Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Computer hangs when connected to internet & RAM reaches to 100% us


  • This topic is locked This topic is locked

#1
dkyd30

dkyd30

    Member

  • Member
  • PipPip
  • 18 posts
Hey Guys.........I have been searching on net for the solution of my problem but nothing is working.

My problem is whenever I connect my laptop to the internet it hangs badly & then I have to shut it down manually by pressing the shutdown button.Also, whenever I start my computer it starts with Blue task-bar.
I don't know what is the problem.I think its some kind of driver problem but not able to configure it.

Computer works perfectly when connected to internet in safe mode.
Please help me guys.


manuff: HP
OS Name Microsoft Windows 7 Home Premium
Version 6.1.7601 Service Pack 1 Build 7601

System Manufacturer Hewlett-Packard
System Model HP Pavilion dv5 Notebook PC

System Type x64-based PC

Processor AMD Turion™ II P520 Dual-Core Processor, 2294 Mhz, 2 Core(s), 2 Logical Processor(s)

BIOS Version/Date Hewlett-Packard F.03, 4/30/2010
SMBIOS Version 2.6

Hardware Abstraction Layer Version = "6.1.7601.17514"

Installed Physical Memory (RAM) 4.00 GB
Total Physical Memory 3.74 GB
Available Physical Memory 2.72 GB
Total Virtual Memory 7.49 GB
Available Virtual Memory 6.47 GB

Attached Files


Edited by dkyd30, 12 February 2013 - 10:55 AM.

  • 0

Advertisements


#2
dkyd30

dkyd30

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
My OTL Log..........





OTL logfile created on: 2/12/2013 8:19:08 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dharmender\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 2.45 Gb Available Physical Memory | 65.47% Memory free
7.49 Gb Paging File | 6.24 Gb Available in Paging File | 83.28% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 282.21 Gb Total Space | 17.29 Gb Free Space | 6.13% Space Free | Partition Type: NTFS
Drive D: | 15.59 Gb Total Space | 2.20 Gb Free Space | 14.12% Space Free | Partition Type: NTFS
Drive E: | 99.34 Mb Total Space | 93.06 Mb Free Space | 93.68% Space Free | Partition Type: FAT32

Computer Name: DHARMENDER-LAPI | User Name: Dharmender | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/02/12 20:06:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dharmender\Desktop\OTL.exe
PRC - [2013/01/26 07:05:08 | 001,248,208 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


========== Modules (No Company Name) ==========

MOD - [2013/02/11 17:13:33 | 012,459,888 | ---- | M] () -- C:\Users\Dharmender\AppData\Local\Google\Chrome\User Data\PepperFlash\11.5.31.139\pepflashplayer.dll
MOD - [2013/01/26 07:05:06 | 000,460,240 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ppgooglenaclpluginchrome.dll
MOD - [2013/01/26 07:05:04 | 004,012,496 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\pdf.dll
MOD - [2013/01/26 07:04:16 | 001,552,848 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ffmpegsumo.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/07/04 01:36:06 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2011/05/13 17:58:10 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2010/09/20 00:56:00 | 000,203,264 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/02/01 13:59:34 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_471277d5d45019ea\stacsv64.exe -- (STacSV)
SRV:64bit: - [2010/01/28 01:31:04 | 000,102,968 | ---- | M] (Hewlett-Packard) [Auto | Stopped] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV:64bit: - [2010/01/19 02:34:08 | 000,020,480 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV:64bit: - [2009/07/14 06:11:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/03/03 15:12:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_471277d5d45019ea\AESTSr64.exe -- (AESTFilters)
SRV - [2013/01/29 21:09:25 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/18 18:58:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/01/04 12:32:36 | 000,718,888 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011/09/09 16:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/03/28 16:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/11/20 16:49:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/11/20 16:49:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/11/20 16:48:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/15 07:20:36 | 001,142,224 | ---- | M] (PC Tools) [Auto | Stopped] -- C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2010/03/13 08:41:34 | 000,338,168 | -H-- | M] (DeviceVM, Inc.) [Auto | Stopped] -- C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe -- (DvmMDES)
SRV - [2010/03/11 06:39:22 | 000,366,840 | ---- | M] (PC Tools) [Auto | Stopped] -- C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2010/02/27 03:57:16 | 000,127,984 | ---- | M] (CinemaNow, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -- (CinemaNow Service)
SRV - [2010/02/01 13:59:34 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_471277d5d45019ea\STacSV64.exe -- (STacSV)
SRV - [2010/01/04 22:33:42 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/06/11 01:53:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/03 15:12:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_471277d5d45019ea\AESTSr64.exe -- (AESTFilters)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/12/27 01:26:12 | 000,805,088 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2012/12/21 04:24:48 | 003,837,440 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/08/23 18:40:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 18:37:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/06/05 13:45:16 | 000,237,968 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2012/03/05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.1)
DRV:64bit: - [2012/03/01 11:16:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/23 17:02:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/02/02 20:53:16 | 000,123,648 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qcusbser.sys -- (qcusbser)
DRV:64bit: - [2011/12/09 17:31:52 | 000,043,128 | ---- | M] (MediaTek Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb2ser.sys -- (wdf_usb)
DRV:64bit: - [2011/11/01 09:07:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2011/11/01 09:07:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2011/11/01 09:07:24 | 000,171,008 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys -- (nmwcdnsux64)
DRV:64bit: - [2011/11/01 09:07:24 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2011/11/01 09:07:24 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2011/11/01 09:07:24 | 000,012,800 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsucx64.sys -- (nmwcdnsucx64)
DRV:64bit: - [2011/10/14 03:37:44 | 000,396,848 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/05/13 17:58:16 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2011/05/13 17:57:58 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2011/03/11 11:11:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 11:11:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 18:03:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 15:19:51 | 000,146,432 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\rmcast.sys -- (RMCAST)
DRV:64bit: - [2010/11/20 15:13:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010/11/20 14:07:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/17 15:20:52 | 000,828,912 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/09/20 01:14:16 | 007,767,552 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/09/20 00:21:04 | 000,279,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/07/15 11:14:20 | 000,016,776 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\epmntdrv.sys -- (epmntdrv)
DRV:64bit: - [2010/07/15 11:14:20 | 000,009,096 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\EuGdiDrv.sys -- (EuGdiDrv)
DRV:64bit: - [2010/04/12 13:25:00 | 000,091,568 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2010/03/29 05:36:06 | 000,233,488 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PCTCore64.sys -- (PCTCore)
DRV:64bit: - [2010/02/18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2010/02/01 13:59:34 | 000,505,856 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2010/01/30 08:00:10 | 000,020,056 | -H-- | M] (DeviceVM, Inc.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dvmio.sys -- (DVMIO)
DRV:64bit: - [2010/01/28 22:03:38 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/12/22 13:56:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/10/12 15:23:22 | 000,114,304 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbdev.sys -- (hwusbdev)
DRV:64bit: - [2009/09/10 15:31:56 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2009/08/24 06:25:32 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2009/08/18 02:28:58 | 000,040,448 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2009/07/14 06:22:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 06:18:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 06:15:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 04:39:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/06/11 01:31:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/11 01:31:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/11 01:31:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/11 01:07:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/11 01:05:35 | 000,620,544 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2009/06/11 01:05:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/11 01:05:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/06/11 01:04:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 01:04:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 01:04:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 01:01:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/08/28 10:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV - [2012/11/17 01:39:46 | 000,031,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Users\Dharmender\AppData\Local\Temp\atdcm64a.sys -- (AtiDCM)
DRV - [2010/07/15 11:14:20 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\epmntdrv.sys -- (epmntdrv)
DRV - [2010/07/15 11:14:20 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2009/07/14 05:49:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {F8305D7D-CF69-465a-9003-813C6013A702}
IE - HKLM\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = ${SEARCH_URL}{searchTerms}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{8DFE5CA6-2CEB-4F22-8C98-0F17CE517BC5}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{A04C3759-88D5-45F4-94F2-322E3D8D0C89}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT1060933
IE - HKLM\..\SearchScopes\{F8305D7D-CF69-465a-9003-813C6013A702}: "URL" = http://x2t.com/search/?q={searchTerms}
IE - HKLM\..\SearchScopes\{F8305D7D-CF79-465a-9003-813C6013A702}: "URL" = http://x2t.com/search/?q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://searchab.com/...63-d8d38530c108
IE - HKCU\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://searchab.com/...q={searchTerms}
IE - HKCU\..\SearchScopes\{1BE8EA86-0FAC-4CC3-98DC-B96026CC67AA}: "URL" = http://www.ant.com/s...q={searchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7GPCK_enIN405
IE - HKCU\..\SearchScopes\{8DFE5CA6-2CEB-4F22-8C98-0F17CE517BC5}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{A04C3759-88D5-45F4-94F2-322E3D8D0C89}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
IE - HKCU\..\SearchScopes\{A201FE76-E8B0-4A50-B9EE-65E07DB103F8}: "URL" = http://www.claro-sea...000224ce5b4e5c7
IE - HKCU\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = http://toolbar.inbox...id=80182&lng=en
IE - HKCU\..\SearchScopes\{F8305D7D-CF69-465a-9003-813C6013A702}: "URL" = http://x2t.com/search/?q={searchTerms}
IE - HKCU\..\SearchScopes\{F8305D7D-CF79-465a-9003-813C6013A702}: "URL" = http://x2t.com/search/?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=4.0: C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0369.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Users\Dharmender\AppData\Local\HuluDesktop\instances\0.9.14.1\nphdplg.dll (Hulu LLC)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Dharmender\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Dharmender\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Dharmender\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Dharmender\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Dharmender\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0369.0\Firefox [2010/05/27 10:07:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/11/13 16:56:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_3.6 [2012/02/28 08:55:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\fbphotozoom\fbphotozoom15.xpi
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013/01/06 17:19:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0 [2012/02/28 08:55:35 | 000,000,000 | ---D | M]

[2010/11/13 03:56:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dharmender\AppData\Roaming\Mozilla\Extensions
[2013/02/11 19:37:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/01/19 18:10:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2012/12/26 17:55:42 | 000,006,520 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml

========== Chrome ==========

CHR - homepage: http://searchab.com/...63-d8d38530c108
CHR - default_search_provider: Privitize VPN (Enabled)
CHR - default_search_provider: search_url = http://searchab.com/...q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - homepage: http://searchab.com/...63-d8d38530c108
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Dharmender\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Dharmender\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Dharmender\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: MSN\u00AE Toolbar (Enabled) = C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0369.0\npwinext.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Dharmender\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Hulu Desktop (Enabled) = C:\Users\Dharmender\AppData\Local\HuluDesktop\instances\0.9.14.1\nphdplg.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: WinToFlash Suggestor = C:\Users\Dharmender\AppData\Local\Google\Chrome\User Data\Default\Extensions\acaoakiamfeidcmgooclgeleejkbaecf\1.2.5_0\
CHR - Extension: Entanglement = C:\Users\Dharmender\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: HP Product Detection Plugin = C:\Users\Dharmender\AppData\Local\Google\Chrome\User Data\Default\Extensions\aelbknmfcacjffmgnoaaonhgoghlmlkp\1.0.19.2_0\
CHR - Extension: Turn Off the Lights = C:\Users\Dharmender\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn\2.1.0.30_0\
CHR - Extension: Fun Switcher = C:\Users\Dharmender\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddeoimiimmmfddbiggnbipkjomlalanb\0.0.0.3_0\
CHR - Extension: Easy Clock = C:\Users\Dharmender\AppData\Local\Google\Chrome\User Data\Default\Extensions\dplbpgapoedppajbikieafefmcceaagn\9.0.6_0\
CHR - Extension: AdBlock = C:\Users\Dharmender\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.58_0\
CHR - Extension: Jagran - India No.1 Hindi News Daily = C:\Users\Dharmender\AppData\Local\Google\Chrome\User Data\Default\Extensions\inolmjbojghkehmmlbdmpdlmagalddni\5.4_0\
CHR - Extension: Word Matki = C:\Users\Dharmender\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdejimdghbgmnnklpogihdcpcbdnbadm\0.3_0\
CHR - Extension: Break The Wall = C:\Users\Dharmender\AppData\Local\Google\Chrome\User Data\Default\Extensions\klhfgnobmdkblmbdahcnpajbjnfmknpn\1.5_0\
CHR - Extension: Cute Kitten 2 = C:\Users\Dharmender\AppData\Local\Google\Chrome\User Data\Default\Extensions\knhilgggnegappnkfbeaeeiioopeamlc\1_0\
CHR - Extension: Poppit = C:\Users\Dharmender\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: MagniPic = C:\Users\Dharmender\AppData\Local\Google\Chrome\User Data\Default\Extensions\nidodgmkdegonmmmjkclfmhhlmbpokec\1\
CHR - Extension: Angry Birds Space = C:\Users\Dharmender\AppData\Local\Google\Chrome\User Data\Default\Extensions\oidcebijmmjajojiokaiffpobabfclfh\2.0_0\

