Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please check my hijackthis logs


  • This topic is locked This topic is locked
4 replies to this topic

#1 sagar1991

sagar1991

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:26 PM

Posted 05 February 2016 - 01:59 AM

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 11:55:03 AM, on 05/02/2016
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
CHROME: 48.0.2564.103
FIREFOX: 43.0.4 (x86 en-US)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\XTRM Group\MySafeProxy\Bin\MySafeProxyMonitor.exe
D:\xampp\mysql\bin\mysqld.exe
C:\PROGRAM FILES\NET PROTECTOR 2013\npprtfrw.exe
C:\PROGRA~1\NETPRO~1\WebProt.exe
C:\PROGRAM FILES\NET PROTECTOR 2013\NPHOST.EXE
C:\Documents and Settings\om\NPProt.exe
D:\oracle\ora92\bin\agntsrvc.exe
C:\WINDOWS\system32\cmd.exe
D:\oracle\ora92\Apache\Apache\apache.exe
D:\oracle\ora92\bin\dbsnmp.exe
D:\oracle\ora92\bin\pagntsrv.exe
D:\oracle\ora92\BIN\ENCSVC.EXE
C:\WINDOWS\system32\cmd.exe
D:\oracle\ora92\BIN\AGNTSVC.EXE
C:\Program Files\Oracle\jre\1.1.8\bin\jre.exe
D:\oracle\ora92\BIN\TNSLSNR.exe
d:\oracle\ora92\bin\ORACLE.EXE
C:\WINDOWS\system32\svchost.exe
D:\oracle\ora92\Apache\Apache\apache.exe
D:\oracle\ora92\jdk\bin\java.exe
D:\oracle\ora92\jdk\bin\java.exe
d:\oracle\ora92\bin\isqlplus
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
D:\PowerISO\PWRISOVM.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Net Protector 2013\EMAIL SCAN\EMAILSCN.EXE
C:\PROGRAM FILES\NET PROTECTOR 2013\ZVMOUNT.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\PROGRAM FILES\NET PROTECTOR 2013\NPAV4.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
E:\backup_while_formatting\Program Files\WinZip\WZQKPICK.EXE
D:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRAM FILES\NET PROTECTOR 2013\zvscan\ZVMonNT.exe
C:\PROGRAM FILES\NET PROTECTOR 2013\APPCON\APCONSVC.EXE
C:\Documents and Settings\om\My Documents\Downloads\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://dts.search-results.com/sidebar.html?src=ssb&appid=400&systemid=406&sr=0
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://dts.search-results.com/sr?src=ieb&appid=400&systemid=406&sr=0&q={searchTerms}
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O1 - Hosts: þÿ#NPAV Site Blocker Start
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: MySafeProxy - {51420F88-4D4A-4042-9509-8D4E1307910E} - C:\Program Files\XTRM Group\MySafeProxy\Bin\MySafeProxy32.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: DataMngr - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~1\SEARCH~1\Datamngr\BROWSE~1.DLL (file missing)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] D:\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~1\SEARCH~1\Datamngr\DATAMN~1.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Zero-V Virus Shield] "C:\Program Files\Net Protector 2013\EMAIL SCAN\EMAILSCN.EXE"
O4 - HKLM\..\Run: [ZVMOUNT] "C:\PROGRAM FILES\NET PROTECTOR 2013\ZVMOUNT.EXE"
O4 - HKLM\..\Run: [NPAV4] "C:\PROGRAM FILES\NET PROTECTOR 2013\NPAV4.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\om\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ZVMOUNT] C:\Program Files\Net Protector 2013\ZVMOUNT.EXE
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: MagicDisc.lnk = D:\Program Files\MagicDisc\MagicDisc.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = E:\backup_while_formatting\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Search the Web - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{AD8C1A98-1FDE-4990-8B68-D42D4EFC30E9}: NameServer = 218.248.255.212,218.248.255.145
O17 - HKLM\System\CCS\Services\Tcpip\..\{B1546DE3-801D-4D90-8B30-A036CAF9AEBA}: NameServer = 218.248.245.1 218.248.255.209
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\SEARCH~1\Datamngr\datamngr.dll C:\PROGRA~1\SEARCH~1\Datamngr\IEBHO.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: NPAV Application Control (ApConSvc) - Biz Secure Labs Pvt Ltd - C:\PROGRAM FILES\NET PROTECTOR 2013\APPCON\APCONSVC.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: MySafeProxy Monitor (MySafeProxyMonitor) - XTRM Group Ltd. - C:\Program Files\XTRM Group\MySafeProxy\Bin\MySafeProxyMonitor.exe
O23 - Service: MySQL - MySQL AB - D:\xampp\mysql\bin\mysqld.exe
O23 - Service: Net Protector Port Firewall - Biz Secure Labs Pvt. Ltd. - C:\PROGRAM FILES\NET PROTECTOR 2013\npprtfrw.exe
O23 - Service: Net Protector Web Prototection - BIZ Secure Labs Pvt. Ltd. - C:\PROGRA~1\NETPRO~1\WebProt.exe
O23 - Service: NPHost Service (nphost) - Biz Secure Labs Pvt Ltd - C:\PROGRAM FILES\NET PROTECTOR 2013\NPHOST.EXE
O23 - Service: NPAV Antivirus Protection (NPVProt) - Biz Secure Labs Pvt Ltd. - C:\Documents and Settings\om\NPProt.exe
O23 - Service: OracleMTSRecoveryService - Oracle Corporation - D:\oracle\ora92\bin\omtsreco.exe
O23 - Service: OracleOraHome92Agent - Oracle Corporation - D:\oracle\ora92\bin\agntsrvc.exe
O23 - Service: OracleOraHome92ClientCache - Unknown owner - D:\oracle\ora92\BIN\ONRSD.EXE
O23 - Service: OracleOraHome92HTTPServer - Unknown owner - D:\oracle\ora92\Apache\Apache\apache.exe
O23 - Service: OracleOraHome92PagingServer - Unknown owner - D:\oracle\ora92/bin/pagntsrv.exe
O23 - Service: OracleOraHome92SNMPPeerEncapsulator - Unknown owner - D:\oracle\ora92\BIN\ENCSVC.EXE
O23 - Service: OracleOraHome92SNMPPeerMasterAgent - Unknown owner - D:\oracle\ora92\BIN\AGNTSVC.EXE
O23 - Service: OracleOraHome92TNSListener - Unknown owner - D:\oracle\ora92\BIN\TNSLSNR.exe
O23 - Service: OracleServiceORACLE - Oracle Corporation - d:\oracle\ora92\bin\ORACLE.EXE
O23 - Service: wampapache - Apache Software Foundation - d:\wamp\bin\apache\apache2.2.17\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - d:\wamp\bin\mysql\mysql5.5.8\bin\mysqld.exe
O23 - Service: Zero-V AntiVirus Protection (ZeroVProtect) - biz secure labs pvt Ltd. - C:\PROGRAM FILES\NET PROTECTOR 2013\zvscan\ZVMonNT.exe
O24 - Desktop Component 0: (no name) - http://www.windowsnetworking.com/img/gifbasic/hub2sped.gif
O24 - Desktop Component 1: (no name) - http://t2.gstatic.com/images?q=tbn:ANd9GcQCMMy75usWUKHig6mOkdPty_AxTFW3WQ4G2fwz5UAfpA1Q4KUn
O24 - Desktop Component 2: (no name) - http://www.normankoren.com/Pines_Switz_pixellated.jpg

--
End of file - 10497 bytes
 



BC AdBot (Login to Remove)

 


#2 olgun52

olgun52

  • Malware Response Team
  • 3,791 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:56 AM

Posted 05 February 2016 - 08:34 AM

Hello sagar1991 and Welcome to the BleepingComputer. :welcome:  
 
My name is Yılmaz and I'll help you with the cleanup of malware from your computer.

