4: FRST Scan
    • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
    • Click Scan to start FRST.
    • When FRST finishes scanning, a log, FRST.txt, will open.
    • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#7 Narendran

Narendran
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:40 PM

Posted 31 March 2015 - 08:50 AM


Edited by Narendran, 31 March 2015 - 08:52 AM.


#8 Narendran

Narendran
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:40 PM

Posted 31 March 2015 - 09:00 AM

Hey I already have MBAM...! And It cleared many Adware and PUP...! I don't have problem with that...! My problem started when I accidentally opened a .shs file...! I dragged it to Word But it gave only some symbols and numbers...!! Can you say your Mail ID so that I can send that file..! I dont know how to attach it with this post...! When I try to do it I get..(Error You aren't permitted to upload this kind of file) Thanx In advance...!!



#9 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,015 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:10 AM

Posted 31 March 2015 - 09:39 AM

Could you please follow my instructions? I haven't posted it for nothing.

I don't need this shs file.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#10 Narendran

Narendran
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:40 PM

Posted 31 March 2015 - 09:48 AM

Ok...I will do according to your instructions...!!



#11 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,015 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:10 AM

Posted 31 March 2015 - 10:58 AM

OK

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#12 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,015 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:10 AM

Posted 04 April 2015 - 04:23 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users