O1 HOSTS File: ([2012/03/24 16:33:12 | 000,001,805 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
O1 - Hosts: 127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
O1 - Hosts: 127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
O1 - Hosts: 127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net
O2:64bit: - BHO: (Complitly) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\Dharmender\AppData\Roaming\Complitly\64\Complitly64.dll (SimplyGen)
O2 - BHO: (Complitly) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\Dharmender\AppData\Roaming\Complitly\Complitly.dll (SimplyGen)
O2 - BHO: (no name) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - No CLSID value found.
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (WinToFlash Suggestor) - {FC36B0BD-27F0-4cdd-8AB1-50651EFC3EFD} - C:\Program Files (x86)\WinToFlash Suggestor\WinToFlashSuggestor.dll (Novicorp LLC)
O3 - HKLM\..\Toolbar: (no name) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2B171655-A70C-5C18-B693-6CB5DC269D41} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.)
O4:64bit: - HKLM..\Run: [HP Quick Launch] C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Company)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Driver Genius] File not found
O4 - HKLM..\Run: [Freecorder FLV Service] C:\Program Files (x86)\Freecorder\FLVSrvc.exe (Applian Technologies, Inc.)
O4 - HKLM..\Run: [Intense Registry Service] C:\Windows\SysWow64\intedreg.exe ()
O4 - HKLM..\Run: [ISTray] C:\Program Files (x86)\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [] File not found
O4 - HKCU..\Run: [Adobe Reader Synchronizer] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [epic] C:\Program Files (x86)\Epic\epic.exe (Hidden Reflex)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Dharmender\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4 - HKCU..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe ()
O4 - Startup: C:\Users\Dharmender\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopVideoPlayer.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html File not found
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html File not found
O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra Button: WinToFlash Suggestor - {A52C66B3-D4A9-4d10-A67D-2BEF0A85AB3F} - C:\Program Files (x86)\WinToFlash Suggestor\WinToFlashSuggestor.dll (Novicorp LLC)
O9 - Extra 'Tools' menuitem : WinToFlash Suggestor options - {A52C66B3-D4A9-4d10-A67D-2BEF0A85AB3F} - C:\Program Files (x86)\WinToFlash Suggestor\WinToFlashSuggestor.dll (Novicorp LLC)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.10.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.137.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{52533031-4056-4BBE-8447-5DBF717F2D37}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{644053BC-3487-4B28-B149-942273D72C38}: DhcpNameServer = 192.168.137.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{86D405DF-4B15-4233-B1E0-94EBE538004A}: DhcpNameServer = 203.94.243.70 59.179.243.70
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (c:\progra~2\magnipic\sprote~1.dll) - c:\Program Files (x86)\MagniPic\sprotector.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\SysWOW64\ezShellStart.exe) - C:\Windows\SysWOW64\ezShellStart.exe (EasyBits Software AS)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{0b1e7852-c9e1-11e1-a473-d8d38530c108}\Shell - "" = AutoRun
O33 - MountPoints2\{0b1e7852-c9e1-11e1-a473-d8d38530c108}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{28cde381-bab2-11e1-abe2-d8d38530c108}\Shell - "" = AutoRun
O33 - MountPoints2\{28cde381-bab2-11e1-abe2-d8d38530c108}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{28cde3b3-bab2-11e1-abe2-d8d38530c108}\Shell - "" = AutoRun
O33 - MountPoints2\{28cde3b3-bab2-11e1-abe2-d8d38530c108}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{4766298f-b8b8-11e1-8e8f-d8d38530c108}\Shell - "" = AutoRun
O33 - MountPoints2\{4766298f-b8b8-11e1-8e8f-d8d38530c108}\Shell\AutoRun\command - "" = "K:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{49a20ebf-e5e6-11df-a76c-f7806b1b1a56}\Shell - "" = AutoRun
O33 - MountPoints2\{49a20ebf-e5e6-11df-a76c-f7806b1b1a56}\Shell\AutoRun\command - "" = "G:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{5ac975e3-7523-11e0-a97d-d2a3e940b43b}\Shell - "" = AutoRun
O33 - MountPoints2\{5ac975e3-7523-11e0-a97d-d2a3e940b43b}\Shell\AutoRun\command - "" = "J:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{87a4d022-2625-11e1-a2bb-91626b65b046}\Shell - "" = AutoRun
O33 - MountPoints2\{87a4d022-2625-11e1-a2bb-91626b65b046}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{87a4d034-2625-11e1-a2bb-91626b65b046}\Shell - "" = AutoRun
O33 - MountPoints2\{87a4d034-2625-11e1-a2bb-91626b65b046}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{87a4d04f-2625-11e1-a2bb-91626b65b046}\Shell - "" = AutoRun
O33 - MountPoints2\{87a4d04f-2625-11e1-a2bb-91626b65b046}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{a33647c9-0497-11e2-aa8d-d8d38530c108}\Shell - "" = AutoRun
O33 - MountPoints2\{a33647c9-0497-11e2-aa8d-d8d38530c108}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{a33647e7-0497-11e2-aa8d-d8d38530c108}\Shell - "" = AutoRun
O33 - MountPoints2\{a33647e7-0497-11e2-aa8d-d8d38530c108}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{ac2bbcf4-bd09-11e1-a91f-d8d38530c108}\Shell - "" = AutoRun
O33 - MountPoints2\{ac2bbcf4-bd09-11e1-a91f-d8d38530c108}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{db9e88a8-26cb-11e2-8c32-d8d38530c108}\Shell - "" = AutoRun
O33 - MountPoints2\{db9e88a8-26cb-11e2-8c32-d8d38530c108}\Shell\AutoRun\command - "" = H:\.\StartModem.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/02/12 20:03:42 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Dharmender\Desktop\OTL.exe
[2013/02/12 19:35:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unknown Device Identifier 8.00
[2013/02/12 19:35:55 | 000,000,000 | ---D | C] -- C:\Program Files\Unknown Device Identifier
[2013/02/12 19:16:23 | 001,087,058 | ---- | C] (Huntersoft ) -- C:\Users\Dharmender\Desktop\UnknownDeviceIdentifier.exe
[2013/02/12 18:57:24 | 000,000,000 | ---D | C] -- C:\Users\Dharmender\Desktop\New folder (2)
[2013/02/12 18:46:57 | 000,752,287 | ---- | C] (Farbar) -- C:\Users\Dharmender\Desktop\MiniToolBox.exe
[2013/02/11 20:36:38 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2013/02/11 20:35:50 | 000,000,000 | ---D | C] -- C:\Users\Dharmender\AppData\Roaming\Malwarebytes
[2013/02/11 20:35:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/02/11 20:35:46 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/02/11 20:35:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/02/11 20:35:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/02/11 20:35:24 | 000,000,000 | ---D | C] -- C:\Users\Dharmender\AppData\Local\Programs
[2013/02/11 20:33:27 | 010,156,344 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Dharmender\Desktop\mbam-setup-1.70.0.1100.exe
[2013/02/11 19:40:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Identifier
[2013/02/11 19:40:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Driver Identifier
[2013/02/11 19:39:35 | 000,946,425 | ---- | C] (DriverIdentifier ) -- C:\Users\Dharmender\Desktop\driveridentifier_setup.exe
[2013/02/11 19:16:41 | 000,805,088 | ---- | C] (Realtek ) -- C:\Windows\SysNative\drivers\Rt64win7.sys
[2013/02/11 19:12:12 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2013/02/11 19:12:07 | 007,163,744 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEP64H.dll
[2013/02/11 19:12:07 | 000,433,504 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EED64H.dll
[2013/02/11 19:12:07 | 000,372,056 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64H.dll
[2013/02/11 19:12:07 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RH3DHT64.dll
[2013/02/11 19:12:07 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RH3DAA64.dll
[2013/02/11 19:12:07 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64H.dll
[2013/02/11 19:12:07 | 000,141,152 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEL64H.dll
[2013/02/11 19:12:07 | 000,123,744 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEA64H.dll
[2013/02/11 19:12:07 | 000,097,624 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64H.dll
[2013/02/11 19:12:07 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64H.dll
[2013/02/11 19:12:07 | 000,074,592 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEG64H.dll
[2013/02/11 19:12:04 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp
[2013/02/11 18:32:03 | 000,000,000 | ---D | C] -- C:\ProgramData\DriverGenius
[2013/02/11 18:31:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Genius
[2013/02/11 18:31:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Driver-Soft
[2013/02/11 17:26:42 | 000,000,000 | ---D | C] -- C:\Users\Dharmender\AppData\Roaming\SpeedyPC Software
[2013/02/11 17:26:42 | 000,000,000 | ---D | C] -- C:\Users\Dharmender\AppData\Roaming\DriverCure
[2013/02/11 17:26:37 | 000,000,000 | ---D | C] -- C:\Users\Dharmender\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedyPC Software
[2013/02/11 17:26:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SpeedyPC Software
[2013/02/11 17:26:32 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software
[2013/02/11 17:26:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpeedyPC Software
[2013/02/11 17:25:10 | 004,928,240 | ---- | C] (SpeedyPC Software) -- C:\Users\Dharmender\Desktop\SpeedyPC Pro Installer.exe
[2013/02/08 15:29:13 | 000,123,648 | ---- | C] (QUALCOMM Incorporated) -- C:\Windows\SysNative\drivers\qcusbser.sys
[2013/02/07 18:11:54 | 000,000,000 | ---D | C] -- C:\Users\Dharmender\AppData\Local\Epic
[2013/02/06 21:44:25 | 003,837,440 | ---- | C] (Qualcomm Atheros Communications, Inc.) -- C:\Windows\SysNative\drivers\athrx.sys
[2013/02/05 14:38:47 | 000,000,000 | ---D | C] -- C:\Users\Dharmender\AppData\Roaming\Registry Mechanic
[2013/02/05 14:29:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Registry Mechanic
[2013/02/05 14:29:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Registry Mechanic
[2013/02/04 16:34:19 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2013/02/03 17:05:12 | 000,000,000 | ---D | C] -- C:\ProgramData\CLSoft LTD
[2013/02/03 17:05:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Premium
[2013/02/03 17:04:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MagniPic
[2013/02/03 17:04:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagniPic
[2013/02/03 17:04:10 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2013/01/28 21:19:50 | 000,000,000 | ---D | C] -- C:\Users\Dharmender\Desktop\latest 2013 desktop items
[2013/01/23 00:19:08 | 000,000,000 | ---D | C] -- C:\Users\Dharmender\Desktop\phppp
[2013/01/22 12:49:22 | 000,000,000 | ---D | C] -- C:\Users\Dharmender\Desktop\All My Movies 6.3 FULL (GOTD)
[2013/01/19 18:10:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/01/18 20:37:58 | 000,000,000 | ---D | C] -- C:\Users\Dharmender\AppData\Local\KeyLemon
[2013/01/18 20:37:51 | 000,000,000 | ---D | C] -- C:\ProgramData\KeyLemon
[2013/01/18 03:33:02 | 000,000,000 | ---D | C] -- C:\Users\Dharmender\AppData\Roaming\Jasc
[2013/01/18 02:37:58 | 000,000,000 | ---D | C] -- C:\Users\Dharmender\AppData\Roaming\gtk-2.0
[2013/01/18 02:32:49 | 000,000,000 | ---D | C] -- C:\Users\Dharmender\Documents\webkit
[2013/01/18 02:28:41 | 000,000,000 | ---D | C] -- C:\Users\Dharmender\youwave
[2013/01/18 01:37:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Jasc Software
[2013/01/18 01:37:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Jasc Software Inc
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Users\Dharmender\Documents\*.tmp files -> C:\Users\Dharmender\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/02/12 20:06:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dharmender\Desktop\OTL.exe
[2013/02/12 19:39:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/02/12 19:39:31 | 3015,884,800 | -HS- | M] () -- C:\hiberfil.sys
[2013/02/12 19:35:57 | 000,000,079 | ---- | M] () -- C:\Users\Dharmender\Desktop\Huntersoft Free Download.url
[2013/02/12 19:35:55 | 000,001,006 | ---- | M] () -- C:\Users\Dharmender\Desktop\Unknown Device Identifier.lnk
[2013/02/12 19:27:00 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/02/12 19:27:00 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/02/12 19:24:02 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/02/12 19:19:20 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/02/12 19:19:16 | 000,000,384 | -H-- | M] () -- C:\Windows\tasks\MagniPicUpdaterTask{C46438AF-54BE-486B-96DF-08E9B1042C46}.job
[2013/02/12 19:16:40 | 001,087,058 | ---- | M] (Huntersoft ) -- C:\Users\Dharmender\Desktop\UnknownDeviceIdentifier.exe
[2013/02/12 18:56:04 | 000,545,363 | ---- | M] () -- C:\Users\Dharmender\Desktop\Autoruns.zip
[2013/02/12 18:51:22 | 000,752,287 | ---- | M] (Farbar) -- C:\Users\Dharmender\Desktop\MiniToolBox.exe
[2013/02/12 18:06:11 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-558466712-3617626307-4113048775-1000UA.job
[2013/02/12 18:02:11 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/02/12 17:02:06 | 000,000,948 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-558466712-3617626307-4113048775-1000UA.job
[2013/02/12 16:23:04 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForDHARMENDER-LAPI$.job
[2013/02/12 14:02:00 | 000,000,926 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-558466712-3617626307-4113048775-1000Core.job
[2013/02/12 12:06:00 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-558466712-3617626307-4113048775-1000Core.job
[2013/02/11 20:35:47 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/02/11 20:35:04 | 010,156,344 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Dharmender\Desktop\mbam-setup-1.70.0.1100.exe
[2013/02/11 19:40:02 | 000,001,070 | ---- | M] () -- C:\Users\Public\Desktop\Driver Identifier.lnk
[2013/02/11 19:39:52 | 000,946,425 | ---- | M] (DriverIdentifier ) -- C:\Users\Dharmender\Desktop\driveridentifier_setup.exe
[2013/02/11 18:31:23 | 000,001,167 | ---- | M] () -- C:\Users\Dharmender\Desktop\Driver Genius.lnk
[2013/02/11 17:26:50 | 000,000,454 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Registration3.job
[2013/02/11 17:26:37 | 000,001,161 | ---- | M] () -- C:\Users\Dharmender\Desktop\SpeedyPC Pro.lnk
[2013/02/11 17:26:37 | 000,000,526 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Update Version3 Startup Task.job
[2013/02/11 17:26:37 | 000,000,474 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Update Version3.job
[2013/02/11 17:26:37 | 000,000,430 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Pro.job
[2013/02/11 17:25:57 | 004,928,240 | ---- | M] (SpeedyPC Software) -- C:\Users\Dharmender\Desktop\SpeedyPC Pro Installer.exe
[2013/02/11 12:02:40 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2013/02/10 19:41:49 | 000,821,938 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/02/10 19:41:49 | 000,693,060 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/02/10 19:41:49 | 000,130,564 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/02/09 12:56:18 | 000,000,078 | ---- | M] () -- C:\Users\Dharmender\Documents\USBOblivion-64-DHARMENDER-LAPI-130209-125617.reg
[2013/02/09 12:56:04 | 001,190,722 | ---- | M] () -- C:\Users\Dharmender\Documents\USBOblivion-64-DHARMENDER-LAPI-130209-125601.reg
[2013/02/08 16:03:26 | 002,495,532 | ---- | M] () -- C:\Users\Dharmender\Documents\blood report.pdf
[2013/02/02 05:21:59 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForDharmender.job
[2013/01/28 14:27:26 | 000,027,161 | ---- | M] () -- C:\Users\Dharmender\Desktop\SEAFARER PROFILE.pdf
[2013/01/28 00:08:57 | 003,577,910 | ---- | M] () -- C:\Users\Dharmender\Desktop\dlp papers.pdf
[2013/01/27 23:39:01 | 000,043,268 | ---- | M] () -- C:\Users\Dharmender\Desktop\RediffMail.292121359313741.zip
[2013/01/27 19:23:56 | 000,072,253 | ---- | M] () -- C:\Users\Dharmender\Desktop\p1_img17.jpg
[2013/01/27 01:48:01 | 000,000,465 | ---- | M] () -- C:\Users\Dharmender\Documents\index.html
[2013/01/22 19:29:07 | 050,873,533 | ---- | M] () -- C:\Users\Dharmender\Desktop\Edward Maya & Vika Jigulina - Stereo Love (OFFICIAL HQ VIDEO) (Ultra Music).flv
[2013/01/18 16:31:47 | 000,004,096 | -H-- | M] () -- C:\Users\Dharmender\AppData\Local\keyfile3.drm
[2013/01/18 03:19:33 | 000,000,218 | ---- | M] () -- C:\Users\Dharmender\.recently-used.xbel
[2013/01/16 22:00:53 | 000,816,154 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/01/15 20:46:50 | 000,000,078 | ---- | M] () -- C:\Users\Dharmender\Documents\USBOblivion-64-DHARMENDER-LAPI-130115-204650.reg
[2013/01/15 20:46:21 | 000,000,078 | ---- | M] () -- C:\Users\Dharmender\Documents\USBOblivion-64-DHARMENDER-LAPI-130115-204619.reg
[2013/01/15 20:46:14 | 011,253,776 | ---- | M] () -- C:\Users\Dharmender\Documents\USBOblivion-64-DHARMENDER-LAPI-130115-204605.reg
[2013/01/15 20:45:04 | 000,273,298 | ---- | M] () -- C:\Users\Dharmender\Desktop\usboblivion64-1.9.0.0.zip
[2013/01/15 19:22:45 | 000,103,573 | ---- | M] () -- C:\Users\Dharmender\Desktop\usbdeview-x64.zip
[2013/01/15 18:38:55 | 000,058,404 | ---- | M] () -- C:\Users\Dharmender\Desktop\cc_20130115_183847.reg
[2013/01/15 17:58:38 | 000,089,825 | ---- | M] () -- C:\Users\Dharmender\Documents\Lal Bahadur Shastri College.pdf
[2013/01/15 17:58:18 | 000,097,770 | ---- | M] () -- C:\Users\Dharmender\Documents\Lal Bahadur Shastri College of Advanced Maritime Studies and Research.pdf
[2013/01/14 09:29:47 | 016,160,864 | ---- | M] () -- C:\Users\Dharmender\Desktop\DEEPSIDE DEEJAYS - LOOK INTO MY EYES [OFFICIAL SINGLE 2012].flv
[2013/01/14 09:15:04 | 031,871,637 | ---- | M] () -- C:\Users\Dharmender\Desktop\Deepside Deejays - Look Into My Eyes (Official Video).flv
[2013/01/14 08:46:12 | 000,002,215 | ---- | M] () -- C:\Users\Dharmender\Desktop\Google Chrome.lnk
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Users\Dharmender\Documents\*.tmp files -> C:\Users\Dharmender\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/02/12 19:35:57 | 000,000,079 | ---- | C] () -- C:\Users\Dharmender\Desktop\Huntersoft Free Download.url
[2013/02/12 19:35:55 | 000,001,006 | ---- | C] () -- C:\Users\Dharmender\Desktop\Unknown Device Identifier.lnk
[2013/02/12 18:53:41 | 000,545,363 | ---- | C] () -- C:\Users\Dharmender\Desktop\Autoruns.zip
[2013/02/11 20:35:47 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/02/11 19:40:02 | 000,001,070 | ---- | C] () -- C:\Users\Public\Desktop\Driver Identifier.lnk
[2013/02/11 18:31:23 | 000,001,167 | ---- | C] () -- C:\Users\Dharmender\Desktop\Driver Genius.lnk
[2013/02/11 17:26:50 | 000,000,454 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Registration3.job
[2013/02/11 17:26:37 | 000,001,161 | ---- | C] () -- C:\Users\Dharmender\Desktop\SpeedyPC Pro.lnk
[2013/02/11 17:26:37 | 000,000,526 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Update Version3 Startup Task.job
[2013/02/11 17:26:37 | 000,000,474 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Update Version3.job
[2013/02/11 17:26:37 | 000,000,430 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Pro.job
[2013/02/09 12:56:17 | 000,000,078 | ---- | C] () -- C:\Users\Dharmender\Documents\USBOblivion-64-DHARMENDER-LAPI-130209-125617.reg
[2013/02/09 12:56:01 | 001,190,722 | ---- | C] () -- C:\Users\Dharmender\Documents\USBOblivion-64-DHARMENDER-LAPI-130209-125601.reg
[2013/02/08 16:03:26 | 002,495,532 | ---- | C] () -- C:\Users\Dharmender\Documents\blood report.pdf
[2013/02/03 17:05:05 | 000,000,384 | -H-- | C] () -- C:\Windows\tasks\MagniPicUpdaterTask{C46438AF-54BE-486B-96DF-08E9B1042C46}.job
[2013/01/28 14:27:26 | 000,027,161 | ---- | C] () -- C:\Users\Dharmender\Desktop\SEAFARER PROFILE.pdf
[2013/01/27 23:39:00 | 000,043,268 | ---- | C] () -- C:\Users\Dharmender\Desktop\RediffMail.292121359313741.zip
[2013/01/27 23:11:39 | 003,577,910 | ---- | C] () -- C:\Users\Dharmender\Desktop\dlp papers.pdf
[2013/01/27 19:23:54 | 000,072,253 | ---- | C] () -- C:\Users\Dharmender\Desktop\p1_img17.jpg
[2013/01/27 01:48:01 | 000,000,465 | ---- | C] () -- C:\Users\Dharmender\Documents\index.html
[2013/01/22 19:28:57 | 050,873,533 | ---- | C] () -- C:\Users\Dharmender\Desktop\Edward Maya & Vika Jigulina - Stereo Love (OFFICIAL HQ VIDEO) (Ultra Music).flv
[2013/01/18 16:31:47 | 000,004,096 | -H-- | C] () -- C:\Users\Dharmender\AppData\Local\keyfile3.drm
[2013/01/18 03:19:33 | 000,000,218 | ---- | C] () -- C:\Users\Dharmender\.recently-used.xbel
[2013/01/15 20:46:50 | 000,000,078 | ---- | C] () -- C:\Users\Dharmender\Documents\USBOblivion-64-DHARMENDER-LAPI-130115-204650.reg
[2013/01/15 20:46:19 | 000,000,078 | ---- | C] () -- C:\Users\Dharmender\Documents\USBOblivion-64-DHARMENDER-LAPI-130115-204619.reg
[2013/01/15 20:46:05 | 011,253,776 | ---- | C] () -- C:\Users\Dharmender\Documents\USBOblivion-64-DHARMENDER-LAPI-130115-204605.reg
[2013/01/15 20:45:01 | 000,273,298 | ---- | C] () -- C:\Users\Dharmender\Desktop\usboblivion64-1.9.0.0.zip
[2013/01/15 19:22:41 | 000,103,573 | ---- | C] () -- C:\Users\Dharmender\Desktop\usbdeview-x64.zip
[2013/01/15 18:38:52 | 000,058,404 | ---- | C] () -- C:\Users\Dharmender\Desktop\cc_20130115_183847.reg
[2013/01/15 17:58:38 | 000,089,825 | ---- | C] () -- C:\Users\Dharmender\Documents\Lal Bahadur Shastri College.pdf
[2013/01/15 17:58:18 | 000,097,770 | ---- | C] () -- C:\Users\Dharmender\Documents\Lal Bahadur Shastri College of Advanced Maritime Studies and Research.pdf
[2013/01/14 09:29:27 | 016,160,864 | ---- | C] () -- C:\Users\Dharmender\Desktop\DEEPSIDE DEEJAYS - LOOK INTO MY EYES [OFFICIAL SINGLE 2012].flv
[2013/01/14 09:14:44 | 031,871,637 | ---- | C] () -- C:\Users\Dharmender\Desktop\Deepside Deejays - Look Into My Eyes (Official Video).flv
[2013/01/12 11:50:35 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2013/01/12 11:50:00 | 000,000,068 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat
[2013/01/01 02:28:59 | 000,816,154 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/12/21 16:45:34 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2012/12/08 17:24:35 | 000,000,000 | ---- | C] () -- C:\Users\Dharmender\set
[2012/08/13 04:34:08 | 000,000,632 | RHS- | C] () -- C:\Users\Dharmender\ntuser.pol
[2012/07/14 15:08:53 | 000,000,190 | ---- | C] () -- C:\Windows\pdf2word.INI
[2012/07/04 10:04:16 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/07/04 10:04:16 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/04/18 19:39:10 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/01/28 23:44:39 | 000,000,058 | ---- | C] () -- C:\Windows\nfsc_patch.ini
[2011/09/04 07:00:45 | 000,131,072 | ---- | C] () -- C:\Windows\SNVerifyDLL.dll
[2011/08/05 01:59:49 | 001,774,720 | ---- | C] () -- C:\Windows\SysWow64\BootMan.exe
[2011/08/05 01:59:49 | 000,014,848 | ---- | C] () -- C:\Windows\SysWow64\EuEpmGdi.dll
[2011/08/05 01:59:48 | 000,086,408 | ---- | C] () -- C:\Windows\SysWow64\setupempdrv03.exe
[2011/08/05 01:59:48 | 000,014,216 | ---- | C] () -- C:\Windows\SysWow64\epmntdrv.sys
[2011/08/05 01:59:48 | 000,008,456 | ---- | C] () -- C:\Windows\SysWow64\EuGdiDrv.sys
[2010/12/03 10:26:18 | 000,010,752 | ---- | C] () -- C:\Users\Dharmender\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/17 04:17:22 | 000,000,118 | ---- | C] () -- C:\Users\Dharmender\AppData\Roaming\wklnhst.dat
[2010/08/29 22:05:09 | 000,007,621 | ---- | C] () -- C:\Users\Dharmender\AppData\Local\resmon.resmoncfg