Before we move on, please read the following points carefully.

  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • Ensure your external and/or USB drives are inserted during always the scan.
  • If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
  • I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
  • Please reply to this thread. Do not start a new topic
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
  • Please open as administrator  the computer. How is open as administrator  the computer?
  • Disable your AntiVirus and AntiSpyware applications, as they will  interfere with our tools and the removal. If you are unsure how to do  this, please refer to get help here

Thanks
   
Please do the following.
 
Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure the following option is checked: addition.png
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

=======================================================================================
Please download and run RogueKiller  32/64 bit to your desktop

Quit all running programs.

For Windows XP, double-click to start.
For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.
When the scan completes > Close out the program > ''Don't Fix anything!''

Don't run any other options, they're not all bad!

Post back the report which should be located on your desktop.
(please don't put logs in code or quotes)
 
Sincerely  . :hello:


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#3 sagar1991

sagar1991
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:26 PM

Posted 05 February 2016 - 09:01 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:27-01-2016
Ran by om (administrator) on OM-893F82120102 (05-02-2016 19:23:57)
Running from C:\Documents and Settings\om\My Documents\Downloads
Loaded Profiles: om (Available Profiles: om & Sagar Bhatewara)
Platform: Microsoft Windows XP Professional Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 6 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\WINDOWS\system32\inetsrv\inetinfo.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(XTRM Group Ltd.) C:\Program Files\XTRM Group\MySafeProxy\Bin\MySafeProxyMonitor.exe
(MySQL AB) D:\xampp\mysql\bin\mysqld.exe
(Oracle Corporation) D:\oracle\ora92\bin\agntsrvc.exe
(Microsoft Corporation) C:\WINDOWS\system32\cmd.exe
() D:\oracle\ora92\Apache\Apache\Apache.exe
(Oracle Corporation) D:\oracle\ora92\bin\dbsnmp.exe
() D:\oracle\ora92\bin\pagntsrv.exe
() D:\oracle\ora92\bin\encsvc.exe
(Microsoft Corporation) C:\WINDOWS\system32\cmd.exe
() D:\oracle\ora92\bin\agntsvc.exe
() C:\Program Files\Oracle\jre\1.1.8\bin\jre.exe
() D:\oracle\ora92\bin\TNSLSNR.EXE
(Oracle Corporation) D:\oracle\ora92\bin\oracle.exe
() D:\oracle\ora92\Apache\Apache\Apache.exe
() D:\oracle\ora92\jdk\bin\java.exe
() D:\oracle\ora92\jdk\bin\java.exe
() D:\oracle\ora92\bin\isqlplus
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(PowerISO Computing, Inc.) D:\PowerISO\PWRISOVM.EXE
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
(WinZip Computing, Inc.) E:\backup_while_formatting\Program Files\WinZip\WZQKPICK.EXE
(MagicISO, Inc.) D:\Program Files\MagicDisc\MagicDisc.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Windows NT\Accessories\wordpad.exe
(Microsoft Corporation) C:\WINDOWS\system32\fltMc.exe
(Biz Secure Labs Pvt Ltd) C:\Program Files\Net Protector 2013\NPHOST.EXE


