Jump to content

Security Hijack Errors even after removal


Recommended Posts

hi,

 

I ran a scan with Malwarebytes and it shows ten items with Security.Hijack Error. Even my antivirus is messed up and it somehow seems to wrecking havoc on my pc of all kinds. Need some serious help with this issue. i recently formatted and installed Windows 7 on my pc and installed the antivirus and a few other things and i started getting these weird results. Every i remove the Security Hijack with Malwarebytes it pops up again on the next reboot.  

 

pls advise on the next course of action.

 

Pls find the attached FRST.TXT and Addition. TXT files

FRST.txt

Addition.txt

Link to post
Share on other sites

Hello and welome,

 

P2P/Piracy Warning:

 

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Next,

 

Use the instructions in the following link to show hidden files:

 

http://www.bleepingcomputer.com/tutorials/how-to-see-hidden-files-in-windows/

 

Next,

 

Download RKill from here: http://www.bleepingcomputer.com/download/rkill/

 

There are three buttons to choose from with different names on, select the first one and save it to your desktop.

 


Double-click on the Rkill desktop icon to run the tool.
If using Vista or Windows 7/8, right-click on it and Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
A log pops up at the end of the run. This log file is located at C:\rkill.log. Please post this in your next reply.
If you do not see the black box flash on the screen delete the icon from the desktop and go back to the link for the download, select the next button and try to run the tool again, continue to repeat this process using the remaining buttons until the tool runs. You will find further links if you scroll down the page with other names, try them one at a time.
If the tool does not run from any of the links provided, please let me know.

 

Next,

 

Upload a File to Virustotal

Go to http://www.virustotal.com/

  • Click the Choose file button
  • Navigate to the file C:\Program Files\Net Protector 2015\ZVMOUNT.EXE
  • Click the Scan it tab
  • If you get a message saying File has already been analyzed: click Reanalyze file now
  • Copy and paste the results back here please.
  • Repeat the above steps for the following files

C:\PROGRAM FILES\NET PROTECTOR 2015\NPAV4.exe

 

Next,

 

Open Malwarebytes Anti-Malware, from the Dashboard please Check for Updates by clicking the Update Now... link

When the update completes select > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.

 

 

Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.

 

When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.

 

 

In most cases, a restart will be required.

 

 

Wait for the prompt to restart the computer to appear, then click on Yes.

 

 

When the scan is completed from the main GUI click on History > Application Logs. Find your Scan log, the date when run will identify it. Checkmark "select" box > then hit the "view" button. The history log window will open. At the bottom of that window are two options, "Copy to clipboard" and "Export"

Select > "Copy to clipboard" that copies the full log to the windows clipboard, so at your reply you right click into the text field and select "Paste" the log is pasted (copied) to  your reply.

 

Post relevant logs in next reply....

 

Thanks,

 

Kevin...

 

 

 

Link to post
Share on other sites

hi kevin,

 

Pasted Below is the log for the Malwarebytes scan. Attaching RKill log and NPAV and ZVMount scan logs as well.

 

 

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 03/02/2015

Scan Time: 7:30:58 PM

Logfile: 

Administrator: Yes

 

Version: 2.00.4.1028

Malware Database: v2015.02.03.05

Rootkit Database: v2015.01.14.01

License: Premium

Malware Protection: Enabled

Malicious Website Protection: Enabled

Self-protection: Disabled

 

OS: Windows 7

CPU: x86

File System: NTFS

User: Ritesh

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 297509

Time Elapsed: 26 min, 20 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 7

Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\360tray.exe, Quarantined, [ba9719de2c5dde58097eac4342c17c84], 

Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\empty.jpg, Quarantined, [5df48a6d8702d264371b0763f01418e8], 

Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\HACKER.COM.CN.EXE, Quarantined, [62ef688fb8d1c37343470f3a38cc0af6], 

Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MICROSOFT.EXE, Quarantined, [e76a48af8108b5811880de6c0ef60bf5], 

Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\NEW FOLDER.EXE, Quarantined, [5ff2c13618719f97be525bf0d92bd22e], 

Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SVCH0ST.EXE, Quarantined, [341d21d6dcadc86e38b3c488689c41bf], 

Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\VCLEANER.EXE, Quarantined, [cd84c631dbae4de9abe4fc51fe0605fb], 

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 0

(No malicious items detected)

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

NPAV4.txt

Rkill.txt

zvmount.txt

Link to post
Share on other sites

The files I ask to upload to VT are related to your security program, manf Biz Secure Labs Pvt Ltd One file is clean second one (NPPAV4.EXE) is found to be malicious by AVG and Symantec scanners.

 

Do you know of and trust the security program in Question, I find mixed reviews via Google.... Let me know what you believe regarding that security..

 

Next,

 

Run FRST one more time, Ensure all boxes are checkmarked under "Whitelist2 but only Addition.txt under "Optional scan" Select scan, post the two new logs...

 

Thank you,

 

Kevin...

Link to post
Share on other sites

hi kevin,

 

pls find attached the logs as u requested. Regarding the Security program in question it was a good product with good protection and security features. i do have a paid licence for that product and have been using it for a couple of years with no complains but in recent times as u mentioned as on google there are mixed reviews with regard to this product. 

 

let me know what u find out from all of this.

 

Thanks

FRST.txt

Addition.txt

Link to post
Share on other sites

Run the following:

 

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

 

Next,

 

Open Malwarebytes Anti-Malware, from the Dashboard please Check for Updates by clicking the Update Now... link

When the update completes select > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.

 

 

Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.

 

When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.

 

 

In most cases, a restart will be required.

 

 

Wait for the prompt to restart the computer to appear, then click on Yes.

 

 

When the scan is completed from the main GUI click on History > Application Logs. Find your Scan log, the date when run will identify it. Checkmark "select" box > then hit the "view" button. The history log window will open. At the bottom of that window are two options, "Copy to clipboard" and "Export"

Select > "Copy to clipboard" that copies the full log to the windows clipboard, so at your reply you right click into the text field and select "Paste" the log is pasted (copied) to  your reply.

 

Next,

 

Download AdwCleaner by Xplode onto your Desktop.


Double click on Adwcleaner.exe to run the tool.
Click on Scan
Once the scan is done, click on the Clean button.
You will get a prompt asking to close all programs. Click OK.
Click OK again to reboot your computer.
A text file will open after the restart. Please post the content of that logfile in your reply.
You can also find the logfile at C:\AdwCleaner[sn].txt. Where n in the scan reference number

 

Next,

 

thisisujrt.gif Please download Junkware Removal Tool to your desktop.


Shut down your protection software now to avoid potential conflicts. (re-enable when done)
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

 

Next,

 

Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktop

Ensure to get the correct version for your system....

32 Bit version:

https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en

64 Bit version:

https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en'>https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en

 

Right click on the Tool, select “Run as Administrator” the tool will expand to the options Window

In the "Scan Type" window, select Quick Scan

Perform a scan and  Click Finish when the scan is done.

Retrieve the MSRT log as follows, and post it in your next reply:

 

1) Select the Windows key and R key together to open the "Run" function

2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:

 

notepad c:\windows\debug\mrt.log

 

Let me see those logs, also give an update on any remaining issues or concerns....

 

Thanks,

 

Kevin...

 

 

 

 

Fixlist.txt

Link to post
Share on other sites

hi kevin,

 

i have performed the scans as you had advised. Please find the logs in this post pasted respectively. i have limited my activities on the pc to a very minimum such as posting in here and checking my mail. Also every now and then my antivirus cum security software keeps giving up pop-ups to enable the Application Control feature currently ignoring that without doing anything thought it better to ask u first .  Awaiting your further advise.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 01-02-2015