========== ZeroAccess Check ==========

[2009/07/14 09:25:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 10:13:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 09:11:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 06:10:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 16:49:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 06:11:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2010/11/26 01:57:34 | 000,000,000 | ---D | M] -- C:\Users\Dharmender\AppData\Roaming\AnvSoft
[2013/01/26 02:35:25 | 000,000,000 | ---D | M] -- C:\Users\Dharmender\AppData\Roaming\ApexDC++
[2012/03/21 08:30:46 | 000,000,000 | ---D | M] -- C:\Users\Dharmender\AppData\Roaming\Babylon
[2013/02/12 16:35:47 | 000,000,000 | ---D | M] -- C:\Users\Dharmender\AppData\Roaming\BitTorrent
[2011/12/05 16:22:13 | 000,000,000 | ---D | M] -- C:\Users\Dharmender\AppData\Roaming\Complitly
[2010/11/17 15:14:05 | 000,000,000 | ---D | M] -- C:\Users\Dharmender\AppData\Roaming\DAEMON Tools Pro
[2013/02/11 17:26:42 | 000,000,000 | ---D | M] -- C:\Users\Dharmender\AppData\Roaming\DriverCure
[2013/01/01 22:12:12 | 000,000,000 | ---D | M] -- C:\Users\Dharmender\AppData\Roaming\driveridentifier
[2013/02/07 15:52:03 | 000,000,000 | ---D | M] -- C:\Users\Dharmender\AppData\Roaming\Epic
[2010/12/02 23:04:13 | 000,000,000 | ---D | M] -- C:\Users\Dharmender\AppData\Roaming\Faerie Solitaire
[2012/12/30 01:23:48 | 000,000,000 | ---D | M] -- C:\Users\Dharmender\AppData\Roaming\FVDIEPlugin
[2013/01/18 02:37:58 | 000,000,000 | ---D | M] -- C:\Users\Dharmender\AppData\Roaming\gtk-2.0
[2013/01/18 03:33:02 | 000,000,000 | ---D | M] -- C:\Users\Dharmender\AppData\Roaming\Jasc
[2011/07/14 03:02:59 | 000,000,000 | ---D | M] -- C:\Users\Dharmender\AppData\Roaming\Leadertech
[2010/12/12 15:53:19 | 000,000,000 | ---D | M] -- C:\Users\Dharmender\AppData\Roaming\LG Electronics
[2012/04/15 14:10:44 | 000,000,000 | ---D | M] -- C:\Users\Dharmender\AppData\Roaming\Media Finder
[2012/02/28 08:57:18 | 000,000,000 | ---D | M] -- C:\Users\Dharmender\AppData\Roaming\Nokia
[2012/02/17 21:38:19 | 000,000,000 | ---D | M] -- C:\Users\Dharmender\AppData\Roaming\Nokia Ovi Suite
[2011/11/16 19:52:17 | 000,000,000 | ---D | M] -- C:\Users\Dharmender\AppData\Roaming\ooVoo Details
[2011/11/26 18:07:37 | 000,000,000 | ---D | M] -- C:\Users\Dharmender\AppData\Roaming\PC Suite
[2013/02/05 14:38:47 | 000,000,000 | ---D | M] -- C:\Users\Dharmender\AppData\Roaming\Registry Mechanic
[2010/11/26 01:34:26 | 000,000,000 | ---D | M] -- C:\Users\Dharmender\AppData\Roaming\Softplicity
[2013/02/11 17:26:42 | 000,000,000 | ---D | M] -- C:\Users\Dharmender\AppData\Roaming\SpeedyPC Software
[2012/01/27 09:40:59 | 000,000,000 | ---D | M] -- C:\Users\Dharmender\AppData\Roaming\Starbreeze
[2010/12/15 22:33:05 | 000,000,000 | ---D | M] -- C:\Users\Dharmender\AppData\Roaming\Template
[2011/03/28 23:35:04 | 000,000,000 | ---D | M] -- C:\Users\Dharmender\AppData\Roaming\TeraCopy
[2010/12/02 10:36:21 | 000,000,000 | ---D | M] -- C:\Users\Dharmender\AppData\Roaming\Wildfire
[2010/08/24 18:35:13 | 000,000,000 | ---D | M] -- C:\Users\Dharmender\AppData\Roaming\WildTangent
[2010/12/02 22:41:10 | 000,000,000 | ---D | M] -- C:\Users\Dharmender\AppData\Roaming\WildTangentv1001
[2010/12/02 22:03:29 | 000,000,000 | ---D | M] -- C:\Users\Dharmender\AppData\Roaming\WildTangentv1002
[2012/11/19 22:02:05 | 000,000,000 | ---D | M] -- C:\Users\Dharmender\AppData\Roaming\Windows Live Writer
[2012/12/26 16:39:33 | 000,000,000 | ---D | M] -- C:\Users\Dharmender\AppData\Roaming\Youtube Downloader HD
[2013/01/12 11:50:34 | 000,000,000 | ---D | M] -- C:\Users\Dharmender\AppData\Roaming\_MDLogs

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 170 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 161 bytes -> C:\ProgramData\Temp:FB1B13D8
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:D1B5B4F1

< End of report >
  • 0

#3
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,989 posts
Hello dkyd30,

Welcome to the Malware forum.

Note: Unless otherwise instructed always post the logs in the forum. :)

Please download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Put a checkmark beside loaded modules.

    Posted Image
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.

    Posted Image

    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
After that

Please download ComboFix from one of this location:

Link

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.

  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal.
  • ComboFix may reboot your machine. This is normal too.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

So when you return please post
  • log.txt from TDSSKiller
  • ComboFix.txt

  • 0

#4
dkyd30

dkyd30

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Thanks for helping me.

In TDSSKiller I followed your steps & I did not get cure option so I skipped the threats.

And here are the logs of TDSSKiller & Combofix:

Attached Files


Edited by dkyd30, 15 February 2013 - 10:07 AM.

  • 0

#5
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,989 posts
Please download AdwCleaner from here to your desktop
  • Click on the green downward facing arrow on the right to commence download.
  • Run AdwCleaner and select Delete

Posted Image

Once done it will ask to reboot, allow this.

On reboot a log will be produced please post that back here.