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM\...\Run: [PWRISOVM.EXE] => D:\PowerISO\PWRISOVM.EXE [180224 2009-11-09] (PowerISO Computing, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [DATAMNGR] => C:\PROGRA~1\SEARCH~1\Datamngr\DATAMN~1.EXE
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM\...\Run: [Zero-V Virus Shield] => C:\Program Files\Net Protector 2013\EMAIL SCAN\EMAILSCN.EXE [209608 2015-12-07] (Biz Secure Labs Pvt, Ltd.)
HKLM\...\Run: [ZVMOUNT] => C:\PROGRAM FILES\NET PROTECTOR 2013\ZVMOUNT.EXE [49152 2013-02-09] (Biz Secure Labs Pvt. Ltd.)
HKLM\...\Run: [NPAV4] => C:\Program Files\Net Protector 2013\NPAV4.EXE [574152 2015-08-02] (Biz Secure Lab Pvt. Ltd.)
HKLM\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-1482476501-1770027372-725345543-1003\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1667584 2004-08-04] (Microsoft Corporation)
HKU\S-1-5-21-1482476501-1770027372-725345543-1003\...\Run: [Google Update] => C:\Documents and Settings\om\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [144200 2015-09-12] (Google Inc.)
HKU\S-1-5-21-1482476501-1770027372-725345543-1003\...\Run: [ZVMOUNT] => C:\Program Files\Net Protector 2013\ZVMOUNT.EXE [49152 2013-02-09] (Biz Secure Labs Pvt. Ltd.)
HKU\S-1-5-21-1482476501-1770027372-725345543-1003\...\Policies\Explorer: [NoRecentDocsMenu] 0
HKU\S-1-5-21-1482476501-1770027372-725345543-1003\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-1482476501-1770027372-725345543-1003\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-21-1482476501-1770027372-725345543-1003\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-1482476501-1770027372-725345543-1003\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-1482476501-1770027372-725345543-1003\...\Winlogon: [Shell] C:\WINDOWS\Explorer.exe [1032192 2004-08-04] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-18\...\RunOnce: [RunNarrator] => C:\WINDOWS\system32\Narrator.exe [53760 2004-08-04] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [tscuninstall] => C:\WINDOWS\system32\tscupgrd.exe [44544 2004-08-03] (Microsoft Corporation)
AppInit_DLLs: C:\PROGRA~1\SEARCH~1\Datamngr\datamngr.dll => No File
AppInit_DLLs:  C:\PROGRA~1\SEARCH~1\Datamngr\IEBHO.dll => No File
IFEO\ drwatson.exe: [Debugger] B-NPAV
IFEO\$RECYCLE.BIN.exe: [Debugger] B-NPAV
IFEO\%temp%.exe: [Debugger] B-NPAV
IFEO\(प्रश्न.exe: [Debugger] M-NPAV
IFEO\1010.exe: [Debugger] B-NPAV
IFEO\252525.exe: [Debugger] B-NPAV
IFEO\360tray.exe: [Debugger] B-NPAV
IFEO\505040.exe: [Debugger] B-NPAV
IFEO\505050.exe: [Debugger] B-NPAV
IFEO\AAAAAAAA.EXE: [Debugger] B-NPAV
IFEO\AADRIVE32.EXE: [Debugger] B-NPAV
IFEO\ACLEANER.EXE: [Debugger] B-NPAV
IFEO\ADKS_QONE8.EXE: [Debugger] B-NPAV
IFEO\Adobe Gamma Loader.com: [Debugger] B-NPAV
IFEO\Adobe Online.com: [Debugger] B-NPAV
IFEO\Adobe update.com: [Debugger] B-NPAV
IFEO\AEGVVP.EXE: [Debugger] B-NPAV
IFEO\ahnabc.exe: [Debugger] B-NPAV
IFEO\AMT_ISTARTSURF.EXE: [Debugger] B-NPAV
IFEO\AMT_LUCKYSEARCHES.EXE: [Debugger] B-NPAV
IFEO\AMT_MYSTARTSEARCH.EXE: [Debugger] B-NPAV
IFEO\AMT_OURSURFING.EXE: [Debugger] B-NPAV
IFEO\AMT_WEBSSEARCHES.EXE: [Debugger] B-NPAV
IFEO\antiviruspro_2010.exe: [Debugger] B-NPAV
IFEO\APPDATADB.EXE: [Debugger] B-NPAV
IFEO\APPINSTALY.EXE: [Debugger] B-NPAV
IFEO\ARKING.EXE: [Debugger] B-NPAV
IFEO\ArmasNgSamar.exe: [Debugger] B-NPAV
IFEO\asd26.tmp.exe: [Debugger] B-NPAV
IFEO\ASR64_LDM.EXE: [Debugger] B-NPAV
IFEO\ASTSTUBSETUP.EXE: [Debugger] B-NPAV
IFEO\AutoDrive.exe: [Debugger] B-NPAV
IFEO\autorun.inf.exe: [Debugger] B-NPAV
IFEO\ave.exe: [Debugger] B-NPAV
IFEO\AVIRA32.EXE: [Debugger] B-NPAV
IFEO\AWESOMEHP.EXE: [Debugger] B-NPAV
IFEO\BAIDUHIPS.EXE: [Debugger] B-NPAV
IFEO\BAIDUSDSVC.EXE: [Debugger] B-NPAV
IFEO\BAIDUSDTRAY.EXE: [Debugger] B-NPAV
IFEO\BDO_QONE8.EXE: [Debugger] B-NPAV
IFEO\best7.exe: [Debugger] B-NPAV
IFEO\best77.exe: [Debugger] B-NPAV
IFEO\binkiland.exe: [Debugger] B-NPAV
IFEO\BINKILANDUPDATE.EXE: [Debugger] B-NPAV
IFEO\blank.doc: [Debugger] B-NPAV
IFEO\BLUET00TH.EXE: [Debugger] B-NPAV
IFEO\BNKSTUBSETUP.EXE: [Debugger] B-NPAV
IFEO\BNKSTU~1.EXE: [Debugger] B-NPAV
IFEO\bprotect.exe: [Debugger] B-NPAV
IFEO\BRONSTAB.EXE: [Debugger] B-NPAV
IFEO\BUENOSEARCHTB: [Debugger] B-NPAV
IFEO\CBZVL.EXE: [Debugger] B-NPAV
IFEO\cista.exe: [Debugger] B-NPAV
IFEO\cmt.exe: [Debugger] B-NPAV
IFEO\CNMINER.EXE: [Debugger] B-NPAV
IFEO\COMMGR.EXE: [Debugger] B-NPAV
IFEO\CONTINUETOSAVE.EXE: [Debugger] B-NPAV
IFEO\COOL_GAMESETUP.EXE: [Debugger] B-NPAV
IFEO\CROSSBROWSEWRAPPED.EXE: [Debugger] B-NPAV
IFEO\CSRCS.EXE: [Debugger] B-NPAV
IFEO\csrss.exe: [Debugger] B-NPAV
IFEO\CSSRSS.EXE: [Debugger] B-NPAV
IFEO\DATAMNGRUI.EXE: [Debugger] B-NPAV
IFEO\DEFAULTTABHOST.EXE: [Debugger] B-NPAV
IFEO\DEFENDER.EXE: [Debugger] B-NPAV
IFEO\Demokratska4.exe: [Debugger] B-NPAV
IFEO\desk365.exe: [Debugger] B-NPAV
IFEO\desktoplayer.exe: [Debugger] B-NPAV
IFEO\DISETYPKIDOZ.EXE: [Debugger] B-NPAV
IFEO\diskperfxp.exe: [Debugger] B-NPAV
IFEO\DLLRUN32.EXE: [Debugger] B-NPAV
IFEO\DRVGUARD.EXE: [Debugger] B-NPAV
IFEO\drwatson.exe: [Debugger] B-NPAV
IFEO\drwtsn32.exe: [Debugger] B-NPAV
IFEO\E5188982.EXE: [Debugger] B-NPAV
IFEO\EDEALSPOP.EXE: [Debugger] B-NPAV
IFEO\EHTHUMBS.EXE: [Debugger] B-NPAV
IFEO\EKSPLORASI.EXE: [Debugger] B-NPAV
IFEO\empty.jpg: [Debugger] B-NPAV
IFEO\empty.pif: [Debugger] B-NPAV
IFEO\EXE32.EXE: [Debugger] B-NPAV
IFEO\FAENOL.EXE: [Debugger] B-NPAV
IFEO\FASTANTIVIRUS2011.EXE: [Debugger] B-NPAV
IFEO\FindRight.FirstRun.exe: [Debugger] B-NPAV
IFEO\FINDRIGHTSETUP.EXE: [Debugger] B-NPAV
IFEO\firefox2.exe: [Debugger] B-NPAV
IFEO\FIREWORK.MP3.EXE: [Debugger] B-NPAV
IFEO\FKREKK456.EXE: [Debugger] B-NPAV
IFEO\FUN.XLS.EXE: [Debugger] B-NPAV
IFEO\FXTSTUBSETUP.EXE: [Debugger] B-NPAV
IFEO\GNJA.EXE: [Debugger] B-NPAV
IFEO\GOOGIE .EXE: [Debugger] B-NPAV
IFEO\google.com: [Debugger] B-NPAV
IFEO\GOOGLEOEZ.EXE: [Debugger] B-NPAV