Ran by Ritesh at 2015-02-04 13:41:02 Run:1
Running from C:\Downloads
Loaded Profiles: Ritesh (Available profiles: Ritesh)
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
start
HKU\S-1-5-21-402215625-2697488044-1135593907-1001\...\Winlogon: [shell] C:\Windows\Explorer.exe [2613248 2009-07-14] (Microsoft Corporation) <==== ATTENTION 
IFEO\$RECYCLE.BIN.exe: [Debugger] B-NPAV
IFEO\%temp%.exe: [Debugger] B-NPAV
IFEO\(??????.exe: [Debugger] M-NPAV
IFEO\360tray.exe: [Debugger] B-NPAV
IFEO\AAAAAAAA.EXE: [Debugger] B-NPAV
IFEO\AADRIVE32.EXE: [Debugger] B-NPAV
IFEO\ACLEANER.EXE: [Debugger] B-NPAV
IFEO\ADKS_QONE8.EXE: [Debugger] B-NPAV
IFEO\Adobe Gamma Loader.com: [Debugger] B-NPAV
IFEO\Adobe Online.com: [Debugger] B-NPAV
IFEO\Adobe update.com: [Debugger] B-NPAV
IFEO\AEGVVP.EXE: [Debugger] B-NPAV
IFEO\ahnabc.exe: [Debugger] B-NPAV
IFEO\AMT_ISTARTSURF.EXE: [Debugger] B-NPAV
IFEO\AMT_WEBSSEARCHES.EXE: [Debugger] B-NPAV
IFEO\antiviruspro_2010.exe: [Debugger] B-NPAV
IFEO\APPDATADB.EXE: [Debugger] B-NPAV
IFEO\APPINSTALY.EXE: [Debugger] B-NPAV
IFEO\ARKING.EXE: [Debugger] B-NPAV
IFEO\ArmasNgSamar.exe: [Debugger] B-NPAV
IFEO\asd26.tmp.exe: [Debugger] B-NPAV
IFEO\ASR64_LDM.EXE: [Debugger] B-NPAV
IFEO\AutoDrive.exe: [Debugger] B-NPAV
IFEO\autorun.inf.exe: [Debugger] B-NPAV
IFEO\ave.exe: [Debugger] B-NPAV
IFEO\AVIRA32.EXE: [Debugger] B-NPAV
IFEO\AWESOMEHP.EXE: [Debugger] B-NPAV
IFEO\BDO_QONE8.EXE: [Debugger] B-NPAV
IFEO\best7.exe: [Debugger] B-NPAV
IFEO\best77.exe: [Debugger] B-NPAV
IFEO\blank.doc: [Debugger] B-NPAV
IFEO\BLUET00TH.EXE: [Debugger] B-NPAV
IFEO\bprotect.exe: [Debugger] B-NPAV
IFEO\BRONSTAB.EXE: [Debugger] B-NPAV
IFEO\BUENOSEARCHTB: [Debugger] B-NPAV
IFEO\CBZVL.EXE: [Debugger] B-NPAV
IFEO\cista.exe: [Debugger] B-NPAV
IFEO\cmt.exe: [Debugger] B-NPAV
IFEO\COMMGR.EXE: [Debugger] B-NPAV
IFEO\CONTINUETOSAVE.EXE: [Debugger] B-NPAV
IFEO\COOL_GAMESETUP.EXE: [Debugger] B-NPAV
IFEO\CSRCS.EXE: [Debugger] B-NPAV
IFEO\CSSRSS.EXE: [Debugger] B-NPAV
IFEO\DATAMNGRUI.EXE: [Debugger] B-NPAV
IFEO\DEFAULTTABHOST.EXE: [Debugger] B-NPAV
IFEO\Demokratska4.exe: [Debugger] B-NPAV
IFEO\desk365.exe: [Debugger] B-NPAV
IFEO\desktoplayer.exe: [Debugger] B-NPAV
IFEO\DISETYPKIDOZ.EXE: [Debugger] B-NPAV
IFEO\diskperfxp.exe: [Debugger] B-NPAV
IFEO\DLLRUN32.EXE: [Debugger] B-NPAV
IFEO\DRVGUARD.EXE: [Debugger] B-NPAV
IFEO\E5188982.EXE: [Debugger] B-NPAV
IFEO\EDEALSPOP.EXE: [Debugger] B-NPAV
IFEO\EHTHUMBS.EXE: [Debugger] B-NPAV
IFEO\EKSPLORASI.EXE: [Debugger] B-NPAV
IFEO\empty.jpg: [Debugger] B-NPAV
IFEO\empty.pif: [Debugger] B-NPAV
IFEO\EXE32.EXE: [Debugger] B-NPAV
IFEO\FAENOL.EXE: [Debugger] B-NPAV
IFEO\FASTANTIVIRUS2011.EXE: [Debugger] B-NPAV
IFEO\FindRight.FirstRun.exe: [Debugger] B-NPAV
IFEO\FINDRIGHTSETUP.EXE: [Debugger] B-NPAV
IFEO\firefox2.exe: [Debugger] B-NPAV
IFEO\FIREWORK.MP3.EXE: [Debugger] B-NPAV
IFEO\FKREKK456.EXE: [Debugger] B-NPAV
IFEO\FUN.XLS.EXE: [Debugger] B-NPAV
IFEO\GNJA.EXE: [Debugger] B-NPAV
IFEO\GOOGIE .EXE: [Debugger] B-NPAV
IFEO\google.com: [Debugger] B-NPAV
IFEO\GOOGLEOEZ.EXE: [Debugger] B-NPAV
IFEO\GOOGLEUPDATEBETA.EXE: [Debugger] B-NPAV
IFEO\gphone.exe: [Debugger] B-NPAV
IFEO\GSYZQ.EXE: [Debugger] B-NPAV
IFEO\HACKER.COM.CN.EXE: [Debugger] B-NPAV
IFEO\HDAV.EXE: [Debugger] B-NPAV
IFEO\HELLOPUPPY.EXE: [Debugger] B-NPAV
IFEO\hexapple.exe: [Debugger] B-NPAV
IFEO\hexsvchost.exe: [Debugger] B-NPAV
IFEO\hhcbrnaff.exe: [Debugger] B-NPAV
IFEO\hhgnrddkjee.exe: [Debugger] B-NPAV
IFEO\IACNATIVEMSGHOST.EXE: [Debugger] B-NPAV
IFEO\ibsvc.exe: [Debugger] B-NPAV
IFEO\ICREINSTALL_OMIGA-PLUS.EXE: [Debugger] B-NPAV
IFEO\IFREETV.EXE: [Debugger] B-NPAV
IFEO\igfxdvb32.exe: [Debugger] B-NPAV
IFEO\ILD_ISTARTSURF.EXE: [Debugger] B-NPAV
IFEO\ILD_QONE8.EXE: [Debugger] B-NPAV
IFEO\IMPORTANT.FILES.EXE: [Debugger] B-NPAV
IFEO\INBOXACE[1].EXE: [Debugger] B-NPAV
IFEO\INDAPUR COLLEGE.EXE: [Debugger] B-NPAV
IFEO\INOVICE COPY(1).EXE: [Debugger] B-NPAV
IFEO\Install_kuwo.dat: [Debugger] B-NPAV
IFEO\Internet Explorer Settings.exe: [Debugger] B-NPAV
IFEO\INVOICE..EXE: [Debugger] B-NPAV
IFEO\ISE32.EXE: [Debugger] B-NPAV
IFEO\jodrive32.exe: [Debugger] B-NPAV
IFEO\juzjf.exe: [Debugger] B-NPAV
IFEO\kelly.exe: [Debugger] B-NPAV
IFEO\khatra.exe: [Debugger] B-NPAV
IFEO\L1REZERV.EXE: [Debugger] B-NPAV
IFEO\lbisov.exe: [Debugger] B-NPAV
IFEO\LIB32WAOT.EXE: [Debugger] B-NPAV
IFEO\LIDLLLA.EXE: [Debugger] B-NPAV
IFEO\lizkavd.exe: [Debugger] B-NPAV
IFEO\LLY_ISTARTSURF.EXE: [Debugger] B-NPAV
IFEO\LLY_WEBSSEARCHES.EXE: [Debugger] B-NPAV
IFEO\LOAD[1].EXE: [Debugger] B-NPAV
IFEO\ltzqai.exe: [Debugger] B-NPAV
IFEO\MAKARONI.EXE: [Debugger] B-NPAV
IFEO\MCSHELD.EXE: [Debugger] B-NPAV
IFEO\MgAssist.exe: [Debugger] B-NPAV
IFEO\MGJWIN32.EXE: [Debugger] B-NPAV
IFEO\MGRSVN.EXE: [Debugger] B-NPAV
IFEO\MICROSOFT.EXE: [Debugger] B-NPAV
IFEO\MMMPC.EXE: [Debugger] B-NPAV
IFEO\Mobogenie.exe: [Debugger] B-NPAV
IFEO\MONILOR.EXE: [Debugger] B-NPAV
IFEO\MOSODCYSBEAR.EXE: [Debugger] B-NPAV
IFEO\MOVIEMODE.EXE: [Debugger] B-NPAV
IFEO\MOVIEMODE64.EXE: [Debugger] B-NPAV
IFEO\moviemodeservice.exe: [Debugger] B-NPAV
IFEO\MP3_QONE8.EXE: [Debugger] B-NPAV
IFEO\MRPKY.EXE: [Debugger] B-NPAV
IFEO\mrsys.exe: [Debugger] B-NPAV
IFEO\MS-DOS.COM: [Debugger] B-NPAV
IFEO\MSA.EXE: [Debugger] B-NPAV
IFEO\MSB.EXE: [Debugger] B-NPAV
IFEO\MSBACKUP.EXE: [Debugger] B-NPAV
IFEO\msconfig32.exe: [Debugger] B-NPAV
IFEO\msm.com: [Debugger] B-NPAV
IFEO\MSMXENG.EXE: [Debugger] B-NPAV
IFEO\MSRZOCKX.SCR: [Debugger] B-NPAV
IFEO\MSVMIODE.EXE: [Debugger] B-NPAV
IFEO\mwagent.exe: [Debugger] B-NPAV
IFEO\mwaser.exe: [Debugger] B-NPAV
IFEO\MWAU.EXE: [Debugger] B-NPAV
IFEO\My Documents.exe: [Debugger] B-NPAV
IFEO\MySearchDial.exe: [Debugger] B-NPAV
IFEO\NEW FOLDER .EXE: [Debugger] B-NPAV
IFEO\NEW FOLDER.EXE: [Debugger] B-NPAV
IFEO\new29.exe: [Debugger] B-NPAV
IFEO\NISSAN.EXE: [Debugger] B-NPAV
IFEO\nsvb.exe: [Debugger] B-NPAV
IFEO\NTDETEC1.EXE: [Debugger] B-NPAV
IFEO\ONEBROWSESERVICE.EXE: [Debugger] B-NPAV
IFEO\ONEBROWSEUIPROCESS.EXE: [Debugger] B-NPAV
IFEO\ONEKIT4FFX.EXE: [Debugger] B-NPAV
IFEO\OOVOOSETUP.EXE: [Debugger] B-NPAV
IFEO\Outdoor Amateur.exe: [Debugger] B-NPAV
IFEO\P2PHOSTA.EXE: [Debugger] B-NPAV
IFEO\Passwords.exe: [Debugger] B-NPAV
IFEO\PAYMENTSLIP.EXE: [Debugger] B-NPAV
IFEO\PHIM HAI CUC HAY.EXE: [Debugger] B-NPAV
IFEO\photo_id.exe: [Debugger] B-NPAV
IFEO\PHYSICALDRIVE2.COM: [Debugger] B-NPAV
IFEO\PIPINSTALLER_PTV_.EXE: [Debugger] B-NPAV
IFEO\PLUGINSERVICE.EXE: [Debugger] B-NPAV
IFEO\PLUSHDINSTALLER.EXE: [Debugger] B-NPAV
IFEO\porn.exe: [Debugger] B-NPAV
IFEO\PRINCE(2010)-PDVDRIP{NEWSOURCE}-1CDRIP-XVID-MP3-[DRC].EXE: [Debugger] B-NPAV
IFEO\PRODUCT SAMPLE.EXE: [Debugger] B-NPAV
IFEO\PROTECTWINDOWSMANAGER.EXE: [Debugger] B-NPAV
IFEO\PURCHASE ORDER DETAILS.COM: [Debugger] B-NPAV
IFEO\PURCHASE ORDER..EXE: [Debugger] B-NPAV
IFEO\PURCHASE ORDER.BAT: [Debugger] B-NPAV
IFEO\PURCHASE-ORDERS.EXE: [Debugger] B-NPAV
IFEO\PUSK2.EXE: [Debugger] B-NPAV
IFEO\PUSK3.EXE: [Debugger] B-NPAV
IFEO\qgfmc.exe: [Debugger] B-NPAV
IFEO\QONE8.EXE: [Debugger] B-NPAV
IFEO\qtfcyyp.exe: [Debugger] B-NPAV
IFEO\RABC.EXE: [Debugger] B-NPAV
IFEO\RADSTEROIDS.EXE: [Debugger] B-NPAV
IFEO\RADSTEROIDS64.EXE: [Debugger] B-NPAV
IFEO\RADSTEROIDSSERVICE.EXE: [Debugger] B-NPAV
IFEO\RECYCLE.EXE: [Debugger] B-NPAV
IFEO\RECYCLEBIN.EXE: [Debugger] B-NPAV
IFEO\RECYCLEBINPROTECT.EXE: [Debugger] B-NPAV
IFEO\RECYCLED.EXE: [Debugger] B-NPAV
IFEO\RECYCLED.SCR: [Debugger] B-NPAV
IFEO\RECYCLER .EXE: [Debugger] B-NPAV
IFEO\RECYCLER.EXE: [Debugger] B-NPAV
IFEO\regedit32.com: [Debugger] B-NPAV
IFEO\regsvr.exe: [Debugger] B-NPAV
IFEO\Rensolt.exe: [Debugger] B-NPAV
IFEO\Rensolu.exe: [Debugger] B-NPAV
IFEO\Rensolv.exe: [Debugger] B-NPAV
IFEO\Rensolve.exe: [Debugger] B-NPAV
IFEO\RESTORER64_A.EXE: [Debugger] B-NPAV
IFEO\rknew.cc3: [Debugger] B-NPAV
IFEO\Rmhzb.exe: [Debugger] B-NPAV
IFEO\runouce.exe: [Debugger] B-NPAV
IFEO\SACHOST.EXE: [Debugger] B-NPAV
IFEO\SafeDrvse.exe: [Debugger] B-NPAV
IFEO\SAVESENSE1218.EXE: [Debugger] B-NPAV
IFEO\SAVESENSELIVE.EXE: [Debugger] B-NPAV
IFEO\SAVESENSEUPDATEVER.EXE: [Debugger] B-NPAV
IFEO\SCVHOST.EXE: [Debugger] B-NPAV
IFEO\SDRA64.EXE: [Debugger] B-NPAV
IFEO\SEABI.EXE: [Debugger] B-NPAV
IFEO\SEAFAST.EXE: [Debugger] B-NPAV
IFEO\SEARCHPROTECT1204.EXE: [Debugger] B-NPAV
IFEO\SEARCHPROTECTIONSTUB.EXE: [Debugger] B-NPAV
IFEO\SecureDrive.exe: [Debugger] B-NPAV
IFEO\seres.exe: [Debugger] B-NPAV
IFEO\serivces.exe: [Debugger] B-NPAV
IFEO\SETTINGSMANAGERSETUP.EXE: [Debugger] B-NPAV
IFEO\SFPSNEW1_QONE8.EXE: [Debugger] B-NPAV
IFEO\SFPSNEW2_QONE8.EXE: [Debugger] B-NPAV
IFEO\SFPSNEW3_QONE8.EXE: [Debugger] B-NPAV
IFEO\shell32.com: [Debugger] B-NPAV
IFEO\SHELLOPEN.EXE: [Debugger] B-NPAV
IFEO\SHMEKERICA.EXE: [Debugger] B-NPAV
IFEO\SHOPPERPROJSINJFULL.EXE: [Debugger] B-NPAV
IFEO\SICHOST.EXE: [Debugger] B-NPAV
IFEO\sienozv.exe: [Debugger] B-NPAV
IFEO\SIEN_QONE8.EXE: [Debugger] B-NPAV
IFEO\SmdmFService.exe: [Debugger] B-NPAV
IFEO\smdmfu.exe: [Debugger] B-NPAV
IFEO\SMSS32.EXE: [Debugger] B-NPAV
IFEO\SMTNEW_QONE8.EXE: [Debugger] B-NPAV
IFEO\SMT_OMIGA-PLUS_NEW.EXE: [Debugger] B-NPAV
IFEO\SMT_QONE8.EXE: [Debugger] B-NPAV
IFEO\SPECIJALAC.EXE: [Debugger] B-NPAV
IFEO\SPERMICI.EXE: [Debugger] B-NPAV
IFEO\spoclsv.exe: [Debugger] B-NPAV
IFEO\SSVICHOSST.EXE: [Debugger] B-NPAV
IFEO\SVCH0ST.EXE: [Debugger] B-NPAV
IFEO\SVCH0STS.EXE: [Debugger] B-NPAV
IFEO\SVCHAST.EXE: [Debugger] B-NPAV
IFEO\SVCHHOST.EXE: [Debugger] B-NPAV
IFEO\SVCHOSTS.EXE: [Debugger] B-NPAV
IFEO\SVCNOST.EXE: [Debugger] B-NPAV
IFEO\svcst.exe: [Debugger] B-NPAV
IFEO\SVHOST.EXE: [Debugger] B-NPAV
IFEO\SysAnti.exe: [Debugger] B-NPAV
IFEO\SYSDATE.EXE: [Debugger] B-NPAV
IFEO\SYSDIAG64.EXE: [Debugger] B-NPAV
IFEO\SYSDRIVER32.EXE: [Debugger] B-NPAV
IFEO\SYSDRIVER32_.EXE: [Debugger] B-NPAV
IFEO\SYSHOST.EXE: [Debugger] B-NPAV
IFEO\SYSMNGR32.EXE: [Debugger] B-NPAV
IFEO\systam.exe: [Debugger] B-NPAV
IFEO\SYSTEM3_.EXE: [Debugger] B-NPAV
IFEO\SYSTEMIL2.EXE: [Debugger] B-NPAV
IFEO\systim32.exe: [Debugger] B-NPAV
IFEO\SYTVSM.EXE: [Debugger] B-NPAV
IFEO\TCPWAMMLIB.EXE: [Debugger] B-NPAV
IFEO\TCPWAMULIB.EXE: [Debugger] B-NPAV
IFEO\TCPWANBLIB.EXE: [Debugger] B-NPAV
IFEO\ToolbarUpdaterService.exe: [Debugger] B-NPAV
IFEO\Tuneup.exe: [Debugger] B-NPAV
IFEO\TXP1ATFORM.EXE: [Debugger] B-NPAV
IFEO\TXPLATFORM.EXE: [Debugger] B-NPAV
IFEO\UA3KMH73O3JYUT4IOK.EXE: [Debugger] B-NPAV
IFEO\ucigxo.exe: [Debugger] B-NPAV
IFEO\unwise_.exe: [Debugger] B-NPAV
IFEO\updateFindRight.exe: [Debugger] B-NPAV
IFEO\updateluckyleap.exe: [Debugger] B-NPAV
IFEO\UPDATEMELONDREA.EXE: [Debugger] B-NPAV
IFEO\UpdateMoboGenie.exe: [Debugger] B-NPAV
IFEO\UPDATEOUTOBOX.EXE: [Debugger] B-NPAV
IFEO\USBDRIVE32.EXE: [Debugger] B-NPAV
IFEO\userini.exe: [Debugger] B-NPAV
IFEO\USPS REPORT.EXE: [Debugger] B-NPAV
IFEO\utilluckyleap.exe: [Debugger] B-NPAV
IFEO\UTILMELONDREA.EXE: [Debugger] B-NPAV
IFEO\UTILOUTOBOX.EXE: [Debugger] B-NPAV
IFEO\uygkr9b.exe: [Debugger] B-NPAV
IFEO\VCLEANER.EXE: [Debugger] B-NPAV
IFEO\voicemail.scr: [Debugger] B-NPAV
IFEO\VOICEMAIL_MUMBAI.EXE: [Debugger] B-NPAV
IFEO\vrt1.tmp: [Debugger] B-NPAV
IFEO\VRT5.TMP: [Debugger] B-NPAV
IFEO\VRT6.TMP: [Debugger] B-NPAV
IFEO\VRT75.TMP: [Debugger] B-NPAV
IFEO\VRT9.TMP: [Debugger] B-NPAV
IFEO\VSBNTLO.EXE: [Debugger] B-NPAV
IFEO\VTT_QONE8.EXE: [Debugger] B-NPAV
IFEO\vuout.exe: [Debugger] B-NPAV
IFEO\VXZCEGI.EXE: [Debugger] B-NPAV
IFEO\watermark.exe: [Debugger] B-NPAV
IFEO\WEBSHIELD.EXE: [Debugger] B-NPAV
IFEO\WEBSHIELD64.EXE: [Debugger] B-NPAV
IFEO\WEBSHIELDSERVICE.EXE: [Debugger] B-NPAV
IFEO\WEBSSEARCHES_0905-11F33B8C.EXE: [Debugger] B-NPAV
IFEO\WEBSTEROIDS.EXE: [Debugger] B-NPAV
IFEO\WEBSTEROIDS64.EXE: [Debugger] B-NPAV
IFEO\WEBSTEROIDSSERVICE.EXE: [Debugger] B-NPAV
IFEO\WIHELP32.EXE: [Debugger] B-NPAV
IFEO\win002.exe: [Debugger] B-NPAV
IFEO\WIN7.EXE: [Debugger] B-NPAV
IFEO\WINALERT.EXE: [Debugger] B-NPAV
IFEO\WINDLL.EXE: [Debugger] B-NPAV
IFEO\WINFIXER.EXE: [Debugger] B-NPAV
IFEO\WinHdvm32.exe: [Debugger] B-NPAV
IFEO\winlok.exe: [Debugger] B-NPAV
IFEO\WINMINEA.EXE: [Debugger] B-NPAV
IFEO\winrsdrv32.exe: [Debugger] B-NPAV
IFEO\WINSVCHOSTS.EXE: [Debugger] B-NPAV
IFEO\WINSYSAPP.EXE: [Debugger] B-NPAV
IFEO\WINSYSTEM.EXE: [Debugger] B-NPAV
IFEO\WISENI32.EXE: [Debugger] B-NPAV
IFEO\WMFCGR.EXE: [Debugger] B-NPAV
IFEO\WMIMGMT.COM: [Debugger] B-NPAV
IFEO\WMISTIP.EXE: [Debugger] B-NPAV
IFEO\wmnig.exe: [Debugger] B-NPAV
IFEO\WMPRWISE.EXE: [Debugger] B-NPAV
IFEO\WMPTD32.EXE: [Debugger] B-NPAV
IFEO\wnzip32.exe: [Debugger] B-NPAV
IFEO\WPM_NS_V20.0.0.502.EXE: [Debugger] B-NPAV
IFEO\WPM_V18.8.0.273.EXE: [Debugger] B-NPAV
IFEO\WPM_V18.8.0.304.EXE: [Debugger] B-NPAV
IFEO\WPM_V20.0.0.401.EXE: [Debugger] B-NPAV
IFEO\WPM_V20.0.0.502.EXE: [Debugger] B-NPAV
IFEO\WPROTECTMANAGER.EXE: [Debugger] B-NPAV
IFEO\wsynalib.exe: [Debugger] B-NPAV
IFEO\WUAUCLDT.EXE: [Debugger] B-NPAV
IFEO\X: [Debugger] B-NPAV
IFEO\xiazaii.exe: [Debugger] B-NPAV
IFEO\XPLORER.EXE: [Debugger] B-NPAV
IFEO\YDNED.EXE: [Debugger] B-NPAV
IFEO\zavupd32.exe: [Debugger] B-NPAV
IFEO\ZIPAS.EXE: [Debugger] B-NPAV
IFEO\_RECYCLING49.EXE: [Debugger] B-NPAV
IFEO\?.exe: [Debugger] M-NPAV
C:\Users\Ritesh\NPProt.exe
C:\Users\Ritesh\AppData\Local\Temp\gtapi_signed.dll
C:\Users\Ritesh\AppData\Local\Temp\NEventMessages.dll
C:\Users\Ritesh\AppData\Local\Temp\NOSEventMessages.dll
C:\Users\Ritesh\AppData\Local\Temp\npp.6.7.4.Installer.exe
C:\Users\Ritesh\AppData\Local\Temp\xmlUpdater.exe
hosts:
Emptytemp:
end
 