Next

  • Close all windows and open OTL again.
  • Click Run Scan and let the program run uninterrupted
  • It will produce a log for you. Post the log here.
Note: If the log doesn't appear where you saved OTL when you downloaded it then a copy of the OTL log is saved in a text file at

So when you return please post
  • AdwCleaner log
  • OTL.txt

  • 0

#6
dkyd30

dkyd30

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Here are the logs:

Attached Files


  • 0

#7
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,989 posts
# AdwCleaner v2.112 - Logfile created 02/16/2013 at 01:45:24
# Updated 10/02/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Dharmender - DHARMENDER-LAPI
# Boot Mode : Normal
# Running from : C:\Users\Dharmender\Desktop\adwcleaner0.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Found : C:\user.js
File Found : C:\Windows\SysWOW64\conduitEngine.tmp
Folder Found : C:\Program Files (x86)\ConduitEngine
Folder Found : C:\Program Files (x86)\Freecorder
Folder Found : C:\Program Files (x86)\Mozilla Firefox\Extensions\[email protected]
Folder Found : C:\ProgramData\Babylon
Folder Found : C:\ProgramData\clsoft ltd
Folder Found : C:\ProgramData\InstallMate
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Finder
Folder Found : C:\ProgramData\Premium
Folder Found : C:\ProgramData\Tarma Installer
Folder Found : C:\Users\Dharmender\AppData\Local\Conduit
Folder Found : C:\Users\Dharmender\AppData\Local\Ilivid Player
Folder Found : C:\Users\Dharmender\AppData\Roaming\Babylon
Folder Found : C:\Users\Dharmender\AppData\Roaming\Complitly
Folder Found : C:\Users\Dharmender\AppData\Roaming\Media Finder
Folder Found : C:\Users\Dharmender\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freecorder
Folder Found : C:\Users\Dharmender\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected]
Folder Found : C:\Windows\Freecorder

***** [Registry] *****

Key Found : HKCU\Software\1ClickDownload
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\conduitEngine
Key Found : HKCU\Software\AppDataLow\Software\conduitEngine
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\AppDataLow\Software\Freecorder
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\AppDataLow\SProtector
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\Ask&Record
Key Found : HKCU\Software\Complitly
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Freecorder
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\MediaFinder
Key Found : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7A89A7E3-6ADD-4EF9-8EE7-A3C3B7D83BB0}
Key Found : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Download with &Media Finder
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A5B74289-24E0-42E3-A577-D760610AF64C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A5B74289-24E0-42E3-A577-D760610AF64C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\StartSearch
Key Found : HKCU\Software\5e578ddee73bbe12
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}
Key Found : HKLM\Software\Babylon
Key Found : HKLM\SOFTWARE\Classes\AppID\{3A188115-B81B-48F2-A958-F974C8F3F309}
Key Found : HKLM\SOFTWARE\Classes\AppID\{442F13BC-2031-42D5-9520-437F65271153}
Key Found : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}
Key Found : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Found : HKLM\SOFTWARE\Classes\AppID\Complitly.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\SMBarBroker.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Found : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Found : HKLM\SOFTWARE\Classes\MF
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\SMBarBroker.SMBarDealer
Key Found : HKLM\SOFTWARE\Classes\SMBarBroker.SMBarDealer.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT1060933
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT1547340
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{01BCB858-2F62-4F06-A8F4-48F927C15333}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2D9B1B31-D034-4738-8F6E-40F0AFCC742C}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{92E5039E-FF1E-4AFB-8F24-87592D20C383}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\conduitEngine
Key Found : HKLM\Software\conduitEngine
Key Found : HKLM\Software\DataMngr
Key Found : HKLM\Software\Freecorder
Key Found : HKLM\Software\Freeze.com
Key Found : HKLM\Software\Iminent
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKLM\Software\SimplyGen
Key Found : HKLM\Software\SP Global
Key Found : HKLM\Software\SProtector
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{43769158-3B03-4932-8D8A-8F0F344BF024}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A5B74289-24E0-42E3-A577-D760610AF64C}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{78CE34FD-F6D4-4866-B79C-A37268D06A04}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{80904944-C726-4C7D-A452-3FFF2A882095}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlfienamagdnkekbbbocojppncdambda
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jplinpmadfkdgipabgcdchbdikologlh
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lpmkgpnbiojfaoklbkpfneikocaobfai
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E567DF21-C356-40F9-88D7-7B0BBE211BC6}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1392B8D2-5C05-419F-A8F6-B9F15A596612}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Freecorder Toolbar
Key Found : HKLM\SOFTWARE\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Found : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{78CE34FD-F6D4-4866-B79C-A37268D06A04}
Key Found : HKLM\SOFTWARE\Classes\Interface\{80904944-C726-4C7D-A452-3FFF2A882095}
Key Found : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar
Key Found : HKU\S-1-5-21-558466712-3617626307-4113048775-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKU\S-1-5-21-558466712-3617626307-4113048775-1000\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{1392B8D2-5C05-419F-A8F6-B9F15A596612}]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{1392B8D2-5C05-419F-A8F6-B9F15A596612}]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://searchab.com/?aff=7&uid=e84a4032-6dfd-11e2-b863-d8d38530c108

-\\ Google Chrome v24.0.1312.57

File : C:\Users\Dharmender\AppData\Local\Google\Chrome\User Data\Default\Preferences

Found [l.17] : homepage = "hxxp://searchab.com/?aff=7&uid=e84a4032-6dfd-11e2-b863-d8d38530c108",
Found [l.100] : keyword = "searchab.com",
Found [l.103] : search_url = "hxxp://searchab.com/?aff=7&uid=e84a4032-6dfd-11e2-b863-d8d38530c108&q={searchTerms}",
Found [l.2179] : homepage = "hxxp://searchab.com/?aff=7&uid=e84a4032-6dfd-11e2-b863-d8d38530c108",

*************************

AdwCleaner[R1].txt - [13774 octets] - [16/02/2013 01:45:24]

########## EOF - C:\AdwCleaner[R1].txt - [13835 octets] ##########

---------------------------------------------------------

# AdwCleaner v2.112 - Logfile created 02/16/2013 at 01:47:56
# Updated 10/02/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Dharmender - DHARMENDER-LAPI
# Boot Mode : Normal
# Running from : C:\Users\Dharmender\Desktop\adwcleaner0.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\ProgramData\Premium
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Deleted : C:\user.js
File Deleted : C:\Windows\SysWOW64\conduitEngine.tmp
Folder Deleted : C:\Program Files (x86)\ConduitEngine
Folder Deleted : C:\Program Files (x86)\Freecorder
Folder Deleted : C:\Program Files (x86)\Mozilla Firefox\Extensions\[email protected]
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\clsoft ltd
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Finder
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Users\Dharmender\AppData\Local\Conduit
Folder Deleted : C:\Users\Dharmender\AppData\Local\Ilivid Player
Folder Deleted : C:\Users\Dharmender\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Dharmender\AppData\Roaming\Complitly
Folder Deleted : C:\Users\Dharmender\AppData\Roaming\Media Finder
Folder Deleted : C:\Users\Dharmender\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freecorder
Folder Deleted : C:\Users\Dharmender\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected]
Folder Deleted : C:\Windows\Freecorder

***** [Registry] *****

Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\conduitEngine
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\Freecorder
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\SProtector
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\Ask&Record
Key Deleted : HKCU\Software\Complitly
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Freecorder
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\MediaFinder
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7A89A7E3-6ADD-4EF9-8EE7-A3C3B7D83BB0}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Download with &Media Finder
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A5B74289-24E0-42E3-A577-D760610AF64C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A5B74289-24E0-42E3-A577-D760610AF64C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\StartSearch
Key Deleted : HKCU\Software\5e578ddee73bbe12
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3A188115-B81B-48F2-A958-F974C8F3F309}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{442F13BC-2031-42D5-9520-437F65271153}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Complitly.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\SMBarBroker.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\MF
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\SMBarBroker.SMBarDealer
Key Deleted : HKLM\SOFTWARE\Classes\SMBarBroker.SMBarDealer.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1060933
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1547340
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{01BCB858-2F62-4F06-A8F4-48F927C15333}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2D9B1B31-D034-4738-8F6E-40F0AFCC742C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92E5039E-FF1E-4AFB-8F24-87592D20C383}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\conduitEngine
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\Freecorder
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\Software\SimplyGen
Key Deleted : HKLM\Software\SP Global
Key Deleted : HKLM\Software\SProtector
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{43769158-3B03-4932-8D8A-8F0F344BF024}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A5B74289-24E0-42E3-A577-D760610AF64C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{78CE34FD-F6D4-4866-B79C-A37268D06A04}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{80904944-C726-4C7D-A452-3FFF2A882095}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlfienamagdnkekbbbocojppncdambda
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jplinpmadfkdgipabgcdchbdikologlh
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lpmkgpnbiojfaoklbkpfneikocaobfai
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E567DF21-C356-40F9-88D7-7B0BBE211BC6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1392B8D2-5C05-419F-A8F6-B9F15A596612}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Freecorder Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{78CE34FD-F6D4-4866-B79C-A37268D06A04}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{80904944-C726-4C7D-A452-3FFF2A882095}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{1392B8D2-5C05-419F-A8F6-B9F15A596612}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{1392B8D2-5C05-419F-A8F6-B9F15A596612}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://searchab.com/?aff=7&uid=e84a4032-6dfd-11e2-b863-d8d38530c108 --> hxxp://www.google.com

-\\ Google Chrome v24.0.1312.57

File : C:\Users\Dharmender\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.17] : homepage = "hxxp://searchab.com/?aff=7&uid=e84a4032-6dfd-11e2-b863-d8d38530c108",
Deleted [l.100] : keyword = "searchab.com",
Deleted [l.103] : search_url = "hxxp://searchab.com/?aff=7&uid=e84a4032-6dfd-11e2-b863-d8d38530c108&q={searchTe[...]
Deleted [l.2179] : homepage = "hxxp://searchab.com/?aff=7&uid=e84a4032-6dfd-11e2-b863-d8d38530c108",

*************************

AdwCleaner[R1].txt - [13875 octets] - [16/02/2013 01:45:24]
AdwCleaner[S1].txt - [13100 octets] - [16/02/2013 01:47:56]

########## EOF - C:\AdwCleaner[S1].txt - [13161 octets] ##########
  • 0

#8
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,989 posts
OTL logfile created on: 2/16/2013 1:52:39 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dharmender\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 2.49 Gb Available Physical Memory | 66.45% Memory free
7.49 Gb Paging File | 6.16 Gb Available in Paging File | 82.30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 282.21 Gb Total Space | 16.49 Gb Free Space | 5.84% Space Free | Partition Type: NTFS
Drive D: | 15.59 Gb Total Space | 2.20 Gb Free Space | 14.12% Space Free | Partition Type: NTFS
Drive E: | 99.34 Mb Total Space | 93.06 Mb Free Space | 93.68% Space Free | Partition Type: FAT32

Computer Name: DHARMENDER-LAPI | User Name: Dharmender | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/02/12 20:06:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dharmender\Desktop\OTL.exe
PRC - [2012/12/18 18:58:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/12/17 19:50:28 | 016,328,976 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/12/04 14:09:26 | 000,235,008 | ---- | M] () -- C:\ProgramData\Premium\MagniPic\MagniPic.exe
PRC - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) -- C:\Program Files (x86)\Skype\Updater\Updater.exe
PRC - [2012/01/03 17:40:50 | 000,815,512 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2011/03/28 16:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2010/04/23 12:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2010/04/23 12:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2010/04/23 12:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2010/04/12 13:10:16 | 000,180,224 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
PRC - [2010/03/13 08:41:34 | 000,338,168 | -H-- | M] (DeviceVM, Inc.) -- C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe
PRC - [2010/02/27 03:57:16 | 000,127,984 | ---- | M] (CinemaNow, Inc.) -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe


========== Modules (No Company Name) ==========

MOD - [2013/02/16 01:50:53 | 001,024,616 | ---- | M] () -- C:\Users\Dharmender\AppData\Local\Temp\_MEI35842\windows._cacheinvalidation.pyd
MOD - [2013/02/16 01:50:53 | 000,792,576 | ---- | M] () -- C:\Users\Dharmender\AppData\Local\Temp\_MEI35842\wx._gdi_.pyd
MOD - [2013/02/16 01:50:53 | 000,731,136 | ---- | M] () -- C:\Users\Dharmender\AppData\Local\Temp\_MEI35842\wx._misc_.pyd
MOD - [2013/02/16 01:50:53 | 000,571,392 | ---- | M] () -- C:\Users\Dharmender\AppData\Local\Temp\_MEI35842\pysqlite2._sqlite.pyd
MOD - [2013/02/16 01:50:53 | 000,354,304 | ---- | M] () -- C:\Users\Dharmender\AppData\Local\Temp\_MEI35842\pythoncom26.dll
MOD - [2013/02/16 01:50:53 | 000,263,168 | ---- | M] () -- C:\Users\Dharmender\AppData\Local\Temp\_MEI35842\win32com.shell.shell.pyd
MOD - [2013/02/16 01:50:53 | 000,153,088 | ---- | M] () -- C:\Users\Dharmender\AppData\Local\Temp\_MEI35842\pyexpat.pyd
MOD - [2013/02/16 01:50:53 | 000,110,592 | ---- | M] () -- C:\Users\Dharmender\AppData\Local\Temp\_MEI35842\PyWinTypes26.dll
MOD - [2013/02/16 01:50:53 | 000,096,256 | ---- | M] () -- C:\Users\Dharmender\AppData\Local\Temp\_MEI35842\win32api.pyd
MOD - [2013/02/16 01:50:53 | 000,086,016 | ---- | M] () -- C:\Users\Dharmender\AppData\Local\Temp\_MEI35842\_elementtree.pyd
MOD - [2013/02/16 01:50:53 | 000,073,728 | ---- | M] () -- C:\Users\Dharmender\AppData\Local\Temp\_MEI35842\_ctypes.pyd
MOD - [2013/02/16 01:50:53 | 000,070,656 | ---- | M] () -- C:\Users\Dharmender\AppData\Local\Temp\_MEI35842\wx._html2.pyd
MOD - [2013/02/16 01:50:53 | 000,040,448 | ---- | M] () -- C:\Users\Dharmender\AppData\Local\Temp\_MEI35842\_socket.pyd
MOD - [2013/02/16 01:50:53 | 000,023,040 | ---- | M] () -- C:\Users\Dharmender\AppData\Local\Temp\_MEI35842\win32ts.pyd
MOD - [2013/02/16 01:50:53 | 000,017,920 | ---- | M] () -- C:\Users\Dharmender\AppData\Local\Temp\_MEI35842\win32profile.pyd
MOD - [2013/02/16 01:50:53 | 000,011,776 | ---- | M] () -- C:\Users\Dharmender\AppData\Local\Temp\_MEI35842\win32crypt.pyd
MOD - [2013/02/16 01:50:52 | 001,169,408 | ---- | M] () -- C:\Users\Dharmender\AppData\Local\Temp\_MEI35842\wx._core_.pyd
MOD - [2013/02/16 01:50:52 | 001,056,256 | ---- | M] () -- C:\Users\Dharmender\AppData\Local\Temp\_MEI35842\wx._controls_.pyd
MOD - [2013/02/16 01:50:52 | 000,807,424 | ---- | M] () -- C:\Users\Dharmender\AppData\Local\Temp\_MEI35842\wx._windows_.pyd
MOD - [2013/02/16 01:50:52 | 000,645,120 | ---- | M] () -- C:\Users\Dharmender\AppData\Local\Temp\_MEI35842\_ssl.pyd
MOD - [2013/02/16 01:50:52 | 000,311,808 | ---- | M] () -- C:\Users\Dharmender\AppData\Local\Temp\_MEI35842\_hashlib.pyd
MOD - [2013/02/16 01:50:52 | 000,121,856 | ---- | M] () -- C:\Users\Dharmender\AppData\Local\Temp\_MEI35842\wx._wizard.pyd
MOD - [2013/02/16 01:50:52 | 000,111,104 | ---- | M] () -- C:\Users\Dharmender\AppData\Local\Temp\_MEI35842\win32file.pyd
MOD - [2013/02/16 01:50:52 | 000,110,592 | ---- | M] () -- C:\Users\Dharmender\AppData\Local\Temp\_MEI35842\win32security.pyd
MOD - [2013/02/16 01:50:52 | 000,039,424 | ---- | M] () -- C:\Users\Dharmender\AppData\Local\Temp\_MEI35842\win32inet.pyd
MOD - [2013/02/16 01:50:52 | 000,036,352 | ---- | M] () -- C:\Users\Dharmender\AppData\Local\Temp\_MEI35842\win32process.pyd
MOD - [2013/02/16 01:50:52 | 000,022,528 | ---- | M] () -- C:\Users\Dharmender\AppData\Local\Temp\_MEI35842\win32pdh.pyd
MOD - [2013/02/16 01:50:52 | 000,017,920 | ---- | M] () -- C:\Users\Dharmender\AppData\Local\Temp\_MEI35842\win32event.pyd
MOD - [2013/02/16 01:50:51 | 000,585,728 | ---- | M] () -- C:\Users\Dharmender\AppData\Local\Temp\_MEI35842\unicodedata.pyd
MOD - [2013/02/16 01:50:51 | 000,011,776 | ---- | M] () -- C:\Users\Dharmender\AppData\Local\Temp\_MEI35842\select.pyd
MOD - [2010/02/22 22:49:10 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MOD - [2010/02/22 22:49:08 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
MOD - [2010/02/22 22:49:08 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/07/04 01:36:06 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2011/05/13 17:58:10 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2010/09/20 00:56:00 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/02/01 13:59:34 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_471277d5d45019ea\stacsv64.exe -- (STacSV)
SRV:64bit: - [2010/01/28 01:31:04 | 000,102,968 | ---- | M] (Hewlett-Packard) [Auto | Stopped] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV:64bit: - [2010/01/19 02:34:08 | 000,020,480 | ---- | M] () [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV:64bit: - [2009/07/14 06:11:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/03/03 15:12:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_471277d5d45019ea\AESTSr64.exe -- (AESTFilters)
SRV - [2013/01/29 21:09:25 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/18 18:58:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/01/04 12:32:36 | 000,718,888 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011/09/09 16:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/03/28 16:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/11/20 16:49:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/11/20 16:49:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/11/20 16:48:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/15 07:20:36 | 001,142,224 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2010/03/13 08:41:34 | 000,338,168 | -H-- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe -- (DvmMDES)
SRV - [2010/03/11 06:39:22 | 000,366,840 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2010/02/27 03:57:16 | 000,127,984 | ---- | M] (CinemaNow, Inc.) [Auto | Running] -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -- (CinemaNow Service)
SRV - [2010/02/01 13:59:34 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_471277d5d45019ea\STacSV64.exe -- (STacSV)
SRV - [2010/01/04 22:33:42 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/06/11 01:53:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/03 15:12:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_471277d5d45019ea\AESTSr64.exe -- (AESTFilters)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/12/27 01:26:12 | 000,805,088 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2012/12/21 04:24:48 | 003,837,440 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/08/23 18:40:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 18:37:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/06/05 13:45:16 | 000,237,968 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2012/03/05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.1)
DRV:64bit: - [2012/03/01 11:16:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/23 17:02:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/02/02 20:53:16 | 000,123,648 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qcusbser.sys -- (qcusbser)
DRV:64bit: - [2011/12/09 17:31:52 | 000,043,128 | ---- | M] (MediaTek Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb2ser.sys -- (wdf_usb)
DRV:64bit: - [2011/11/01 09:07:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2011/11/01 09:07:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2011/11/01 09:07:24 | 000,171,008 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys -- (nmwcdnsux64)
DRV:64bit: - [2011/11/01 09:07:24 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2011/11/01 09:07:24 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2011/11/01 09:07:24 | 000,012,800 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsucx64.sys -- (nmwcdnsucx64)
DRV:64bit: - [2011/10/14 03:37:44 | 000,396,848 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/05/13 17:58:16 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2011/05/13 17:57:58 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2011/03/11 11:11:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 11:11:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 18:03:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 15:19:51 | 000,146,432 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rmcast.sys -- (RMCAST)
DRV:64bit: - [2010/11/20 15:13:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010/11/20 14:07:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/17 15:20:52 | 000,828,912 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/09/20 01:14:16 | 007,767,552 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/09/20 00:21:04 | 000,279,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/07/15 11:14:20 | 000,016,776 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\epmntdrv.sys -- (epmntdrv)
DRV:64bit: - [2010/07/15 11:14:20 | 000,009,096 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\EuGdiDrv.sys -- (EuGdiDrv)
DRV:64bit: - [2010/04/12 13:25:00 | 000,091,568 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2010/03/29 05:36:06 | 000,233,488 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PCTCore64.sys -- (PCTCore)
DRV:64bit: - [2010/02/18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2010/02/01 13:59:34 | 000,505,856 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2010/01/30 08:00:10 | 000,020,056 | -H-- | M] (DeviceVM, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dvmio.sys -- (DVMIO)
DRV:64bit: - [2010/01/28 22:03:38 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/12/22 13:56:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/10/12 15:23:22 | 000,114,304 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbdev.sys -- (hwusbdev)
DRV:64bit: - [2009/09/10 15:31:56 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2009/08/24 06:25:32 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2009/08/18 02:28:58 | 000,040,448 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2009/07/14 06:22:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 06:18:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 06:15:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 04:39:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/06/11 01:31:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/11 01:31:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/11 01:31:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/11 01:07:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/11 01:05:35 | 000,620,544 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2009/06/11 01:05:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/11 01:05:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/06/11 01:04:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 01:04:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 01:04:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 01:01:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/08/28 10:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV - [2010/07/15 11:14:20 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\epmntdrv.sys -- (epmntdrv)
DRV - [2010/07/15 11:14:20 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2009/07/14 05:49:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{8DFE5CA6-2CEB-4F22-8C98-0F17CE517BC5}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{A04C3759-88D5-45F4-94F2-322E3D8D0C89}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
IE - HKLM\..\SearchScopes\{F8305D7D-CF69-465a-9003-813C6013A702}: "URL" = http://x2t.com/search/?q={searchTerms}
IE - HKLM\..\SearchScopes\{F8305D7D-CF79-465a-9003-813C6013A702}: "URL" = http://x2t.com/search/?q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{1BE8EA86-0FAC-4CC3-98DC-B96026CC67AA}: "URL" = http://www.ant.com/s...q={searchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7GPCK_enIN405
IE - HKCU\..\SearchScopes\{8DFE5CA6-2CEB-4F22-8C98-0F17CE517BC5}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{A04C3759-88D5-45F4-94F2-322E3D8D0C89}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
IE - HKCU\..\SearchScopes\{A201FE76-E8B0-4A50-B9EE-65E07DB103F8}: "URL" = http://www.claro-sea...000224ce5b4e5c7
IE - HKCU\..\SearchScopes\{F8305D7D-CF69-465a-9003-813C6013A702}: "URL" = http://x2t.com/search/?q={searchTerms}
IE - HKCU\..\SearchScopes\{F8305D7D-CF79-465a-9003-813C6013A702}: "URL" = http://x2t.com/search/?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=4.0: C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0369.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Users\Dharmender\AppData\Local\HuluDesktop\instances\0.9.14.1\nphdplg.dll (Hulu LLC)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Dharmender\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Dharmender\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Dharmender\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Dharmender\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Dharmender\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0369.0\Firefox [2010/05/27 10:07:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/11/13 16:56:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_3.6 [2012/02/28 08:55:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\fbphotozoom\fbphotozoom15.xpi
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013/01/06 17:19:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0 [2012/02/28 08:55:35 | 000,000,000 | ---D | M]