IFEO\GOOGLEUPDATEBETA.EXE: [Debugger] B-NPAV
IFEO\gphone.exe: [Debugger] B-NPAV
IFEO\GRVSTUBSETUP.EXE: [Debugger] B-NPAV
IFEO\GSYZQ.EXE: [Debugger] B-NPAV
IFEO\HACKER.COM.CN.EXE: [Debugger] B-NPAV
IFEO\HDAV.EXE: [Debugger] B-NPAV
IFEO\HELLOPUPPY.EXE: [Debugger] B-NPAV
IFEO\hexapple.exe: [Debugger] B-NPAV
IFEO\hexsvchost.exe: [Debugger] B-NPAV
IFEO\hhcbrnaff.exe: [Debugger] B-NPAV
IFEO\hhgnrddkjee.exe: [Debugger] B-NPAV
IFEO\IACNATIVEMSGHOST.EXE: [Debugger] B-NPAV
IFEO\ibsvc.exe: [Debugger] B-NPAV
IFEO\ICREINSTALL_OMIGA-PLUS.EXE: [Debugger] B-NPAV
IFEO\IFREETV.EXE: [Debugger] B-NPAV
IFEO\igfxdvb32.exe: [Debugger] B-NPAV
IFEO\ILD_ISTARTSURF.EXE: [Debugger] B-NPAV
IFEO\ILD_QONE8.EXE: [Debugger] B-NPAV
IFEO\IMPORTANT.FILES.EXE: [Debugger] B-NPAV
IFEO\IMàGE.EXE: [Debugger] B-NPAV
IFEO\INBOXACE[1].EXE: [Debugger] B-NPAV
IFEO\INDAPUR COLLEGE.EXE: [Debugger] B-NPAV
IFEO\INOVICE COPY(1).EXE: [Debugger] B-NPAV
IFEO\Install_kuwo.dat: [Debugger] B-NPAV
IFEO\Internet Explorer Settings.exe: [Debugger] B-NPAV
IFEO\INTERNETENHANCERSERVICE.EXE: [Debugger] B-NPAV
IFEO\INVOICE..EXE: [Debugger] B-NPAV
IFEO\ISE32.EXE: [Debugger] B-NPAV
IFEO\jodrive32.exe: [Debugger] B-NPAV
IFEO\juzjf.exe: [Debugger] B-NPAV
IFEO\kelly.exe: [Debugger] B-NPAV
IFEO\khatra.exe: [Debugger] B-NPAV
IFEO\L1REZERV.EXE: [Debugger] B-NPAV
IFEO\lbisov.exe: [Debugger] B-NPAV
IFEO\LIB32WAOT.EXE: [Debugger] B-NPAV
IFEO\LIDLLLA.EXE: [Debugger] B-NPAV
IFEO\lizkavd.exe: [Debugger] B-NPAV
IFEO\LLY_ISTARTSURF.EXE: [Debugger] B-NPAV
IFEO\LLY_WEBSSEARCHES.EXE: [Debugger] B-NPAV
IFEO\LOAD[1].EXE: [Debugger] B-NPAV
IFEO\ltzqai.exe: [Debugger] B-NPAV
IFEO\MAKARONI.EXE: [Debugger] B-NPAV
IFEO\MCSHELD.EXE: [Debugger] B-NPAV
IFEO\MgAssist.exe: [Debugger] B-NPAV
IFEO\MGJWIN32.EXE: [Debugger] B-NPAV
IFEO\MGRSVN.EXE: [Debugger] B-NPAV
IFEO\MICROSOFT.EXE: [Debugger] B-NPAV
IFEO\MMMPC.EXE: [Debugger] B-NPAV
IFEO\Mobogenie.exe: [Debugger] B-NPAV
IFEO\MONILOR.EXE: [Debugger] B-NPAV
IFEO\MOSODCYSBEAR.EXE: [Debugger] B-NPAV
IFEO\MOVIEMODE.EXE: [Debugger] B-NPAV
IFEO\MOVIEMODE64.EXE: [Debugger] B-NPAV
IFEO\moviemodeservice.exe: [Debugger] B-NPAV
IFEO\MP3_QONE8.EXE: [Debugger] B-NPAV
IFEO\MRPKY.EXE: [Debugger] B-NPAV
IFEO\mrsys.exe: [Debugger] B-NPAV
IFEO\MS-DOS.COM: [Debugger] B-NPAV
IFEO\MSA.EXE: [Debugger] B-NPAV
IFEO\MSB.EXE: [Debugger] B-NPAV
IFEO\MSBACKUP.EXE: [Debugger] B-NPAV
IFEO\msconfig32.exe: [Debugger] B-NPAV
IFEO\msm.com: [Debugger] B-NPAV
IFEO\MSMXENG.EXE: [Debugger] B-NPAV
IFEO\MSRZOCKX.SCR: [Debugger] B-NPAV
IFEO\MSVMIODE.EXE: [Debugger] B-NPAV
IFEO\mwagent.exe: [Debugger] B-NPAV
IFEO\mwaser.exe: [Debugger] B-NPAV
IFEO\MWAU.EXE: [Debugger] B-NPAV
IFEO\My Documents.exe: [Debugger] B-NPAV
IFEO\MYPCBACKUPWRAPPED.EXE: [Debugger] B-NPAV
IFEO\MySearchDial.exe: [Debugger] B-NPAV
IFEO\NEW FOLDER .EXE: [Debugger] B-NPAV
IFEO\NEW FOLDER.EXE: [Debugger] B-NPAV
IFEO\new29.exe: [Debugger] B-NPAV
IFEO\NISSAN.EXE: [Debugger] B-NPAV
IFEO\nsvb.exe: [Debugger] B-NPAV
IFEO\NTDETEC1.EXE: [Debugger] B-NPAV
IFEO\ONEBROWSESERVICE.EXE: [Debugger] B-NPAV
IFEO\ONEBROWSEUIPROCESS.EXE: [Debugger] B-NPAV
IFEO\ONEKIT4FFX.EXE: [Debugger] B-NPAV
IFEO\OOVOOSETUP.EXE: [Debugger] B-NPAV
IFEO\Outdoor Amateur.exe: [Debugger] B-NPAV
IFEO\P2PHOSTA.EXE: [Debugger] B-NPAV
IFEO\Passwords.exe: [Debugger] B-NPAV
IFEO\PAYMENTSLIP.EXE: [Debugger] B-NPAV
IFEO\PHIM HAI CUC HAY.EXE: [Debugger] B-NPAV
IFEO\photo_id.exe: [Debugger] B-NPAV
IFEO\PHYSICALDRIVE2.COM: [Debugger] B-NPAV
IFEO\PIPINSTALLER_PTV_.EXE: [Debugger] B-NPAV
IFEO\PLUGINSERVICE.EXE: [Debugger] B-NPAV
IFEO\PLUSHDINSTALLER.EXE: [Debugger] B-NPAV
IFEO\popupzv.exe: [Debugger] B-NPAV
IFEO\porn.exe: [Debugger] B-NPAV
IFEO\PRICEFOUNTAINWRAPPED.EXE: [Debugger] B-NPAV
IFEO\PRICELESSWRAPPED.EXE: [Debugger] B-NPAV
IFEO\PRINCE(2010)-PDVDRIP{NEWSOURCE}-1CDRIP-XVID-MP3-[DRC].EXE: [Debugger] B-NPAV
IFEO\PRODUCT SAMPLE.EXE: [Debugger] B-NPAV
IFEO\PROTECTWINDOWSMANAGER.EXE: [Debugger] B-NPAV
IFEO\PURCHASE ORDER DETAILS.COM: [Debugger] B-NPAV
IFEO\PURCHASE ORDER..EXE: [Debugger] B-NPAV
IFEO\PURCHASE ORDER.BAT: [Debugger] B-NPAV
IFEO\PURCHASE-ORDERS.EXE: [Debugger] B-NPAV
IFEO\PUSK2.EXE: [Debugger] B-NPAV
IFEO\PUSK3.EXE: [Debugger] B-NPAV
IFEO\qgfmc.exe: [Debugger] B-NPAV
IFEO\QHACTIVEDEFENSE.EXE: [Debugger] B-NPAV
IFEO\QHSAFETRAY.EXE: [Debugger] B-NPAV
IFEO\QIHOO_SETUP.EXE: [Debugger] B-NPAV
IFEO\QONE8.EXE: [Debugger] B-NPAV
IFEO\QQPCMGR_SETUP.EXE: [Debugger] B-NPAV
IFEO\qtfcyyp.exe: [Debugger] B-NPAV
IFEO\RABC.EXE: [Debugger] B-NPAV
IFEO\RADSTEROIDS.EXE: [Debugger] B-NPAV
IFEO\RADSTEROIDS64.EXE: [Debugger] B-NPAV
IFEO\RADSTEROIDSSERVICE.EXE: [Debugger] B-NPAV
IFEO\RECYCLE.EXE: [Debugger] B-NPAV
IFEO\RECYCLEBIN.EXE: [Debugger] B-NPAV
IFEO\RECYCLEBINPROTECT.EXE: [Debugger] B-NPAV
IFEO\RECYCLED.EXE: [Debugger] B-NPAV
IFEO\RECYCLED.SCR: [Debugger] B-NPAV
IFEO\RECYCLER .EXE: [Debugger] B-NPAV
IFEO\RECYCLER.EXE: [Debugger] B-NPAV
IFEO\regedit32.com: [Debugger] B-NPAV
IFEO\regsvr.exe: [Debugger] B-NPAV
IFEO\Rensolt.exe: [Debugger] B-NPAV
IFEO\Rensolu.exe: [Debugger] B-NPAV
IFEO\Rensolv.exe: [Debugger] B-NPAV
IFEO\Rensolve.exe: [Debugger] B-NPAV
IFEO\RESTORER64_A.EXE: [Debugger] B-NPAV
IFEO\rknew.cc3: [Debugger] B-NPAV
IFEO\Rmhzb.exe: [Debugger] B-NPAV
IFEO\runouce.exe: [Debugger] B-NPAV
IFEO\SACHOST.EXE: [Debugger] B-NPAV
IFEO\SafeDrvse.exe: [Debugger] B-NPAV
IFEO\SAVESENSE1218.EXE: [Debugger] B-NPAV
IFEO\SAVESENSELIVE.EXE: [Debugger] B-NPAV
IFEO\SAVESENSEUPDATEVER.EXE: [Debugger] B-NPAV
IFEO\SCVHOST.EXE: [Debugger] B-NPAV
IFEO\SDRA64.EXE: [Debugger] B-NPAV
IFEO\SEABI.EXE: [Debugger] B-NPAV
IFEO\SEAFAST.EXE: [Debugger] B-NPAV
IFEO\SEARCHPROTECT1204.EXE: [Debugger] B-NPAV
IFEO\SEARCHPROTECTIONSTUB.EXE: [Debugger] B-NPAV
IFEO\SecureDrive.exe: [Debugger] B-NPAV
IFEO\seres.exe: [Debugger] B-NPAV
IFEO\serivces.exe: [Debugger] B-NPAV
IFEO\SETTINGSMANAGERSETUP.EXE: [Debugger] B-NPAV