 
 
*****************
 
HKU\S-1-5-21-402215625-2697488044-1135593907-1001\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\$RECYCLE.BIN.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\%temp%.exe" => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\(??????.exe => Key not found. 
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\360tray.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\AAAAAAAA.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\AADRIVE32.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ACLEANER.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ADKS_QONE8.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\Adobe Gamma Loader.com" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\Adobe Online.com" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\Adobe update.com" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\AEGVVP.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ahnabc.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\AMT_ISTARTSURF.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\AMT_WEBSSEARCHES.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\antiviruspro_2010.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\APPDATADB.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\APPINSTALY.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ARKING.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ArmasNgSamar.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\asd26.tmp.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ASR64_LDM.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\AutoDrive.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\autorun.inf.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ave.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\AVIRA32.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\AWESOMEHP.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\BDO_QONE8.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\best7.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\best77.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\blank.doc" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\BLUET00TH.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bprotect.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\BRONSTAB.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\BUENOSEARCHTB" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\CBZVL.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\cista.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\cmt.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\COMMGR.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\CONTINUETOSAVE.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\COOL_GAMESETUP.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\CSRCS.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\CSSRSS.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\DATAMNGRUI.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\DEFAULTTABHOST.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\Demokratska4.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\desk365.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\desktoplayer.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\DISETYPKIDOZ.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\diskperfxp.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\DLLRUN32.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\DRVGUARD.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\E5188982.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\EDEALSPOP.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\EHTHUMBS.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\EKSPLORASI.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\empty.jpg" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\empty.pif" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\EXE32.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\FAENOL.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\FASTANTIVIRUS2011.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\FindRight.FirstRun.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\FINDRIGHTSETUP.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\firefox2.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\FIREWORK.MP3.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\FKREKK456.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\FUN.XLS.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\GNJA.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\GOOGIE .EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\google.com" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\GOOGLEOEZ.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\GOOGLEUPDATEBETA.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\gphone.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\GSYZQ.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\HACKER.COM.CN.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\HDAV.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\HELLOPUPPY.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\hexapple.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\hexsvchost.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\hhcbrnaff.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\hhgnrddkjee.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\IACNATIVEMSGHOST.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ibsvc.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ICREINSTALL_OMIGA-PLUS.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\IFREETV.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\igfxdvb32.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ILD_ISTARTSURF.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ILD_QONE8.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\IMPORTANT.FILES.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\INBOXACE[1].EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\INDAPUR COLLEGE.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\INOVICE COPY(1).EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\Install_kuwo.dat" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\Internet Explorer Settings.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\INVOICE..EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ISE32.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\jodrive32.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\juzjf.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\kelly.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\khatra.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\L1REZERV.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\lbisov.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\LIB32WAOT.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\LIDLLLA.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\lizkavd.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\LLY_ISTARTSURF.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\LLY_WEBSSEARCHES.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\LOAD[1].EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ltzqai.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MAKARONI.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MCSHELD.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MgAssist.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MGJWIN32.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MGRSVN.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MICROSOFT.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MMMPC.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\Mobogenie.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MONILOR.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MOSODCYSBEAR.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MOVIEMODE.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MOVIEMODE64.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\moviemodeservice.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MP3_QONE8.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MRPKY.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mrsys.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MS-DOS.COM" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MSA.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MSB.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MSBACKUP.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\msconfig32.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\msm.com" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MSMXENG.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MSRZOCKX.SCR" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MSVMIODE.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mwagent.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mwaser.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MWAU.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\My Documents.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MySearchDial.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\NEW FOLDER .EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\NEW FOLDER.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\new29.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\NISSAN.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\nsvb.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\NTDETEC1.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ONEBROWSESERVICE.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ONEBROWSEUIPROCESS.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ONEKIT4FFX.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\OOVOOSETUP.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\Outdoor Amateur.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\P2PHOSTA.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\Passwords.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\PAYMENTSLIP.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\PHIM HAI CUC HAY.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\photo_id.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\PHYSICALDRIVE2.COM" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\PIPINSTALLER_PTV_.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\PLUGINSERVICE.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\PLUSHDINSTALLER.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\porn.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\PRINCE(2010)-PDVDRIP{NEWSOURCE}-1CDRIP-XVID-MP3-[DRC].EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\PRODUCT SAMPLE.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\PROTECTWINDOWSMANAGER.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\PURCHASE ORDER DETAILS.COM" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\PURCHASE ORDER..EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\PURCHASE ORDER.BAT" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\PURCHASE-ORDERS.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\PUSK2.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\PUSK3.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\qgfmc.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\QONE8.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\qtfcyyp.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\RABC.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\RADSTEROIDS.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\RADSTEROIDS64.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\RADSTEROIDSSERVICE.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\RECYCLE.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\RECYCLEBIN.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\RECYCLEBINPROTECT.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\RECYCLED.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\RECYCLED.SCR" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\RECYCLER .EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\RECYCLER.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\regedit32.com" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\regsvr.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\Rensolt.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\Rensolu.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\Rensolv.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\Rensolve.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\RESTORER64_A.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\rknew.cc3" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\Rmhzb.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\runouce.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SACHOST.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SafeDrvse.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SAVESENSE1218.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SAVESENSELIVE.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SAVESENSEUPDATEVER.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SCVHOST.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SDRA64.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SEABI.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SEAFAST.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SEARCHPROTECT1204.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SEARCHPROTECTIONSTUB.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SecureDrive.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\seres.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\serivces.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SETTINGSMANAGERSETUP.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SFPSNEW1_QONE8.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SFPSNEW2_QONE8.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SFPSNEW3_QONE8.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\shell32.com" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SHELLOPEN.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SHMEKERICA.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SHOPPERPROJSINJFULL.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SICHOST.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\sienozv.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SIEN_QONE8.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SmdmFService.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\smdmfu.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SMSS32.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SMTNEW_QONE8.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SMT_OMIGA-PLUS_NEW.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SMT_QONE8.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SPECIJALAC.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SPERMICI.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\spoclsv.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SSVICHOSST.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SVCH0ST.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SVCH0STS.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SVCHAST.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SVCHHOST.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SVCHOSTS.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SVCNOST.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\svcst.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SVHOST.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SysAnti.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SYSDATE.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SYSDIAG64.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SYSDRIVER32.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SYSDRIVER32_.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SYSHOST.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SYSMNGR32.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\systam.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SYSTEM3_.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SYSTEMIL2.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\systim32.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SYTVSM.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\TCPWAMMLIB.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\TCPWAMULIB.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\TCPWANBLIB.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ToolbarUpdaterService.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\Tuneup.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\TXP1ATFORM.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\TXPLATFORM.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\UA3KMH73O3JYUT4IOK.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ucigxo.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\unwise_.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\updateFindRight.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\updateluckyleap.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\UPDATEMELONDREA.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\UpdateMoboGenie.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\UPDATEOUTOBOX.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\USBDRIVE32.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\userini.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\USPS REPORT.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\utilluckyleap.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\UTILMELONDREA.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\UTILOUTOBOX.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\uygkr9b.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\VCLEANER.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\voicemail.scr" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\VOICEMAIL_MUMBAI.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\vrt1.tmp" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\VRT5.TMP" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\VRT6.TMP" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\VRT75.TMP" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\VRT9.TMP" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\VSBNTLO.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\VTT_QONE8.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\vuout.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\VXZCEGI.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\watermark.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\WEBSHIELD.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\WEBSHIELD64.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\WEBSHIELDSERVICE.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\WEBSSEARCHES_0905-11F33B8C.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\WEBSTEROIDS.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\WEBSTEROIDS64.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\WEBSTEROIDSSERVICE.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\WIHELP32.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\win002.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\WIN7.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\WINALERT.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\WINDLL.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\WINFIXER.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\WinHdvm32.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\winlok.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\WINMINEA.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\winrsdrv32.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\WINSVCHOSTS.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\WINSYSAPP.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\WINSYSTEM.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\WISENI32.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\WMFCGR.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\WMIMGMT.COM" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\WMISTIP.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\wmnig.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\WMPRWISE.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\WMPTD32.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\wnzip32.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\WPM_NS_V20.0.0.502.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\WPM_V18.8.0.273.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\WPM_V18.8.0.304.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\WPM_V20.0.0.401.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\WPM_V20.0.0.502.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\WPROTECTMANAGER.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\wsynalib.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\WUAUCLDT.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\X" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\xiazaii.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\XPLORER.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\YDNED.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\zavupd32.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ZIPAS.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\_RECYCLING49.EXE" => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\?.exe => Key not found. 
C:\Users\Ritesh\NPProt.exe => Moved successfully.
C:\Users\Ritesh\AppData\Local\Temp\gtapi_signed.dll => Moved successfully.
C:\Users\Ritesh\AppData\Local\Temp\NEventMessages.dll => Moved successfully.
C:\Users\Ritesh\AppData\Local\Temp\NOSEventMessages.dll => Moved successfully.
C:\Users\Ritesh\AppData\Local\Temp\npp.6.7.4.Installer.exe => Moved successfully.
C:\Users\Ritesh\AppData\Local\Temp\xmlUpdater.exe => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 549.3 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 13:41:27 ====
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 04/02/2015
Scan Time: 1:56:37 PM
Logfile: 
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2015.02.04.04
Rootkit Database: v2015.02.03.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7
CPU: x86
File System: NTFS
User: Ritesh
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 296595
Time Elapsed: 27 min, 33 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 10
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\360tray.exe, Quarantined, [bc568f8ba3e70b2be7c229c7d330c040], 
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\antiviruspro_2010.exe, Quarantined, [d1411dfd9cee4aec8bd34efa3fc5e51b], 
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\empty.jpg, Quarantined, [0d058c8ef09a40f642324a219e6622de], 
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\HACKER.COM.CN.EXE, Quarantined, [1cf69f7bb7d3bf77119bb892a1634ab6], 
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MICROSOFT.EXE, Quarantined, [f51dc159d6b4181e32888cbf689cf010], 
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MSA.EXE, Quarantined, [f71b4dcd1e6c0e280bcd6ae147bd33cd], 
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\NEW FOLDER.EXE, Quarantined, [e52d51c97218cd69320033199e667d83], 
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SMSS32.EXE, Quarantined, [71a150ca7e0c23135a7b0e3f749024dc], 
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SVCH0ST.EXE, Quarantined, [5eb4c3577d0df343d73687c7a262a25e], 
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\VCLEANER.EXE, Quarantined, [c94917037713af876b46a5a9fb09b947], 
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
# AdwCleaner v4.109 - Report created 04/02/2015 at 14:49:25
# Updated 24/01/2015 by Xplode
# Database : 2015-01-24.3 [Local]
# Operating System : Windows 7 Professional  (32 bits)
# Username : Ritesh - RITESH-PC
# Running from : C:\Downloads\adwcleaner_4.109.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2974C985-8151-4DE5-B23C-B875F0A8522F}
Key Deleted : HKCU\Software\Myfree Codec
Key Deleted : HKLM\SOFTWARE\Myfree Codec
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SAVESENSELIVE.EXE
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WEBSTEROIDS.EXE
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WEBSTEROIDSSERVICE.EXE
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v8.0.7600.16385
 
 
-\\ Mozilla Firefox v35.0.1 (x86 en-US)
 
 
-\\ Google Chrome v40.0.2214.94
 
[C:\Users\Ritesh\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Ritesh\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [2428 octets] - [02/02/2015 14:26:04]
AdwCleaner[R1].txt - [1890 octets] - [03/02/2015 15:42:05]
AdwCleaner[R2].txt - [1950 octets] - [04/02/2015 14:27:50]
AdwCleaner[s0].txt - [2430 octets] - [02/02/2015 14:31:45]
AdwCleaner[s1].txt - [1784 octets] - [04/02/2015 14:49:25]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [1844 octets] ##########
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 7 Professional x86
Ran by Ritesh on 04/02/2015 at 14:53:52.05
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-402215625-2697488044-1135593907-1001\Software\Microsoft\Internet Explorer\Main\\Start Page
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 04/02/2015 at 15:00:41.46
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.20, January 2015 (build 5.20.11000.0)
Started On Wed Feb 04 15:09:42 2015
 
Engine: 1.1.11302.0
Signatures: 1.191.1276.0
 
Results Summary:
----------------
No infection found.
 