[2010/11/13 03:56:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dharmender\AppData\Roaming\Mozilla\Extensions
[2013/02/16 01:48:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Privitize VPN (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Dharmender\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Dharmender\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Dharmender\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: MSN\u00AE Toolbar (Enabled) = C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0369.0\npwinext.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Dharmender\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Hulu Desktop (Enabled) = C:\Users\Dharmender\AppData\Local\HuluDesktop\instances\0.9.14.1\nphdplg.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: WinToFlash Suggestor = C:\Users\Dharmender\AppData\Local\Google\Chrome\User Data\Default\Extensions\acaoakiamfeidcmgooclgeleejkbaecf\1.2.5_0\
CHR - Extension: Entanglement = C:\Users\Dharmender\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: HP Product Detection Plugin = C:\Users\Dharmender\AppData\Local\Google\Chrome\User Data\Default\Extensions\aelbknmfcacjffmgnoaaonhgoghlmlkp\1.0.19.2_0\
CHR - Extension: Turn Off the Lights = C:\Users\Dharmender\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn\2.1.0.30_0\
CHR - Extension: Fun Switcher = C:\Users\Dharmender\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddeoimiimmmfddbiggnbipkjomlalanb\0.0.0.3_0\
CHR - Extension: Easy Clock = C:\Users\Dharmender\AppData\Local\Google\Chrome\User Data\Default\Extensions\dplbpgapoedppajbikieafefmcceaagn\9.0.6_0\
CHR - Extension: AdBlock = C:\Users\Dharmender\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.58_0\
CHR - Extension: Jagran - India No.1 Hindi News Daily = C:\Users\Dharmender\AppData\Local\Google\Chrome\User Data\Default\Extensions\inolmjbojghkehmmlbdmpdlmagalddni\5.4_0\
CHR - Extension: Word Matki = C:\Users\Dharmender\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdejimdghbgmnnklpogihdcpcbdnbadm\0.3_0\
CHR - Extension: Break The Wall = C:\Users\Dharmender\AppData\Local\Google\Chrome\User Data\Default\Extensions\klhfgnobmdkblmbdahcnpajbjnfmknpn\1.5_0\
CHR - Extension: Cute Kitten 2 = C:\Users\Dharmender\AppData\Local\Google\Chrome\User Data\Default\Extensions\knhilgggnegappnkfbeaeeiioopeamlc\1_0\
CHR - Extension: Poppit = C:\Users\Dharmender\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: MagniPic = C:\Users\Dharmender\AppData\Local\Google\Chrome\User Data\Default\Extensions\nidodgmkdegonmmmjkclfmhhlmbpokec\1\
CHR - Extension: Angry Birds Space = C:\Users\Dharmender\AppData\Local\Google\Chrome\User Data\Default\Extensions\oidcebijmmjajojiokaiffpobabfclfh\2.0_0\