IFEO\SFPSNEW1_QONE8.EXE: [Debugger] B-NPAV
IFEO\SFPSNEW2_QONE8.EXE: [Debugger] B-NPAV
IFEO\SFPSNEW3_QONE8.EXE: [Debugger] B-NPAV
IFEO\shell32.com: [Debugger] B-NPAV
IFEO\SHELLOPEN.EXE: [Debugger] B-NPAV
IFEO\SHMEKERICA.EXE: [Debugger] B-NPAV
IFEO\SHOPPERPROJSINJFULL.EXE: [Debugger] B-NPAV
IFEO\SICHOST.EXE: [Debugger] B-NPAV
IFEO\sienozv.exe: [Debugger] B-NPAV
IFEO\SIEN_QONE8.EXE: [Debugger] B-NPAV
IFEO\SmdmFService.exe: [Debugger] B-NPAV
IFEO\smdmfu.exe: [Debugger] B-NPAV
IFEO\SMSS32.EXE: [Debugger] B-NPAV
IFEO\SMTNEW_QONE8.EXE: [Debugger] B-NPAV
IFEO\SMT_OMIGA-PLUS_NEW.EXE: [Debugger] B-NPAV
IFEO\SMT_QONE8.EXE: [Debugger] B-NPAV
IFEO\SPECIJALAC.EXE: [Debugger] B-NPAV
IFEO\SPERMICI.EXE: [Debugger] B-NPAV
IFEO\spoclsv.exe: [Debugger] B-NPAV
IFEO\SSVICHOSST.EXE: [Debugger] B-NPAV
IFEO\SVCH0ST.EXE: [Debugger] B-NPAV
IFEO\SVCH0STS.EXE: [Debugger] B-NPAV
IFEO\SVCHAST.EXE: [Debugger] B-NPAV
IFEO\SVCHHOST.EXE: [Debugger] B-NPAV
IFEO\SVCHOSTS.EXE: [Debugger] B-NPAV
IFEO\SVCNOST.EXE: [Debugger] B-NPAV
IFEO\svcst.exe: [Debugger] B-NPAV
IFEO\SVHOST.EXE: [Debugger] B-NPAV
IFEO\SysAnti.exe: [Debugger] B-NPAV
IFEO\SYSDATE.EXE: [Debugger] B-NPAV
IFEO\SYSDIAG64.EXE: [Debugger] B-NPAV
IFEO\SYSDRIVER32.EXE: [Debugger] B-NPAV
IFEO\SYSDRIVER32_.EXE: [Debugger] B-NPAV
IFEO\SYSHOST.EXE: [Debugger] B-NPAV
IFEO\SYSMNGR32.EXE: [Debugger] B-NPAV
IFEO\systam.exe: [Debugger] B-NPAV
IFEO\SYSTEM3_.EXE: [Debugger] B-NPAV
IFEO\SYSTEMIL2.EXE:粑[Debugger] B-NPAV
IFEO\systim32.exe: [Debugger] B-NPAV
IFEO\SYTVSM.EXE: [Debugger] B-NPAV
IFEO\TAPLIKA.EXE: [Debugger] B-NPAV
IFEO\TAPLIKAUPDATE.EXE: [Debugger] B-NPAV
IFEO\TCPWAMMLIB.EXE: [Debugger] B-NPAV
IFEO\TCPWAMULIB.EXE: [Debugger] B-NPAV
IFEO\TCPWANBLIB.EXE: [Debugger] B-NPAV
IFEO\ToolbarUpdaterService.exe: [Debugger] B-NPAV
IFEO\TPLISTSTUBSETUP.EXE: [Debugger] B-NPAV
IFEO\TROJAN.EXE: [Debugger] B-NPAV
IFEO\Tuneup.exe: [Debugger] B-NPAV
IFEO\TXP1ATFORM.EXE: [Debugger] B-NPAV
IFEO\TXPLATFORM.EXE: [Debugger] B-NPAV
IFEO\UA3KMH73O3JYUT4IOK.EXE: [Debugger] B-NPAV
IFEO\ucigxo.exe: [Debugger] B-NPAV
IFEO\unwise_.exe: [Debugger] B-NPAV
IFEO\updateFindRight.exe: [Debugger] B-NPAV
IFEO\updateluckyleap.exe: [Debugger] B-NPAV
IFEO\UPDATEMELONDREA.EXE: [Debugger] B-NPAV
IFEO\UpdateMoboGenie.exe: [Debugger] B-NPAV
IFEO\UPDATEOUTOBOX.EXE: [Debugger] B-NPAV
IFEO\USBDRIVE32.EXE: [Debugger] B-NPAV
IFEO\userini.exe: [Debugger] B-NPAV
IFEO\USPS REPORT.EXE: [Debugger] B-NPAV
IFEO\utilluckyleap.exe: [Debugger] B-NPAV
IFEO\UTILMELONDREA.EXE: [Debugger] B-NPAV
IFEO\UTILOUTOBOX.EXE: [Debugger] B-NPAV
IFEO\uygkr9b.exe: [Debugger] B-NPAV
IFEO\VCLEANER.EXE: [Debugger] B-NPAV
IFEO\voicemail.scr: [Debugger] B-NPAV
IFEO\VOICEMAIL_MUMBAI.EXE: [Debugger] B-NPAV
IFEO\vrt1.tmp: [Debugger] B-NPAV
IFEO\VRT5.TMP: [Debugger] B-NPAV
IFEO\VRT6.TMP: [Debugger] B-NPAV
IFEO\VRT75.TMP: [Debugger] B-NPAV
IFEO\VRT9.TMP: [Debugger] B-NPAV
IFEO\VSBNTLO.EXE: [Debugger] B-NPAV
IFEO\VSTSTUBSETUP.EXE: [Debugger] B-NPAV
IFEO\VTT_QONE8.EXE: [Debugger] B-NPAV
IFEO\vuout.exe: [Debugger] B-NPAV
IFEO\VXZCEGI.EXE: [Debugger] B-NPAV
IFEO\watermark.exe: [Debugger] B-NPAV
IFEO\WEBSHIELD.EXE: [Debugger] B-NPAV
IFEO\WEBSHIELD64.EXE: [Debugger] B-NPAV
IFEO\WEBSHIELDSERVICE.EXE: [Debugger] B-NPAV
IFEO\WEBSSEARCHES_0905-11F33B8C.EXE: [Debugger] B-NPAV
IFEO\WEBSTEROIDS.EXE: [Debugger] B-NPAV
IFEO\WEBSTEROIDS64.EXE: [Debugger] B-NPAV
IFEO\WEBSTEROIDSSERVICE.EXE: [Debugger] B-NPAV
IFEO\WEDOWNLOADMANAGER.EXE: [Debugger] B-NPAV
IFEO\WIHELP32.EXE: [Debugger] B-NPAV
IFEO\WILDWESTWRAPPED.EXE: [Debugger] B-NPAV
IFEO\win002.exe: [Debugger] B-NPAV
IFEO\WIN7.EXE: [Debugger] B-NPAV
IFEO\WINALERT.EXE: [Debugger] B-NPAV
IFEO\WINDLL.EXE: [Debugger] B-NPAV
IFEO\WINFIXER.EXE: [Debugger] B-NPAV
IFEO\WinHdvm32.exe: [Debugger] B-NPAV
IFEO\winisp.exe: [Debugger] B-NPAV
IFEO\winlok.exe: [Debugger] B-NPAV
IFEO\winmgr.exe: [Debugger] B-NPAV
IFEO\WINMINEA.EXE: [Debugger] B-NPAV
IFEO\winrsdrv32.exe: [Debugger] B-NPAV
IFEO\winsvc.exe: [Debugger] B-NPAV
IFEO\WINSVCHOSTS.EXE: [Debugger] B-NPAV
IFEO\WINSYSAPP.EXE: [Debugger] B-NPAV
IFEO\WINSYSTEM.EXE: [Debugger] B-NPAV
IFEO\WISENI32.EXE: [Debugger] B-NPAV
IFEO\WMFCGR.EXE: [Debugger] B-NPAV
IFEO\WMIMGMT.COM: [Debugger] B-NPAV
IFEO\WMISTIP.EXE: [Debugger] B-NPAV
IFEO\wmnig.exe: [Debugger] B-NPAV
IFEO\WMPRWISE.EXE: [Debugger] B-NPAV
IFEO\WMPTD32.EXE: [Debugger] B-NPAV
IFEO\wnzip32.exe: [Debugger] B-NPAV
IFEO\WPM_NS_V20.0.0.502.EXE: [Debugger] B-NPAV
IFEO\WPM_V18.8.0.273.EXE: [Debugger] B-NPAV
IFEO\WPM_V18.8.0.304.EXE: [Debugger] B-NPAV
IFEO\WPM_V20.0.0.401.EXE: [Debugger] B-NPAV
IFEO\WPM_V20.0.0.502.EXE: [Debugger] B-NPAV
IFEO\WPROTECTMANAGER.EXE: [Debugger] B-NPAV
IFEO\wscript.exe: [Debugger] NPAV
IFEO\wsynalib.exe: [Debugger] B-NPAV
IFEO\WUAUCLDT.EXE: [Debugger] B-NPAV
IFEO\X: [Debugger] B-NPAV
IFEO\x1.exe: [Debugger] B-NPAV
IFEO\xiazaii.exe: [Debugger] B-NPAV
IFEO\XPLORER.EXE: [Debugger] B-NPAV
IFEO\YDNED.EXE: [Debugger] B-NPAV
IFEO\zavupd32.exe: [Debugger] B-NPAV
IFEO\ZIPAS.EXE: [Debugger] B-NPAV
IFEO\_RECYCLING49.EXE: [Debugger] B-NPAV
IFEO\अ.exe: [Debugger] M-NPAV
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk [2010-07-16]
ShortcutTarget: WinZip Quick Pick.lnk -> E:\backup_while_formatting\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, Inc.)
Startup: C:\Documents and Settings\om\Start Menu\Programs\Startup\MagicDisc.lnk [2011-09-26]
ShortcutTarget: MagicDisc.lnk -> D:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
Startup: C:\Documents and Settings\om\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2010-08-12]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
BootExecute: autocheck autochk * nprootkt.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{AD8C1A98-1FDE-4990-8B68-D42D4EFC30E9}: [NameServer] 218.248.255.212,218.248.255.145
Tcpip\..\Interfaces\{B1546DE3-801D-4D90-8B30-A036CAF9AEBA}: [NameServer] 218.248.245.1 218.248.255.209