Link to post
Share on other sites

Run the following please and post logs...

 

1.Download Malwarebytes Anti-Rootkit from this link:

 

 http://www.malwarebytes.org/products/mbar/

 

2. Unzip the File to a convenient location. (Recommend the Desktop)

3. Open the folder where the contents were unzipped to run mbar.exe

 

Image1.png

 

4. Double-click on the mbar.exe file, you may receive a User Account Control prompt asking if you are sure you wish to allow the program to run. Please allow the program to run and MBAR will now start to install any necessary drivers that are required for the program to operate correctly. If a rootkit is interfering with the installation of the drivers you will see a message that states that the DDA driver was not installed and that you should reboot your computer to install it. You will see this image:

 

mbarwm.png

 

5. If you receive this message, please click on the Yes button and Malwarebytes Anti-Rootkit will now restart your computer. Once the computer is rebooted and you login, MBAR will automatically start and you will now be at the start screen. (If no Rootkit warning you will go from step 4 to 6.)

 

6. The following image opens, select Next.

 

Image2.png

 

7. The following image opens, select Update

 

Image3.png

 

8. When the update completes select Next.

 

Image4.png

 

9. In the following window ensure "Targets" are ticked. Then select "Scan"

 

Image5.png

 

10. If an infection is found select the "Cleanup Button" to remove threats, Reboot if prompted. Wait while the system shuts down and the cleanup process is performed.

 

MBAntiRKcleanA.png

 

11. Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click "Cleanup Button" once more and repeat the process.

12. If no threats were found you will see the following image, Select Exit:

 

Image6.png

 

13. Verify that your system is now running normally, making sure that the following items are functional:

 


      Internet access
      Windows Update
      Windows Firewall

 

14.  If there are additional problems with your system, such as any of those listed above or other system issues, then run the 'fixdamage' tool included within Malwarebytes Anti-Rootkit folder.

 

15. Select "Y" from your Keyboard, tap Enter.

 

16. The fix will be applied, select any key to Exit.

 

17. Let me know how your system now responds. Copy and paste the two following logs from the mbar folder:

 

System - log

Mbar - log   Date and time of scan will also be shown

 

Thanks,

 

Kevin...

Link to post
Share on other sites

hi kevin,

 

i downloaded the Malwarebytes Anit-Rootkit from the link but initially chrome would not open the link on the first , then on the second go it opened the link and i downloaded and saved and installed Malwarebytes Anti-Rootkit. While running the mbar.exe it updated the database with new updates but would not run Malwarebytes Anti-Rootkit because the Malwarebytes Anti-Malware instance was running coz that also had the Rootkit in it. Only after closing the Malwarebytes Anti-Malware i was able to run the Malwarebytes Anti-Rootkit.  Just putting it here so that u know what i was doing and what was happening. 

 

The Anti-Rookit scanned and found the 10 malware entries and cleaned them. After a successful boot, tried the scan again and nothing was found in the scan. Attaching the log files as u requested.

 

Internet Access, Windows Update and windows Firewall are working fine.

 

i did not run the "fixdamage" tool from the Malwarebytes Anti-Rootkit folder. Do i need to run it now ? pls advise.

 

Also the security software in question is giving a lot of pop-ups to enable certain things. i haven't done anything with that uptil now. waiting for ur advise on how to go about it.

 

Also another thing to be mentioned is that I noticed a folder in Drive C with the name ZV and all the applications and other files similiar to the NetProtector Solution which is normally installed in the Program Files directory. What needs to be done about it? Is it Part of the same installation or installed by Malware.  

 

Malwarebytes Anti-Rootkit BETA 1.08.3.1004
www.malwarebytes.org
 
Database version:
  main:    v2015.02.04.04
  rootkit: v2015.02.03.01
 
Windows 7 x86 NTFS
Internet Explorer 8.0.7600.16385
Ritesh :: RITESH-PC [administrator]
 
04/02/2015 4:02:17 PM
mbar-log-2015-02-04 (16-02-17).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 296108
Time elapsed: 23 minute(s), 20 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 10
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\360tray.exe (Security.Hijack) -> Delete on reboot. [1460b763bbcfa5910a9f0fe1bd468977]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\antiviruspro_2010.exe (Security.Hijack) -> Delete on reboot. [b6beca5017733cfac797a5a349bbd52b]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\empty.jpg (Security.Hijack) -> Delete on reboot. [f282cb4f3852e4526f0526451aea6f91]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\HACKER.COM.CN.EXE (Security.Hijack) -> Delete on reboot. [88eca674e3a737ff63499fab30d4e41c]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MICROSOFT.EXE (Security.Hijack) -> Delete on reboot. [4f25cf4b4842a98d5e5cd576e1238e72]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MSA.EXE (Security.Hijack) -> Delete on reboot. [5b19d44644466ec8d800262531d35aa6]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\NEW FOLDER.EXE (Security.Hijack) -> Delete on reboot. [b3c131e933574fe750e259f37490f907]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SMSS32.EXE (Security.Hijack) -> Delete on reboot. [9ada8d8d9ceece68498c5cf12bd9e11f]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SVCH0ST.EXE (Security.Hijack) -> Delete on reboot. [353fc9517e0cc571ba53dd718c78b050]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\VCLEANER.EXE (Security.Hijack) -> Delete on reboot. [492b4bcf88025cda09a82d2133d1817f]
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)
 
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.08.3.1004
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.1.7600 Windows 7 x86
 
Account is Administrative
 
Internet Explorer version: 8.0.7600.16385
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 3.014000 GHz
Memory total: 2138628096, free: 880128000
 
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.08.3.1004
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.1.7600 Windows 7 x86
 
Account is Administrative
 
Internet Explorer version: 8.0.7600.16385
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 3.014000 GHz
Memory total: 2138628096, free: 861200384
 
Downloaded database version: v2015.02.04.04
Downloaded database version: v2015.02.03.01
Downloaded database version: v2014.12.06.01
=======================================
Initializing...
This version of Malwarebytes Anti-Rootkit requires you to completely exit the Malwarebytes Anti-Malware application to continue.
=======================================
 
 
Initializing...
======================
This version of Malwarebytes Anti-Rootkit requires you to completely exit the Malwarebytes Anti-Malware application to continue.
=======================================
 
 
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.08.3.1004
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.1.7600 Windows 7 x86
 
Account is Administrative
 
Internet Explorer version: 8.0.7600.16385
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 3.014000 GHz
Memory total: 2138628096, free: 988770304
 
=======================================
Initializing...
This version of Malwarebytes Anti-Rootkit requires you to completely exit the Malwarebytes Anti-Malware application to continue.
=======================================
 
 
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.08.3.1004
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.1.7600 Windows 7 x86
 
Account is Administrative
 
Internet Explorer version: 8.0.7600.16385
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 3.014000 GHz
Memory total: 2138628096, free: 1084903424
 
Initializing...
======================
------------ Kernel report ------------
     02/04/2015 16:02:00
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\halmacpi.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\DRIVERS\ACPI.sys
\SystemRoot\system32\DRIVERS\WMILIB.SYS
\SystemRoot\system32\DRIVERS\msisadrv.sys
\SystemRoot\system32\DRIVERS\pci.sys
\SystemRoot\system32\DRIVERS\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\DRIVERS\intelide.sys
\SystemRoot\system32\DRIVERS\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\atapi.sys
\SystemRoot\system32\DRIVERS\ataport.SYS
\SystemRoot\system32\DRIVERS\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\vmstorfl.sys
\SystemRoot\system32\DRIVERS\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\igdkmd32.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\dlkfet5b.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHDA.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\parvdm.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\??\C:\PROGRAM FILES\NET PROTECTOR 2015\npzvft32.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
----------- End -----------
Done!
 
Scan started
Database versions:
  main:    v2015.02.04.04
  rootkit: v2015.02.03.01
 
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff85608a90, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff85608778, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff85608a90, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff85526918, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff848a0610, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 3A613A60
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63  Numsec = 167766732
    Partition file system is NTFS
    Partition is bootable
 
    Partition 1 type is Extended with LBA (0xf)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 167766795  Numsec = 144793845
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
Disk Size: 160040803840 bytes
Sector size: 512 bytes
 
Done!
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\360tray.exe --> [security.Hijack]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\antiviruspro_2010.exe --> [security.Hijack]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\empty.jpg --> [security.Hijack]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\HACKER.COM.CN.EXE --> [security.Hijack]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MICROSOFT.EXE --> [security.Hijack]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MSA.EXE --> [security.Hijack]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\NEW FOLDER.EXE --> [security.Hijack]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SMSS32.EXE --> [security.Hijack]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SVCH0ST.EXE --> [security.Hijack]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\VCLEANER.EXE --> [security.Hijack]
Scan finished
Creating System Restore point...
Cleaning up...
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================
 
 

 

Link to post
Share on other sites

i ran the "fixdamage" tool and it applied a fix and rebooted the system. On reboot got a message asking to disable User Account Setting from BixSecure Labs Program to install software. This is the same security solution in question here. If i deny its request i keep getting a solve Error on every boot. Also somehow the browser is blocking me from accessing this site and everytime i try to open the forum page i get a page not found error and on multiple refresh i can finally see the page.  Pls Advise.

 

post-182860-0-67089200-1423054069_thumb.

 

 

Link to post
Share on other sites

hi kevin,

 

yes its the same security program , i apologize for the spelling mistake..my bad. I uninstalled the security program, performed the Malware AntiMalware twice and found a threat each time. i did quarantine each time. I am pasting the scan logs for the same in here. After a clean again installed the Security program but Malware Antiware detects one of the file from installation to be a Malware and quarantines it automatically. I am attaching all the logs here for ur reference.

 

Pls advice on next course of action. i apologize for attaching the xml logs. these are the only ones i could find.  

mbam-log-2015-02-05 (13-15-36).xml

mbam-log-2015-02-05 (13-34-56).xml

protection-log-2015-02-05.xml

Link to post
Share on other sites

hi kevin ,

 

Putting up some additional information. while installing the security software i was not connected to the internet. i connected only for registering and updating the software. Immediately i performed a scan with Malwarebytes Anti-ware and to my amusement i ending up with the Security Hijack errors again and it shows one file GHP3.exe an update to GHP2.exe to be infected and a Trojan Agent. Performed a quarantine operation. Posting a log below. Performing a scan again in the meantime. Pls advise. But it seems the Security Software itself is bundled with a trojan agent or its not doing what it is supposed to do. 

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 05/02/2015
Scan Time: 6:28:22 PM
Logfile: 
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2015.02.05.05
Rootkit Database: v2015.02.03.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7
CPU: x86
File System: NTFS
User: Ritesh
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 296894
Time Elapsed: 32 min, 56 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 10
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\360tray.exe, Quarantined, [0c069387b3d72b0bc854da18c04350b0], 
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\antiviruspro_2010.exe, Quarantined, [52c0e931018982b4b41dd07933d1eb15], 
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\empty.jpg, Quarantined, [b06255c523675adcfbec4329d0348d73], 
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\HACKER.COM.CN.EXE, Quarantined, [22f0a674f09a54e241de8fbd7094649c], 
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MICROSOFT.EXE, Quarantined, [bd5550cac5c5ab8bf637232a749017e9], 
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MSA.EXE, Quarantined, [6aa8a07a3e4cef47b09b2a2364a0d030], 
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\NEW FOLDER.EXE, Quarantined, [de349b7fb2d8e6505a4b55f858acf808], 
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SMSS32.EXE, Quarantined, [9a784bcf84064ee869dfe8670bf99e62], 
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SVCH0ST.EXE, Quarantined, [1af8a3773b4faa8c81fff6592ada24dc], 
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\VCLEANER.EXE, Quarantined, [d9390911f199c1752afa6de3d72d9868], 
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 2
PUM.Disabled.SecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|UpdatesDisableNotify, 1, Good: (0), Bad: (1),Replaced,[31e1c555c1c951e53028b5f80ff641bf]
PUM.Disabled.SecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|FirewallDisableNotify, 1, Good: (0), Bad: (1),Replaced,[4ac80f0b02885adcda7d5b5213f2b749]
 
Folders: 0
(No malicious items detected)
 
Files: 1
Trojan.Agent, C:\Program Files\Net Protector 2015\GHP3.EXE, Quarantined, [4ac878a26d1d79bd29dfd4ea996ca45c], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
Link to post
Share on other sites

In my opinion the security package you have installed is definitely suspicious, we already had malicious confirmation from Virus Total, also now we have similar prompts from Malwarebytes...

 

I firmly believe the security in question should be UNinstalled/removed from your system, it is definitely very suspicious.... Let me know how you want to progress.. Read the following link to fully understand PC security and best practices, you may find it useful....

 

http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/#entry2316629

 

Thanks,

 

Kevin...

Link to post
Share on other sites

hi kevin,

 

i think it is advisable to discontinue with the Security Software in question and look for another better option. i think for the time being i would like to uninstall the same software and perhaps install the ESET antivirus (trial version for 30 days) before coming on a solid option regarding the antivirus and in the meanwhile get the pc cleaned and uninfected. So i think i would definitely follow your advise on the same and continue with resolving this topic.  

Link to post
Share on other sites

Thanks for the logs, run the following:

 

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

 

Next,

 

Open Malwarebytes Anti-Malware, from the Dashboard please Check for Updates by clicking the Update Now... link

When the update completes select > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.

 

 

Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.

 

When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.

 

 

In most cases, a restart will be required.

 

 

Wait for the prompt to restart the computer to appear, then click on Yes.

 

 

When the scan is completed from the main GUI click on History > Application Logs. Find your Scan log, the date when run will identify it. Checkmark "select" box > then hit the "view" button. The history log window will open. At the bottom of that window are two options, "Copy to clipboard" and "Export"

Select > "Copy to clipboard" that copies the full log to the windows clipboard, so at your reply you right click into the text field and select "Paste" the log is pasted (copied) to  your reply.

 

Next,

 

run an online AV scan to ensure there are no remnants of any infection left on your system that may have been missed. This scan is very thorough and well worth running, it can take several hours please be patient and let it complete:

 

Run Eset Online Scanner

 

**Note** You will need to use Internet explorer for this scan - Vista and Windows 7/8 right click on IE shortcut and run as admin.

 

(To run ESET Online Scanner in a browser other than Internet Explorer, you'll need to download ESET SMART  Installer during the process)

 

Go to Eset web page http://www.eset.com/us/online-scanner/ to run an online scan from ESET.

 


Turn off the real time scanner of any existing antivirus program while performing the online scan
click on the Run ESET Online Scanner button
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the add/on to be installed
Click Start
Make sure that the option "Remove found threats"  is UNticked
Click on Advanced Settings, ensure the following options are checked:
 
Scan for potentially unsafe applications
Enable Anti-Stealth Technology
 
Click Scan
 
wait for the virus definitions to be downloaded
Wait for the scan to finish

 

When the scan is complete

 


If no threats were found
put a checkmark in "Uninstall application on close"
close program
report to me that nothing was found

 

If threats were found

 


click on "list of threats found"
click on "export to text file" and save it as ESET SCAN and save to the desktop
Click on back
put a checkmark in "Uninstall application on close"
click on finish

 

close program

 

Copy and paste the report in next reply.

 

Let me see those logs, also give an updaye on any remaining issues or concerns.....

 

Kevin...

 

 

 

Fixlist.txt

Link to post
Share on other sites

hi,

 

i ran the fixlist file from FRST. one thing that i have noticed is that it frees a lot of RAM and also unblocks my keyboard in some otherwise certain keys would get locked or the system response would be very close. Pls find the attached logs as you requested.

 

 

ESET Scan - No threats found in online scan.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 05-02-2015
Ran by Ritesh at 2015-02-06 18:44:37 Run:2
Running from C:\Downloads
Loaded Profiles: Ritesh (Available profiles: Ritesh)
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
start
HKU\S-1-5-21-402215625-2697488044-1135593907-1001\...\Winlogon: [shell] C:\Windows\Explorer.exe [2613248 2009-07-14] (Microsoft Corporation) <==== ATTENTION 
IFEO\(??????.exe: [Debugger] M-NPAV
IFEO\AAAAAAAA.EXE: [Debugger] B-NPAV
IFEO\ACLEANER.EXE: [Debugger] B-NPAV
IFEO\Adobe Gamma Loader.com: [Debugger] B-NPAV
IFEO\Adobe update.com: [Debugger] B-NPAV
IFEO\ahnabc.exe: [Debugger] B-NPAV
IFEO\AMT_WEBSSEARCHES.EXE: [Debugger] B-NPAV
IFEO\APPDATADB.EXE: [Debugger] B-NPAV
IFEO\ARKING.EXE: [Debugger] B-NPAV
IFEO\asd26.tmp.exe: [Debugger] B-NPAV
IFEO\AutoDrive.exe: [Debugger] B-NPAV
IFEO\ave.exe: [Debugger] B-NPAV
IFEO\AWESOMEHP.EXE: [Debugger] B-NPAV
IFEO\best7.exe: [Debugger] B-NPAV
IFEO\blank.doc: [Debugger] B-NPAV
IFEO\bprotect.exe: [Debugger] B-NPAV
IFEO\BUENOSEARCHTB: [Debugger] B-NPAV
IFEO\cista.exe: [Debugger] B-NPAV
IFEO\COMMGR.EXE: [Debugger] B-NPAV
IFEO\COOL_GAMESETUP.EXE: [Debugger] B-NPAV
IFEO\CSSRSS.EXE: [Debugger] B-NPAV
IFEO\DEFAULTTABHOST.EXE: [Debugger] B-NPAV
IFEO\desk365.exe: [Debugger] B-NPAV
IFEO\DISETYPKIDOZ.EXE: [Debugger] B-NPAV
IFEO\DRVGUARD.EXE: [Debugger] B-NPAV
IFEO\EDEALSPOP.EXE: [Debugger] B-NPAV
IFEO\EKSPLORASI.EXE: [Debugger] B-NPAV
IFEO\empty.pif: [Debugger] B-NPAV
IFEO\FAENOL.EXE: [Debugger] B-NPAV
IFEO\FindRight.FirstRun.exe: [Debugger] B-NPAV
IFEO\firefox2.exe: [Debugger] B-NPAV
IFEO\FKREKK456.EXE: [Debugger] B-NPAV
IFEO\GNJA.EXE: [Debugger] B-NPAV
IFEO\google.com: [Debugger] B-NPAV
IFEO\gphone.exe: [Debugger] B-NPAV
IFEO\HACKER.COM.CN.EXE: [Debugger] B-NPAV
IFEO\HELLOPUPPY.EXE: [Debugger] B-NPAV
IFEO\hexsvchost.exe: [Debugger] B-NPAV
IFEO\hhgnrddkjee.exe: [Debugger] B-NPAV
IFEO\ibsvc.exe: [Debugger] B-NPAV
IFEO\igfxdvb32.exe: [Debugger] B-NPAV
IFEO\ILD_QONE8.EXE: [Debugger] B-NPAV
IFEO\INBOXACE[1].EXE: [Debugger] B-NPAV
IFEO\INOVICE COPY(1).EXE: [Debugger] B-NPAV
IFEO\Internet Explorer Settings.exe: [Debugger] B-NPAV
IFEO\ISE32.EXE: [Debugger] B-NPAV
IFEO\juzjf.exe: [Debugger] B-NPAV
IFEO\khatra.exe: [Debugger] B-NPAV
IFEO\lbisov.exe: [Debugger] B-NPAV
IFEO\LIDLLLA.EXE: [Debugger] B-NPAV
IFEO\LLY_ISTARTSURF.EXE: [Debugger] B-NPAV
IFEO\LOAD[1].EXE: [Debugger] B-NPAV
IFEO\MAKARONI.EXE: [Debugger] B-NPAV
IFEO\MgAssist.exe: [Debugger] B-NPAV
IFEO\MGRSVN.EXE: [Debugger] B-NPAV
IFEO\MMMPC.EXE: [Debugger] B-NPAV
IFEO\MONILOR.EXE: [Debugger] B-NPAV
IFEO\MOVIEMODE.EXE: [Debugger] B-NPAV
IFEO\moviemodeservice.exe: [Debugger] B-NPAV
IFEO\MRPKY.EXE: [Debugger] B-NPAV
IFEO\MS-DOS.COM: [Debugger] B-NPAV
IFEO\MSB.EXE: [Debugger] B-NPAV
IFEO\msconfig32.exe: [Debugger] B-NPAV
IFEO\MSMXENG.EXE: [Debugger] B-NPAV
IFEO\MSVMIODE.EXE: [Debugger] B-NPAV
IFEO\mwaser.exe: [Debugger] B-NPAV
IFEO\My Documents.exe: [Debugger] B-NPAV
IFEO\NEW FOLDER .EXE: [Debugger] B-NPAV
IFEO\new29.exe: [Debugger] B-NPAV
IFEO\nsvb.exe: [Debugger] B-NPAV
IFEO\ONEBROWSESERVICE.EXE: [Debugger] B-NPAV
IFEO\ONEKIT4FFX.EXE: [Debugger] B-NPAV
IFEO\Outdoor Amateur.exe: [Debugger] B-NPAV
IFEO\Passwords.exe: [Debugger] B-NPAV
IFEO\PHIM HAI CUC HAY.EXE: [Debugger] B-NPAV
IFEO\PHYSICALDRIVE2.COM: [Debugger] B-NPAV
IFEO\PLUGINSERVICE.EXE: [Debugger] B-NPAV
IFEO\popupzv.exe: [Debugger] B-NPAV
IFEO\PRINCE(2010)-PDVDRIP{NEWSOURCE}-1CDRIP-XVID-MP3-[DRC].EXE: [Debugger] B-NPAV
IFEO\PROTECTWINDOWSMANAGER.EXE: [Debugger] B-NPAV
IFEO\PURCHASE ORDER..EXE: [Debugger] B-NPAV
IFEO\PURCHASE-ORDERS.EXE: [Debugger] B-NPAV
IFEO\PUSK3.EXE: [Debugger] B-NPAV
IFEO\QONE8.EXE: [Debugger] B-NPAV
IFEO\RABC.EXE: [Debugger] B-NPAV
IFEO\RADSTEROIDS64.EXE: [Debugger] B-NPAV
IFEO\RECYCLE.EXE: [Debugger] B-NPAV
IFEO\RECYCLEBINPROTECT.EXE: [Debugger] B-NPAV
IFEO\RECYCLED.SCR: [Debugger] B-NPAV
IFEO\RECYCLER.EXE: [Debugger] B-NPAV
IFEO\regsvr.exe: [Debugger] B-NPAV
IFEO\Rensolu.exe: [Debugger] B-NPAV
IFEO\Rensolve.exe: [Debugger] B-NPAV
IFEO\rknew.cc3: [Debugger] B-NPAV
IFEO\runouce.exe: [Debugger] B-NPAV
IFEO\SafeDrvse.exe: [Debugger] B-NPAV
IFEO\SAVESENSELIVE.EXE: [Debugger] B-NPAV
IFEO\SCVHOST.EXE: [Debugger] B-NPAV
IFEO\SEABI.EXE: [Debugger] B-NPAV
IFEO\SEARCHPROTECT1204.EXE: [Debugger] B-NPAV
IFEO\SecureDrive.exe: [Debugger] B-NPAV
IFEO\serivces.exe: [Debugger] B-NPAV
IFEO\SFPSNEW1_QONE8.EXE: [Debugger] B-NPAV
IFEO\SFPSNEW3_QONE8.EXE: [Debugger] B-NPAV
IFEO\SHELLOPEN.EXE: [Debugger] B-NPAV
IFEO\SHOPPERPROJSINJFULL.EXE: [Debugger] B-NPAV
IFEO\sienozv.exe: [Debugger] B-NPAV
IFEO\SmdmFService.exe: [Debugger] B-NPAV
IFEO\SMSS32.EXE: [Debugger] B-NPAV
IFEO\SMT_OMIGA-PLUS_NEW.EXE: [Debugger] B-NPAV
IFEO\SPECIJALAC.EXE: [Debugger] B-NPAV
IFEO\spoclsv.exe: [Debugger] B-NPAV
IFEO\SVCH0ST.EXE: [Debugger] B-NPAV
IFEO\SVCHAST.EXE: [Debugger] B-NPAV
IFEO\SVCHOSTS.EXE: [Debugger] B-NPAV
IFEO\svcst.exe: [Debugger] B-NPAV
IFEO\SysAnti.exe: [Debugger] B-NPAV
IFEO\SYSDIAG64.EXE: [Debugger] B-NPAV
IFEO\SYSDRIVER32_.EXE: [Debugger] B-NPAV
IFEO\SYSMNGR32.EXE: [Debugger] B-NPAV
IFEO\SYSTEM3_.EXE: [Debugger] B-NPAV
IFEO\systim32.exe: [Debugger] B-NPAV
IFEO\TCPWAMMLIB.EXE: [Debugger] B-NPAV
IFEO\TCPWANBLIB.EXE: [Debugger] B-NPAV
IFEO\Tuneup.exe: [Debugger] B-NPAV
IFEO\TXPLATFORM.EXE: [Debugger] B-NPAV
IFEO\ucigxo.exe: [Debugger] B-NPAV
IFEO\updateFindRight.exe: [Debugger] B-NPAV
IFEO\UPDATEMELONDREA.EXE: [Debugger] B-NPAV
IFEO\UPDATEOUTOBOX.EXE: [Debugger] B-NPAV
IFEO\userini.exe: [Debugger] B-NPAV
IFEO\utilluckyleap.exe: [Debugger] B-NPAV
IFEO\UTILOUTOBOX.EXE: [Debugger] B-NPAV
IFEO\VCLEANER.EXE: [Debugger] B-NPAV
IFEO\VOICEMAIL_MUMBAI.EXE: [Debugger] B-NPAV
IFEO\VRT5.TMP: [Debugger] B-NPAV
IFEO\VRT75.TMP: [Debugger] B-NPAV
IFEO\VSBNTLO.EXE: [Debugger] B-NPAV
IFEO\vuout.exe: [Debugger] B-NPAV
IFEO\watermark.exe: [Debugger] B-NPAV
IFEO\WEBSHIELD64.EXE: [Debugger] B-NPAV
IFEO\WEBSSEARCHES_0905-11F33B8C.EXE: [Debugger] B-NPAV
IFEO\WEBSTEROIDS64.EXE: [Debugger] B-NPAV
IFEO\WIHELP32.EXE: [Debugger] B-NPAV
IFEO\WIN7.EXE: [Debugger] B-NPAV
IFEO\WINDLL.EXE: [Debugger] B-NPAV
IFEO\WinHdvm32.exe: [Debugger] B-NPAV
IFEO\WINMINEA.EXE: [Debugger] B-NPAV
IFEO\WINSVCHOSTS.EXE: [Debugger] B-NPAV
IFEO\WINSYSTEM.EXE: [Debugger] B-NPAV
IFEO\WMFCGR.EXE: [Debugger] B-NPAV
IFEO\WMISTIP.EXE: [Debugger] B-NPAV
IFEO\WMPRWISE.EXE: [Debugger] B-NPAV
IFEO\wnzip32.exe: [Debugger] B-NPAV
IFEO\WPM_V18.8.0.273.EXE: [Debugger] B-NPAV
IFEO\WPM_V20.0.0.401.EXE: [Debugger] B-NPAV
IFEO\WPROTECTMANAGER.EXE: [Debugger] B-NPAV
IFEO\WUAUCLDT.EXE: [Debugger] B-NPAV
IFEO\xiazaii.exe: [Debugger] B-NPAV
IFEO\YDNED.EXE: [Debugger] B-NPAV
IFEO\ZIPAS.EXE: [Debugger] B-NPAV
IFEO\?.exe: [Debugger] M-NPAV
BootExecute: autocheck autochk * nprootkt.exe
S1 WNPPORTFR; system32\drivers\WNPPORTFR.sys [X]
2015-02-05 16:58 - 2011-09-19 20:25 - 00049152 _____ (Biz Secure Labs Pvt Ltd.) C:\Users\Ritesh\NPProt.bkp
C:\Users\Ritesh\AppData\Local\Temp\InstHelper.exe
C:\Users\Ritesh\AppData\Local\Temp\NEventMessages.dll
C:\Users\Ritesh\AppData\Local\Temp\NOSEventMessages.dll
C:\Users\Ritesh\AppData\Local\Temp\sqlite3.dll
Hosts:
Emptytemp:
end
 
 
 
*****************
 
HKU\S-1-5-21-402215625-2697488044-1135593907-1001\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\(??????.exe => Key not found. 
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\AAAAAAAA.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ACLEANER.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\Adobe Gamma Loader.com" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\Adobe update.com" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ahnabc.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\AMT_WEBSSEARCHES.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\APPDATADB.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ARKING.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\asd26.tmp.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\AutoDrive.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ave.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\AWESOMEHP.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\best7.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\blank.doc" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bprotect.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\BUENOSEARCHTB" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\cista.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\COMMGR.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\COOL_GAMESETUP.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\CSSRSS.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\DEFAULTTABHOST.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\desk365.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\DISETYPKIDOZ.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\DRVGUARD.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\EDEALSPOP.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\EKSPLORASI.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\empty.pif" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\FAENOL.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\FindRight.FirstRun.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\firefox2.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\FKREKK456.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\GNJA.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\google.com" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\gphone.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\HACKER.COM.CN.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\HELLOPUPPY.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\hexsvchost.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\hhgnrddkjee.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ibsvc.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\igfxdvb32.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ILD_QONE8.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\INBOXACE[1].EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\INOVICE COPY(1).EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\Internet Explorer Settings.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ISE32.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\juzjf.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\khatra.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\lbisov.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\LIDLLLA.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\LLY_ISTARTSURF.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\LOAD[1].EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MAKARONI.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MgAssist.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MGRSVN.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MMMPC.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MONILOR.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MOVIEMODE.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\moviemodeservice.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MRPKY.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MS-DOS.COM" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MSB.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\msconfig32.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MSMXENG.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MSVMIODE.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mwaser.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\My Documents.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\NEW FOLDER .EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\new29.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\nsvb.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ONEBROWSESERVICE.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ONEKIT4FFX.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\Outdoor Amateur.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\Passwords.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\PHIM HAI CUC HAY.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\PHYSICALDRIVE2.COM" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\PLUGINSERVICE.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\popupzv.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\PRINCE(2010)-PDVDRIP{NEWSOURCE}-1CDRIP-XVID-MP3-[DRC].EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\PROTECTWINDOWSMANAGER.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\PURCHASE ORDER..EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\PURCHASE-ORDERS.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\PUSK3.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\QONE8.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\RABC.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\RADSTEROIDS64.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\RECYCLE.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\RECYCLEBINPROTECT.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\RECYCLED.SCR" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\RECYCLER.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\regsvr.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\Rensolu.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\Rensolve.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\rknew.cc3" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\runouce.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SafeDrvse.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SAVESENSELIVE.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SCVHOST.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SEABI.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SEARCHPROTECT1204.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SecureDrive.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\serivces.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SFPSNEW1_QONE8.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SFPSNEW3_QONE8.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SHELLOPEN.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SHOPPERPROJSINJFULL.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\sienozv.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SmdmFService.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SMSS32.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SMT_OMIGA-PLUS_NEW.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SPECIJALAC.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\spoclsv.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SVCH0ST.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SVCHAST.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SVCHOSTS.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\svcst.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SysAnti.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SYSDIAG64.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SYSDRIVER32_.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SYSMNGR32.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SYSTEM3_.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\systim32.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\TCPWAMMLIB.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\TCPWANBLIB.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\Tuneup.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\TXPLATFORM.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ucigxo.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\updateFindRight.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\UPDATEMELONDREA.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\UPDATEOUTOBOX.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\userini.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\utilluckyleap.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\UTILOUTOBOX.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\VCLEANER.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\VOICEMAIL_MUMBAI.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\VRT5.TMP" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\VRT75.TMP" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\VSBNTLO.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\vuout.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\watermark.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\WEBSHIELD64.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\WEBSSEARCHES_0905-11F33B8C.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\WEBSTEROIDS64.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\WIHELP32.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\WIN7.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\WINDLL.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\WinHdvm32.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\WINMINEA.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\WINSVCHOSTS.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\WINSYSTEM.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\WMFCGR.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\WMISTIP.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\WMPRWISE.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\wnzip32.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\WPM_V18.8.0.273.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\WPM_V20.0.0.401.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\WPROTECTMANAGER.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\WUAUCLDT.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\xiazaii.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\YDNED.EXE" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ZIPAS.EXE" => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\?.exe => Key not found. 
HKLM\System\CurrentControlSet\Control\Session Manager\\BootExecute => Value was restored successfully.
WNPPORTFR => Service deleted successfully.
C:\Users\Ritesh\NPProt.bkp => Moved successfully.
C:\Users\Ritesh\AppData\Local\Temp\InstHelper.exe => Moved successfully.
C:\Users\Ritesh\AppData\Local\Temp\NEventMessages.dll => Moved successfully.
C:\Users\Ritesh\AppData\Local\Temp\NOSEventMessages.dll => Moved successfully.
C:\Users\Ritesh\AppData\Local\Temp\sqlite3.dll => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 283.5 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 18:45:04 ====
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 06/02/2015
Scan Time: 6:54:44 PM
Logfile: 
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2015.02.06.04
Rootkit Database: v2015.02.03.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7
CPU: x86
File System: NTFS
User: Ritesh
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 296200
Time Elapsed: 21 min, 32 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 2
PUM.Disabled.SecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|UpdatesDisableNotify, 1, Good: (0), Bad: (1),Replaced,[18fa48d2c9c10630b33c337b4cb9ae52]
PUM.Disabled.SecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|FirewallDisableNotify, 1, Good: (0), Bad: (1),Replaced,[a46e22f84446bb7bba34cde10afb857b]
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
Link to post
Share on other sites

hi kevin,

 

Presently the system is working ok. I have a few doubts i would like to get cleared from you. Mostly i use the system for Java and Android development, checking mails, facebook, twitter.

 

i have 4GB RAM and a P4 machine but still whenever i am connected to the internet the Chrome Browser works slow sometimes, i have seen the "he's dead Jim" screen a couple of times before but not recently but as though i am feeling the effects of a keylogger of some kind whenever i am typing into the browser. i know chrome needs a lot of memory resources but this behaviour is difficult to understand.

 

Secondly i use FlashGet 3 as a download manager with my Firefox browser. i have read through the earlier Malwarebytes blogs that the FlashGetBHO.dll that comes with it has security concerns . Could this particular Application be the reason now for this weird behaviour?  

 

Pasting the FRST log as you requested.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 05-02-2015
Ran by Ritesh (administrator) on RITESH-PC on 07-02-2015 12:56:00
Running from C:\Downloads
Loaded Profiles: Ritesh (Available profiles: Ritesh)
Platform: Microsoft Windows 7 Professional  (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Trend Media Corporation Limited) C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Nokia) C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\WZQKPICK.EXE
(Nokia) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10996368 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [KiesTrayAgent] => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [311616 2015-01-14] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5088456 2014-10-01] (ESET)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-402215625-2697488044-1135593907-1001\...\Run: [FlashGet 3] => C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe [3377256 2013-04-18] (Trend Media Corporation Limited)
HKU\S-1-5-21-402215625-2697488044-1135593907-1001\...\Run: [] => [X]
HKU\S-1-5-21-402215625-2697488044-1135593907-1001\...\Run: [NokiaSuite.exe] => C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe [1092448 2014-11-19] (Nokia)
HKU\S-1-5-21-402215625-2697488044-1135593907-1001\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-402215625-2697488044-1135593907-1001\...\Policies\Explorer: [NoRecentDocsMenu] 0
HKU\S-1-5-21-402215625-2697488044-1135593907-1001\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-402215625-2697488044-1135593907-1001\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-21-402215625-2697488044-1135593907-1001\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-402215625-2697488044-1135593907-1001\...\Policies\Explorer: [NoViewContextMenu] 0
IFEO\(प्रश्न.exe: [Debugger] M-NPAV
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
ShortcutTarget: WinZip Quick Pick.lnk -> C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-402215625-2697488044-1135593907-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/en-in/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: FlashGetBHO -> {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} -> C:\Users\Ritesh\AppData\Roaming\FlashGetBHO\FlashGetBHO.dll ()
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Tcpip\Parameters: [DhcpNameServer] 59.185.0.23 59.185.0.50
 
FireFox:
========
FF ProfilePath: C:\Users\Ritesh\AppData\Roaming\Mozilla\Firefox\Profiles\cmqgt7yz.default-1422872131660
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @nokia.com/EnablerPlugin -> C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
Chrome: 
=======
CHR HomePage: Default -> 
CHR Profile: C:\Users\Ritesh\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Ritesh\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-30]
CHR Extension: (Google Docs) - C:\Users\Ritesh\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-30]
CHR Extension: (Google Drive) - C:\Users\Ritesh\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-30]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Ritesh\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-30]
CHR Extension: (WOT) - C:\Users\Ritesh\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2015-02-05]
CHR Extension: (YouTube) - C:\Users\Ritesh\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-30]
CHR Extension: (Google Search) - C:\Users\Ritesh\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-30]
CHR Extension: (Google Sheets) - C:\Users\Ritesh\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-30]
CHR Extension: (NetBeans Connector) - C:\Users\Ritesh\AppData\Local\Google\Chrome\User Data\Default\Extensions\hafdlehgocfcodbgjnpecfajgkeejnaa [2015-01-30]
CHR Extension: (Google Wallet) - C:\Users\Ritesh\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-30]
CHR Extension: (Gmail) - C:\Users\Ritesh\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-30]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [1349576 2014-10-01] (ESET)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [191928 2014-08-18] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [135296 2014-08-18] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [123424 2014-09-18] (ESET)
S3 FETNDIS; C:\Windows\System32\DRIVERS\fetnd6.sys [44032 2009-07-14] (VIA Technologies, Inc.              )
R3 FETNDISB; C:\Windows\System32\DRIVERS\dlkfet5b.sys [46080 2006-12-27] (D-Link                              )
S3 gdrv; C:\Windows\gdrv.sys [17488 2015-01-30] (Windows ® 2000 DDK provider)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-02-07] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-07 12:33 - 2015-02-07 12:38 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d042a421b6d67d.job
2015-02-07 12:33 - 2015-02-07 12:38 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d042a421452743.job
2015-02-06 19:19 - 2015-02-06 19:20 - 02347384 _____ (ESET) C:\Users\Ritesh\Desktop\esetsmartinstaller_enu.exe
2015-02-06 13:59 - 2015-02-06 21:54 - 00000000 ____D () C:\Program Files\ESET
2015-02-06 13:59 - 2015-02-06 13:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2015-02-06 13:59 - 2015-02-06 13:59 - 00000000 ____D () C:\ProgramData\ESET
2015-02-06 13:44 - 2011-12-28 17:12 - 00038400 _____ () C:\Windows\system32\npzvft32.sys
2015-02-05 20:50 - 2015-02-06 13:38 - 00000276 _____ () C:\Windows\system32\NTV.txt
2015-02-05 20:50 - 2015-02-06 13:38 - 00000021 _____ () C:\Windows\system32\services.txt
2015-02-05 20:39 - 2015-02-05 20:39 - 00001112 _____ () C:\Users\Ritesh\Desktop\npremoval.txt
2015-02-05 20:07 - 2015-02-05 20:08 - 01761992 ____N (ESET) C:\Users\Ritesh\Desktop\eset_nod32_antivirus_live_installer_.exe
2015-02-05 16:55 - 2015-02-05 16:55 - 00000000 ____D () C:\ProgramData\PControl
2015-02-05 13:05 - 2015-02-06 13:44 - 00006160 _____ () C:\clnuninst.ini
2015-02-05 13:04 - 2015-02-05 13:05 - 00003763 _____ () C:\NpAvUnInstall.log
2015-02-04 16:02 - 2015-02-05 15:14 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-02-04 15:53 - 2015-02-05 15:14 - 00000000 ____D () C:\Users\Ritesh\Desktop\mbar
2015-02-04 15:51 - 2015-02-04 15:53 - 16466552 ____N (Malwarebytes Corp.) C:\Users\Ritesh\Desktop\mbar-1.08.3.1004.exe
2015-02-04 14:53 - 2015-02-02 23:43 - 01388274 ____N (Thisisu) C:\Users\Ritesh\Desktop\JRT_NEW.exe
2015-02-03 17:51 - 2015-02-03 17:51 - 00000000 ____D () C:\Users\Ritesh\Desktop\rkill
2015-02-03 17:50 - 2015-02-03 17:50 - 01943800 ____N (Bleeping Computer, LLC) C:\Users\Ritesh\Desktop\rkill.exe
2015-02-03 17:22 - 2014-12-31 13:15 - 110348472 ____N (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-02 14:37 - 2015-02-02 14:37 - 00000000 ____D () C:\Windows\ERUNT
2015-02-02 14:25 - 2015-02-05 16:45 - 00000000 ____D () C:\AdwCleaner
2015-02-01 14:27 - 2015-02-07 12:56 - 00000000 ____D () C:\FRST
2015-02-01 13:07 - 2015-02-01 13:07 - 00000248 _____ () C:\Windows\system32\secustat.dat
2015-02-01 02:39 - 2015-02-06 05:23 - 00002113 _____ () C:\FSBootRpt.log
2015-02-01 02:39 - 2015-02-06 05:23 - 00000055 _____ () C:\npresq.ini
2015-01-31 16:45 - 2015-01-31 16:45 - 00000000 ____D () C:\Users\Ritesh\AppData\Roaming\MPC-HC
2015-01-31 16:35 - 2015-01-31 16:35 - 00001948 _____ () C:\Users\Public\Desktop\Samsung Kies (Lite).lnk
2015-01-31 16:35 - 2015-01-31 16:35 - 00001938 _____ () C:\Users\Public\Desktop\Samsung Kies.lnk
2015-01-31 16:35 - 2015-01-31 16:35 - 00000000 ____D () C:\Users\Ritesh\Documents\samsung
2015-01-31 16:35 - 2015-01-31 16:35 - 00000000 ____D () C:\Users\Ritesh\AppData\Roaming\Samsung
2015-01-31 16:35 - 2015-01-31 16:35 - 00000000 ____D () C:\Users\Ritesh\AppData\Local\Samsung
2015-01-31 16:35 - 2015-01-31 16:35 - 00000000 ____D () C:\Users\Public\Documents\NativeFus_Log
2015-01-31 16:34 - 2015-01-31 16:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec
2015-01-31 16:31 - 2015-01-31 16:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2015-01-31 16:31 - 2013-12-30 10:53 - 04659712 ____N (Dmitry Streblechenko) C:\Windows\system32\Redemption.dll
2015-01-31 16:31 - 2013-12-30 10:53 - 00144664 ____N (MAPILab Ltd. & Add-in Express Ltd.) C:\Windows\system32\secman.dll
2015-01-31 16:30 - 2013-12-30 10:52 - 00821824 ____N (Devguru Co., Ltd.) C:\Windows\system32\dgderapi.dll
2015-01-31 16:29 - 2015-01-31 16:34 - 00000000 ____D () C:\ProgramData\Samsung
2015-01-31 16:29 - 2015-01-31 16:34 - 00000000 ____D () C:\Program Files\Samsung
2015-01-31 16:28 - 2015-01-31 16:28 - 00000000 ____D () C:\Users\Ritesh\AppData\Local\Downloaded Installations
2015-01-31 16:25 - 2015-01-31 16:26 - 00000000 ____D () C:\Users\Ritesh\AppData\Local\Nokia
2015-01-31 16:25 - 2015-01-31 16:25 - 00000000 ____D () C:\Users\Ritesh\AppData\Roaming\PC Suite
2015-01-31 16:25 - 2015-01-31 16:25 - 00000000 ____D () C:\ProgramData\PC Suite
2015-01-31 16:24 - 2015-01-31 16:25 - 00000000 ____D () C:\ProgramData\Nokia
2015-01-31 16:24 - 2015-01-31 16:24 - 00002047 _____ () C:\Users\Public\Desktop\Nokia Suite.lnk
2015-01-31 16:24 - 2015-01-31 16:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nokia
2015-01-31 16:24 - 2015-01-31 16:24 - 00000000 ____D () C:\Program Files\Common Files\Nokia
2015-01-31 16:23 - 2015-01-31 16:23 - 00010500 _____ () C:\Windows\DPINST.LOG
2015-01-31 16:23 - 2015-01-31 16:23 - 00000000 ____D () C:\Program Files\PC Connectivity Solution
2015-01-31 16:23 - 2015-01-31 16:23 - 00000000 ____D () C:\Program Files\DIFX
2015-01-31 16:23 - 2012-10-17 14:53 - 00019072 ____N (Nokia) C:\Windows\system32\Drivers\pccsmcfd.sys
2015-01-31 16:22 - 2013-01-23 10:31 - 00075264 ____N (Nokia) C:\Windows\system32\nmwcdcls.dll
2015-01-31 16:21 - 2015-01-31 16:24 - 00000000 ____D () C:\Program Files\Nokia
2015-01-31 16:21 - 2015-01-31 16:21 - 00000000 ____D () C:\ProgramData\NokiaInstallerCache
2015-01-31 16:15 - 2015-01-31 18:37 - 00000598 _____ () C:\Windows\system32\secushr.dat
2015-01-31 16:04 - 2015-01-31 16:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2015-01-31 16:04 - 2015-01-31 16:04 - 00000000 ____D () C:\Program Files\K-Lite Codec Pack
2015-01-31 16:04 - 2014-12-21 19:27 - 03588608 ____N (x264vfw project) C:\Windows\system32\x264vfw.dll
2015-01-31 16:04 - 2014-12-05 04:25 - 00655872 ____N () C:\Windows\system32\xvidcore.dll
2015-01-31 16:04 - 2014-12-02 19:40 - 00218712 ____N () C:\Windows\system32\unrar.dll
2015-01-31 16:04 - 2014-11-14 19:41 - 00240128 ____N () C:\Windows\system32\xvidvfw.dll
2015-01-31 16:04 - 2012-07-21 17:24 - 00122880 ____N (fccHandler) C:\Windows\system32\ac3acm.acm
2015-01-31 16:04 - 2011-12-08 00:02 - 00216064 ____N ( ) C:\Windows\system32\lagarith.dll
2015-01-31 15:48 - 2015-01-31 15:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinMerge
2015-01-31 15:48 - 2015-01-31 15:48 - 00000000 ____D () C:\Program Files\WinMerge
2015-01-31 15:34 - 2015-02-06 16:48 - 00000000 ____D () C:\Users\Ritesh\AppData\Roaming\Skype
2015-01-31 15:34 - 2015-01-31 15:34 - 00002685 _____ () C:\Users\Public\Desktop\Skype.lnk
2015-01-31 15:34 - 2015-01-31 15:34 - 00000000 ____D () C:\Users\Ritesh\AppData\Local\Skype
2015-01-31 15:34 - 2015-01-31 15:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-01-31 15:34 - 2015-01-31 15:34 - 00000000 ____D () C:\Program Files\Common Files\Skype
2015-01-31 15:33 - 2015-01-31 15:34 - 00000000 ___RD () C:\Program Files\Skype
2015-01-31 15:33 - 2015-01-31 15:34 - 00000000 ____D () C:\ProgramData\Skype
2015-01-31 14:59 - 2015-01-31 14:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-01-31 14:59 - 2015-01-31 14:59 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-01-31 14:58 - 2015-01-31 14:58 - 00000000 ____D () C:\Users\Ritesh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
2015-01-31 14:58 - 2015-01-31 14:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2015-01-31 14:57 - 2015-01-31 15:03 - 00000000 ____D () C:\Users\Ritesh\AppData\Roaming\Notepad++
2015-01-31 14:57 - 2015-01-31 14:58 - 00000000 ____D () C:\Program Files\Notepad++
2015-01-31 14:47 - 2015-01-31 14:47 - 00001209 ____N () C:\Users\Ritesh\Desktop\FlashGet3.lnk
2015-01-31 14:47 - 2015-01-31 14:47 - 00000025 _____ () C:\Windows\emcore.INI
2015-01-31 14:46 - 2015-02-06 13:48 - 00000000 ____D () C:\Users\Ritesh\AppData\Roaming\BITS
2015-01-31 14:46 - 2015-02-05 20:50 - 00000000 ____D () C:\Users\Ritesh\AppData\Roaming\FlashGetBHO
2015-01-31 14:46 - 2015-02-05 17:08 - 00000000 ____D () C:\Program Files\7-Zip
2015-01-31 14:46 - 2015-02-01 13:07 - 00000000 ____D () C:\Users\Ritesh\AppData\Roaming\FlashGet
2015-01-31 14:46 - 2015-01-31 14:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FlashGet3.7
2015-01-31 14:46 - 2015-01-31 14:46 - 00000000 ____D () C:\Users\Ritesh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FlashGet3.7
2015-01-31 14:46 - 2015-01-31 14:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2015-01-31 14:46 - 2015-01-31 14:46 - 00000000 ____D () C:\Program Files\FlashGet Network
2015-01-31 13:02 - 2015-01-31 13:02 - 00266407 __RSH () C:\QAFNI
2015-01-31 13:02 - 2015-01-31 13:02 - 00000020 __RSH () C:\win7.ld
2015-01-31 09:15 - 2015-01-31 09:15 - 00001345 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2015-01-31 09:14 - 2015-02-07 12:15 - 00606385 _____ () C:\Windows\WindowsUpdate.log
2015-01-31 09:14 - 2015-01-31 09:14 - 00001326 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2015-01-31 09:11 - 2015-01-31 09:12 - 00001313 _____ () C:\Windows\TSSysprep.log
2015-01-31 09:09 - 2015-01-31 09:09 - 00008192 __RSH () C:\BOOTSECT.BAK
2015-01-31 09:09 - 2015-01-30 19:49 - 00000000 ____D () C:\Windows\Panther
2015-01-31 09:09 - 2009-07-14 07:08 - 00383562 __RSH () C:\bootmgr
2015-01-30 23:57 - 2015-01-30 23:57 - 00000000 ____D () C:\Users\Ritesh\AppData\Roaming\WinRAR
2015-01-30 23:56 - 2015-02-06 05:11 - 00000000 ____D () C:\Program Files\WinRAR
2015-01-30 23:56 - 2015-01-30 23:56 - 00000000 ____D () C:\Users\Ritesh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-01-30 23:56 - 2015-01-30 23:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-01-30 23:51 - 2015-02-07 12:14 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-30 23:50 - 2015-02-05 14:32 - 00082648 ____N (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-30 23:50 - 2015-01-30 23:50 - 00001060 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-30 23:50 - 2015-01-30 23:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-30 23:50 - 2015-01-30 23:50 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-30 23:50 - 2015-01-30 23:50 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-01-30 23:50 - 2014-11-21 06:14 - 00051928 ____N (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-30 23:50 - 2014-11-21 06:14 - 00023256 ____N (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-30 23:13 - 2015-01-30 23:14 - 00000000 ____D () C:\ProgramData\WinZip
2015-01-30 23:13 - 2015-01-30 23:13 - 00002021 ____N () C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk
2015-01-30 23:13 - 2015-01-30 23:13 - 00002015 _____ () C:\Users\Public\Desktop\WinZip.lnk
2015-01-30 23:13 - 2015-01-30 23:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2015-01-30 23:13 - 2015-01-30 23:13 - 00000000 ____D () C:\Program Files\WinZip
2015-01-30 23:00 - 2015-01-30 23:00 - 00000000 ____D () C:\Users\Ritesh\AppData\Roaming\Adobe
2015-01-30 22:51 - 2015-01-30 22:51 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-01-30 22:51 - 2015-01-30 22:51 - 00001989 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2015-01-30 22:50 - 2015-01-30 22:50 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2015-01-30 22:50 - 2015-01-30 22:50 - 00000000 ____D () C:\Program Files\Adobe
2015-01-30 22:49 - 2015-01-30 23:03 - 00000000 ____D () C:\ProgramData\Adobe
2015-01-30 22:43 - 2015-01-30 23:00 - 00000000 ____D () C:\Users\Ritesh\AppData\Local\Adobe
2015-01-30 22:11 - 2015-01-30 23:03 - 00013540 _____ () C:\Windows\system32\results.xml
2015-01-30 22:01 - 2015-01-30 22:01 - 00017488 ____N (Windows ® 2000 DDK provider) C:\Windows\gdrv.sys
2015-01-30 22:00 - 2015-01-30 22:00 - 00000000 ____D () C:\Windows\system32\RTCOM
2015-01-30 21:59 - 2015-01-30 22:00 - 00000000 ___HD () C:\Program Files\Temp
2015-01-30 21:59 - 2015-01-30 21:59 - 00000000 ____D () C:\Program Files\Realtek
2015-01-30 21:59 - 2012-06-19 14:24 - 03240400 ____N (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHDA.sys
2015-01-30 21:59 - 2012-06-19 11:00 - 00293889 _____ () C:\Windows\system32\Drivers\RTAIODAT.DAT
2015-01-30 21:59 - 2012-06-14 11:13 - 05096448 ____N (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes.dat
2015-01-30 21:59 - 2012-06-08 13:48 - 03173008 ____N (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO.dll
2015-01-30 21:59 - 2012-06-06 08:14 - 00645776 ____N (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApoApi.dll
2015-01-30 21:59 - 2012-06-01 07:07 - 02417808 ____N (Realtek Semiconductor Corp.) C:\Windows\system32\RtkPgExt.dll
2015-01-30 21:59 - 2012-05-31 15:38 - 00087696 ____N (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoInstII.dll
2015-01-30 21:59 - 2012-05-25 15:36 - 01706640 ____N (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll
2015-01-30 21:59 - 2012-05-17 08:59 - 07161696 ____N (Dolby Laboratories) C:\Windows\system32\R4EEP32A.dll
2015-01-30 21:59 - 2012-05-17 08:59 - 00351072 ____N (Dolby Laboratories) C:\Windows\system32\R4EED32A.dll
2015-01-30 21:59 - 2012-05-17 08:59 - 00105824 ____N (Dolby Laboratories) C:\Windows\system32\R4EEL32A.dll
2015-01-30 21:59 - 2012-05-17 08:59 - 00091488 ____N (Dolby Laboratories) C:\Windows\system32\R4EEA32A.dll
2015-01-30 21:59 - 2012-05-17 08:59 - 00061792 ____N (Dolby Laboratories) C:\Windows\system32\R4EEG32A.dll
2015-01-30 21:59 - 2012-04-10 12:10 - 02193472 ____N (Fortemedia Corporation) C:\Windows\system32\FMAPO.dll
2015-01-30 21:59 - 2012-04-03 16:11 - 01185112 ____N (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek2.dll
2015-01-30 21:59 - 2012-04-03 16:11 - 00709976 ____N (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPOShell.dll
2015-01-30 21:59 - 2012-03-08 09:17 - 00176736 ____N (Andrea Electronics Corporation) C:\Windows\system32\AERTACap.dll
2015-01-30 21:59 - 2012-03-08 09:17 - 00095840 ____N (Andrea Electronics Corporation) C:\Windows\system32\AERTARen.dll
2015-01-30 21:59 - 2012-02-21 17:15 - 01725784 ____N (Waves Audio Ltd.) C:\Windows\system32\WavesGUILib.dll
2015-01-30 21:59 - 2012-02-17 13:24 - 00350552 ____N (Waves Audio Ltd.) C:\Windows\system32\MaxxVolumeSDAPO.dll
2015-01-30 21:59 - 2012-02-13 20:06 - 07783768 ____N (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek.dll
2015-01-30 21:59 - 2012-01-30 09:12 - 00819648 ____N (TOSHIBA Corporation) C:\Windows\system32\tadefxapo2.dll
2015-01-30 21:59 - 2012-01-23 19:58 - 00421744 ____N (DTS) C:\Windows\system32\DTSU2PLFX32.dll
2015-01-30 21:59 - 2012-01-23 19:58 - 00398192 ____N (DTS) C:\Windows\system32\DTSU2PGFX32.dll
2015-01-30 21:59 - 2012-01-23 19:58 - 00335216 ____N (DTS) C:\Windows\system32\DTSU2PREC32.dll
2015-01-30 21:59 - 2012-01-10 07:50 - 00058264 ____N (TOSHIBA CORPORATION.) C:\Windows\system32\TepeqAPO.dll
2015-01-30 21:59 - 2011-12-20 03:13 - 00192104 ____N (Sony Corporation) C:\Windows\system32\SFSS_APO.dll
2015-01-30 21:59 - 2011-12-18 15:27 - 01836376 ____N (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ.dll
2015-01-30 21:59 - 2011-12-13 14:28 - 01497704 ____N (Realtek Semiconductor Corp.) C:\Windows\system32\RTSndMgr.cpl
2015-01-30 21:59 - 2011-11-22 13:58 - 00013416 ____N (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR.dll
2015-01-30 21:59 - 2011-09-02 11:51 - 00214368 ____N (Synopsys, Inc.) C:\Windows\system32\SFNHK.dll
2015-01-30 21:59 - 2011-09-02 11:51 - 00074080 ____N (Synopsys, Inc.) C:\Windows\system32\SFCOM.dll
2015-01-30 21:59 - 2011-09-02 11:51 - 00068960 ____N (Synopsys, Inc.) C:\Windows\system32\SFAPO.dll
2015-01-30 21:59 - 2011-08-23 14:30 - 00357712 ____N (Knowles Acoustics ) C:\Windows\system32\KAAPORT.dll
2015-01-30 21:59 - 2011-05-31 07:12 - 01509480 ____N (DTS) C:\Windows\system32\DTSS2SpeakerDLL.dll
2015-01-30 21:59 - 2011-05-31 07:12 - 01292904 ____N (DTS) C:\Windows\system32\DTSS2HeadphoneDLL.dll
2015-01-30 21:59 - 2011-05-31 07:12 - 01220200 ____N (DTS) C:\Windows\system32\DTSBoostDLL.dll
2015-01-30 21:59 - 2011-05-31 07:12 - 00654952 ____N (DTS) C:\Windows\system32\DTSBassEnhancementDLL.dll
2015-01-30 21:59 - 2011-05-31 07:12 - 00631400 ____N (DTS) C:\Windows\system32\DTSSymmetryDLL.dll
2015-01-30 21:59 - 2011-05-31 07:12 - 00601704 ____N (DTS) C:\Windows\system32\DTSVoiceClarityDLL.dll
2015-01-30 21:59 - 2011-05-31 07:12 - 00458344 ____N (DTS) C:\Windows\system32\DTSNeoPCDLL.dll
2015-01-30 21:59 - 2011-05-31 07:12 - 00389736 ____N (DTS) C:\Windows\system32\DTSGainCompensatorDLL.dll
2015-01-30 21:59 - 2011-05-31 07:12 - 00375400 ____N (DTS) C:\Windows\system32\DTSLimiterDLL.dll
2015-01-30 21:59 - 2011-05-31 07:12 - 00218728 ____N (DTS) C:\Windows\system32\DTSGFXAPONS.dll
2015-01-30 21:59 - 2011-05-31 07:12 - 00218728 ____N (DTS) C:\Windows\system32\DTSGFXAPO.dll
2015-01-30 21:59 - 2011-05-31 07:12 - 00218216 ____N (DTS) C:\Windows\system32\DTSLFXAPO.dll
2015-01-30 21:59 - 2011-03-17 09:46 - 01379760 ____N (TOSHIBA Corporation) C:\Windows\system32\tosade.dll
2015-01-30 21:59 - 2011-03-07 14:33 - 00134584 ____N (TOSHIBA Corporation) C:\Windows\system32\tadefxapo.dll
2015-01-30 21:59 - 2010-11-08 05:01 - 00359768 ____N (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP32A.dll
2015-01-30 21:59 - 2010-11-08 05:01 - 00295768 ____N (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT32.dll
2015-01-30 21:59 - 2010-11-08 05:01 - 00295768 ____N (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA32.dll
2015-01-30 21:59 - 2010-11-08 05:01 - 00170840 ____N (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED32A.dll
2015-01-30 21:59 - 2010-11-08 05:01 - 00078680 ____N (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL32A.dll
2015-01-30 21:59 - 2010-11-08 05:01 - 00064856 ____N (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG32A.dll
2015-01-30 21:59 - 2010-10-03 11:15 - 00259928 ____N (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO30.dll
2015-01-30 21:59 - 2010-09-27 07:04 - 00232792 ____N (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll
2015-01-30 21:59 - 2009-12-04 13:13 - 00132368 ____N (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO.dll
2015-01-30 21:59 - 2009-11-24 07:25 - 00345328 ____N (SRS Labs, Inc.) C:\Windows\system32\SRSTSXT.dll
2015-01-30 21:59 - 2009-11-24 07:25 - 00185584 ____N (SRS Labs, Inc.) C:\Windows\system32\SRSTSHD.dll
2015-01-30 21:59 - 2009-11-24 07:25 - 00173296 ____N (SRS Labs, Inc.) C:\Windows\system32\SRSHP360.dll
2015-01-30 21:59 - 2009-11-24 07:25 - 00140528 ____N (SRS Labs, Inc.) C:\Windows\system32\SRSWOW.dll
2015-01-30 21:59 - 2009-11-18 16:12 - 01783056 ____N (Waves Audio Ltd.) C:\Windows\system32\WavesLib.dll
2015-01-30 21:40 - 2015-01-30 21:40 - 00000000 ____D () C:\Windows\system32\Lang
2015-01-30 21:40 - 2015-01-30 21:40 - 00000000 ____D () C:\Intel
2015-01-30 21:39 - 2015-01-30 21:39 - 00000000 ____D () C:\ProgramData\IntelDLM
2015-01-30 21:36 - 2015-01-30 21:36 - 00000000 ____D () C:\Users\Ritesh\AppData\Local\Intel
2015-01-30 21:33 - 2015-01-30 21:33 - 00001128 _____ () C:\Users\Public\Desktop\Intel® Driver Update Utility 2.0.lnk
2015-01-30 21:33 - 2015-01-30 21:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Driver Update Utility
2015-01-30 21:33 - 2015-01-30 21:33 - 00000000 ____D () C:\Program Files\Intel Driver Update Utility
2015-01-30 21:32 - 2015-01-30 21:32 - 00000000 ____D () C:\Program Files\Microsoft.NET
2015-01-30 21:28 - 2009-11-25 11:47 - 01130824 ____N (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2015-01-30 21:28 - 2009-11-25 11:47 - 00297808 ____N (Microsoft Corporation) C:\Windows\system32\mscoree.dll
2015-01-30 21:28 - 2009-11-25 11:47 - 00295264 ____N (Microsoft Corporation) C:\Windows\system32\PresentationHost.exe
2015-01-30 21:28 - 2009-11-25 11:47 - 00099176 ____N (Microsoft Corporation) C:\Windows\system32\PresentationHostProxy.dll
2015-01-30 21:28 - 2009-11-25 11:47 - 00049472 ____N (Microsoft Corporation) C:\Windows\system32\netfxperf.dll
2015-01-30 21:26 - 2015-01-30 21:27 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-30 21:07 - 2006-12-21 15:55 - 00046640 ____N () C:\AUTORUN.EXE.npb
2015-01-30 21:01 - 2015-01-31 16:30 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-01-30 21:00 - 2015-01-30 21:05 - 00000000 ____D () C:\Program Files\Common Files\InstallShield
2015-01-30 21:00 - 2015-01-30 21:00 - 00000000 ____D () C:\Program Files\D-Link
2015-01-30 20:45 - 2015-01-30 20:45 - 00000000 ____D () C:\Users\Ritesh\AppData\Roaming\Mozilla
2015-01-30 20:45 - 2015-01-30 20:45 - 00000000 ____D () C:\Users\Ritesh\AppData\Local\Mozilla
2015-01-30 20:44 - 2015-01-30 20:45 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-30 20:44 - 2015-01-30 20:44 - 00001117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-30 20:44 - 2015-01-30 20:44 - 00001105 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-01-30 20:44 - 2015-01-30 20:44 - 00000000 ____D () C:\ProgramData\Mozilla
2015-01-30 20:44 - 2015-01-30 20:44 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-01-30 20:37 - 2015-02-06 21:54 - 00119414 _____ () C:\Windows\PFRO.log
2015-01-30 20:31 - 2015-02-07 12:42 - 00002129 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-30 20:31 - 2015-01-30 20:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-30 20:27 - 2015-02-07 12:42 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-30 20:27 - 2015-02-07 12:38 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-30 20:27 - 2015-01-30 20:30 - 00000000 ____D () C:\Program Files\Google
2015-01-30 20:26 - 2015-01-30 20:31 - 00000000 ____D () C:\Users\Ritesh\AppData\Local\Google
2015-01-30 20:26 - 2015-01-30 20:26 - 00000000 ____D () C:\Users\Ritesh\AppData\Local\Deployment
2015-01-30 20:26 - 2015-01-30 20:26 - 00000000 ____D () C:\Users\Ritesh\AppData\Local\Apps\2.0
2015-01-30 20:21 - 2015-02-05 20:51 - 00000001 _____ () C:\Windows\y.txt
2015-01-30 20:20 - 2009-06-11 03:09 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts_bkp
2015-01-30 20:17 - 2014-12-23 00:50 - 00249488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-30 20:11 - 2015-02-06 13:44 - 00000000 ____D () C:\Windows\FltMgr
2015-01-30 20:11 - 2015-02-06 13:39 - 00003604 _____ () C:\Windows\system32\Zmnt.log
2015-01-30 20:11 - 2015-02-06 13:20 - 00000326 _____ () C:\Windows\npresq.dat
2015-01-30 20:10 - 2015-01-31 18:34 - 00000000 ____D () C:\Windows\system32\NPDP
2015-01-30 20:10 - 2015-01-30 20:22 - 00000129 _____ () C:\npkey.txt
2015-01-30 20:10 - 2015-01-30 20:10 - 00057560 _____ () C:\Users\Ritesh\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-30 20:10 - 2014-12-27 14:29 - 00000156 _____ () C:\npkey.bkp
2015-01-30 20:09 - 2015-02-05 16:40 - 00000988 _____ () C:\Windows\system32\SaveUpd.lnk
2015-01-30 20:09 - 2015-02-05 16:40 - 00000970 _____ () C:\Windows\system32\Chk.lnk
2015-01-30 20:09 - 2015-02-01 13:20 - 00000000 ____D () C:\Windows\NpReg
2015-01-30 20:09 - 2015-01-30 20:09 - 00000000 __RSH () C:\MSDOS.SYS
2015-01-30 20:09 - 2015-01-30 20:09 - 00000000 __RSH () C:\IO.SYS
2015-01-30 20:09 - 2015-01-30 20:09 - 00000000 ____D () C:\ProgramData\WebSecure
2015-01-30 20:06 - 2015-02-06 13:45 - 00017217 _____ () C:\Windows\NPMSetup.log
2015-01-30 19:56 - 2015-01-30 19:56 - 00000000 ____D () C:\Windows\system32\x64
2015-01-30 19:56 - 2009-10-19 15:57 - 01002008 ____N (Intel Corporation) C:\Windows\system32\igxpun.exe
2015-01-30 19:53 - 2015-02-05 19:11 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-30 19:51 - 2012-06-03 03:49 - 01933848 ____N (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-01-30 19:51 - 2012-06-03 03:49 - 00053784 ____N (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-01-30 19:51 - 2012-06-03 03:49 - 00045080 ____N (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-01-30 19:51 - 2012-06-03 03:42 - 02422272 ____N (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-01-30 19:50 - 2015-02-04 18:08 - 00000000 ____D () C:\Users\Ritesh\AppData\Local\VirtualStore
2015-01-30 19:50 - 2015-01-30 19:50 - 00001413 _____ () C:\Users\Ritesh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-30 19:50 - 2012-06-03 03:49 - 00577048 ____N (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-01-30 19:50 - 2012-06-03 03:49 - 00035864 ____N (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-01-30 19:50 - 2012-06-03 03:42 - 00088576 ____N (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-01-30 19:50 - 2012-06-02 15:19 - 00171904 ____N (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-01-30 19:50 - 2012-06-02 15:12 - 00033792 ____N (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-01-30 19:49 - 2015-02-06 18:44 - 00000000 ____D () C:\Users\Ritesh
2015-01-30 19:49 - 2015-01-30 19:49 - 00000020 ___SH () C:\Users\Ritesh\ntuser.ini
2015-01-30 19:49 - 2015-01-30 19:49 - 00000000 __SHD () C:\Recovery
2015-01-30 19:49 - 2009-07-14 10:12 - 00000000 ___RD () C:\Users\Ritesh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-30 19:49 - 2009-07-14 10:07 - 00000000 ___RD () C:\Users\Ritesh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-07 12:20 - 2009-07-14 10:04 - 00020512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-07 12:20 - 2009-07-14 10:04 - 00020512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-07 12:13 - 2009-07-14 10:23 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-07 12:13 - 2009-07-14 10:09 - 00019607 _____ () C:\Windows\setupact.log
2015-02-05 20:50 - 2009-07-14 10:22 - 00000000 ____D () C:\Windows\Offline Web Pages
2015-02-05 19:05 - 2009-07-14 13:20 - 00000000 ____D () C:\Windows\ShellNew
2015-02-05 16:40 - 2009-07-14 08:07 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-02-03 14:40 - 2009-07-14 08:07 - 00000000 ____D () C:\Windows\system
2015-02-02 23:43 - 2009-07-14 08:07 - 00000000 ____D () C:\Windows\security
2015-02-02 14:15 - 2009-07-14 08:07 - 00000000 ____D () C:\Windows\schemas
2015-02-01 16:02 - 2009-07-14 08:07 - 00000000 ____D () C:\Windows\rescache
2015-01-31 16:38 - 2009-07-14 08:07 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-01-31 12:17 - 2009-07-14 08:07 - 00000000 ____D () C:\Windows\system32\LogFiles
2015-01-31 11:03 - 2009-07-14 08:07 - 00000000 ____D () C:\Windows\Globalization
2015-01-31 09:16 - 2009-07-14 10:03 - 00266808 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-31 09:14 - 2009-07-14 08:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-31 09:11 - 2009-07-14 13:20 - 00000000 ____D () C:\Windows\CSC
2015-01-31 09:11 - 2009-07-14 10:04 - 00001774 _____ () C:\Windows\DtcInstall.log
2015-01-31 09:09 - 2009-07-14 10:27 - 00025600 ___SH () C:\Windows\system32\config\BCD-Template.LOG
2015-01-31 09:09 - 2009-07-14 10:22 - 00028672 _____ () C:\Windows\system32\config\BCD-Template
2015-01-30 22:47 - 2009-07-14 13:19 - 00000000 ___RD () C:\Users\Public\Recorded TV
2015-01-30 19:50 - 2009-07-14 10:22 - 00000000 ____D () C:\Windows\system32\restore
2015-01-30 19:49 - 2009-07-14 08:07 - 00000000 __RHD () C:\Users\Public\Libraries
 
Some content of TEMP:
====================
C:\Users\Ritesh\AppData\Local\Temp\NOSEventMessages.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-02-03 16:06
 
==================== End Of Log ============================
Link to post
Share on other sites

As far as i`m aware FlashGetBHO.dll is legitimate: http://www.systemlookup.com/search.php?type=filename&client=malwaresearch-ff&search=FlashGetBHO.dll

 

Not sure why Chrome should have any issues, do not see anything in your logs to give concern... There is the option to reset Chrome back to default settings, see if that makes any difference. Bookmarks and saved passwords are not removed...

 

https://support.google.com/chrome/answer/3296214?hl=en

 

Next,

 

Install Adblock Plus to Chrome: https://chrome.google.com/webstore/detail/adblock-plus/cfhdojbkjhnklbpkdaibdccddilifddb

 

Next,

 

One more fix to complete with FRST.....

 

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

 

Next,

 

Download Security Check by screen317 from either of the following:

http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe

Save it to your Desktop. (If your security alerts either accept the alert, or turn the security off while Secuirity Check runs)
Double click SecurityCheck.exe (Vista or Windows 7/8 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

If Security Check will not run or you get an alert saying it is not supported, Re-boot your PC then try again...

 

Post logs from FRST and Security Checks, also give update on any remaining issues or concerns...

 

Thank you,

 

Kevin.....
 

Fixlist.txt

Link to post
Share on other sites

hi kevin,

 

Resetting chrome back to Default Settings did make a lot of difference. Installed the Adblock Plus Extension on chrome. i don't find any other remaining issues or security concerns that i can point as of now. Posting the FRST fixlog and Security Check log as u requested. i just don't understand how these damn files get downloaded on the pc as i saw in the FRST fixlog. 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 05-02-2015
Ran by Ritesh at 2015-02-07 20:27:19 Run:3
Running from C:\Downloads
Loaded Profiles: Ritesh (Available profiles: Ritesh)
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
start
IFEO\(प्रश्न.exe: [Debugger] M-NPAV
Emptytemp:
end
 
 
 
*****************
 
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\(प्रश्न.exe" => Key deleted successfully.
EmptyTemp: => Removed 45.5 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 20:27:31 ====
 
 
 Results of screen317's Security Check version 0.99.96  
 Windows 7  x86 (UAC is enabled)  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
ESET NOD32 Antivirus 8.0   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
  Java 64-bit 8 Update 31  
 Adobe Reader XI  
 Mozilla Firefox (35.0.1) 
 Google Chrome (40.0.2214.111) 
 Google Chrome (40.0.2214.94) 
````````Process Check: objlist.exe by Laurent````````  
 ESET NOD32 Antivirus egui.exe  
 ESET NOD32 Antivirus ekrn.exe  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 2% 
````````````````````End of Log`````````````````````` 
 
Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.