O1 HOSTS File: ([2013/02/15 19:57:43 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (WinToFlash Suggestor) - {FC36B0BD-27F0-4cdd-8AB1-50651EFC3EFD} - C:\Program Files (x86)\WinToFlash Suggestor\WinToFlashSuggestor.dll File not found
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2B171655-A70C-5C18-B693-6CB5DC269D41} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.)
O4:64bit: - HKLM..\Run: [HP Quick Launch] C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Company)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Freecorder FLV Service] "C:\Program Files (x86)\Freecorder\FLVSrvc.exe" /run File not found
O4 - HKLM..\Run: [Intense Registry Service] C:\Windows\SysWow64\intedreg.exe ()
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Adobe Reader Synchronizer] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [epic] C:\Program Files (x86)\Epic\epic.exe (Hidden Reflex)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Dharmender\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4 - HKCU..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe ()
O4 - Startup: C:\Users\Dharmender\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopVideoPlayer.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra Button: WinToFlash Suggestor - {A52C66B3-D4A9-4d10-A67D-2BEF0A85AB3F} - C:\Program Files (x86)\WinToFlash Suggestor\WinToFlashSuggestor.dll File not found
O9 - Extra 'Tools' menuitem : WinToFlash Suggestor options - {A52C66B3-D4A9-4d10-A67D-2BEF0A85AB3F} - C:\Program Files (x86)\WinToFlash Suggestor\WinToFlashSuggestor.dll File not found
O13 - gopher Prefix: missing
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.10.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{52533031-4056-4BBE-8447-5DBF717F2D37}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{644053BC-3487-4B28-B149-942273D72C38}: DhcpNameServer = 192.168.137.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{86D405DF-4B15-4233-B1E0-94EBE538004A}: DhcpNameServer = 203.94.243.70 59.179.243.70
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/02/15 20:12:26 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/02/15 20:00:56 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/02/15 19:30:53 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/02/15 19:30:53 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/02/15 19:30:53 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/02/15 19:29:57 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/02/15 19:29:16 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/02/15 18:53:12 | 005,032,798 | R--- | C] (Swearware) -- C:\Users\Dharmender\Desktop\ComboFix.exe
[2013/02/12 20:03:42 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Dharmender\Desktop\OTL.exe
[2013/02/12 19:35:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unknown Device Identifier 8.00
[2013/02/12 19:35:55 | 000,000,000 | ---D | C] -- C:\Program Files\Unknown Device Identifier
[2013/02/12 19:16:23 | 001,087,058 | ---- | C] (Huntersoft ) -- C:\Users\Dharmender\Desktop\UnknownDeviceIdentifier.exe
[2013/02/12 18:57:24 | 000,000,000 | ---D | C] -- C:\Users\Dharmender\Desktop\New folder (2)
[2013/02/12 18:46:57 | 000,752,287 | ---- | C] (Farbar) -- C:\Users\Dharmender\Desktop\MiniToolBox.exe
[2013/02/11 20:36:38 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2013/02/11 20:35:50 | 000,000,000 | ---D | C] -- C:\Users\Dharmender\AppData\Roaming\Malwarebytes
[2013/02/11 20:35:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/02/11 20:35:46 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/02/11 20:35:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/02/11 20:35:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/02/11 20:35:24 | 000,000,000 | ---D | C] -- C:\Users\Dharmender\AppData\Local\Programs
[2013/02/11 20:33:27 | 010,156,344 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Dharmender\Desktop\mbam-setup-1.70.0.1100.exe
[2013/02/11 19:40:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Identifier
[2013/02/11 19:40:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Driver Identifier
[2013/02/11 19:39:35 | 000,946,425 | ---- | C] (DriverIdentifier ) -- C:\Users\Dharmender\Desktop\driveridentifier_setup.exe
[2013/02/11 19:16:41 | 000,805,088 | ---- | C] (Realtek ) -- C:\Windows\SysNative\drivers\Rt64win7.sys
[2013/02/11 19:12:12 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2013/02/11 19:12:07 | 007,163,744 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEP64H.dll
[2013/02/11 19:12:07 | 000,433,504 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EED64H.dll
[2013/02/11 19:12:07 | 000,372,056 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64H.dll
[2013/02/11 19:12:07 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RH3DHT64.dll
[2013/02/11 19:12:07 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RH3DAA64.dll
[2013/02/11 19:12:07 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64H.dll
[2013/02/11 19:12:07 | 000,141,152 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEL64H.dll
[2013/02/11 19:12:07 | 000,123,744 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEA64H.dll
[2013/02/11 19:12:07 | 000,097,624 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64H.dll
[2013/02/11 19:12:07 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64H.dll
[2013/02/11 19:12:07 | 000,074,592 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEG64H.dll
[2013/02/11 19:12:04 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp
[2013/02/11 18:32:03 | 000,000,000 | ---D | C] -- C:\ProgramData\DriverGenius
[2013/02/11 18:31:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Genius
[2013/02/11 18:31:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Driver-Soft
[2013/02/11 17:26:42 | 000,000,000 | ---D | C] -- C:\Users\Dharmender\AppData\Roaming\SpeedyPC Software
[2013/02/11 17:26:42 | 000,000,000 | ---D | C] -- C:\Users\Dharmender\AppData\Roaming\DriverCure
[2013/02/11 17:26:37 | 000,000,000 | ---D | C] -- C:\Users\Dharmender\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedyPC Software
[2013/02/11 17:26:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SpeedyPC Software
[2013/02/11 17:26:32 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software
[2013/02/11 17:26:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpeedyPC Software
[2013/02/11 17:25:10 | 004,928,240 | ---- | C] (SpeedyPC Software) -- C:\Users\Dharmender\Desktop\SpeedyPC Pro Installer.exe
[2013/02/08 15:29:13 | 000,123,648 | ---- | C] (QUALCOMM Incorporated) -- C:\Windows\SysNative\drivers\qcusbser.sys
[2013/02/07 18:11:54 | 000,000,000 | ---D | C] -- C:\Users\Dharmender\AppData\Local\Epic
[2013/02/06 21:44:25 | 003,837,440 | ---- | C] (Qualcomm Atheros Communications, Inc.) -- C:\Windows\SysNative\drivers\athrx.sys
[2013/02/05 14:38:47 | 000,000,000 | ---D | C] -- C:\Users\Dharmender\AppData\Roaming\Registry Mechanic
[2013/02/05 14:29:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Registry Mechanic
[2013/02/05 14:29:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Registry Mechanic
[2013/02/04 16:34:19 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2013/02/03 17:05:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Premium
[2013/02/03 17:04:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MagniPic
[2013/02/03 17:04:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagniPic
[2013/01/28 21:19:50 | 000,000,000 | ---D | C] -- C:\Users\Dharmender\Desktop\latest 2013 desktop items
[2013/01/23 00:19:08 | 000,000,000 | ---D | C] -- C:\Users\Dharmender\Desktop\phppp
[2013/01/22 12:49:22 | 000,000,000 | ---D | C] -- C:\Users\Dharmender\Desktop\All My Movies 6.3 FULL (GOTD)
[2013/01/19 18:10:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/01/18 20:37:58 | 000,000,000 | ---D | C] -- C:\Users\Dharmender\AppData\Local\KeyLemon
[2013/01/18 20:37:51 | 000,000,000 | ---D | C] -- C:\ProgramData\KeyLemon
[2013/01/18 03:33:02 | 000,000,000 | ---D | C] -- C:\Users\Dharmender\AppData\Roaming\Jasc
[2013/01/18 02:37:58 | 000,000,000 | ---D | C] -- C:\Users\Dharmender\AppData\Roaming\gtk-2.0
[2013/01/18 02:32:49 | 000,000,000 | ---D | C] -- C:\Users\Dharmender\Documents\webkit
[2013/01/18 02:28:41 | 000,000,000 | ---D | C] -- C:\Users\Dharmender\youwave
[2013/01/18 01:37:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Jasc Software
[2013/01/18 01:37:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Jasc Software Inc
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Users\Dharmender\Documents\*.tmp files -> C:\Users\Dharmender\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/02/16 01:55:37 | 000,821,938 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/02/16 01:55:37 | 000,693,060 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/02/16 01:55:37 | 000,130,564 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/02/16 01:50:46 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/02/16 01:50:46 | 000,000,384 | -H-- | M] () -- C:\Windows\tasks\MagniPicUpdaterTask{C46438AF-54BE-486B-96DF-08E9B1042C46}.job
[2013/02/16 01:50:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/02/16 01:50:21 | 3015,884,800 | -HS- | M] () -- C:\hiberfil.sys
[2013/02/16 01:49:32 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/02/16 01:49:32 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/02/16 01:48:31 | 000,000,090 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013/02/16 01:41:14 | 000,587,671 | ---- | M] () -- C:\Users\Dharmender\Desktop\adwcleaner0.exe
[2013/02/16 01:24:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/02/16 01:06:11 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-558466712-3617626307-4113048775-1000UA.job
[2013/02/16 01:02:11 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/02/15 23:02:06 | 000,000,948 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-558466712-3617626307-4113048775-1000UA.job
[2013/02/15 21:10:32 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForDharmender.job
[2013/02/15 19:57:43 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/02/15 18:54:06 | 005,032,798 | R--- | M] (Swearware) -- C:\Users\Dharmender\Desktop\ComboFix.exe
[2013/02/15 18:37:57 | 000,000,058 | ---- | M] () -- C:\Users\Dharmender\AppData\Roaming\mbam.context.scan
[2013/02/14 14:02:03 | 000,000,926 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-558466712-3617626307-4113048775-1000Core.job
[2013/02/14 12:06:00 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-558466712-3617626307-4113048775-1000Core.job
[2013/02/12 20:06:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dharmender\Desktop\OTL.exe
[2013/02/12 19:35:55 | 000,001,006 | ---- | M] () -- C:\Users\Dharmender\Desktop\Unknown Device Identifier.lnk
[2013/02/12 19:16:40 | 001,087,058 | ---- | M] (Huntersoft ) -- C:\Users\Dharmender\Desktop\UnknownDeviceIdentifier.exe
[2013/02/12 18:56:04 | 000,545,363 | ---- | M] () -- C:\Users\Dharmender\Desktop\Autoruns.zip
[2013/02/12 18:51:22 | 000,752,287 | ---- | M] (Farbar) -- C:\Users\Dharmender\Desktop\MiniToolBox.exe
[2013/02/12 16:23:04 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForDHARMENDER-LAPI$.job
[2013/02/11 20:35:47 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/02/11 20:35:04 | 010,156,344 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Dharmender\Desktop\mbam-setup-1.70.0.1100.exe
[2013/02/11 19:40:02 | 000,001,070 | ---- | M] () -- C:\Users\Public\Desktop\Driver Identifier.lnk
[2013/02/11 19:39:52 | 000,946,425 | ---- | M] (DriverIdentifier ) -- C:\Users\Dharmender\Desktop\driveridentifier_setup.exe
[2013/02/11 18:31:23 | 000,001,167 | ---- | M] () -- C:\Users\Dharmender\Desktop\Driver Genius.lnk
[2013/02/11 17:26:50 | 000,000,454 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Registration3.job
[2013/02/11 17:26:37 | 000,001,161 | ---- | M] () -- C:\Users\Dharmender\Desktop\SpeedyPC Pro.lnk
[2013/02/11 17:26:37 | 000,000,526 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Update Version3 Startup Task.job
[2013/02/11 17:26:37 | 000,000,474 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Update Version3.job
[2013/02/11 17:26:37 | 000,000,430 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Pro.job
[2013/02/11 17:25:57 | 004,928,240 | ---- | M] (SpeedyPC Software) -- C:\Users\Dharmender\Desktop\SpeedyPC Pro Installer.exe
[2013/02/11 12:02:40 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2013/02/09 12:56:18 | 000,000,078 | ---- | M] () -- C:\Users\Dharmender\Documents\USBOblivion-64-DHARMENDER-LAPI-130209-125617.reg
[2013/02/09 12:56:04 | 001,190,722 | ---- | M] () -- C:\Users\Dharmender\Documents\USBOblivion-64-DHARMENDER-LAPI-130209-125601.reg
[2013/02/08 16:03:26 | 002,495,532 | ---- | M] () -- C:\Users\Dharmender\Documents\blood report.pdf
[2013/01/28 14:27:26 | 000,027,161 | ---- | M] () -- C:\Users\Dharmender\Desktop\SEAFARER PROFILE.pdf
[2013/01/28 00:08:57 | 003,577,910 | ---- | M] () -- C:\Users\Dharmender\Desktop\dlp papers.pdf
[2013/01/27 23:39:01 | 000,043,268 | ---- | M] () -- C:\Users\Dharmender\Desktop\RediffMail.292121359313741.zip
[2013/01/27 19:23:56 | 000,072,253 | ---- | M] () -- C:\Users\Dharmender\Desktop\p1_img17.jpg
[2013/01/27 01:48:01 | 000,000,465 | ---- | M] () -- C:\Users\Dharmender\Documents\index.html
[2013/01/22 19:29:07 | 050,873,533 | ---- | M] () -- C:\Users\Dharmender\Desktop\Edward Maya & Vika Jigulina - Stereo Love (OFFICIAL HQ VIDEO) (Ultra Music).flv
[2013/01/18 16:31:47 | 000,004,096 | -H-- | M] () -- C:\Users\Dharmender\AppData\Local\keyfile3.drm
[2013/01/18 03:19:33 | 000,000,218 | ---- | M] () -- C:\Users\Dharmender\.recently-used.xbel
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Users\Dharmender\Documents\*.tmp files -> C:\Users\Dharmender\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/02/16 01:48:12 | 000,000,090 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013/02/16 01:40:58 | 000,587,671 | ---- | C] () -- C:\Users\Dharmender\Desktop\adwcleaner0.exe
[2013/02/15 19:30:53 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/02/15 19:30:53 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/02/15 19:30:53 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/02/15 19:30:53 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/02/15 19:30:53 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/02/15 18:37:57 | 000,000,058 | ---- | C] () -- C:\Users\Dharmender\AppData\Roaming\mbam.context.scan
[2013/02/12 19:35:55 | 000,001,006 | ---- | C] () -- C:\Users\Dharmender\Desktop\Unknown Device Identifier.lnk
[2013/02/12 18:53:41 | 000,545,363 | ---- | C] () -- C:\Users\Dharmender\Desktop\Autoruns.zip
[2013/02/11 20:35:47 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/02/11 19:40:02 | 000,001,070 | ---- | C] () -- C:\Users\Public\Desktop\Driver Identifier.lnk
[2013/02/11 18:31:23 | 000,001,167 | ---- | C] () -- C:\Users\Dharmender\Desktop\Driver Genius.lnk
[2013/02/11 17:26:50 | 000,000,454 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Registration3.job
[2013/02/11 17:26:37 | 000,001,161 | ---- | C] () -- C:\Users\Dharmender\Desktop\SpeedyPC Pro.lnk
[2013/02/11 17:26:37 | 000,000,526 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Update Version3 Startup Task.job
[2013/02/11 17:26:37 | 000,000,474 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Update Version3.job
[2013/02/11 17:26:37 | 000,000,430 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Pro.job
[2013/02/09 12:56:17 | 000,000,078 | ---- | C] () -- C:\Users\Dharmender\Documents\USBOblivion-64-DHARMENDER-LAPI-130209-125617.reg
[2013/02/09 12:56:01 | 001,190,722 | ---- | C] () -- C:\Users\Dharmender\Documents\USBOblivion-64-DHARMENDER-LAPI-130209-125601.reg
[2013/02/08 16:03:26 | 002,495,532 | ---- | C] () -- C:\Users\Dharmender\Documents\blood report.pdf
[2013/02/03 17:05:05 | 000,000,384 | -H-- | C] () -- C:\Windows\tasks\MagniPicUpdaterTask{C46438AF-54BE-486B-96DF-08E9B1042C46}.job
[2013/01/28 14:27:26 | 000,027,161 | ---- | C] () -- C:\Users\Dharmender\Desktop\SEAFARER PROFILE.pdf
[2013/01/27 23:39:00 | 000,043,268 | ---- | C] () -- C:\Users\Dharmender\Desktop\RediffMail.292121359313741.zip
[2013/01/27 23:11:39 | 003,577,910 | ---- | C] () -- C:\Users\Dharmender\Desktop\dlp papers.pdf
[2013/01/27 19:23:54 | 000,072,253 | ---- | C] () -- C:\Users\Dharmender\Desktop\p1_img17.jpg
[2013/01/27 01:48:01 | 000,000,465 | ---- | C] () -- C:\Users\Dharmender\Documents\index.html
[2013/01/22 19:28:57 | 050,873,533 | ---- | C] () -- C:\Users\Dharmender\Desktop\Edward Maya & Vika Jigulina - Stereo Love (OFFICIAL HQ VIDEO) (Ultra Music).flv
[2013/01/18 16:31:47 | 000,004,096 | -H-- | C] () -- C:\Users\Dharmender\AppData\Local\keyfile3.drm
[2013/01/18 03:19:33 | 000,000,218 | ---- | C] () -- C:\Users\Dharmender\.recently-used.xbel
[2013/01/12 11:50:35 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2013/01/12 11:50:00 | 000,000,068 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat
[2013/01/01 02:28:59 | 000,816,154 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/12/21 16:45:34 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2012/12/08 17:24:35 | 000,000,000 | ---- | C] () -- C:\Users\Dharmender\set
[2012/08/13 04:34:08 | 000,000,632 | RHS- | C] () -- C:\Users\Dharmender\ntuser.pol
[2012/07/14 15:08:53 | 000,000,190 | ---- | C] () -- C:\Windows\pdf2word.INI
[2012/07/04 10:04:16 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/07/04 10:04:16 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/04/18 19:39:10 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/01/28 23:44:39 | 000,000,058 | ---- | C] () -- C:\Windows\nfsc_patch.ini
[2011/09/04 07:00:45 | 000,131,072 | ---- | C] () -- C:\Windows\SNVerifyDLL.dll
[2011/08/05 01:59:49 | 001,774,720 | ---- | C] () -- C:\Windows\SysWow64\BootMan.exe
[2011/08/05 01:59:49 | 000,014,848 | ---- | C] () -- C:\Windows\SysWow64\EuEpmGdi.dll
[2011/08/05 01:59:48 | 000,086,408 | ---- | C] () -- C:\Windows\SysWow64\setupempdrv03.exe
[2011/08/05 01:59:48 | 000,014,216 | ---- | C] () -- C:\Windows\SysWow64\epmntdrv.sys
[2011/08/05 01:59:48 | 000,008,456 | ---- | C] () -- C:\Windows\SysWow64\EuGdiDrv.sys
[2010/12/03 10:26:18 | 000,010,752 | ---- | C] () -- C:\Users\Dharmender\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/17 04:17:22 | 000,000,118 | ---- | C] () -- C:\Users\Dharmender\AppData\Roaming\wklnhst.dat
[2010/08/29 22:05:09 | 000,007,621 | ---- | C] () -- C:\Users\Dharmender\AppData\Local\resmon.resmoncfg

========== ZeroAccess Check ==========

[2009/07/14 09:25:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 10:13:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 09:11:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 06:10:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 16:49:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 06:11:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2010/11/26 01:57:34 | 000,000,000 | ---D | M] -- C:\Users\Dharmender\AppData\Roaming\AnvSoft
[2013/01/26 02:35:25 | 000,000,000 | ---D | M] -- C:\Users\Dharmender\AppData\Roaming\ApexDC++
[2013/02/12 16:35:47 | 000,000,000 | ---D | M] -- C:\Users\Dharmender\AppData\Roaming\BitTorrent
[2010/11/17 15:14:05 | 000,000,000 | ---D | M] -- C:\Users\Dharmender\AppData\Roaming\DAEMON Tools Pro
[2013/02/11 17:26:42 | 000,000,000 | ---D | M] -- C:\Users\Dharmender\AppData\Roaming\DriverCure
[2013/01/01 22:12:12 | 000,000,000 | ---D | M] -- C:\Users\Dharmender\AppData\Roaming\driveridentifier
[2013/02/07 15:52:03 | 000,000,000 | ---D | M] -- C:\Users\Dharmender\AppData\Roaming\Epic
[2010/12/02 23:04:13 | 000,000,000 | ---D | M] -- C:\Users\Dharmender\AppData\Roaming\Faerie Solitaire
[2012/12/30 01:23:48 | 000,000,000 | ---D | M] -- C:\Users\Dharmender\AppData\Roaming\FVDIEPlugin
[2013/01/18 02:37:58 | 000,000,000 | ---D | M] -- C:\Users\Dharmender\AppData\Roaming\gtk-2.0
[2013/01/18 03:33:02 | 000,000,000 | ---D | M] -- C:\Users\Dharmender\AppData\Roaming\Jasc
[2011/07/14 03:02:59 | 000,000,000 | ---D | M] -- C:\Users\Dharmender\AppData\Roaming\Leadertech
[2010/12/12 15:53:19 | 000,000,000 | ---D | M] -- C:\Users\Dharmender\AppData\Roaming\LG Electronics
[2012/02/28 08:57:18 | 000,000,000 | ---D | M] -- C:\Users\Dharmender\AppData\Roaming\Nokia
[2012/02/17 21:38:19 | 000,000,000 | ---D | M] -- C:\Users\Dharmender\AppData\Roaming\Nokia Ovi Suite
[2011/11/16 19:52:17 | 000,000,000 | ---D | M] -- C:\Users\Dharmender\AppData\Roaming\ooVoo Details
[2011/11/26 18:07:37 | 000,000,000 | ---D | M] -- C:\Users\Dharmender\AppData\Roaming\PC Suite
[2013/02/05 14:38:47 | 000,000,000 | ---D | M] -- C:\Users\Dharmender\AppData\Roaming\Registry Mechanic
[2010/11/26 01:34:26 | 000,000,000 | ---D | M] -- C:\Users\Dharmender\AppData\Roaming\Softplicity
[2013/02/11 17:26:42 | 000,000,000 | ---D | M] -- C:\Users\Dharmender\AppData\Roaming\SpeedyPC Software
[2012/01/27 09:40:59 | 000,000,000 | ---D | M] -- C:\Users\Dharmender\AppData\Roaming\Starbreeze
[2010/12/15 22:33:05 | 000,000,000 | ---D | M] -- C:\Users\Dharmender\AppData\Roaming\Template
[2011/03/28 23:35:04 | 000,000,000 | ---D | M] -- C:\Users\Dharmender\AppData\Roaming\TeraCopy
[2010/12/02 10:36:21 | 000,000,000 | ---D | M] -- C:\Users\Dharmender\AppData\Roaming\Wildfire
[2010/08/24 18:35:13 | 000,000,000 | ---D | M] -- C:\Users\Dharmender\AppData\Roaming\WildTangent
[2010/12/02 22:41:10 | 000,000,000 | ---D | M] -- C:\Users\Dharmender\AppData\Roaming\WildTangentv1001
[2010/12/02 22:03:29 | 000,000,000 | ---D | M] -- C:\Users\Dharmender\AppData\Roaming\WildTangentv1002
[2012/11/19 22:02:05 | 000,000,000 | ---D | M] -- C:\Users\Dharmender\AppData\Roaming\Windows Live Writer
[2012/12/26 16:39:33 | 000,000,000 | ---D | M] -- C:\Users\Dharmender\AppData\Roaming\Youtube Downloader HD
[2013/01/12 11:50:34 | 000,000,000 | ---D | M] -- C:\Users\Dharmender\AppData\Roaming\_MDLogs

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 161 bytes -> C:\ProgramData\Temp:FB1B13D8
@Alternate Data Stream - 158 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:D1B5B4F1

< End of report >
  • 0

#9
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,989 posts
Please go to Virus Total

Click on the button Choose File

Copy/paste this file and path into the white box beside File Name in the window that pops up:

C:\ProgramData\Premium\MagniPic\MagniPic.exe

Press Scan it- (a pop up window may appear for you to navigate to the file) this will submit the file for testing.