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\S-1-5-21-1482476501-1770027372-725345543-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKU\S-1-5-21-1482476501-1770027372-725345543-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKU\S-1-5-21-1482476501-1770027372-725345543-1003 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "" <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL =
SearchScopes: HKU\S-1-5-21-1482476501-1770027372-725345543-1003 -> DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL =
BHO: AcroIEHlprObj Class -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-03-03] ()
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2012-09-08] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2012-09-08] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-1482476501-1770027372-725345543-1003 -> No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} -  No File
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2006-10-27] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Documents and Settings\om\Application Data\Mozilla\Firefox\Profiles\2g210nzm.default
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll [2013-03-09] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1168638.dll [No File]
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2011-10-07] (Foxit Corporation)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2013-04-02] (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.7.2 -> C:\WINDOWS\system32\npDeployJava1.dll [2012-09-08] (Oracle Corporation)
FF Plugin: @java.com/JavaPl粑gin,version=10.7.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2012-09-08] (Oracle Corporation)
FF Plugin HKU\S-1-5-21-1482476501-1770027372-725345543-1003: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\om\Local Settings\Application Data\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin HKU\S-1-5-21-1482476501-1770027372-725345543-1003: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\om\Local Settings\Application Data\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Extension: RESTClient - C:\Documents and Settings\om\Application Data\Mozilla\Firefox\Profiles\2g210nzm.default\Extensions\{ad0d925d-88f8-47f1-85ea-8463569e756e}.xpi.OFF [2015-09-13]
FF HKLM\...\Firefox\Extensions: [m3ffxtbr@mywebsearch.com] - C:\Program Files\MyWebSearch\bar\2.bin
FF Extension: No Name - C:\Program Files\MyWebSearch\bar\2.bin [2011-04-08] [not signed]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.co.in
CHR DefaultSearchKeyword: Default -> rollercoaster
CHR Profile: C:\Documents and Settings\om\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (No Name) - C:\Documents and Settings\om\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-29]
CHR Extension: (YouTube) - C:\Documents and Settings\om\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-17]
CHR Extension: (SportBike Sprint) - C:\Documents and Settings\om\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cipmhidplbnicilfhnobdngmfcghegma [2014-10-09]
CHR Extension: (Classic Games) - C:\Documents and Settings\om\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ckmoikambnjgjnhaefiklkblfjoolnaf [2013-01-27]
CHR Extension: (Google Search) - C:\Documents and Settings\om\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-18]
CHR Extension: (Crazy Rollercoaster) - C:\Documents and Settings\om\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\eafhgomkapdagnpmmgilphbolnejepoc [2013-01-26]
CHR Extension: (3D Racing) - C:\Documents and Settings\om\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\edibjaleplmkklgdabaddfombdbcafek [2013-01-26]
CHR Extension: (Apple Shooter) - C:\Documents and Settings\om\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gbcjjgkapdombcilbfbjapkbpnocbkcf [2012-12-29]
CHR Extension: (No Name) - C:\Documents and Settings\om\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-22]
CHR Extension: (Chess!) - C:\Documents and Settings\om\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hhajejfkogjnnkenablkhgkdmmenbjgh [2012-12-29]
CHR Extension: (3D RACING) - C:\Documents and Settings\om\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jcimocjmiiakicmedfbacabicbljlfmi [2013-01-27]
CHR Extension: (American Racing) - C:\Documents and Settings\om\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\klfneahoibjkdlonilmnkkncopeiomoc [2012-12-29]
CHR Extension: (Motocross) - C:\Documents and Settings\om\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lddlapllhlmplllbneiocoojnlokmlcb [2013-01-26]
CHR Extension: (3D Table Tennis) - C:\Documents and Settings\om\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lggegdhfphffaeipfpocijebeakpmcih [2013-01-20]
CHR Extension: (Need for Speed World) - C:\Documents and Settings\om\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mnnelgnkomjdakpkjpkfehdipjifjmbk [2013-01-20]
CHR Extension: (Baseball (Deluxe)) - C:\Documents and Settings\om\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nbbmhkhnoadhdceaokd粑fknafciecdea [2013-01-20]
CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\om\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-13]
CHR Extension: (Gmail) - C:\Documents and Settings\om\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-30]
CHR Profile: C:\Documents and Settings\om\Local Settings\Application Data\Google\Chrome\User Data\Profile 1
CHR Extension: (Docs) - C:\Documents and Settings\om\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-24]
CHR Extension: (SweetIM for Facebook) - C:\Documents and Settings\om\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn [2015-01-24]
CHR HKLM\...\Chrome\Extension: [jcdgjdiieiljkfkdcloehkohchhpekkn] - C:\Documents and Settings\om\Local Settings\Application Data\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetFB.crx [2012-05-01]
StartMenuInternet: chrome.exe - C:\Documents and Settings\om\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
StartMenuInternet: Google Chrome - C:\Documents and Settings\om\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 ApConSvc; C:\PROGRAM FILES\NET PROTECTOR 2013\APPCON\APCONSVC.EXE [796872 2015-08-24] (Biz Secure Labs Pvt Ltd)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R3 IISADMIN; C:\WINDOWS\system32\inetsrv\inetinfo.exe [15872 2004-08-04] (Microsoft Corporation)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [161768 2012-09-08] (Oracle Corporation)
S3 MozillaMaintenance; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [146888 2016-01-09] (Mozilla Foundation) [File not signed]
R2 MySafeProxyMonitor; C:\Program Files\XTRM Group\MySafeProxy\Bin\MySafeProxyMonitor.exe [1355768 2014-10-18] (XTRM Group Ltd.)
R2 MySQL; D:\xampp\mysql\bin\mysqld.exe [6095504 2009-12-20] (MySQL AB)
S2 Net Protector Port Firewall; C:\PROGRAM FILES\NET PROTECTOR 2013\npprtfrw.exe [519360 2015-02-14] (Biz Secure Labs Pvt. Ltd.)
S2 Net Protector Web Prototection; C:\Program Files\Net Protector 2013\WEBPROT.EXE [188104 2015-12-25] (BIZ Secure Labs Pvt. Ltd.)
R2 nphost; C:\PROGRAM FILES\NET PROTECTOR 2013\NPHOST.EXE [112840 2016-01-17] (Biz Secure Labs Pvt Ltd)
S2 NPVProt; C:\Documents and Settings\om\NPProt.exe [49152 2011-09-19] (Biz Secure Labs Pvt Ltd.) [File not signed]
S2 OracleMTSRecoveryService; D:\oracle\ora92\bin\omtsreco.exe [57603 2002-05-01] (Oracle Corporation) [File not signed]
R2 OracleOraHome92Agent; D:\oracle\ora92\bin\agntsrvc.exe [28944 2002-04-27] (Oracle Corporation) [File not signed]
S2 OracleOraHome92ClientCache; D:\oracle\ora92\BIN\ONRSD.EXE [242328 2002-04-27] () [File not signed]
R2 OracleOraHome92HTTPServer; D:\oracle\ora92\Apache\Apache\apache.exe [4096 2002-04-19] () [File not signed]
R2 OracleOraHome92PagingServer; D:\oracle\ora92/bin/pagntsrv.exe [49152 2002-08-21] () [File not signed]
R2 OracleOraHome92SNMPPeerEncapsulator; D:\oracle\ora92\BIN\ENCSVC.EXE [187392 2002-02-13] () [File not signed]
R2 OracleOraHome92SNMPPeerMasterAgent; D:\oracle\ora92\BIN\AGNTSVC.EXE [254464 2002-02-13] () [File not signed]
R2 OracleServiceORACLE; d:\oracle\ora92\bin\ORACLE.EXE [29475088 2002-05-14] (Oracle Corporation) [File not signed]
R2 SMTPSVC; C:\WINDOWS\system32\inetsrv\inetinfo.exe [15872 2004-08-04] (Microsoft Corporation)
R2 W3SVC; C:\WINDOWS\system32\inetsrv\inetinfo.exe [15872 2004-08-04] (Microsoft Corporation)
S3 wampapache; d:\wamp\bin\apache\apache2.2.17\bin\httpd.exe [20549 2010-12-31] (Apac粑e Software Foundation) [File not signed]
S3 wampmysqld; d:\wamp\bin\mysql\mysql5.5.8\bin\mysqld.exe [8133120 2010-12-31] () [File not signed]
S2 ZeroVProtect; C:\PROGRAM FILES\NET PROTECTOR 2013\zvscan\ZVMonNT.exe [250560 2015-08-02] (biz secure labs pvt Ltd.)
R2 OracleOraHome92TNSListener; D:\oracle\ora92\BIN\TNSLSNR  [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 APCONDRV; C:\Program Files\Net Protector 2013\APPCON\APCONDRV.SYS [10920 2012-08-31] (Biz Secure Labs Pvt Ltd)
S1 Changer; C:\WINDOWS\system32\Drivers\Changer.sys [8192 2004-08-04] (Microsoft Corporation)
S1 lbrtfdc; C:\WINDOWS\system32\Drivers\lbrtfdc.sys [34688 2004-08-03] (Toshiba Corp.)
R3 mcdbus; C:\WINDOWS\System32\DRIVERS\mcdbus.sys [116736 2009-02-24] (MagicISO, Inc.) [File not signed]
R1 NPPORTFR; C:\WINDOWS\System32\drivers\NPPORTFR.sys [52072 2014-07-14] (Biz Secure Labs Pvt. Ltd.)
R2 NPUsbLIP; C:\WINDOWS\System32\DRIVERS\NPUsbLIP.sys [13864 2012-10-22] (Biz Secure Labs Pvt Ltd)
R2 paldrv; C:\WINDOWS\system32\pal_drv.sys [4064 2001-01-02] () [File not signed]
R1 SCDEmu; C:\WINDOWS\system32\Drivers\SCDEmu.sys [59388 2009-11-09] (PowerISO Computing, Inc.) [File not signed]
S3 Secdrv; C:\WINDOWS\System32\DRIVERS\secdrv.sys [27440 2004-07-17] ()
R3 vdrv; C:\WINDOWS\System32\DRIVERS\vdrv.sys [17384 2014-02-15] (Biz Secure Labs Pvt Ltd)
R1 WNPPORTFR; C:\WINDOWS\System32\drivers\WNPPORTFR.sys [52072 2014-07-14] (Biz Secure Labs Pvt. Ltd.)
S4 IntelIde; no ImagePath
S0 uqbzlxz; no ImagePath
S3 VirtualFD; \??\C:\Documents and Settings\om\Desktop\Floppy Drive Simulator\vfd21-080206\vfd.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-05 19:22 - 2016-02-05 19:23 - 00000000 ____D C:\FRST
2016-02-05 18:50 - 2016-02-05 18:50 - 00000838 ____N C:\Documents and Settings\om\Desktop\Shortcut to Notepad.jnlp.lnk
2016-02-05 09:58 - 2016-02-05 09:58 - 00000000 _____ C:\WINDOWS\system32\hang.txt
2016-02-04 18:25 - 2016-02-04 18:25 - 00000000 ____D C:\contentLIB4
2016-01-17 18:02 - 2016-01-17 18:02 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Net Protector 2016
2016-01-10 11:48 - 2016-01-10 11:48 - 00000000 ____D C:\WINDOWS\pss
2016-01-10 11:20 - 2016-01-10 11:20 - 00000077 _____ C:\Documents and Settings\om\Desktop\IPs.txt
2016-01-09 21:59 - 2016-01-09 21:59 - 00000045 _____ C:\Documents and Settings\om\Desktop\kidseclipse.txt
2016-01-09 21:14 - 2016-02-05 11:04 - 00000000 ____D C:\Program Files\Mozilla Firefox

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-05 19:24 - 2010-07-09 11:14 - 00000000 ____D C:\Documents and Settings\om\Local Settings\Temp
2016-02-05 19:23 - 2010-09-29 22:02 - 00000966 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-1770027372-725345543-1003UA.job
2016-02-05 19:21 - 2012-10-22 20:22 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Net Protector
2016-02-05 19:21 - 2012-10-22 20:20 - 00000000 ____D C:\zv
2016-02-05 18:23 - 2010-09-29 22:02 - 00000914 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-1770027372-725345543-1003Core.job
2016-02-05 17:53 - 2010-07-09 03:56 - 00000000 ____D C:\WINDOWS\system32\inetsrv
2016-02-05 15:29 - 2010-07-09 11:14 - 00000000 ____D C:\Documents and Settings\om
2016-02-05 11:31 - 2013-01-26 20:02 - 00000430 ____H C:\WINDOWS\Tasks\Norton Security Scan for om.job
2016-02-05 11:31 - 2010-07-09 11:14 - 00032648 _____ C:\WINDOWS\SchedLgU.Txt
2016-02-05 10:46 - 2010-粑9-29 22:04 - 00002267 ____N C:\Documents and Settings\om\Start Menu\Programs\Google Chrome.lnk
2016-02-05 10:26 - 2010-07-09 03:56 - 00000000 RSHDC C:\WINDOWS\system32\dllcache
2016-02-05 10:13 - 2012-10-22 20:26 - 00000326 _____ C:\WINDOWS\npresq.dat
2016-02-05 09:58 - 2012-11-04 18:14 - 00003637 _____ C:\WINDOWS\system32\NTV.txt
2016-02-05 09:58 - 2012-11-04 18:14 - 00000720 _____ C:\WINDOWS\system32\services.txt
2016-02-05 09:58 - 2010-07-09 11:14 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-02-04 21:00 - 2010-07-09 11:14 - 00000178 ___SH C:\Documents and Settings\om\ntuser.ini
2016-02-04 17:32 - 2011-08-02 09:17 - 00000000 ____D C:\WINDOWS\Governor of Poker
2016-02-04 16:44 - 2012-10-22 20:21 - 00000000 ____D C:\Program Files\Net Protector 2013
2016-02-04 12:56 - 2012-10-22 21:36 - 00000286 _____ C:\LastBak.ini
2016-02-04 10:13 - 2012-10-23 08:35 - 00000026 _____ C:\NPAVSCN.DAT
2016-02-03 11:14 - 2012-10-22 20:22 - 00000000 ____D C:\WINDOWS\NpReg
2016-02-03 10:49 - 2001-08-31 22:21 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2016-01-24 20:06 - 2015-11-29 21:15 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\RestoreFile
2016-01-17 18:44 - 2012-10-22 20:22 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\IFD
2016-01-17 18:02 - 2015-12-16 12:10 - 00000821 ____N C:\Documents and Settings\All Users\Desktop\Net Protector 2016.lnk
2016-01-10 11:49 - 2010-07-09 04:00 - 00000210 ___SH C:\boot.ini
2016-01-10 11:49 - 2001-08-31 22:21 - 00000573 _____ C:\WINDOWS\win.ini
2016-01-10 11:49 - 2001-08-31 22:21 - 00000227 _____ C:\WINDOWS\system.ini
2016-01-10 11:34 - 2015-03-29 13:59 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service

==================== Files in the root of some directories =======

2014-11-22 21:18 - 2013-08-06 01:09 - 6376960 ____N () C:\Program Files\chromedriver.exe
2014-11-22 21:51 - 2014-10-23 16:34 - 2568704 ____N (Software Freedom Conservancy) C:\Program Files\IEDriverServer.exe
2010-08-06 08:36 - 2010-08-06 08:36 - 0000004 ____C () C:\Documents and Settings\om\Application Data\avdrn.dat
2010-07-20 14:39 - 2014-11-02 22:06 - 0044544 ____N () C:\Documents and Settings\om\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2010-10-22 20:14 - 2011-09-26 19:51 - 0063692 ____C () C:\Documents and Settings\om\Local Settings\Application Data\rational_state.log
2007-07-24 00:10 - 2007-07-24 00:10 - 0000051 ____C () C:\Documents and Settings\om\Local Settings\Application Data\setup.txt
2012-10-22 20:25 - 2015-10-17 13:13 - 0000140 _____ () C:\Documents and Settings\All Users\Application Data\license.ini

Files to move or delete:
====================
C:\Documents and Settings\om\NPProt.exe
C:\Documents and Settings\om\test.bat


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

Attached Files



#4 olgun52

olgun52

  • Malware Response Team
  • 3,791 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:56 AM

Posted 05 February 2016 - 02:30 PM

Hi sagar1991,
 
Did you forget the RogueKiller Log file. ?


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#5 olgun52

olgun52

  • Malware Response Team
  • 3,791 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:56 AM

Posted 11 February 2016 - 12:33 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users