Please wait for all the scanners to finish then copy and paste the results in your next response.

Next

Please run OTL.exe

  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE - HKLM\..\SearchScopes\{A04C3759-88D5-45F4-94F2-322E3D8D0C89}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
    IE - HKLM\..\SearchScopes\{F8305D7D-CF69-465a-9003-813C6013A702}: "URL" = http://x2t.com/search/?q={searchTerms}
    IE - HKLM\..\SearchScopes\{F8305D7D-CF79-465a-9003-813C6013A702}: "URL" = http://x2t.com/search/?q={searchTerms}
    IE - HKCU\..\SearchScopes\{1BE8EA86-0FAC-4CC3-98DC-B96026CC67AA}: "URL" = http://www.ant.com/s...q={searchTerms}
    IE - HKCU\..\SearchScopes\{A04C3759-88D5-45F4-94F2-322E3D8D0C89}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
    IE - HKCU\..\SearchScopes\{A201FE76-E8B0-4A50-B9EE-65E07DB103F8}: "URL" = http://www.claro-sea...000224ce5b4e5c7
    IE - HKCU\..\SearchScopes\{F8305D7D-CF69-465a-9003-813C6013A702}: "URL" = http://x2t.com/search/?q={searchTerms}
    IE - HKCU\..\SearchScopes\{F8305D7D-CF79-465a-9003-813C6013A702}: "URL" = http://x2t.com/search/?q={searchTerms}
    O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe (Symantec Corporation)
    @Alternate Data Stream - 161 bytes -> C:\ProgramData\Temp:FB1B13D8
    @Alternate Data Stream - 158 bytes -> C:\ProgramData\Temp:DFC5A2B2
    @Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:D1B5B4F1
    
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [emptytemp]
    
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • It will produce a log for you on reboot, please post that log in your next reply.The log is saved in the same location as OTL.
Finally in this post

Please download Security Check by screen317 from here .

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  • Virus Total scan results
  • Please post OTL fix txt
  • checkup.txt

As mentioned in my first post - please post your logs in the thread. If reports don't fit on one post. It might be necessary to break the logs up to get them on the forum. Just use as many posts as you need, that's fine. :)
  • 0

#10
dkyd30

dkyd30

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
VIRUS TOTAL RESULT:


SHA256: 40caeb86bb50dcb6fa85a9422882ffe5f50199e1b3ca37f90b1855523f0d6645
SHA1: 5bf2e6ee0469ddf5f8255421ba88502422dfb7d1
MD5: 22f8ab79c3f90a6e5ec909050b44f728
File size: 229.5 KB ( 235008 bytes )
File name: MagniPic.exe
File type: Win32 EXE
Detection ratio: 20 / 46
Analysis date: 2013-02-16 13:40:34 UTC ( 0 minutes ago )




Analysis


Antivirus Result Update
Agnitum - 20130216
AhnLab-V3 - 20130216
AntiVir - 20130216
Antiy-AVL - 20130216
Avast Win32:Dropper-gen [Drp] 20130216
AVG Startpage.SNL 20130216
BitDefender - 20130216
ByteHero - 20130215
CAT-QuickHeal Trojan.StartPage.baxz 20130215
ClamAV - 20130216
Commtouch - 20130216
Comodo UnclassifiedMalware 20130216
DrWeb - 20130214
Emsisoft Trojan.Win32.StartPage.baxz.AMN (A) 20130216
eSafe - 20130211
ESET-NOD32 Win32/GenUpdater 20130216
F-Prot - 20130216
F-Secure - 20130216
Fortinet W32/StartPage.BAXZ!tr 20130216
GData Win32:Dropper-gen 20130216
Ikarus Trojan.Win32.StartPage 20130216
Jiangmin - 20130216
K7AntiVirus Trojan 20130215
Kaspersky Trojan.Win32.StartPage.baxz 20130216
Kingsoft - 20130204
Malwarebytes - 20130216
McAfee RDN/Generic StartPage!a 20130216
McAfee-GW-Edition RDN/Generic StartPage!a 20130216
Microsoft - 20130216
MicroWorld-eScan - 20130216
NANO-Antivirus Trojan.Win32.StartPage.beylro 20130216
Norman Startpage.GSOX 20130215
nProtect Trojan/W32.Agent.235008.GP 20130216
Panda - 20130216
PCTools - 20130216
Rising - 20130205
Sophos - 20130216
SUPERAntiSpyware - 20130216
Symantec - 20130216
TheHacker - 20130215
TotalDefense - 20130215
TrendMicro TROJ_SPNR.29BB13 20130216
TrendMicro-HouseCall TROJ_SPNR.29BB13 20130216
VBA32 Trojan.StartPage.baxz 20130215
VIPRE Trojan.Win32.Generic!BT 20130216
ViRobot - 20130216
  • 0

Advertisements


#11
dkyd30

dkyd30

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
OTL Log:

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A04C3759-88D5-45F4-94F2-322E3D8D0C89}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A04C3759-88D5-45F4-94F2-322E3D8D0C89}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F8305D7D-CF69-465a-9003-813C6013A702}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F8305D7D-CF69-465a-9003-813C6013A702}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F8305D7D-CF79-465a-9003-813C6013A702}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F8305D7D-CF79-465a-9003-813C6013A702}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1BE8EA86-0FAC-4CC3-98DC-B96026CC67AA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1BE8EA86-0FAC-4CC3-98DC-B96026CC67AA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A04C3759-88D5-45F4-94F2-322E3D8D0C89}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A04C3759-88D5-45F4-94F2-322E3D8D0C89}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A201FE76-E8B0-4A50-B9EE-65E07DB103F8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A201FE76-E8B0-4A50-B9EE-65E07DB103F8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F8305D7D-CF69-465a-9003-813C6013A702}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F8305D7D-CF69-465a-9003-813C6013A702}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F8305D7D-CF79-465a-9003-813C6013A702}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F8305D7D-CF79-465a-9003-813C6013A702}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NortonOnlineBackupReminder deleted successfully.
C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe moved successfully.
ADS C:\ProgramData\Temp:FB1B13D8 deleted successfully.
ADS C:\ProgramData\Temp:DFC5A2B2 deleted successfully.
ADS C:\ProgramData\Temp:D1B5B4F1 deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Dharmender\Desktop\cmd.bat deleted successfully.
C:\Users\Dharmender\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes






Security check up log:


Results of screen317's Security Check version 0.99.57
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Windows Firewall Disabled!
Spyware Doctor with AntiVirus
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Spyware Doctor 7.0
Malwarebytes Anti-Malware version 1.70.0.1100
Java™ 6 Update 31
Java 7 Update 10
Java version out of Date!
Adobe Flash Player 11.5.502.146
Adobe Reader 10.1.5 Adobe Reader out of Date!
Google Chrome 24.0.1312.56
Google Chrome 24.0.1312.57
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
  • 0

#12
dkyd30

dkyd30

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Hey guys I think this problem might have caused because of "PRIVITIZE VPN" Software which I recently uninstalled after using it for a day.After uninstalling this software the problem with networking started.

So when I searched about this software on internet today I found that it is a malicious software.According to this sitepcthreat removal.

I have not used their method yet .I wanna know from you guys whether I can use their method or I should wait.

And sorry for not informing about this software before because I was not aware of it.

Edited by dkyd30, 16 February 2013 - 09:37 AM.

  • 0

#13
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,989 posts
Hello dkyd30,

I have not used their method yet .I wanna know from you guys whether I can use their method or I should wait.


Up to you really.

Malwarebytes, which you have on your machine, should pick that one up and we have removed quite a bit of what it brings with it already.

Hopefully that is all your problem is... I am not completely convinced that you haven't got a problem with you security programs conflicting as well.

Tell me if you want to use their method and I will give you an instruction to remove the tools we have been using.

If you want to proceed here my next suggested moves are outlined below. After that we will reassess things to see how your machine is and if necessary look at a possible conflict problem. We may also need to uninstall and reinstall FF and Chrome to clear any corruption.

You did have some files on your machine that often come in association with a rootkit. That is why we ran TDSSKiller and ComboFix to start. As it happens they didn't find that one but we will run another tool now just to make sure we are not missing something of that sort.

Also I notice that 20 AVs at Virus Total have picked up MagniPic as bad. We should deal with that.

Now


1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KillAll::

Folder::
C:\ProgramData\Premium

Reboot::


Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt. Please post that here for further review.

After that

Download RogueKiller to your desktop

Note: This is a French tool so don't be surprised when you find the page displays with some French.

  • Quit all running programs
  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • Wait until Prescan has finished...
  • Click on Scan

    Posted Image
  • Wait for the scan to finish.
  • The report is created on your desktop.
  • Click on the Delete button

    Posted Image
  • The report is created on your desktop.
  • Next click on the ShortcutsFix button.

    Posted Image
  • If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe
Please post the contents of all the RKreport.txt files from your desktop in your next Reply.

Edited by emeraldnzl, 16 February 2013 - 01:06 PM.
added another post instruction

  • 0

#14
dkyd30

dkyd30

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Hi,

Here is the Combofix log:



ComboFix 13-02-13.02 - Dharmender 02/17/2013 0:19.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3835.2427 [GMT 4.5:30]
Running from: c:\users\Dharmender\Desktop\ComboFix.exe
Command switches used :: c:\users\Dharmender\Desktop\CFScript.txt
AV: Spyware Doctor with AntiVirus *Disabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Premium
c:\programdata\Premium\MagniPic\MagniPic.exe
c:\programdata\Premium\MagniPic\profile.ini
.
.
((((((((((((((((((((((((( Files Created from 2013-01-17 to 2013-02-17 )))))))))))))))))))))))))))))))
.
.
2013-02-16 23:15 . 2013-02-16 23:15 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4053AAA6-AD1D-4155-9B01-E24BAFD7BF58}\offreg.dll
2013-02-16 20:09 . 2013-02-16 20:09 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp
2013-02-16 20:09 . 2013-02-16 20:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-02-16 14:16 . 2013-02-16 14:16 -------- d-----w- C:\_OTL
2013-02-15 21:18 . 2013-02-15 21:18 90 ----a-w- c:\windows\DeleteOnReboot.bat
2013-02-12 15:05 . 2013-02-12 15:05 -------- d-----w- c:\program files\Unknown Device Identifier
2013-02-11 16:06 . 2013-02-11 16:06 -------- d-----w- c:\windows\Sun
2013-02-11 16:05 . 2013-02-11 16:05 -------- d-----w- c:\users\Dharmender\AppData\Roaming\Malwarebytes
2013-02-11 16:05 . 2013-02-11 16:05 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-02-11 16:05 . 2013-02-11 16:05 -------- d-----w- c:\programdata\Malwarebytes
2013-02-11 16:05 . 2012-12-14 12:19 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-02-11 16:05 . 2013-02-11 16:05 -------- d-----w- c:\users\Dharmender\AppData\Local\Programs
2013-02-11 15:10 . 2013-02-11 15:10 -------- d-----w- c:\program files (x86)\Driver Identifier
2013-02-11 14:46 . 2012-12-26 20:56 805088 ----a-w- c:\windows\system32\drivers\Rt64win7.sys
2013-02-11 14:46 . 2012-12-26 20:56 74344 ----a-w- c:\windows\system32\RtNicProp64.dll
2013-02-11 14:01 . 2013-02-11 14:01 -------- d-----w- c:\program files (x86)\Driver-Soft
2013-02-11 12:56 . 2013-02-11 12:56 -------- d-----w- c:\users\Dharmender\AppData\Roaming\SpeedyPC Software
2013-02-11 12:56 . 2013-02-11 12:56 -------- d-----w- c:\users\Dharmender\AppData\Roaming\DriverCure
2013-02-11 12:56 . 2013-02-11 12:56 -------- d-----w- c:\program files (x86)\Common Files\SpeedyPC Software
2013-02-11 12:56 . 2013-02-11 12:56 -------- d-----w- c:\programdata\SpeedyPC Software
2013-02-11 12:56 . 2013-02-11 12:56 -------- d-----w- c:\program files (x86)\SpeedyPC Software
2013-02-08 10:59 . 2012-02-02 16:23 123648 ----a-w- c:\windows\system32\drivers\qcusbser.sys
2013-02-07 13:41 . 2013-02-07 13:41 -------- d-----w- c:\users\Dharmender\AppData\Local\Epic
2013-02-06 17:14 . 2012-12-20 23:54 3837440 ----a-w- c:\windows\system32\drivers\athrx.sys
2013-02-05 10:08 . 2013-02-05 10:08 -------- d-----w- c:\users\Dharmender\AppData\Roaming\Registry Mechanic
2013-02-03 12:34 . 2013-02-03 12:34 -------- d-----w- c:\program files (x86)\MagniPic
2013-02-02 01:18 . 2013-01-08 05:32 9161176 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4053AAA6-AD1D-4155-9B01-E24BAFD7BF58}\mpengine.dll
2013-01-24 06:18 . 2013-02-07 11:22 -------- d-----w- c:\users\Guest
2013-01-18 16:07 . 2013-02-09 08:18 -------- d-----w- c:\users\Dharmender\AppData\Local\KeyLemon
2013-01-18 16:07 . 2013-02-11 15:08 -------- d-----w- c:\programdata\KeyLemon
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-29 16:39 . 2012-04-01 08:11 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-29 16:39 . 2012-04-01 08:11 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-28 06:37 . 2010-11-24 11:19 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2013-01-28 06:36 . 2010-11-24 19:56 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2013-01-28 06:25 . 2010-11-24 19:17 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2013-01-28 06:25 . 2010-12-15 17:14 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2013-01-23 10:42 . 2010-11-23 04:43 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2013-01-23 10:42 . 2010-11-23 04:42 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2013-01-23 10:41 . 2010-11-23 04:38 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2013-01-22 05:37 . 2010-11-23 04:38 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2013-01-12 07:19 . 2013-01-12 07:19 97792 ----a-w- c:\windows\SysWow64\vcljpg70.bpl
2013-01-12 07:19 . 2013-01-12 07:19 778240 ----a-w- c:\windows\SysWow64\rtl70.bpl
2013-01-12 07:19 . 2013-01-12 07:19 64512 ----a-w- c:\windows\SysWow64\vclsmp70.bpl
2013-01-12 07:19 . 2013-01-12 07:19 215040 ----a-w- c:\windows\SysWow64\vclx70.bpl
2013-01-12 07:19 . 2013-01-12 07:19 1381376 ----a-w- c:\windows\SysWow64\vcl70.bpl
2013-01-12 07:19 . 2013-01-12 07:19 319872 ----a-w- c:\windows\SysWow64\ezseng.exe
2013-01-12 07:19 . 2013-01-12 07:19 52920 ----a-w- c:\windows\SysWow64\ezUPBHook.dll
2013-01-12 07:19 . 2013-01-12 07:19 19640 ----a-w- c:\windows\SysWow64\ezMAPIHelper.exe
2013-01-12 07:19 . 2013-01-12 07:19 145592 ----a-w- c:\windows\SysWow64\ezShellStart.exe
2013-01-12 07:19 . 2013-01-12 07:19 121016 ----a-w- c:\windows\SysWow64\ezUninst.exe
2013-01-08 19:36 . 2010-11-22 18:39 67599240 ----a-w- c:\windows\system32\MRT.exe
2012-12-29 19:55 . 2012-12-29 19:56 859072 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-12-29 19:55 . 2012-12-29 19:55 95184 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-12-29 19:55 . 2011-01-04 06:30 779704 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-12-26 20:56 . 2010-05-27 05:20 107552 ----a-w- c:\windows\system32\RTNUninst64.dll
2012-12-21 12:15 . 2012-12-21 12:15 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2012-12-16 17:11 . 2012-12-22 15:24 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-22 15:24 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-22 15:24 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-22 15:24 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-09 04:24 . 2012-12-09 04:24 163056 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10142.bin
2012-12-07 13:20 . 2013-01-08 18:57 441856 ----a-w- c:\windows\system32\Wpc.dll
2012-12-07 13:15 . 2013-01-08 18:57 2746368 ----a-w- c:\windows\system32\gameux.dll
2012-12-07 12:26 . 2013-01-08 18:57 308736 ----a-w- c:\windows\SysWow64\Wpc.dll
2012-12-07 12:20 . 2013-01-08 18:57 2576384 ----a-w- c:\windows\SysWow64\gameux.dll
2012-12-07 11:20 . 2013-01-08 18:57 30720 ----a-w- c:\windows\system32\usk.rs
2012-12-07 11:20 . 2013-01-08 18:57 43520 ----a-w- c:\windows\system32\csrr.rs
2012-12-07 11:20 . 2013-01-08 18:57 23552 ----a-w- c:\windows\system32\oflc.rs
2012-12-07 11:20 . 2013-01-08 18:57 45568 ----a-w- c:\windows\system32\oflc-nz.rs
2012-12-07 11:20 . 2013-01-08 18:57 44544 ----a-w- c:\windows\system32\pegibbfc.rs
2012-12-07 11:20 . 2013-01-08 18:57 20480 ----a-w- c:\windows\system32\pegi-fi.rs
2012-12-07 11:20 . 2013-01-08 18:57 20480 ----a-w- c:\windows\system32\pegi-pt.rs
2012-12-07 11:19 . 2013-01-08 18:57 20480 ----a-w- c:\windows\system32\pegi.rs
2012-12-07 11:19 . 2013-01-08 18:57 46592 ----a-w- c:\windows\system32\fpb.rs
2012-12-07 11:19 . 2013-01-08 18:57 40960 ----a-w- c:\windows\system32\cob-au.rs
2012-12-07 11:19 . 2013-01-08 18:57 21504 ----a-w- c:\windows\system32\grb.rs
2012-12-07 11:19 . 2013-01-08 18:57 15360 ----a-w- c:\windows\system32\djctq.rs
2012-12-07 11:19 . 2013-01-08 18:57 55296 ----a-w- c:\windows\system32\cero.rs
2012-12-07 11:19 . 2013-01-08 18:57 51712 ----a-w- c:\windows\system32\esrb.rs
2012-12-07 10:46 . 2013-01-08 18:57 43520 ----a-w- c:\windows\SysWow64\csrr.rs
2012-12-07 10:46 . 2013-01-08 18:57 30720 ----a-w- c:\windows\SysWow64\usk.rs
2012-12-07 10:46 . 2013-01-08 18:57 45568 ----a-w- c:\windows\SysWow64\oflc-nz.rs
2012-12-07 10:46 . 2013-01-08 18:57 44544 ----a-w- c:\windows\SysWow64\pegibbfc.rs
2012-12-07 10:46 . 2013-01-08 18:57 20480 ----a-w- c:\windows\SysWow64\pegi-pt.rs
2012-12-07 10:46 . 2013-01-08 18:57 23552 ----a-w- c:\windows\SysWow64\oflc.rs
2012-12-07 10:46 . 2013-01-08 18:57 20480 ----a-w- c:\windows\SysWow64\pegi-fi.rs
2012-12-07 10:46 . 2013-01-08 18:57 46592 ----a-w- c:\windows\SysWow64\fpb.rs
2012-12-07 10:46 . 2013-01-08 18:57 20480 ----a-w- c:\windows\SysWow64\pegi.rs
2012-12-07 10:46 . 2013-01-08 18:57 21504 ----a-w- c:\windows\SysWow64\grb.rs
2012-12-07 10:46 . 2013-01-08 18:57 40960 ----a-w- c:\windows\SysWow64\cob-au.rs
2012-12-07 10:46 . 2013-01-08 18:57 15360 ----a-w- c:\windows\SysWow64\djctq.rs
2012-12-07 10:46 . 2013-01-08 18:57 55296 ----a-w- c:\windows\SysWow64\cero.rs
2012-12-07 10:46 . 2013-01-08 18:57 51712 ----a-w- c:\windows\SysWow64\esrb.rs
2012-11-30 05:45 . 2013-01-08 18:58 362496 ----a-w- c:\windows\system32\wow64win.dll
2012-11-30 05:45 . 2013-01-08 18:58 243200 ----a-w- c:\windows\system32\wow64.dll
2012-11-30 05:45 . 2013-01-08 18:58 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2012-11-30 05:45 . 2013-01-08 18:58 215040 ----a-w- c:\windows\system32\winsrv.dll
2012-11-30 05:43 . 2013-01-08 18:58 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2012-11-30 05:41 . 2013-01-08 18:58 424448 ----a-w- c:\windows\system32\KernelBase.dll
2012-11-30 05:41 . 2013-01-08 18:58 1161216 ----a-w- c:\windows\system32\kernel32.dll
2012-11-30 05:38 . 2013-01-08 18:58 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 18:58 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 18:58 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 18:58 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 18:58 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 18:58 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 18:58 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 18:58 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 18:58 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 18:58 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 18:58 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 18:58 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 18:58 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 18:58 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 18:58 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 18:58 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 18:58 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 18:58 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 18:58 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 18:58 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 18:58 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 18:58 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 18:58 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 18:58 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 18:58 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 18:58 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 18:58 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 18:58 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-11-30 04:54 . 2013-01-08 18:58 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2012-11-30 04:53 . 2013-01-08 18:58 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{FC36B0BD-27F0-4cdd-8AB1-50651EFC3EFD}]
c:\program files (x86)\WinToFlash Suggestor\WinToFlashSuggestor.dll [BU]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPAdvisorDock"="c:\program files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe" [2010-02-10 1712184]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-02-22 2363392]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Adobe Reader Synchronizer"="c:\program files (x86)\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe" [2012-12-18 1264360]
"Facebook Update"="c:\users\Dharmender\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-12-08 138096]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2012-12-17 16328976]
"epic"="c:\program files (x86)\Epic\epic.exe" [2012-12-04 81920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"Intense Registry Service"="IntEdReg.exe" [2002-10-14 53760]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-01-03 36760]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-01-03 815512]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-07-03 641704]
.
c:\users\Dharmender\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
DesktopVideoPlayer.lnk - c:\users\Dharmender\AppData\Local\vghd\bin\vghd.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R2 VBoxDrv;VBox Support Driver;c:\program files (x86)\YouWave_Android\vb\VBoxDrv.sys [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2009-08-17 40448]
R3 AtiDCM;AtiDCM;c:\users\Dharmender\AppData\Local\Temp\atdcm64a.sys [x]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-07-15 16776]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-07-15 9096]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [2009-10-12 114304]
R3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28x.sys [2009-06-10 620544]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys [2011-11-01 12800]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [2011-11-01 171008]
R3 qcusbser;Tianyu USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\qcusbser.sys [2012-02-02 123648]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\Spyware Doctor\pctsAuxs.exe [2010-03-11 366840]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-02 1255736]
R3 wdf_usb;wdf_usb;c:\windows\system32\DRIVERS\usb2ser.sys [2011-12-09 43128]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [2010-03-29 233488]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-11-17 828912]
S1 DVMIO;DeviceVM IO Service;c:\windows\system32\DRIVERS\dvmio.sys [2010-01-30 20056]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_471277d5d45019ea\AESTSr64.exe [2009-03-03 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-09-19 203264]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-07-03 361984]
S2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2010-02-26 127984]
S2 DvmMDES;DeviceVM Meta Data Export Service;c:\swsetup\QuickWeb\QW.SYS\config\DVMExportService.exe [2010-03-13 338168]
S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-01-27 102968]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-13 30520]
S2 HPWMISVC;HPWMISVC;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-01-18 20480]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2012-12-26 805088]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-02-22 18:38 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-02-02 11:38 1607120 ----a-w- c:\program files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 16:39]
.
2013-02-16 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-558466712-3617626307-4113048775-1000Core.job
- c:\users\Dharmender\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-16 09:27]
.
2013-02-17 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-558466712-3617626307-4113048775-1000UA.job
- c:\users\Dharmender\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-16 09:27]
.
2013-02-17 c:\windows\Tasks\Google Software Updater.job
- c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-11-11 07:02]
.
2013-02-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-12 23:34]
.
2013-02-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-12 23:34]
.
2013-02-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-558466712-3617626307-4113048775-1000Core.job
- c:\users\Dharmender\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-13 20:45]
.
2013-02-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-558466712-3617626307-4113048775-1000UA.job
- c:\users\Dharmender\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-13 20:45]
.
2013-02-12 c:\windows\Tasks\HPCeeScheduleForDHARMENDER-LAPI$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 16:45]
.
2013-02-15 c:\windows\Tasks\HPCeeScheduleForDharmender.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 16:45]
.
2013-02-11 c:\windows\Tasks\SpeedyPC Pro.job
- c:\program files (x86)\SpeedyPC Software\SpeedyPC\SpeedyPC.exe [2013-01-02 22:59]
.
2013-02-11 c:\windows\Tasks\SpeedyPC Registration3.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
2013-02-11 c:\windows\Tasks\SpeedyPC Update Version3 Startup Task.job
- c:\program files (x86)\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe [2013-01-02 22:59]
.
2013-02-11 c:\windows\Tasks\SpeedyPC Update Version3.job
- c:\program files (x86)\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe [2013-01-02 22:59]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-12-17 15:20 755816 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-12-17 15:20 755816 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-12-17 15:20 755816 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-12-17 15:20 755816 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-08-17 323072]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-02-01 487424]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-01-20 611896]
"HP Quick Launch"="c:\program files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-01-18 451072]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKLM-Run-Freecorder FLV Service - c:\program files (x86)\Freecorder\FLVSrvc.exe
AddRemove-Freecorder4.0 - c:\windows\Freecorder\uninstall.exe
AddRemove-Freecorder4.1 - c:\windows\Freecorder\uninstall.exe
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-558466712-3617626307-4113048775-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*a*kĘ0€:*€5*SPOT%20European%20extream%20cloror%20of%20calm.avi]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-558466712-3617626307-4113048775-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*a*kĘ0€:*€5*SPOT%20European%20extream%20cloror%20of%20calm.avi\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-558466712-3617626307-4113048775-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*U*n*d*e*r*g*˙YťX\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\SysWOW64\ezSharedSvcHost.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
.
**************************************************************************
.
Completion time: 2013-02-17 10:42:37 - machine was rebooted
ComboFix-quarantined-files.txt 2013-02-17 06:12
ComboFix2.txt 2013-02-15 15:30
.
Pre-Run: 18,048,561,152 bytes free
Post-Run: 17,887,772,672 bytes free
.
- - End Of File - - 8453860BF4B039D0D4014F98E2A62D19
  • 0

#15
dkyd30

dkyd30

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
RGKiller Log:


RKreport[1]_S_02172013_02d1051 :(This is a Scan result)


RogueKiller V8.5.1 _x64_ [Feb 12 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Dharmender [Admin rights]
Mode : Scan -- Date : 02/17/2013 10:51:44
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 7 ¤¤¤
[TASK][SUSP PATH] RunAsStdUser Task : "C:\Users\Dharmender\AppData\Local\RavenBleuSA\bin\1.0.11.0\RavenBleuSA.exe" [x] -> FOUND
[TASK][SUSP PATH] HPSA Upgrade : C:\ProgramData\Hewlett-Packard\HPSAUpgrade3\HpSAUpgrade.exe [7] -> FOUND
[STARTUP][SUSP PATH] DesktopVideoPlayer.lnk @Dharmender : C:\Users\Dharmender\AppData\Local\vghd\bin\vghd.exe [x] -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK3256GSY ATA Device +++++
--- User ---
[MBR] cbfa4ba4f1f8ac5e1b49efe9bb79e5ec
[BSP] d1bf9058a87a6b60de4d9d8a4af19a5d : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 288981 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 592242688 | Size: 15960 Mo
3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 624928768 | Size: 103 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_02172013_02d1051.txt >>
RKreport[1]_S_02172013_02d1051.txt



2. RKreport[2]_D_02172013_02d1053:(This report generated after selecting the Delete option on RG Killer)



RogueKiller V8.5.1 _x64_ [Feb 12 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Dharmender [Admin rights]
Mode : Remove -- Date : 02/17/2013 10:53:40
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 6 ¤¤¤
[TASK][SUSP PATH] RunAsStdUser Task : "C:\Users\Dharmender\AppData\Local\RavenBleuSA\bin\1.0.11.0\RavenBleuSA.exe" [x] -> DELETED
[TASK][SUSP PATH] HPSA Upgrade : C:\ProgramData\Hewlett-Packard\HPSAUpgrade3\HpSAUpgrade.exe [7] -> DELETED
[STARTUP][SUSP PATH] DesktopVideoPlayer.lnk @Dharmender : C:\Users\Dharmender\AppData\Local\vghd\bin\vghd.exe [x] -> DELETED
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK3256GSY ATA Device +++++
--- User ---
[MBR] cbfa4ba4f1f8ac5e1b49efe9bb79e5ec
[BSP] d1bf9058a87a6b60de4d9d8a4af19a5d : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 288981 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 592242688 | Size: 15960 Mo
3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 624928768 | Size: 103 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_02172013_02d1053.txt >>
RKreport[1]_S_02172013_02d1051.txt ; RKreport[2]_D_02172013_02d1053.txt





3.RKreport[2]_SC_02172013_02d1102 :(This report generated after selecting the SHORTFIX Option on RGKiller)


RogueKiller V8.5.1 _x64_ [Feb 12 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Dharmender [Admin rights]
Mode : Shortcuts HJfix -- Date : 02/17/2013 11:02:58
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 1942 / Fail 0
Quick launch: Success 1 / Fail 0
Programs: Success 11 / Fail 0
Start menu: Success 0 / Fail 0
User folder: Success 132 / Fail 0
My documents: Success 13 / Fail 13
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 0 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 3092 / Fail 0
Backup: [NOT FOUND]

Drives:
[C:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[D:] \Device\HarddiskVolume3 -- 0x3 --> Restored
[E:] \Device\HarddiskVolume4 -- 0x3 --> Restored
[F:] \Device\CdRom0 -- 0x5 --> Skipped
[G:] \Device\SCDEmu\SCDEmuCd0 -- 0x5 --> Skipped

Finished : << RKreport[2]_SC_02172013_02d1102.txt >>
RKreport[1]_S_02172013_02d1059.txt ; RKreport[2]_SC_02172013_02d1102.txt
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP