Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

reopen of a previous topic

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

reopen of a previous topic

Unread postby anniyan » May 24th, 2014, 3:34 pm

i could not reply in time to

viewtopic.php?f=11&t=62791&p=633947

because my windows-firewall did not let me connect to the internet following an SFC i did. i had to install a 3rd party firewall after much trouble to come online. sorry about that. hence i PM'ed Mr. Gary R [http://www.malwareremoval.com/forum/memberlist.php?mode=viewprofile&u=741] and he was very kind to reply
"If you still need help, please open a new topic in the "Infected? Virus, malware, adware, ransomware, oh my!" room and wait for a new helper. Give details of any problems you're having. I'm sorry but due to pressures of work, I'm not available to help you myself at the moment, as I'm rather busy, but I'm sure one of the other helpers should be able to assist you. Good luck getting things resolved."
and
"Start a new topic as I asked you to do, but just explain to your next helper that you need to reformat, and that you're not able to create a Linux disc to boot to since you don't have access to a working computer. Tell them that I think you might be able to recover your files when booted to Recovery Environment, but other than that I can't think of any other options open to you."

To once more summarize my problem, i want to repave my laptop, since as you can see, I was told that I was out of choices except formatting my hard-disk clean and clean-install the OS, coz this malware-system is highly elusive and sophisticated and cannot be identified by any anti-malware or anti-virus. but, i want to transfer my personal files [documents, photos, movies, software-setup-files, etc.] safely to the portable harddisk i have, without transferring the infection. i am able to boot and work in my OS including moving, very well, my personal files to my portable HDD [infact i have moved most of the files to the portable HDD after the infection but before i identified that i was infected], but my only concern is that i dont want the infection to spread to the portable HDD so that when i connect it to my laptop after repaving and clean-installing the OS, the infection should not return back to the laptop. is there any other option without needing another PC?

for more info about the case-history and steps tried, so as to get a clear idea, please refer to my old thread http://www.malwareremoval.com/forum/viewtopic.php?f=11&t=62791&p=633947

and

http://www.bleepingcomputer.com/forums/t/520666/i-am-not-sure-if-i-am-infected-but-100-sure-that-my-machine-has-some-problem/

http://www.bleepingcomputer.com/forums/t/522168/very-infected-machine-with-an-assortment-of-malware/

BTW, i can clearly notice that the malware is piggybacking windows files like svchost, dllhost, rundll32, wudfhost etc, to do its things and hence remains detected; i guess it is called DLL-injection or something, not sure. and my internet continues to be heavily exploited [high usage] for some data-transfer which i am not aware of. recently whenever i boot into the OS, notepad opens up displaying this

[.ShellClassInfo]
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21769
IconResource=%SystemRoot%\system32\imageres.dll,-183

in the desktop.ini located on my desktop. and all the folders in my laptop have similar files with similar content, i don't know what. and to my shock :( :shock: :cussing: :angryfire: , today i found out the following files in the location -> C:\SWSetup\sp56663

1. http://www.herdprotect.com/hidew.exe-c3 ... 596e7.aspx
or https://www.virustotal.com/en/file/04c3 ... /analysis/

2. https://www.virustotal.com/en/file/c798 ... /analysis/

3. https://www.virustotal.com/en/file/263a ... /analysis/

4. https://www.virustotal.com/en/file/1f0c ... /analysis/

i immediately deleted these, but i don't know if they have copies anywhere else.
anniyan
Regular Member
 
Posts: 19
Joined: May 6th, 2014, 12:49 pm
Advertisement
Register to Remove

Re: reopen of a previous topic

Unread postby MWR 3 day Mod » May 28th, 2014, 11:51 pm

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: reopen of a previous topic

Unread postby nunped » June 2nd, 2014, 6:47 pm

Hello anniyan, and welcome to the forum.

My name is nunped and I'll be helping you with any malware problems.

Sorry for the delay.....

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Here are some guidelines for the cleaning process to run as easy as possible.

  1. Please read this topic: ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.
  2. The instructions being given are for YOUR computer and system only! Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  3. You must have Administrator rights permissions for this computer.
  4. DO NOT run any other fix or removal tools unless instructed to do so!
  5. DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
  6. Only post your problem at one help site. Applying fixes from multiple help sites can cause problems.
  7. Only reply to this thread. Do not start another thread.
  8. The absence of symptoms does not imply the absence of malware. Please continue responding until I give you the "All Clean".
  9. No Reply Within 3 Days will result in your topic being closed!


Read through these instructions with your full attention.
Please ask first if you have any doubts.

I am currently reviewing your logs and will return, as soon as possible, with additional instructions.
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: reopen of a previous topic

Unread postby nunped » June 2nd, 2014, 6:58 pm

Hi anniyan,

Did you have any luck asking at BitDefender forums, as Gary suggested?
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: reopen of a previous topic

Unread postby anniyan » June 5th, 2014, 8:20 pm

ok sir, i will follow your words verbatim. BTW, to be really frank, 3/4 of my data had been moved to my portable HDD already, even before i realized that i was infected. and i have no problems moving the rest of the data to my portable HDD even now, in windows environment. but as mr. gary has pointed out, filtering out the infection when moving the personal data is the job in hand for me. so any linux distro [even if it is downloaded using this infected computer] can help? also, i need to mention that i have oracle's virtualbox installed in this laptop already, which came bundled with a samsung-galaxy-nexus android environment, but i dunno if that can help, though it being a linux derivative. BTW, apart from bitdefender live-cd, i have a kaspersky live-cd too; but the problem id they were downloaded using this infected PC; and i dunno how to use them to transfer files. BTW, since only 1/4 of the files are in the PC [others being in the portable HDD already], can this direction lead us to our goal. and yes, i have registered in bitdefender forum, but yet to hear from them.
anniyan
Regular Member
 
Posts: 19
Joined: May 6th, 2014, 12:49 pm

Re: reopen of a previous topic

Unread postby nunped » June 7th, 2014, 3:51 am

Hi anniyan,

If you have already copied some of your files, my suggestion is that you copy the rest ones that you need.
Take care to only copy non-executable files (Gary gave you a link that explains which kind of files are safe to copy).

Then, reformat your computer and scan your HDD with an antivirus, before transferring the files to the computer.
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: reopen of a previous topic

Unread postby anniyan » June 8th, 2014, 2:15 pm

okay, i will do it verbatim, crossing my fingers that the infection is not present on any non-executables; and praying that IF ANY elusives maybe present, their signatures would be soon identified by AV vendors.
anniyan
Regular Member
 
Posts: 19
Joined: May 6th, 2014, 12:49 pm

Re: reopen of a previous topic

Unread postby anniyan » June 8th, 2014, 5:33 pm

[BAD UPDATE] : something new has entered. i cant login. now i am using safe mode with networking. i cant open most files or folders: "No groups or users have permission to access this object. However, the owner of this object can assign permissions."

no application or LNK files work. by god's grace IE works for time being, but dunno about the future. by your expertise, you will be knowing the name of the new badware, i hope.

i am totally shattered. :'( and scared. can you help me?

for time-being, any interim measures to control the spread? like combofix in unattended mode or repair-installing windows, etc? thanks a ton in advance.
anniyan
Regular Member
 
Posts: 19
Joined: May 6th, 2014, 12:49 pm

Re: reopen of a previous topic

Unread postby nunped » June 9th, 2014, 5:50 am

Hi anniyan,

But were you able to backup the files you needed? Can you backup them now?
When you say you can't login, what do you mean? Does Windows boot in normal mode, or not at all?
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: reopen of a previous topic

Unread postby anniyan » June 9th, 2014, 10:23 am

i cant boot into normal mode, so 'using safe mode with networking' to type here. this new virus infected me before i backed up the rest of them, yet i am able to back them up by moving them to the portable HDD now, though i am not sure if the new virus would also move into the portable HDD. BTW, the previous infection was trying to conceal its presence and get its things done in secret and hence did not affect the basic operations of the pc. but the new one has modified many stuff intending to prevent me from doing anything. what should i do now?
anniyan
Regular Member
 
Posts: 19
Joined: May 6th, 2014, 12:49 pm

Re: reopen of a previous topic

Unread postby nunped » June 9th, 2014, 11:03 am

Hi anniyan,

As we won't be able to put your system back to normal, the same advise applies. Copy your files to the portable HDD. If you stick to data files, you should be safe. After you reformat, scan your portable HDD with an antivirus, before copying the files back to your system.
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: reopen of a previous topic

Unread postby anniyan » June 10th, 2014, 1:24 pm

but there is a problem in this. the new virus has set ridiculously tough permissions/priviledges for many files and folders that block me from copying, moving, opening or deleting certain files correspondingly. and blocked many websites and prevents me from downloading ANY file in IE11 [which is the only browser working in my laptop as of now]. hence i cannot download anything to repair my laptop. it would be very helpful if you can help me reset the permissions and settings back to what they were earlier, so that i can back them up.

so i request you to guide me with the steps to restore the laptop to the atleast-functional-though-infected-working-state, ie., approximately how it was before the new virus infected. can i?

PS. i have a sample of the virus file that infected me: i locked it in a password-protected zip file [ that cant get out of that, can it? ]. i can send it to you if you wanna peruse it.
anniyan
Regular Member
 
Posts: 19
Joined: May 6th, 2014, 12:49 pm

Re: reopen of a previous topic

Unread postby nunped » June 10th, 2014, 7:18 pm

Hi anniyan,

Let me check what it's possible to do. As for the infection file, how are you sure that's the file? I don't have the tools or abilities to venture in messing with an unknown infection...

I hope you can download this tool to run a scan:
FRST in Recovery Environment
(Farbar Recovery Scanner Tool for Vista-W7)

  • Download FRST64 to a USB flash drive.
  • Plug the USB drive into the infected machine.

Boot your computer into Recovery Environment

  • Restart the computer and press F8 repeatedly until the Advanced Options Menu appears.
  • Select Repair your computer.
  • Select Language and click Next
  • Enter password (if necessary) and click OK, you should now see the screen below ...

Image

  • Select the Command Prompt option.
  • A command window will open.
    • Type notepad then hit Enter.
    • Notepad will open.
      • Click File > Open then select Computer.
      • Note down the drive letter for your USB Drive.
      • Close Notepad.
  • Back in the command window ....
    • Type e:/frst64.exe and hit Enter (where e: is replaced by the drive letter for your USB drive)
    • FRST will start to run.
      • When the tool opens click Yes to disclaimer.
      • Press Scan button.
      • When finished scanning it will make a log FRST.txt on the flash drive.
  • Boot back into normal mode and post me the FRST.txt log please.
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: reopen of a previous topic

Unread postby anniyan » June 12th, 2014, 5:06 am

i am under a big load of problems due to malware, so first of all, sorry if i am / had been much of an annoyance, but thanks a ton for your patience. i am asking such help only coz i am out of other feasible options. no problem about "I don't have the tools or abilities to venture in messing with an unknown infection", i can understand.

BTW, the virus infection i recently got is not a 0-day threat, i guess it is a known infection only, coz COMODO quarantined it as soon as i navigated to the folder containing the virus (but not before the virus could do any harm) ; and i am sure of which file it is, coz that (email attachment) was the only file that has been downloaded in that particular time-window.

the virus has changed the file-permissions/access-privileges of almost all files, and hence most applications cannot run (including browsers). so i am forced to use IE 11, but there is a problem in that too - most websites are blocked and also it is not able to download even a small single file including FRST64 and [also http://www.bleepingcomputer.com/download/grantperms (which can possibly reset the file-privileges to normal)] - thus this is a cyclic self-sustained problem :'( i am not aware of how to reset the file-permissions manually :( since i am not able to download the FRST64, i dunno how to proceed. i will try to download it using a different PC and complete these steps get back to you ASAP. sorry about the delay.

[EDIT]: i have a copy of FRST64 dated june 2 - 2014, which i can use for time being?
anniyan
Regular Member
 
Posts: 19
Joined: May 6th, 2014, 12:49 pm

Re: reopen of a previous topic

Unread postby anniyan » June 12th, 2014, 9:19 am

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-06-2014 (ATTENTION: ====> FRST version is 10 days old and could be outdated)
Ran by SYSTEM on MININT-L32LV9D on 12-06-2014 18:24:15
Running from H:\
Platform: Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Recovery

The current controlset is ControlSet002
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.


The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-12-16] (IDT, Inc.)
HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1275608 2014-03-25] (COMODO)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-19] (Intel Corporation)
HKLM-x32\...\Run: [HPQuickWebProxy] => C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe [169528 2011-10-07] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HPConnectionManager] => C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [103992 2011-09-13] (Hewlett-Packard Development Company L.P.)
HKLM-x32\...\Run: [Trend Micro RUBotted V2.0 Beta] => C:\Program Files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe [1102872 2013-07-25] (Trend Micro Inc.)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\naveen\MBAE\mbae.exe [1300792 2014-04-09] (Malwarebytes Corporation)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-05-27] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\Default\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\Default User\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\NAVEEN\...\Run: [Google Update] => C:\Users\NAVEEN\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-02-10] (Google Inc.)
HKU\NAVEEN\...\Run: [IDMan] => C:\Program Files (x86)\naveen\IDM\IDMan.exe [3837520 2014-06-03] (Tonec Inc.)
HKU\NAVEEN\...\Run: [PhrozenSoft VirusTotal Uploader] => [X]
HKU\NAVEEN\...\Policies\Explorer: [NoResolveSearch] 1
HKU\NAVEEN\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\NAVEEN\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\NAVEEN\...\Policies\Explorer: [HideSCABattery] 1
HKU\Naveen Admin\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.Exe [68096 2012-04-25] (Hewlett-Packard Company)
HKU\Naveen Admin\...\Run: [WinPatrol] => C:\Program Files (x86)\naveen\WinPatrol+\winpatrol.exe [533568 2014-04-22] (BillP Studios)
HKU\Naveen Admin\...\Run: [Uniblue ProcessQuickLink 2] => C:\Program Files (x86)\naveen\ProcessQuickLink 2\ProcessQuickLink2.exe [655640 2008-04-01] (Uniblue)
HKU\Naveen Admin\...\Run: [SUPERAntiSpyware] => C:\Program Files\naveen\SUPERAntiSpyware\SUPERAntiSpyware.exe [6563608 2014-01-06] (SUPERAntiSpyware)
HKU\Naveen Admin\...\Policies\Explorer: [NoDriveAutoRun-] 0
HKU\Naveen Admin\...\Policies\Explorer: [NoDriveTypeAutoRun-] 0
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - %SystemRoot%\system32\wpdshserviceobj.dll (Microsoft Corporation)
SSODL-x32: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - No File
GroupPolicyUsers\S-1-5-21-606511456-1437241303-3617233354-1000\User: Group Policy restriction detected <======= ATTENTION

==================== Services (Whitelisted) =================

S3 !SASCORE; C:\Program Files\naveen\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-10] (SUPERAntiSpyware.com)
S4 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [402192 2014-05-30] (BlueStack Systems, Inc.)
S4 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [385808 2014-05-30] (BlueStack Systems, Inc.)
S4 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [774928 2014-05-30] (BlueStack Systems, Inc.)
S3 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1363584 2014-03-02] (Microsoft Corporation)
S3 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1748608 2014-03-02] (Microsoft Corporation)
S4 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [244720 2012-02-08] (CyberLink)
S2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [6817544 2014-04-16] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2264280 2014-03-25] (COMODO)
S2 Diskeeper; C:\Program Files\naveen\Diskeeper\DkService.exe [2648952 2012-07-27] (Diskeeper Corporation)
S2 DragonUpdater; C:\Program Files (x86)\naveen\ComodoDragon\dragon_updater.exe [2135232 2014-05-21] ()
S3 FolderSize; C:\Program Files (x86)\naveen\FolderSize\FolderSizeSvc.exe [116224 2010-04-05] (Brio)
S3 FPLService; C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe [260424 2011-08-26] (HP)
S4 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2014-06-10] (SurfRight B.V.)
S2 hmpalertsvc; C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [1876816 2014-04-09] (SurfRight B.V.)
S2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [49464 2014-05-20] (Hewlett-Packard Company)
S2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
S3 MatSvc; C:\Program Files\Microsoft Fix it Center\Matsvc.exe [343856 2011-06-13] (Microsoft Corporation)
S2 MbaeSvc; C:\Program Files (x86)\naveen\MBAE\mbae-svc.exe [347448 2014-04-09] (Malwarebytes Corporation)
S2 MBAMScheduler; C:\Program Files (x86)\naveen\MalwarebytesAM\mbamscheduler.exe [1809720 2014-05-11] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\naveen\MalwarebytesAM\mbamservice.exe [860472 2014-05-11] (Malwarebytes Corporation)
S4 Mobile Partner. RunOuc; C:\Program Files (x86)\naveen\huaweiMP\UpdateDog\ouc.exe [650240 2013-02-28] ()
S4 MoboroboDeviceService; C:\Program Files (x86)\naveen\Moborobo\MoboroboDeviceService.exe [71976 2013-04-03] ()
S4 MotoHelper.exe; C:\Program Files (x86)\Motorola\Moto Helper Service\MotoHelper.exe [6656 2010-09-14] (Motorola)
S4 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [120728 2012-10-23] ()
S4 Photon Plus. RunOuc; C:\Program Files (x86)\naveen\huawei-P++\UpdateDog\ouc.exe [655712 2014-06-07] ()
S4 PuranDefrag; C:\Windows\system32\PuranDefragS.exe [292736 2013-08-15] (Puran Software)
S4 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
S2 RUBotSrv; C:\Program Files (x86)\Trend Micro\RUBotted\RUBotSrv.exe [443416 2013-07-25] (Trend Micro Inc.)
S3 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
S3 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
S4 Unchecky; C:\Program Files (x86)\naveen\Unchecky\bin\unchecky_svc.exe [107624 2014-05-05] (RaMMicHaeL)
S4 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2014-02-28] (Western Digital Technologies, Inc.)
S4 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [271728 2014-02-28] (Western Digital Technologies, Inc.)

==================== Drivers (Whitelisted) ====================

S1 AntiLog32; C:\Windows\system32\drivers\AntiLog64.sys [49240 2013-09-20] (Zemana Ltd.)
S5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [123152 2014-05-30] (BlueStack Systems)
S1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [23168 2014-04-16] (COMODO)
S1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [738472 2014-04-16] (COMODO)
S1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [48360 2014-04-16] (COMODO)
S3 DKRtWrt; C:\Windows\System32\DRIVERS\DKRtWrt.sys [44624 2011-02-13] (Diskeeper Corporation)
S3 FLxHCIh; C:\Windows\System32\DRIVERS\FLxHCIh.sys [77040 2012-11-07] (Fresco Logic)
S3 gctfld; C:\Program Files\COMODO\COMODO Internet Security\ccekrnl.dat [168376 2014-04-16] (COMODO)
S2 hmip; C:\Windows\system32\Drivers\hmip64.sys [30056 2013-06-19] (Hide My IP)
S2 hmpalert; C:\Windows\system32\drivers\hmpalert.sys [93144 2014-04-09] ()
S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [224768 2014-06-07] (Huawei Technologies Co., Ltd.)
S1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [105552 2014-04-16] (COMODO)
S5 KL1; C:\Windows\System32\Drivers\KL1.sys [458336 2014-05-15] (Kaspersky Lab ZAO)
S5 klflt; C:\Windows\System32\Drivers\klflt.sys [90208 2013-05-01] (Kaspersky Lab ZAO)
S1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [620128 2013-05-01] (Kaspersky Lab ZAO)
S3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-05-15] (Kaspersky Lab ZAO)
S3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2014-05-15] (Kaspersky Lab ZAO)
S1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-05-01] (Kaspersky Lab ZAO)
S1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [91352 2014-05-11] (Malwarebytes Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-11] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-11] (Malwarebytes Corporation)
S2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)
S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [47632 2013-04-28] (Panda Security, S.L.)
S0 rqkdql; No ImagePath
S1 SASDIFSV; C:\Program Files\naveen\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files\naveen\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 seehcri; C:\Windows\System32\DRIVERS\seehcri.sys [34032 2012-07-23] (Sony Ericsson Mobile Communications)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [526392 2013-12-14] (Duplex Secure Ltd.)
S3 catchme; \??\C:\hair\catchme.sys [X]
S3 cleanhlp; \??\C:\Users\NAVEEN\Desktop\idm\pgm\security\eek\Run\cleanhlp64.sys [X]
S3 efavdrv; \??\C:\Windows\system32\drivers\efavdrv.sys [X]
S0 Partizan; system32\drivers\Partizan.sys [X]

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Accelerometer.sys 5C368F4B04ED2A923E6AFCA2D37BAFF5
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys 79059559E89D06E8B80CE2944BE20228
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\atikmdag.sys 06778049A44C316E8D016039B9D14667
C:\Windows\System32\DRIVERS\atikmpag.sys 94B4028F0EEA1F166D78186A254676B5
C:\Windows\system32\drivers\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\System32\Drivers\ssadadb.sys 4DE0D5D747A73797C95A97DCCE5018B5
C:\Windows\system32\drivers\AntiLog64.sys 2BD7BADC93C9E54FE366561DB6677B0D
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bcmwl664.sys 9E84A931DBEE0292E38ED672F6293A99
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\system32\drivers\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bridge.sys 5C2F352A4E961D72518261257AAE204B
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys 93E3A1E054E049D721F4DC60CE87B73D
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\system32\drivers\BVRPMPR5a64.SYS 9887CA12F407D7FBC7F48F3678F5F0B6
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\clwvd.sys A4DC4C58F4B8D798E5F5D59099ADCF8A
C:\Windows\system32\drivers\CmBatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cmderd.sys 348A7FDDF0D7354ED6308AF96EEF4F54
C:\Windows\System32\DRIVERS\cmdguard.sys 923659525ADAC632EA6F94570CCE1561
C:\Windows\System32\DRIVERS\cmdhlp.sys 0AB6E8D34782E83AEECEEE76BC788957
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys EBF28856F69CF094A902F884CF989706
C:\Windows\System32\drivers\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\DKRtWrt.sys 20C394C80113D77406DF8F1ADC720B01
C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys 53BD875C7C0808235BFB803C1A8BE009
C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ew_hwusbdev.sys 86F7951BBCEE4A86E79A97306BD14318
C:\Windows\System32\DRIVERS\ew_usbenumfilter.sys 55E0EDA185869F7EA67EA97FD0655B39
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\FLxHCIc.sys 5F3982B51A5DF6F7FF5FD3A4CE0BFF5D
C:\Windows\System32\DRIVERS\FLxHCIh.sys 1ACB3F124140A2EAB5A1E36286E37C0D
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\fssfltr.sys B16B626996C74B564005BA855C5DEE90
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Program Files\COMODO\COMODO Internet Security\ccekrnl.dat 1BA7B4A9EC2AD658AC3E466946A09AEA
C:\Windows\System32\DRIVERS\GEARAspiWDM.sys 8E98D21EE06192492A5671A6144D092F
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\Drivers\hmip64.sys D32A664F2F0F396511D0403142C4C80B
C:\Windows\system32\drivers\hmpalert.sys CF07C0A9D38A248D036DD9C47E4D0D6E
C:\Windows\System32\DRIVERS\hpdskflt.sys 4E0BEC0F78096FFD6D3314B497FC49D3
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ew_jucdcacm.sys E461750CFDC861759BB3B612CE37BA8C
C:\Windows\System32\DRIVERS\ew_jubusenum.sys DDBB283835010E52E88AAC6995B617D7
C:\Windows\System32\DRIVERS\ew_juextctrl.sys 83D6CD158B6D543BD6C61D5FA6063E93
C:\Windows\System32\DRIVERS\ew_juwwanecm.sys 2531B9EB621DFEA05FF14F2C7A4D1621
C:\Windows\System32\DRIVERS\ewusbmdm.sys 24FA6177FE55C4BC045EC87E39F90688
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\iaStor.sys 2FDAEC4B02729C48C0FD1B0B4695995B
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\System32\DRIVERS\idmwfp.sys 78C74D0AE7C8441B7D7AF540D75A7E3B
C:\Windows\System32\DRIVERS\igdkmd64.sys 33FAA40B288002C89529DBD14F3AB72C
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\inspect.sys 8E8C4F5DE79216E56A2E61D573C4F9B3
C:\Windows\System32\DRIVERS\IntcDAud.sys F5495B38BFB9149925F54F65AB40EFBF
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\igdpmd64.sys 33FAA40B288002C89529DBD14F3AB72C
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys 96BB922A0981BC7432C8CF52B5410FE6
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\system32\drivers\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\klif.sys 2CBD248370721DCAD632DB70D09C5A6D
C:\Windows\System32\DRIVERS\klkbdflt.sys AEB50941C6D67128B14F88DB9917C4E0
C:\Windows\System32\DRIVERS\klmouflt.sys 72CF64FBF38CD681FA7F37176047E967
C:\Windows\System32\DRIVERS\kneps.sys 1FCB657B581CC4DF17FD6571F93602DE
C:\Windows\System32\Drivers\ksecdd.sys 353009DEDF918B2A51414F330CF72DEC
C:\Windows\System32\Drivers\ksecpkg.sys 1C2D8E18AA8FD50CD04C15CC27F7F5AB
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mbamchameleon.sys 9D9ED48F841EA37AA5310D54B9E5D3C7
C:\Windows\system32\drivers\mbam.sys F92B0E478C0FAA6D6661E6E977247E60
C:\Windows\system32\drivers\mwac.sys 15E8ABC06843672955CE26A009533BAD
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HECIx64.sys A6518DCC42F7A6E999BB3BEA8FD87567
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\motmodem.sys 785B2CBA23D374649D98715C3EE17B2A
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys 1A4F75E63C9FB84B85DFFC6B63FD5404
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\drivers\npf.sys DE7FCC77F4A503AF4CA6A47D49B3713D
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys 1A29A59A4C5BA6F8C85062A613B7E2B2
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nvm62x64.sys A85B4F2EF3A7304A5399EF0526423040
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\drivers\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\Drivers\pcouffin.sys AF7CE12C4F3DC8CB2B07685C916BBCFE
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\psi_mf_amd64.sys DD3FD48D69F5FBBB21D46D1514C1C2DB
C:\Windows\System32\DRIVERS\PSKMAD.sys 05A0C2744CEAC6F1B723EC469B650EF0
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\drivers\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpvideominiport.sys 313F68E1A3E6345A4F47A36B07062F34
C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\revoflt.sys 9C3AC71A9934B884FAC567A8807E9C4D
C:\Windows\System32\DRIVERS\RtsPStor.sys 1F5E7AF59B390261A85F5BEDB1BB88B3
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Rt64win7.sys ED5873F7DFB2F96D37F13322211B6BDC
C:\Windows\System32\DRIVERS\rtl8192Ce.sys F33E70E48A54A7A1BFBEEB4F3B273E4A
C:\Program Files\naveen\SUPERAntiSpyware\SASDIFSV64.SYS 3289766038DB2CB14D07DC84392138D5
C:\Program Files\naveen\SUPERAntiSpyware\SASKUTIL64.SYS 58A38E75F3316A83C23DF6173D41F2B5
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\Drivers\SCDEmu.sys 3570E8B9016621C5BC8754B026DDB3B8
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\sdbus.sys 111E0EBC0AD79CB0FA014B907B231CF0
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\seehcri.sys EDE7A1D2715AAC2190D51DC07AFD44E3
C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Sftfslh.sys 2046AA7491DE7EFA4D70E615D9BC9D09
C:\Windows\System32\DRIVERS\Sftplaylh.sys 0E0446BC4D51BE4263ACB7E33491191C
C:\Windows\System32\DRIVERS\Sftredirlh.sys C5FB982CD266E604ED3142102C26D62C
C:\Windows\System32\DRIVERS\Sftvollh.sys 2575511AF67AA1FA068CCC4918E2C2A3
C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\Drivers\sptd.sys A6CFF1AF7664627A296B6A0A96CF876E
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\VSTAZL6.SYS 0C4540311E11664B245A263E1154CEF8
C:\Windows\System32\DRIVERS\VSTDPV6.SYS 02071D207A9858FBE3A48CBFD59C4A04
C:\Windows\System32\DRIVERS\VSTCNXT6.SYS 18E40C245DBFAF36FD0134A7EF2DF396
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\System32\DRIVERS\ssadbus.sys 8F8324ED1DE63FFC7B1A02CD2D963C72
C:\Windows\System32\DRIVERS\ssadmdfl.sys 58221EFCB74167B73667F0024C661CE0
C:\Windows\System32\DRIVERS\ssadmdm.sys 4DA7C71BFAC5AD71255B7E4CAB980163
C:\Windows\System32\DRIVERS\ssadserd.sys D33D1BD3EC0E766211A234F56A12726D
C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\stwrt64.sys 6F69D75F50E8FAF1003AA6CFB18B91EC
C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\SynTP.sys AC3CC98B1BDB6540021D3FFB105AC2B9
C:\Windows\System32\DRIVERS\tap0901.sys F9BE29D5E097F03F81D3CD12B794CB66
C:\Windows\System32\drivers\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\DRIVERS\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\teamviewervpn.sys F5520DBB47C60EE83024B38720ABDA24
C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys 4CE278FC9671BA81A138D70823FCAA09
C:\Windows\System32\drivers\tsusbflt.sys E9981ECE8D894CEF7038FD1D040EB426
C:\Windows\system32\drivers\TsUsbGD.sys AD64450A4ABE076F5CB34CC08EEACB07
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbccgp.sys DCA68B0943D6FA415F0C56C92158A83A
C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
C:\Windows\system32\drivers\usbehci.sys 18A85013A3E0F7E1755365D287443965
C:\Windows\System32\DRIVERS\usbhub.sys 8D1196CFBB223621F2C67D45710F25BA
C:\Windows\system32\drivers\usbohci.sys 765A92D428A8DB88B960DA5A8D6089DC
C:\Windows\system32\drivers\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\system32\drivers\usbuhci.sys DD253AFC3BC6CBA412342DE60C3647F3
C:\Windows\System32\Drivers\usbvideo.sys 1F775DA4CF1A3A1834207E975A72E9D7
C:\Windows\System32\DRIVERS\VBoxDrv.sys CDA796F41C2B64CEEC143B3A86904CFB
C:\Windows\System32\DRIVERS\VBoxNetAdp.sys 8CD776EB77695524CCE594AAC3A71569
C:\Windows\System32\DRIVERS\VBoxNetFlt.sys 39D80811EB7E87CD7F682A3124693CBA
C:\Windows\System32\DRIVERS\VBoxUSBMon.sys 248C6ADD9467AF319D1882A5E8B12966
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys DF8126BD41180351A093A3AD2FC8903B
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifimp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wdcsam64.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUSB.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-12 04:47 - 2014-06-12 04:48 - 00002420 _____ () C:\Users\Naveen Admin\Desktop\Rkill.txt
2014-06-12 04:40 - 2014-06-12 04:40 - 00000000 ____D () C:\hair
2014-06-12 00:48 - 2014-05-30 02:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-06-12 00:48 - 2014-05-30 02:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-06-12 00:48 - 2014-05-30 02:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2014-06-12 00:48 - 2014-05-30 01:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2014-06-12 00:48 - 2014-05-30 01:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2014-06-12 00:48 - 2014-05-30 01:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2014-06-12 00:48 - 2014-05-30 01:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2014-06-12 00:48 - 2014-05-30 01:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2014-06-12 00:48 - 2014-05-30 01:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2014-06-12 00:48 - 2014-05-30 01:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2014-06-12 00:48 - 2014-05-30 01:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2014-06-12 00:48 - 2014-05-30 01:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2014-06-12 00:48 - 2014-05-30 01:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2014-06-12 00:48 - 2014-05-30 01:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-12 00:48 - 2014-05-30 01:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2014-06-12 00:48 - 2014-05-30 01:08 - 05782528 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2014-06-12 00:48 - 2014-05-30 01:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2014-06-12 00:48 - 2014-05-30 01:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-12 00:48 - 2014-05-30 00:55 - 00038400 _____ (Microsoft Corporation) C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-06-12 00:48 - 2014-05-30 00:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2014-06-12 00:48 - 2014-05-30 00:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2014-06-12 00:48 - 2014-05-30 00:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-12 00:48 - 2014-05-30 00:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2014-06-12 00:48 - 2014-05-30 00:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-12 00:48 - 2014-05-30 00:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-12 00:48 - 2014-05-30 00:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-12 00:48 - 2014-05-30 00:35 - 00608768 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2014-06-12 00:48 - 2014-05-30 00:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-12 00:48 - 2014-05-30 00:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-12 00:48 - 2014-05-30 00:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-12 00:48 - 2014-05-30 00:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2014-06-12 00:48 - 2014-05-30 00:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-12 00:48 - 2014-05-30 00:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-12 00:48 - 2014-05-30 00:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2014-06-12 00:48 - 2014-05-30 00:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2014-06-12 00:48 - 2014-05-30 00:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-12 00:48 - 2014-05-30 00:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-12 00:48 - 2014-05-30 00:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-12 00:48 - 2014-05-30 00:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-12 00:48 - 2014-05-30 00:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-12 00:48 - 2014-05-29 23:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-12 00:48 - 2014-05-29 23:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2014-06-12 00:48 - 2014-05-29 23:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-12 00:48 - 2014-05-29 23:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-12 00:48 - 2014-05-29 23:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-12 00:48 - 2014-05-29 23:43 - 13522944 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2014-06-12 00:48 - 2014-05-29 23:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-12 00:48 - 2014-05-29 23:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2014-06-12 00:48 - 2014-05-29 23:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-12 00:48 - 2014-05-29 23:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-12 00:48 - 2014-05-29 23:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2014-06-12 00:48 - 2014-05-29 23:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-12 00:38 - 2014-04-04 18:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2014-06-12 00:38 - 2014-04-04 18:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
2014-06-12 00:37 - 2014-03-26 06:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2014-06-12 00:37 - 2014-03-26 06:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2014-06-12 00:37 - 2014-03-26 06:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\msxml6r.dll
2014-06-12 00:37 - 2014-03-26 06:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2014-06-12 00:37 - 2014-03-26 06:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-12 00:37 - 2014-03-26 06:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-12 00:37 - 2014-03-26 06:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-12 00:37 - 2014-03-26 06:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-06-12 00:33 - 2014-06-12 00:33 - 00000964 _____ () C:\Users\Public\Desktop\Pale Moon.lnk
2014-06-12 00:33 - 2014-06-12 00:33 - 00000964 _____ () C:\ProgramData\Desktop\Pale Moon.lnk
2014-06-11 14:53 - 2014-06-11 14:53 - 00000070 _____ () C:\Users\NAVEEN\Desktop\bkmk.txt
2014-06-11 14:28 - 2014-05-08 01:32 - 03178496 _____ (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
2014-06-11 14:28 - 2014-05-08 01:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\System32\RdpGroupPolicyExtension.dll
2014-06-11 14:19 - 2014-06-08 01:13 - 00506368 _____ (Microsoft Corporation) C:\Windows\System32\aepdu.dll
2014-06-11 14:19 - 2014-06-08 01:08 - 00424448 _____ (Microsoft Corporation) C:\Windows\System32\aeinv.dll
2014-06-11 14:14 - 2014-06-11 14:14 - 00000024 ___SH () C:\Users\Naveen Admin\AppData\Roaming\1D959CA221C7573.sys
2014-06-11 13:58 - 2014-04-24 18:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\System32\usp10.dll
2014-06-11 13:58 - 2014-04-24 18:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-11 13:52 - 2014-06-11 13:52 - 00000000 ____D () C:\temp
2014-06-11 11:52 - 2014-06-11 11:52 - 00001130 _____ () C:\temp645.bat
2014-06-11 11:51 - 2014-06-11 11:51 - 00001245 _____ () C:\temp694.bat
2014-06-10 21:59 - 2014-06-10 21:59 - 00001994 _____ () C:\Users\NAVEEN\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2014-06-10 20:41 - 2014-06-10 20:41 - 00000000 ____D () C:\Program Files (x86)\Comodo
2014-06-10 19:49 - 2014-06-10 19:49 - 00048392 _____ (COMODO CA Limited) C:\Windows\SysWOW64\certsentry.dll
2014-06-10 11:18 - 2014-06-10 11:18 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-HP-DV6TQE-Microsoft-Windows-7-Home-Premium-(64-bit).dat
2014-06-10 11:16 - 2014-06-10 11:16 - 00000000 ____D () C:\RegBackup
2014-06-10 07:50 - 2014-06-09 21:47 - 00062569 _____ () C:\ComboFix.txt
2014-06-09 21:47 - 2014-06-12 03:50 - 00000000 ____D () C:\Users\Naveen Admin\AppData\Local\temp
2014-06-09 21:47 - 2014-06-09 21:47 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-06-09 21:47 - 2014-06-09 21:47 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-06-09 21:47 - 2014-06-09 21:47 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-06-09 21:34 - 2011-06-25 22:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-06-09 21:34 - 2010-11-07 09:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-06-09 21:34 - 2000-08-30 16:00 - 00080412 _____ () C:\Windows\grep.exe
2014-06-09 21:34 - 2000-08-30 16:00 - 00068096 _____ () C:\Windows\zip.exe
2014-06-09 18:24 - 2014-06-09 18:24 - 00000859 _____ () C:\Users\Naveen Admin\Users - Shortcut.lnk
2014-06-09 17:20 - 2014-06-09 17:20 - 00000308 _____ () C:\Windows\Tasks\SlimCleaner Run.job
2014-06-09 16:27 - 2014-06-09 16:27 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-06-08 16:04 - 2014-06-08 16:04 - 00000020 ___SH () C:\Users\NAVEEN\ntuser.ini
2014-06-08 11:47 - 2014-06-11 05:31 - 00061040 _____ () C:\Windows\SysWOW64\GDIPFONTCACHEV1.DAT
2014-06-08 11:25 - 2014-06-11 11:45 - 00061040 _____ () C:\Windows\System32\GDIPFONTCACHEV1.DAT
2014-06-08 09:23 - 2014-06-08 09:23 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-06-08 07:54 - 2014-06-08 07:54 - 00000000 ____D () C:\Users\NAVEEN\AppData\Roaming\Comodo
2014-06-08 06:10 - 2014-06-08 06:14 - 00000000 ____D () C:\Program Files\Windroy
2014-06-08 04:16 - 2014-06-08 04:16 - 00000000 ____D () C:\ProgramData\BlueStacks
2014-06-08 04:16 - 2014-06-08 04:16 - 00000000 ____D () C:\Program Files (x86)\BlueStacks
2014-06-08 04:14 - 2014-06-08 04:16 - 00000000 ____D () C:\bluestacks
2014-06-08 04:11 - 2014-06-08 04:11 - 00000000 ____D () C:\Users\NAVEEN\AppData\Local\Bluestacks
2014-06-08 04:11 - 2014-06-08 04:11 - 00000000 ____D () C:\Users\Naveen Admin\AppData\Local\Bluestacks
2014-06-08 03:23 - 2014-06-08 03:23 - 00000000 ____D () C:\genymotion
2014-06-08 02:55 - 2014-06-08 02:54 - 00313256 _____ (Oracle Corporation) C:\Windows\System32\javaws.exe
2014-06-08 02:54 - 2014-06-08 02:54 - 00189352 _____ (Oracle Corporation) C:\Windows\System32\javaw.exe
2014-06-08 02:54 - 2014-06-08 02:54 - 00189352 _____ (Oracle Corporation) C:\Windows\System32\java.exe
2014-06-08 02:54 - 2014-06-08 02:54 - 00111016 _____ (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge-64.dll
2014-06-08 02:53 - 2014-06-08 02:52 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-06-08 02:53 - 2014-06-08 02:52 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-06-08 02:53 - 2014-06-08 02:52 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-06-08 02:53 - 2014-06-08 02:52 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-06-08 02:52 - 2014-06-08 02:52 - 00000000 ____D () C:\Program Files (x86)\Java
2014-06-07 12:05 - 2014-06-07 12:05 - 00058858 _____ () C:\Windows\SysWOW64\CCCInstall_201406080135593034.log
2014-06-07 12:02 - 2014-06-07 12:02 - 00000000 ____D () C:\AMD
2014-06-07 10:27 - 2014-06-07 10:26 - 01001472 _____ (DiBcom SA) C:\Windows\System32\Drivers\mod7700.sys
2014-06-07 10:27 - 2014-06-07 10:26 - 00436224 _____ (Huawei Technologies Co., Ltd.) C:\Windows\System32\Drivers\ewusbwwan.sys
2014-06-07 10:27 - 2014-06-07 10:26 - 00225920 _____ (Huawei Technologies Co., Ltd.) C:\Windows\System32\Drivers\ewusbmdm.sys
2014-06-07 10:27 - 2014-06-07 10:26 - 00224768 _____ (Huawei Technologies Co., Ltd.) C:\Windows\System32\Drivers\ew_juwwanecm.sys
2014-06-07 10:27 - 2014-06-07 10:26 - 00117248 _____ (Huawei Technologies Co., Ltd.) C:\Windows\System32\Drivers\ew_hwusbdev.sys
2014-06-07 10:27 - 2014-06-07 10:26 - 00104448 _____ (Huawei Technologies Co., Ltd.) C:\Windows\System32\Drivers\ew_jucdcacm.sys
2014-06-07 10:27 - 2014-06-07 10:26 - 00090112 _____ (Huawei Technologies Co., Ltd.) C:\Windows\System32\Drivers\ew_jubusenum.sys
2014-06-07 10:27 - 2014-06-07 10:26 - 00073216 _____ (Huawei Technologies Co., Ltd.) C:\Windows\System32\Drivers\ew_jucdcecm.sys
2014-06-07 10:27 - 2014-06-07 10:26 - 00032768 _____ (Huawei Tech. Co., Ltd.) C:\Windows\System32\Drivers\ewdcsc.sys
2014-06-07 10:27 - 2014-06-07 10:26 - 00030720 _____ (Huawei Technologies Co., Ltd.) C:\Windows\System32\Drivers\ew_juextctrl.sys
2014-06-07 10:27 - 2014-06-07 10:26 - 00022016 _____ (Huawei Technologies Co., Ltd.) C:\Windows\System32\Drivers\ew_hwupgrade.sys
2014-06-07 10:27 - 2014-06-07 10:26 - 00013952 _____ (Huawei Technologies Co., Ltd.) C:\Windows\System32\Drivers\ew_usbenumfilter.sys
2014-06-07 09:43 - 2014-06-07 09:43 - 00000000 _____ () C:\Windows\System32\SETE6F3.tmp
2014-06-07 09:43 - 2014-06-07 09:43 - 00000000 _____ () C:\Windows\System32\SETDE43.tmp
2014-06-07 05:07 - 2014-06-07 05:07 - 00000000 ____D () C:\Users\Naveen Admin\AppData\Roaming\Safer Networking
2014-06-06 23:16 - 2014-06-06 23:16 - 00000000 ____D () C:\Users\Naveen Admin\AppData\Local\Macromedia
2014-06-06 20:31 - 2012-05-14 17:43 - 00144896 _____ (Intel Corporation) C:\Windows\System32\IntelOpenCL64.dll
2014-06-06 20:31 - 2012-05-14 16:50 - 00104448 _____ (Intel Corporation) C:\Windows\SysWOW64\IntelOpenCL32.dll
2014-06-06 19:49 - 2013-08-15 03:09 - 01367424 _____ (Puran Software) C:\Windows\System32\PuranFD.exe
2014-06-06 19:49 - 2013-08-15 03:09 - 00292736 _____ (Puran Software) C:\Windows\System32\PuranDefragS.exe
2014-06-06 19:49 - 2013-08-15 03:09 - 00287616 _____ (Puran Software) C:\Windows\System32\PuranDC.exe
2014-06-06 19:49 - 2013-08-15 03:09 - 00256896 _____ (Puran Software) C:\Windows\System32\PuranDefrag.dll
2014-06-06 19:49 - 2013-08-15 03:09 - 00132480 _____ (Puran Software) C:\Windows\System32\PuranDefragBT.exe
2014-06-06 19:24 - 2014-06-06 19:24 - 00000000 ____D () C:\Users\Naveen Admin\AppData\Roaming\SystemRequirementsLab
2014-06-06 18:19 - 2014-06-06 18:19 - 00000000 _____ () C:\Windows\System32\SET2CFD.tmp
2014-06-06 18:19 - 2014-06-06 18:19 - 00000000 _____ () C:\Windows\System32\SET28DF.tmp
2014-06-06 18:19 - 2014-06-06 18:19 - 00000000 _____ () C:\Windows\System32\SET2764.tmp
2014-06-06 18:07 - 2014-06-06 18:07 - 00000000 ____D () C:\Users\Naveen Admin\Tracing
2014-06-06 17:55 - 2014-06-06 17:55 - 00003834 _____ () C:\Windows\System32\Tasks\SetupManager
2014-06-06 17:55 - 2014-06-06 17:55 - 00000000 ____D () C:\Users\Naveen Admin\AppData\Local\Hewlett-Packard_Company
2014-06-06 15:36 - 2014-06-06 21:20 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-06-06 15:36 - 2014-06-06 21:20 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-06-06 15:36 - 2014-06-06 15:36 - 00000000 ____D () C:\ProgramData\Google
2014-06-06 15:36 - 2014-06-06 15:36 - 00000000 ____D () C:\Program Files\Google
2014-06-06 14:22 - 2014-06-06 14:22 - 00059740 _____ () C:\Windows\SysWOW64\CCCInstall_201406070352339450.log
2014-06-06 14:15 - 2014-06-07 12:06 - 00000000 ____D () C:\Program Files\ATI_tech
2014-06-06 13:45 - 2014-06-06 13:45 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-06-06 13:38 - 2014-06-06 13:38 - 00000000 ____D () C:\Program Files\ATI
2014-06-06 12:36 - 2014-06-06 12:36 - 00053328 _____ () C:\Windows\SysWOW64\CCCInstall_201406070206336925.log
2014-06-06 12:34 - 2014-06-06 12:34 - 00000000 _____ () C:\Windows\SysWOW64\SETACF8.tmp
2014-06-06 12:34 - 2014-06-06 12:34 - 00000000 _____ () C:\Windows\SysWOW64\SETAC98.tmp
2014-06-06 10:23 - 2014-06-06 11:01 - 00000000 ____D () C:\Users\Naveen Admin\AppData\Roaming\Raptr
2014-06-06 10:23 - 2014-06-06 10:25 - 00000000 ____D () C:\Program Files (x86)\Raptr
2014-06-06 10:22 - 2014-06-07 12:07 - 00000000 ____D () C:\ProgramData\AMD
2014-06-06 10:22 - 2014-06-06 10:22 - 00059740 _____ () C:\Windows\SysWOW64\CCCInstall_201406062352329933.log
2014-06-06 10:17 - 2014-06-06 10:17 - 00000000 ____D () C:\Program Files\AMD
2014-06-06 10:16 - 2014-06-06 10:16 - 00000000 ____D () C:\Program Files\Common Files\ATI Technologies
2014-06-06 10:07 - 2014-06-06 10:07 - 00000000 ____D () C:\ProgramData\Trend Micro
2014-06-05 04:13 - 2014-06-05 04:13 - 00000000 ____D () C:\Program Files (x86)\Trend Micro
2014-06-04 21:16 - 2014-06-04 17:06 - 00180136 _____ (Tonec Inc.) C:\Windows\System32\Drivers\idmwfp.sys
2014-06-04 14:13 - 2013-04-28 19:47 - 00047632 _____ (Panda Security, S.L.) C:\Windows\System32\Drivers\PSKMAD.sys
2014-06-04 11:01 - 2014-06-04 11:01 - 00000000 ____D () C:\Users\NAVEEN\VirtualBox VMs
2014-06-04 08:22 - 2014-05-16 00:34 - 00254240 _____ (Oracle Corporation) C:\Windows\System32\Drivers\VBoxDrv.sys
2014-06-04 08:21 - 2014-05-16 00:33 - 00128288 _____ (Oracle Corporation) C:\Windows\System32\Drivers\VBoxUSBMon.sys
2014-06-03 16:21 - 2014-06-03 16:21 - 00000000 ____D () C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2014-06-03 13:34 - 2014-06-03 13:34 - 00000000 ____D () C:\Users\NAVEEN\AppData\Roaming\PhrozenSoft
2014-06-02 09:28 - 2013-09-03 03:49 - 00000833 _____ () C:\Windows\System32\Drivers\etc\ms hosts bkup
2014-06-02 08:36 - 2014-06-02 08:38 - 00000000 ____D () C:\Users\NAVEEN\AppData\Roaming\NexusFile
2014-06-02 08:36 - 2014-06-02 08:36 - 00000000 ____D () C:\Users\NAVEEN\AppData\Roaming\cryptlib
2014-06-02 04:51 - 2014-06-07 14:21 - 00000000 ____D () C:\Users\NAVEEN\AppData\Roaming\IDM
2014-06-02 04:28 - 2014-06-06 17:12 - 00000000 ____D () C:\Users\Naveen Admin\AppData\Roaming\IDM
2014-06-02 04:28 - 2014-06-02 04:28 - 00000000 ____D () C:\ProgramData\IDM
2014-06-02 03:07 - 2014-06-02 03:07 - 00000000 ____D () C:\Users\NAVEEN\Downloads\Video
2014-06-02 03:07 - 2014-06-02 03:07 - 00000000 ____D () C:\Users\NAVEEN\Downloads\Compressed
2014-06-02 02:38 - 2014-06-02 02:21 - 18017013 ____R () C:\Windows\System32\Drivers\etc\hosts.nav.bak
2014-05-31 14:57 - 2014-05-31 14:57 - 00240249 _____ () C:\Users\NAVEEN\Downloads\192.tmp
2014-05-31 14:57 - 2014-05-31 14:57 - 00107016 _____ () C:\Users\NAVEEN\Downloads\7FB.tmp
2014-05-31 14:57 - 2014-05-31 14:57 - 00041700 _____ () C:\Users\NAVEEN\Downloads\CEF.tmp
2014-05-31 14:57 - 2014-05-31 14:57 - 00018397 _____ () C:\Users\NAVEEN\Downloads\C21.tmp
2014-05-31 14:57 - 2014-05-31 14:57 - 00012412 _____ () C:\Users\NAVEEN\Downloads\C8F.tmp
2014-05-31 08:12 - 2014-05-31 08:12 - 00000000 ____D () C:\Users\NAVEEN\AppData\Roaming\Safer Networking
2014-05-30 17:25 - 2014-05-31 09:09 - 00000000 ____D () C:\Program Files\FreeFixer
2014-05-30 13:17 - 2014-05-30 13:33 - 00001710 _____ () C:\Windows\System32\Drivers\etc\hosts_PTbackup2.bak
2014-05-30 10:21 - 2014-05-30 10:21 - 00000024 ___SH () C:\Users\Naveen Admin\AppData\Roaming\System5908ConfigCollection.dat
2014-05-30 04:27 - 2014-05-30 04:27 - 00000000 ____D () C:\Users\NAVEEN\AppData\Roaming\SlimCleaner
2014-05-29 14:38 - 2014-05-29 14:38 - 823772410 _____ () C:\Windows\MEMORY.DMP
2014-05-29 14:38 - 2014-05-29 14:38 - 00266288 _____ () C:\Windows\Minidump\053014-30451-01.dmp
2014-05-29 13:33 - 2014-05-29 15:06 - 00000000 ____D () C:\ProgramData\UVK
2014-05-29 13:12 - 2014-05-29 13:48 - 00000000 ____D () C:\Program Files\UVK - Ultra Virus Killer
2014-05-29 10:47 - 2014-05-29 10:47 - 00000000 _____ () C:\Windows\System32\Drivers\OLD64E3.tmp
2014-05-28 07:07 - 2014-05-28 12:56 - 00000132 _____ () C:\Users\NAVEEN\AppData\Roaming\Adobe PNG Format CS6 Prefs
2014-05-26 09:25 - 2014-05-26 09:25 - 00000000 ____D () C:\Users\Naveen Admin\AppData\Roaming\Highresolution Enterprises
2014-05-26 07:33 - 2014-05-26 07:33 - 00000000 ____D () C:\Users\NAVEEN\AppData\Local\6_Wunderkinder_GmbH
2014-05-25 11:19 - 2014-05-25 11:19 - 00000000 _____ () C:\Windows\System32\Drivers\OLD9793.tmp
2014-05-25 07:12 - 2014-05-25 07:12 - 00000000 _____ () C:\Windows\System32\Drivers\OLDE5CD.tmp
2014-05-24 16:40 - 2014-05-24 16:40 - 00000000 ____D () C:\Program Files (x86)\Foolish IT
2014-05-24 11:53 - 2014-05-24 11:53 - 00004406 _____ () C:\Windows\System32\Tasks\ShouldIRemoveIt
2014-05-24 11:47 - 2014-05-31 15:11 - 00000000 ____D () C:\Program Files (x86)\DoubleKillerPro
2014-05-23 15:07 - 2014-06-07 09:38 - 00662468 _____ () C:\Windows\System32\Drivers\fvstore.dat
2014-05-23 15:07 - 2014-05-23 15:07 - 00000000 ____D () C:\VTRoot
2014-05-23 13:35 - 2014-05-23 13:35 - 00000000 ____D () C:\Users\NAVEEN\AppData\Roaming\aignes
2014-05-23 07:12 - 2014-06-08 02:54 - 00000000 ____D () C:\Users\NAVEEN\AppData\Roaming\DMCache
2014-05-23 04:36 - 2014-06-12 04:32 - 01474832 _____ () C:\Windows\System32\Drivers\sfi.dat
2014-05-23 01:51 - 2014-05-23 04:36 - 00000000 ____D () C:\Windows\System32\Tasks\COMODO
2014-05-23 01:50 - 2014-05-23 01:51 - 00000000 ___SD () C:\ProgramData\Shared Space
2014-05-23 01:50 - 2014-05-23 01:50 - 00000000 ____D () C:\ProgramData\Comodo Downloader
2014-05-23 01:50 - 2014-05-23 01:50 - 00000000 ____D () C:\Program Files\COMODO
2014-05-23 01:49 - 2014-05-23 05:43 - 00000000 ____D () C:\ProgramData\Comodo
2014-05-22 14:18 - 2014-05-22 14:18 - 00003288 _____ () C:\Windows\System32\Tasks\CIS_{15198508-521A-4D69-8E5B-B94A6CCFF805}
2014-05-22 13:41 - 2014-05-22 13:41 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-05-22 10:08 - 2014-05-22 10:08 - 00000849 _____ () C:\ProgramData\Ultima_T15 - Shortcut.lnk
2014-05-22 09:22 - 2014-05-22 09:22 - 00001004 _____ () C:\Users\NAVEEN\AppData\Roaming\fcuk - Shortcut.lnk
2014-05-21 11:39 - 2014-05-21 11:39 - 00000000 ____D () C:\Users\NAVEEN\AppData\Roaming\JonDo
2014-05-21 01:24 - 2014-06-08 02:54 - 00000000 ____D () C:\Program Files\Java
2014-05-20 11:06 - 2014-05-20 11:06 - 00000000 ____D () C:\Users\NAVEEN\AppData\Local\Copernic
2014-05-20 07:09 - 2014-05-20 07:09 - 00000000 ____D () C:\Users\NAVEEN\AppData\Roaming\Media Player Classic
2014-05-20 06:02 - 2014-06-09 21:30 - 00000000 ____D () C:\Users\Naveen Admin\AppData\Roaming\Comodo
2014-05-20 04:25 - 2014-05-20 04:25 - 00000000 ____D () C:\Program Files (x86)\Bazooka
2014-05-20 01:22 - 2014-05-20 01:22 - 00000000 ____D () C:\Program Files (x86)\JonDo
2014-05-19 14:53 - 2014-05-19 14:53 - 00000020 _____ () C:\Users\Naveen Admin\defogger_reenable
2014-05-18 15:07 - 2014-05-19 03:27 - 00000000 ____D () C:\Program Files (x86)\VTU2
2014-05-18 02:44 - 2014-05-11 17:56 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys
2014-05-16 15:49 - 2013-05-01 12:54 - 00620128 ____N (Kaspersky Lab ZAO) C:\Windows\System32\Drivers\klif.sys
2014-05-16 15:46 - 2014-05-20 05:18 - 00000000 ____D () C:\ProgramData\Kaspersky Lab Setup Files
2014-05-16 00:33 - 2014-05-16 00:33 - 00156448 _____ (Oracle Corporation) C:\Windows\System32\Drivers\VBoxNetFlt.sys
2014-05-16 00:33 - 2014-05-16 00:33 - 00141600 _____ (Oracle Corporation) C:\Windows\System32\Drivers\VBoxNetAdp.sys
2014-05-16 00:31 - 2014-05-16 00:31 - 00204064 _____ (Oracle Corporation) C:\Windows\System32\VBoxNetFltNobj.dll
2014-05-15 05:11 - 2014-05-15 05:11 - 00003230 _____ () C:\Windows\System32\Tasks\SidebarExecute
2014-05-14 13:55 - 2014-04-11 18:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2014-05-14 13:55 - 2014-04-11 18:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2014-05-14 13:55 - 2014-04-11 18:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2014-05-14 13:55 - 2014-04-11 18:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\System32\sspicli.dll
2014-05-14 13:55 - 2014-04-11 18:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\System32\lsass.exe
2014-05-14 13:55 - 2014-04-11 18:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\System32\sspisrv.dll
2014-05-14 13:55 - 2014-04-11 18:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\System32\secur32.dll
2014-05-14 13:55 - 2014-04-11 18:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-14 13:55 - 2014-04-11 18:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-14 13:55 - 2014-03-04 01:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2014-05-14 13:55 - 2014-03-04 01:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2014-05-14 13:55 - 2014-03-04 01:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\System32\objsel.dll
2014-05-14 13:55 - 2014-03-04 01:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2014-05-14 13:55 - 2014-03-04 01:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\System32\schannel.dll
2014-05-14 13:55 - 2014-03-04 01:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\System32\msv1_0.dll
2014-05-14 13:55 - 2014-03-04 01:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\System32\wdigest.dll
2014-05-14 13:55 - 2014-03-04 01:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\System32\TSpkg.dll
2014-05-14 13:55 - 2014-03-04 01:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\wincredprovider.dll
2014-05-14 13:55 - 2014-03-04 01:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\System32\winlogon.exe
2014-05-14 13:55 - 2014-03-04 01:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\System32\cngprovider.dll
2014-05-14 13:55 - 2014-03-04 01:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\System32\adprovider.dll
2014-05-14 13:55 - 2014-03-04 01:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\System32\capiprovider.dll
2014-05-14 13:55 - 2014-03-04 01:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\System32\dpapiprovider.dll
2014-05-14 13:55 - 2014-03-04 01:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\System32\dimsroam.dll
2014-05-14 13:55 - 2014-03-04 01:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\System32\credssp.dll
2014-05-14 13:55 - 2014-03-04 01:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-14 13:55 - 2014-03-04 01:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-14 13:55 - 2014-03-04 01:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-14 13:55 - 2014-03-04 01:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-14 13:55 - 2014-03-04 01:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-14 13:55 - 2014-03-04 01:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-14 13:55 - 2014-03-04 01:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-14 13:55 - 2014-03-04 01:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-14 13:55 - 2014-03-04 01:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-14 13:55 - 2014-03-04 01:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-14 13:55 - 2014-03-04 01:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-14 13:55 - 2014-03-04 01:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-14 13:55 - 2014-03-04 01:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-14 13:55 - 2014-03-04 01:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-14 13:55 - 2014-03-04 01:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-14 13:55 - 2014-03-04 01:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-14 13:54 - 2014-03-24 18:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\System32\shell32.dll
2014-05-14 13:53 - 2014-03-24 18:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-13 10:26 - 2014-05-13 11:33 - 00000000 ____D () C:\Users\Naveen Admin\AppData\Roaming\SoftGrid Client
2014-05-13 10:26 - 2014-05-13 10:26 - 00000000 ____D () C:\Users\Naveen Admin\AppData\Local\SoftGrid Client
2014-05-13 05:58 - 2014-05-13 05:58 - 00000000 _____ () C:\Users\NAVEEN\AppData\Local\{4534B097-2E1A-4637-8A52-D3E85AF0E8B2}
2014-05-13 00:24 - 2014-05-13 00:24 - 00001056 _____ () C:\Windows\System32\SettingsFile

==================== One Month Modified Files and Folders =======

2014-06-12 04:50 - 2012-03-13 17:05 - 01641291 _____ () C:\Windows\WindowsUpdate.log
2014-06-12 04:48 - 2014-06-12 04:47 - 00002420 _____ () C:\Users\Naveen Admin\Desktop\Rkill.txt
2014-06-12 04:40 - 2014-06-12 04:40 - 00000000 ____D () C:\hair
2014-06-12 04:40 - 2014-01-25 06:39 - 00000000 ____D () C:\Qoobox
2014-06-12 04:32 - 2014-05-23 04:36 - 01474832 _____ () C:\Windows\System32\Drivers\sfi.dat
2014-06-12 04:01 - 2012-11-11 10:19 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-12 03:50 - 2014-06-09 21:47 - 00000000 ____D () C:\Users\Naveen Admin\AppData\Local\temp
2014-06-12 03:40 - 2009-07-13 21:13 - 00783596 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-06-12 03:38 - 2009-07-13 19:20 - 00000000 ___HD () C:\Windows\System32\GroupPolicy
2014-06-12 03:19 - 2014-04-11 15:58 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2014-06-12 03:12 - 2014-02-10 10:43 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-12 02:59 - 2009-07-13 20:45 - 00032064 _____ () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-12 02:59 - 2009-07-13 20:45 - 00032064 _____ () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-12 02:52 - 2012-09-12 06:33 - 00039228 _____ () C:\Windows\setupact.log
2014-06-12 02:52 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-12 02:33 - 2013-12-14 20:18 - 00000000 ____D () C:\Windows\rescache
2014-06-12 00:33 - 2014-06-12 00:33 - 00000964 _____ () C:\Users\Public\Desktop\Pale Moon.lnk
2014-06-12 00:33 - 2014-06-12 00:33 - 00000964 _____ () C:\ProgramData\Desktop\Pale Moon.lnk
2014-06-12 00:32 - 2012-04-19 17:12 - 00000000 ____D () C:\Program Files\naveen
2014-06-11 14:53 - 2014-06-11 14:53 - 00000070 _____ () C:\Users\NAVEEN\Desktop\bkmk.txt
2014-06-11 14:41 - 2014-01-31 13:34 - 00000000 ____D () C:\users\Naveen Admin
2014-06-11 14:36 - 2013-08-09 07:18 - 00000000 ____D () C:\Windows\System32\MRT
2014-06-11 14:32 - 2009-07-13 18:34 - 00000495 _____ () C:\Windows\win.ini
2014-06-11 14:31 - 2012-04-06 16:59 - 95414520 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2014-06-11 14:30 - 2014-04-24 07:24 - 00000000 ___SD () C:\Windows\System32\CompatTel
2014-06-11 14:14 - 2014-06-11 14:14 - 00000024 ___SH () C:\Users\Naveen Admin\AppData\Roaming\1D959CA221C7573.sys
2014-06-11 14:06 - 2012-09-19 06:20 - 00202010 _____ () C:\Windows\PFRO.log
2014-06-11 13:58 - 2014-04-13 13:23 - 00000000 ____D () C:\Users\Naveen Admin\AppData\Local\CrashDumps
2014-06-11 13:52 - 2014-06-11 13:52 - 00000000 ____D () C:\temp
2014-06-11 13:10 - 2014-01-31 13:35 - 00061040 _____ () C:\Users\Naveen Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-11 12:18 - 2009-07-13 21:32 - 00000000 ____D () C:\Program Files\Windows Sidebar
2014-06-11 12:18 - 2009-07-13 21:32 - 00000000 ____D () C:\Program Files (x86)\Windows Sidebar
2014-06-11 12:06 - 2009-07-13 20:45 - 04901168 _____ () C:\Windows\System32\FNTCACHE.DAT
2014-06-11 12:05 - 2013-05-30 14:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-11 11:52 - 2014-06-11 11:52 - 00001130 _____ () C:\temp645.bat
2014-06-11 11:51 - 2014-06-11 11:51 - 00001245 _____ () C:\temp694.bat
2014-06-11 11:45 - 2014-06-08 11:25 - 00061040 _____ () C:\Windows\System32\GDIPFONTCACHEV1.DAT
2014-06-11 11:45 - 2012-05-11 06:59 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2014-06-11 05:31 - 2014-06-08 11:47 - 00061040 _____ () C:\Windows\SysWOW64\GDIPFONTCACHEV1.DAT
2014-06-10 21:59 - 2014-06-10 21:59 - 00001994 _____ () C:\Users\NAVEEN\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2014-06-10 20:56 - 2014-02-10 22:04 - 00000000 ____D () C:\Users\NAVEEN\AppData\Roaming\Mozilla
2014-06-10 20:41 - 2014-06-10 20:41 - 00000000 ____D () C:\Program Files (x86)\Comodo
2014-06-10 19:49 - 2014-06-10 19:49 - 00048392 _____ (COMODO CA Limited) C:\Windows\SysWOW64\certsentry.dll
2014-06-10 19:49 - 2014-03-26 09:21 - 00057096 _____ (COMODO CA Limited) C:\Windows\System32\certsentry.dll
2014-06-10 19:48 - 2012-04-08 14:54 - 00000000 ____D () C:\Program Files (x86)\naveen
2014-06-10 13:51 - 2013-01-04 15:31 - 00000000 ____D () C:\user renam
2014-06-10 13:33 - 2009-07-13 21:08 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-06-10 13:08 - 2014-02-12 02:57 - 00000000 ____D () C:\Users\NAVEEN\AppData\Local\Mozilla
2014-06-10 11:18 - 2014-06-10 11:18 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-HP-DV6TQE-Microsoft-Windows-7-Home-Premium-(64-bit).dat
2014-06-10 11:16 - 2014-06-10 11:16 - 00000000 ____D () C:\RegBackup
2014-06-10 09:45 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\System32\NDF
2014-06-10 07:36 - 2013-08-22 07:19 - 00000000 ____D () C:\users\Administrator
2014-06-09 21:47 - 2014-06-10 07:50 - 00062569 _____ () C:\ComboFix.txt
2014-06-09 21:47 - 2014-06-09 21:47 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-06-09 21:47 - 2014-06-09 21:47 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-06-09 21:47 - 2014-06-09 21:47 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-06-09 21:44 - 2009-07-13 18:34 - 00000215 _____ () C:\Windows\system.ini
2014-06-09 21:30 - 2014-05-20 06:02 - 00000000 ____D () C:\Users\Naveen Admin\AppData\Roaming\Comodo
2014-06-09 19:36 - 2014-03-01 10:47 - 00000000 ____D () C:\Users\Naveen Admin\AppData\Roaming\Notepad++
2014-06-09 18:24 - 2014-06-09 18:24 - 00000859 _____ () C:\Users\Naveen Admin\Users - Shortcut.lnk
2014-06-09 17:20 - 2014-06-09 17:20 - 00000308 _____ () C:\Windows\Tasks\SlimCleaner Run.job
2014-06-09 17:20 - 2014-05-06 10:56 - 00000000 ____D () C:\Program Files (x86)\SlimCleaner
2014-06-09 16:27 - 2014-06-09 16:27 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-06-09 15:41 - 2012-10-25 05:01 - 00000000 ____D () C:\Windows\Replay Video Capture 6
2014-06-08 16:04 - 2014-06-08 16:04 - 00000020 ___SH () C:\Users\NAVEEN\ntuser.ini
2014-06-08 16:04 - 2012-04-05 07:02 - 00000000 ____D () C:\users\NAVEEN
2014-06-08 11:06 - 2013-11-03 10:52 - 00000000 ____D () C:\Users\NAVEEN\.umplayer
2014-06-08 10:59 - 2012-04-05 07:02 - 00000000 ____D () C:\Users\NAVEEN\AppData\Local\Temp
2014-06-08 10:32 - 2014-01-30 04:31 - 00000000 ____D () C:\FRST
2014-06-08 09:23 - 2014-06-08 09:23 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-06-08 08:07 - 2012-05-06 11:18 - 00000000 ____D () C:\Users\NAVEEN\AppData\Roaming\SoftGrid Client
2014-06-08 07:54 - 2014-06-08 07:54 - 00000000 ____D () C:\Users\NAVEEN\AppData\Roaming\Comodo
2014-06-08 06:14 - 2014-06-08 06:10 - 00000000 ____D () C:\Program Files\Windroy
2014-06-08 05:16 - 2013-02-13 09:29 - 00000000 ____D () C:\ProgramData\BlueStacksSetup
2014-06-08 04:17 - 2009-07-13 19:20 - 00000000 ___RD () C:\Users\Public\Libraries
2014-06-08 04:16 - 2014-06-08 04:16 - 00000000 ____D () C:\ProgramData\BlueStacks
2014-06-08 04:16 - 2014-06-08 04:16 - 00000000 ____D () C:\Program Files (x86)\BlueStacks
2014-06-08 04:16 - 2014-06-08 04:14 - 00000000 ____D () C:\bluestacks
2014-06-08 04:11 - 2014-06-08 04:11 - 00000000 ____D () C:\Users\NAVEEN\AppData\Local\Bluestacks
2014-06-08 04:11 - 2014-06-08 04:11 - 00000000 ____D () C:\Users\Naveen Admin\AppData\Local\Bluestacks
2014-06-08 03:23 - 2014-06-08 03:23 - 00000000 ____D () C:\genymotion
2014-06-08 02:54 - 2014-06-08 02:55 - 00313256 _____ (Oracle Corporation) C:\Windows\System32\javaws.exe
2014-06-08 02:54 - 2014-06-08 02:54 - 00189352 _____ (Oracle Corporation) C:\Windows\System32\javaw.exe
2014-06-08 02:54 - 2014-06-08 02:54 - 00189352 _____ (Oracle Corporation) C:\Windows\System32\java.exe
2014-06-08 02:54 - 2014-06-08 02:54 - 00111016 _____ (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge-64.dll
2014-06-08 02:54 - 2014-05-23 07:12 - 00000000 ____D () C:\Users\NAVEEN\AppData\Roaming\DMCache
2014-06-08 02:54 - 2014-05-21 01:24 - 00000000 ____D () C:\Program Files\Java
2014-06-08 02:53 - 2014-01-25 10:17 - 00000000 ____D () C:\ProgramData\Oracle
2014-06-08 02:52 - 2014-06-08 02:53 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-06-08 02:52 - 2014-06-08 02:53 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-06-08 02:52 - 2014-06-08 02:53 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-06-08 02:52 - 2014-06-08 02:53 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-06-08 02:52 - 2014-06-08 02:52 - 00000000 ____D () C:\Program Files (x86)\Java
2014-06-08 02:42 - 2012-04-11 12:34 - 00000000 ____D () C:\Users\NAVEEN\AppData\Local\CrashDumps
2014-06-08 01:13 - 2014-06-11 14:19 - 00506368 _____ (Microsoft Corporation) C:\Windows\System32\aepdu.dll
2014-06-08 01:08 - 2014-06-11 14:19 - 00424448 _____ (Microsoft Corporation) C:\Windows\System32\aeinv.dll
2014-06-07 14:21 - 2014-06-02 04:51 - 00000000 ____D () C:\Users\NAVEEN\AppData\Roaming\IDM
2014-06-07 14:08 - 2014-03-26 05:44 - 00000000 ____D () C:\Users\Naveen Admin\AppData\Roaming\DMCache
2014-06-07 12:07 - 2014-06-06 10:22 - 00000000 ____D () C:\ProgramData\AMD
2014-06-07 12:06 - 2014-06-06 14:15 - 00000000 ____D () C:\Program Files\ATI_tech
2014-06-07 12:05 - 2014-06-07 12:05 - 00058858 _____ () C:\Windows\SysWOW64\CCCInstall_201406080135593034.log
2014-06-07 12:02 - 2014-06-07 12:02 - 00000000 ____D () C:\AMD
2014-06-07 10:27 - 2013-07-06 07:21 - 00000000 ____D () C:\ProgramData\DatacardService
2014-06-07 10:26 - 2014-06-07 10:27 - 01001472 _____ (DiBcom SA) C:\Windows\System32\Drivers\mod7700.sys
2014-06-07 10:26 - 2014-06-07 10:27 - 00436224 _____ (Huawei Technologies Co., Ltd.) C:\Windows\System32\Drivers\ewusbwwan.sys
2014-06-07 10:26 - 2014-06-07 10:27 - 00225920 _____ (Huawei Technologies Co., Ltd.) C:\Windows\System32\Drivers\ewusbmdm.sys
2014-06-07 10:26 - 2014-06-07 10:27 - 00224768 _____ (Huawei Technologies Co., Ltd.) C:\Windows\System32\Drivers\ew_juwwanecm.sys
2014-06-07 10:26 - 2014-06-07 10:27 - 00117248 _____ (Huawei Technologies Co., Ltd.) C:\Windows\System32\Drivers\ew_hwusbdev.sys
2014-06-07 10:26 - 2014-06-07 10:27 - 00104448 _____ (Huawei Technologies Co., Ltd.) C:\Windows\System32\Drivers\ew_jucdcacm.sys
2014-06-07 10:26 - 2014-06-07 10:27 - 00090112 _____ (Huawei Technologies Co., Ltd.) C:\Windows\System32\Drivers\ew_jubusenum.sys
2014-06-07 10:26 - 2014-06-07 10:27 - 00073216 _____ (Huawei Technologies Co., Ltd.) C:\Windows\System32\Drivers\ew_jucdcecm.sys
2014-06-07 10:26 - 2014-06-07 10:27 - 00032768 _____ (Huawei Tech. Co., Ltd.) C:\Windows\System32\Drivers\ewdcsc.sys
2014-06-07 10:26 - 2014-06-07 10:27 - 00030720 _____ (Huawei Technologies Co., Ltd.) C:\Windows\System32\Drivers\ew_juextctrl.sys
2014-06-07 10:26 - 2014-06-07 10:27 - 00022016 _____ (Huawei Technologies Co., Ltd.) C:\Windows\System32\Drivers\ew_hwupgrade.sys
2014-06-07 10:26 - 2014-06-07 10:27 - 00013952 _____ (Huawei Technologies Co., Ltd.) C:\Windows\System32\Drivers\ew_usbenumfilter.sys
2014-06-07 10:26 - 2013-07-06 07:24 - 01490656 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\WdfCoInstaller01007.dll
2014-06-07 10:26 - 2008-03-27 04:21 - 01490656 _____ (Microsoft Corporation) C:\Windows\System32\wdfcoinstaller01007.dll
2014-06-07 09:43 - 2014-06-07 09:43 - 00000000 _____ () C:\Windows\System32\SETE6F3.tmp
2014-06-07 09:43 - 2014-06-07 09:43 - 00000000 _____ () C:\Windows\System32\SETDE43.tmp
2014-06-07 09:38 - 2014-05-23 15:07 - 00662468 _____ () C:\Windows\System32\Drivers\fvstore.dat
2014-06-07 05:07 - 2014-06-07 05:07 - 00000000 ____D () C:\Users\Naveen Admin\AppData\Roaming\Safer Networking
2014-06-07 05:03 - 2012-04-05 07:12 - 00061040 _____ () C:\Users\NAVEEN\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-07 03:36 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\registration
2014-06-06 23:16 - 2014-06-06 23:16 - 00000000 ____D () C:\Users\Naveen Admin\AppData\Local\Macromedia
2014-06-06 21:20 - 2014-06-06 15:36 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-06-06 21:20 - 2014-06-06 15:36 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-06-06 21:03 - 2011-11-09 09:48 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-06-06 20:55 - 2012-04-07 23:47 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-06-06 20:31 - 2012-03-13 17:35 - 00000000 ____D () C:\ProgramData\Intel
2014-06-06 20:31 - 2012-03-13 17:07 - 00000000 ____D () C:\Program Files (x86)\Intel
2014-06-06 20:25 - 2012-03-13 17:07 - 00000000 ____D () C:\Intel
2014-06-06 19:58 - 2009-07-13 19:20 - 00000000 ___RD () C:\users\Default
2014-06-06 19:24 - 2014-06-06 19:24 - 00000000 ____D () C:\Users\Naveen Admin\AppData\Roaming\SystemRequirementsLab
2014-06-06 19:24 - 2014-03-01 11:56 - 00000000 ____D () C:\Program Files (x86)\SystemRequirementsLab
2014-06-06 18:19 - 2014-06-06 18:19 - 00000000 _____ () C:\Windows\System32\SET2CFD.tmp
2014-06-06 18:19 - 2014-06-06 18:19 - 00000000 _____ () C:\Windows\System32\SET28DF.tmp
2014-06-06 18:19 - 2014-06-06 18:19 - 00000000 _____ () C:\Windows\System32\SET2764.tmp
2014-06-06 18:07 - 2014-06-06 18:07 - 00000000 ____D () C:\Users\Naveen Admin\Tracing
2014-06-06 17:56 - 2014-03-31 07:45 - 00000000 ___DC () C:\Users\Naveen Admin\AppData\Local\MigWiz
2014-06-06 17:55 - 2014-06-06 17:55 - 00003834 _____ () C:\Windows\System32\Tasks\SetupManager
2014-06-06 17:55 - 2014-06-06 17:55 - 00000000 ____D () C:\Users\Naveen Admin\AppData\Local\Hewlett-Packard_Company
2014-06-06 17:12 - 2014-06-02 04:28 - 00000000 ____D () C:\Users\Naveen Admin\AppData\Roaming\IDM
2014-06-06 16:40 - 2012-05-09 14:48 - 00000000 ____D () C:\Windows\pss
2014-06-06 16:32 - 2014-03-28 06:15 - 00008192 _____ () C:\Windows\SysWOW64\WDPABKP.dat
2014-06-06 16:27 - 2014-01-31 13:35 - 00000008 __RSH () C:\Users\Naveen Admin\ntuser.pol
2014-06-06 15:36 - 2014-06-06 15:36 - 00000000 ____D () C:\ProgramData\Google
2014-06-06 15:36 - 2014-06-06 15:36 - 00000000 ____D () C:\Program Files\Google
2014-06-06 15:36 - 2012-11-11 10:18 - 00000000 ____D () C:\Program Files (x86)\Google
2014-06-06 14:22 - 2014-06-06 14:22 - 00059740 _____ () C:\Windows\SysWOW64\CCCInstall_201406070352339450.log
2014-06-06 13:45 - 2014-06-06 13:45 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-06-06 13:38 - 2014-06-06 13:38 - 00000000 ____D () C:\Program Files\ATI
2014-06-06 13:16 - 2014-03-03 17:12 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-06-06 12:36 - 2014-06-06 12:36 - 00053328 _____ () C:\Windows\SysWOW64\CCCInstall_201406070206336925.log
2014-06-06 12:34 - 2014-06-06 12:34 - 00000000 _____ () C:\Windows\SysWOW64\SETACF8.tmp
2014-06-06 12:34 - 2014-06-06 12:34 - 00000000 _____ () C:\Windows\SysWOW64\SETAC98.tmp
2014-06-06 11:01 - 2014-06-06 10:23 - 00000000 ____D () C:\Users\Naveen Admin\AppData\Roaming\Raptr
2014-06-06 10:25 - 2014-06-06 10:23 - 00000000 ____D () C:\Program Files (x86)\Raptr
2014-06-06 10:22 - 2014-06-06 10:22 - 00059740 _____ () C:\Windows\SysWOW64\CCCInstall_201406062352329933.log
2014-06-06 10:17 - 2014-06-06 10:17 - 00000000 ____D () C:\Program Files\AMD
2014-06-06 10:16 - 2014-06-06 10:16 - 00000000 ____D () C:\Program Files\Common Files\ATI Technologies
2014-06-06 10:07 - 2014-06-06 10:07 - 00000000 ____D () C:\ProgramData\Trend Micro
2014-06-05 04:13 - 2014-06-05 04:13 - 00000000 ____D () C:\Program Files (x86)\Trend Micro
2014-06-04 17:06 - 2014-06-04 21:16 - 00180136 _____ (Tonec Inc.) C:\Windows\System32\Drivers\idmwfp.sys
2014-06-04 11:01 - 2014-06-04 11:01 - 00000000 ____D () C:\Users\NAVEEN\VirtualBox VMs
2014-06-03 16:21 - 2014-06-03 16:21 - 00000000 ____D () C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2014-06-03 13:34 - 2014-06-03 13:34 - 00000000 ____D () C:\Users\NAVEEN\AppData\Roaming\PhrozenSoft
2014-06-02 08:38 - 2014-06-02 08:36 - 00000000 ____D () C:\Users\NAVEEN\AppData\Roaming\NexusFile
2014-06-02 08:36 - 2014-06-02 08:36 - 00000000 ____D () C:\Users\NAVEEN\AppData\Roaming\cryptlib
2014-06-02 04:28 - 2014-06-02 04:28 - 00000000 ____D () C:\ProgramData\IDM
2014-06-02 03:07 - 2014-06-02 03:07 - 00000000 ____D () C:\Users\NAVEEN\Downloads\Video
2014-06-02 03:07 - 2014-06-02 03:07 - 00000000 ____D () C:\Users\NAVEEN\Downloads\Compressed
2014-06-02 02:21 - 2014-06-02 02:38 - 18017013 ____R () C:\Windows\System32\Drivers\etc\hosts.nav.bak
2014-05-31 15:11 - 2014-05-24 11:47 - 00000000 ____D () C:\Program Files (x86)\DoubleKillerPro
2014-05-31 14:57 - 2014-05-31 14:57 - 00240249 _____ () C:\Users\NAVEEN\Downloads\192.tmp
2014-05-31 14:57 - 2014-05-31 14:57 - 00107016 _____ () C:\Users\NAVEEN\Downloads\7FB.tmp
2014-05-31 14:57 - 2014-05-31 14:57 - 00041700 _____ () C:\Users\NAVEEN\Downloads\CEF.tmp
2014-05-31 14:57 - 2014-05-31 14:57 - 00018397 _____ () C:\Users\NAVEEN\Downloads\C21.tmp
2014-05-31 14:57 - 2014-05-31 14:57 - 00012412 _____ () C:\Users\NAVEEN\Downloads\C8F.tmp
2014-05-31 09:09 - 2014-05-30 17:25 - 00000000 ____D () C:\Program Files\FreeFixer
2014-05-31 08:12 - 2014-05-31 08:12 - 00000000 ____D () C:\Users\NAVEEN\AppData\Roaming\Safer Networking
2014-05-30 13:33 - 2014-05-30 13:17 - 00001710 _____ () C:\Windows\System32\Drivers\etc\hosts_PTbackup2.bak
2014-05-30 13:17 - 2009-07-13 18:34 - 00576111 _____ () C:\Windows\System32\Drivers\etc\hosts_PTBackup.bak
2014-05-30 10:21 - 2014-05-30 10:21 - 00000024 ___SH () C:\Users\Naveen Admin\AppData\Roaming\System5908ConfigCollection.dat
2014-05-30 05:32 - 2014-02-18 08:32 - 00000000 ____D () C:\Users\NAVEEN\Documents\Youcam
2014-05-30 04:27 - 2014-05-30 04:27 - 00000000 ____D () C:\Users\NAVEEN\AppData\Roaming\SlimCleaner
2014-05-30 02:21 - 2014-06-12 00:48 - 23414784 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-05-30 02:02 - 2014-06-12 00:48 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-05-30 02:02 - 2014-06-12 00:48 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2014-05-30 01:45 - 2014-06-12 00:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2014-05-30 01:39 - 2014-06-12 00:48 - 00548352 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2014-05-30 01:39 - 2014-06-12 00:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2014-05-30 01:38 - 2014-06-12 00:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2014-05-30 01:28 - 2014-06-12 00:48 - 00051200 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2014-05-30 01:27 - 2014-06-12 00:48 - 00033792 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2014-05-30 01:24 - 2014-06-12 00:48 - 00574976 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2014-05-30 01:21 - 2014-06-12 00:48 - 00139264 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2014-05-30 01:21 - 2014-06-12 00:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2014-05-30 01:20 - 2014-06-12 00:48 - 00752640 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2014-05-30 01:18 - 2014-06-12 00:48 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-30 01:11 - 2014-06-12 00:48 - 00940032 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2014-05-30 01:08 - 2014-06-12 00:48 - 05782528 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2014-05-30 01:06 - 2014-06-12 00:48 - 00452096 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2014-05-30 01:02 - 2014-06-12 00:48 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-30 00:55 - 2014-06-12 00:48 - 00038400 _____ (Microsoft Corporation) C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-05-30 00:49 - 2014-06-12 00:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2014-05-30 00:46 - 2014-06-12 00:48 - 00085504 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2014-05-30 00:44 - 2014-06-12 00:48 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-05-30 00:44 - 2014-06-12 00:48 - 00295424 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2014-05-30 00:43 - 2014-06-12 00:48 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-05-30 00:42 - 2014-06-12 00:48 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-05-30 00:38 - 2014-06-12 00:48 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-30 00:35 - 2014-06-12 00:48 - 00608768 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2014-05-30 00:34 - 2014-06-12 00:48 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-30 00:33 - 2014-06-12 00:48 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-05-30 00:30 - 2014-06-12 00:48 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-05-30 00:29 - 2014-06-12 00:48 - 00631808 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2014-05-30 00:28 - 2014-06-12 00:48 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-05-30 00:27 - 2014-06-12 00:48 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-05-30 00:24 - 2014-06-12 00:48 - 01249280 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2014-05-30 00:23 - 2014-06-12 00:48 - 02040832 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2014-05-30 00:16 - 2014-06-12 00:48 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-30 00:10 - 2014-06-12 00:48 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-05-30 00:06 - 2014-06-12 00:48 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-05-30 00:04 - 2014-06-12 00:48 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-30 00:02 - 2014-06-12 00:48 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-29 23:56 - 2014-06-12 00:48 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-29 23:56 - 2014-06-12 00:48 - 02266112 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2014-05-29 23:54 - 2014-06-12 00:48 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-29 23:50 - 2014-06-12 00:48 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-05-29 23:49 - 2014-06-12 00:48 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-29 23:43 - 2014-06-12 00:48 - 13522944 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2014-05-29 23:40 - 2014-06-12 00:48 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-29 23:30 - 2014-06-12 00:48 - 01398272 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2014-05-29 23:21 - 2014-06-12 00:48 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-29 23:15 - 2014-06-12 00:48 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-05-29 23:13 - 2014-06-12 00:48 - 00846336 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2014-05-29 23:13 - 2014-06-12 00:48 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-05-29 15:17 - 2009-07-13 20:54 - 00000749 ____R () C:\Windows\WindowsShell.Manifest
2014-05-29 15:06 - 2014-05-29 13:33 - 00000000 ____D () C:\ProgramData\UVK
2014-05-29 14:49 - 2014-01-30 14:18 - 00000282 __RSH () C:\Users\NAVEEN\ntuser.pol
2014-05-29 14:38 - 2014-05-29 14:38 - 823772410 _____ () C:\Windows\MEMORY.DMP
2014-05-29 14:38 - 2014-05-29 14:38 - 00266288 _____ () C:\Windows\Minidump\053014-30451-01.dmp
2014-05-29 14:38 - 2012-12-02 04:39 - 00000000 ____D () C:\Windows\Minidump
2014-05-29 13:48 - 2014-05-29 13:12 - 00000000 ____D () C:\Program Files\UVK - Ultra Virus Killer
2014-05-29 10:47 - 2014-05-29 10:47 - 00000000 _____ () C:\Windows\System32\Drivers\OLD64E3.tmp
2014-05-28 12:56 - 2014-05-28 07:07 - 00000132 _____ () C:\Users\NAVEEN\AppData\Roaming\Adobe PNG Format CS6 Prefs
2014-05-28 11:40 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\PLA
2014-05-28 09:33 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\DigitalLocker
2014-05-27 04:58 - 2013-09-23 10:46 - 00000000 ____D () C:\Users\NAVEEN\Documents\ViceVersa PRO
2014-05-27 04:03 - 2014-05-02 19:20 - 00000000 ____D () C:\ProgramData\Nuance
2014-05-27 03:50 - 2014-05-08 18:04 - 00000000 ____D () C:\ProgramData\Microsoft Toolkit
2014-05-26 09:25 - 2014-05-26 09:25 - 00000000 ____D () C:\Users\Naveen Admin\AppData\Roaming\Highresolution Enterprises
2014-05-26 07:33 - 2014-05-26 07:33 - 00000000 ____D () C:\Users\NAVEEN\AppData\Local\6_Wunderkinder_GmbH
2014-05-25 11:19 - 2014-05-25 11:19 - 00000000 _____ () C:\Windows\System32\Drivers\OLD9793.tmp
2014-05-25 07:12 - 2014-05-25 07:12 - 00000000 _____ () C:\Windows\System32\Drivers\OLDE5CD.tmp
2014-05-25 04:11 - 2014-01-16 07:48 - 00000000 ____D () C:\Users\NAVEEN\AppData\Roaming\Notepad++
2014-05-24 16:40 - 2014-05-24 16:40 - 00000000 ____D () C:\Program Files (x86)\Foolish IT
2014-05-24 15:54 - 2014-03-03 17:07 - 00000000 ____D () C:\Users\NAVEEN\AppData\Roaming\Apple Computer
2014-05-24 15:54 - 2014-03-03 17:07 - 00000000 ____D () C:\Users\NAVEEN\AppData\Local\Apple Computer
2014-05-24 11:53 - 2014-05-24 11:53 - 00004406 _____ () C:\Windows\System32\Tasks\ShouldIRemoveIt
2014-05-24 11:02 - 2011-02-10 11:23 - 00000000 ____D () C:\SWSetup
2014-05-23 15:07 - 2014-05-23 15:07 - 00000000 ____D () C:\VTRoot
2014-05-23 14:40 - 2014-04-11 17:17 - 00000000 ____D () C:\Users\Naveen Admin\AppData\Roaming\TeraCopy
2014-05-23 13:35 - 2014-05-23 13:35 - 00000000 ____D () C:\Users\NAVEEN\AppData\Roaming\aignes
2014-05-23 11:15 - 2014-05-10 20:27 - 00000000 ____D () C:\ProgramData\RegRun
2014-05-23 11:15 - 2014-05-09 07:26 - 00000000 ____D () C:\Users\Public\Documents\regruninfo
2014-05-23 11:15 - 2014-05-09 07:26 - 00000000 ____D () C:\ProgramData\Documents\regruninfo
2014-05-23 05:43 - 2014-05-23 01:49 - 00000000 ____D () C:\ProgramData\Comodo
2014-05-23 04:36 - 2014-05-23 01:51 - 00000000 ____D () C:\Windows\System32\Tasks\COMODO
2014-05-23 01:51 - 2014-05-23 01:50 - 00000000 ___SD () C:\ProgramData\Shared Space
2014-05-23 01:50 - 2014-05-23 01:50 - 00000000 ____D () C:\ProgramData\Comodo Downloader
2014-05-23 01:50 - 2014-05-23 01:50 - 00000000 ____D () C:\Program Files\COMODO
2014-05-22 21:07 - 2013-07-24 09:36 - 00000000 ____D () C:\Users\NAVEEN\AppData\Roaming\IrfanView
2014-05-22 21:06 - 2014-04-07 12:58 - 00000000 ____D () C:\Program Files (x86)\Western Digital
2014-05-22 21:06 - 2014-03-26 09:23 - 00000000 ____D () C:\Users\NAVEEN\AppData\Local\Comodo
2014-05-22 21:06 - 2011-02-10 11:23 - 00000000 ____D () C:\SYSTEM.SAV
2014-05-22 14:18 - 2014-05-22 14:18 - 00003288 _____ () C:\Windows\System32\Tasks\CIS_{15198508-521A-4D69-8E5B-B94A6CCFF805}
2014-05-22 13:41 - 2014-05-22 13:41 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-05-22 10:08 - 2014-05-22 10:08 - 00000849 _____ () C:\ProgramData\Ultima_T15 - Shortcut.lnk
2014-05-22 09:53 - 2014-05-09 15:08 - 00000000 ____D () C:\ProgramData\SecTaskMan
2014-05-22 09:41 - 2011-11-09 09:53 - 00000000 ____D () C:\Program Files (x86)\InstallShield Installation Information
2014-05-22 09:32 - 2014-03-19 17:14 - 00007666 _____ () C:\Users\Naveen Admin\AppData\Local\Resmon.ResmonCfg
2014-05-22 09:22 - 2014-05-22 09:22 - 00001004 _____ () C:\Users\NAVEEN\AppData\Roaming\fcuk - Shortcut.lnk
2014-05-22 09:15 - 2012-09-03 14:00 - 00000000 ____D () C:\Users\NAVEEN\AppData\Roaming\asoftech
2014-05-22 09:11 - 2014-03-28 06:16 - 00000000 ____D () C:\Users\NAVEEN\AppData\Local\Western Digital
2014-05-21 11:39 - 2014-05-21 11:39 - 00000000 ____D () C:\Users\NAVEEN\AppData\Roaming\JonDo
2014-05-21 05:00 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\SchCache
2014-05-20 11:06 - 2014-05-20 11:06 - 00000000 ____D () C:\Users\NAVEEN\AppData\Local\Copernic
2014-05-20 09:16 - 2012-04-05 07:04 - 00000000 ____D () C:\Users\NAVEEN\AppData\Roaming\hpqlog
2014-05-20 07:09 - 2014-05-20 07:09 - 00000000 ____D () C:\Users\NAVEEN\AppData\Roaming\Media Player Classic
2014-05-20 05:18 - 2014-05-16 15:46 - 00000000 ____D () C:\ProgramData\Kaspersky Lab Setup Files
2014-05-20 04:25 - 2014-05-20 04:25 - 00000000 ____D () C:\Program Files (x86)\Bazooka
2014-05-20 01:49 - 2014-02-20 10:39 - 00000000 ____D () C:\Users\NAVEEN\AppData\Roaming\MPC-HC
2014-05-20 01:22 - 2014-05-20 01:22 - 00000000 ____D () C:\Program Files (x86)\JonDo
2014-05-19 14:53 - 2014-05-19 14:53 - 00000020 _____ () C:\Users\Naveen Admin\defogger_reenable
2014-05-19 03:27 - 2014-05-18 15:07 - 00000000 ____D () C:\Program Files (x86)\VTU2
2014-05-19 01:13 - 2014-01-23 06:44 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-05-18 05:56 - 2012-04-08 12:01 - 00000000 ____D () C:\Users\NAVEEN\AppData\Roaming\Skype
2014-05-16 15:58 - 2014-05-10 20:26 - 00000000 ____D () C:\Users\Naveen Admin\Documents\RegRun2
2014-05-16 00:34 - 2014-06-04 08:22 - 00254240 _____ (Oracle Corporation) C:\Windows\System32\Drivers\VBoxDrv.sys
2014-05-16 00:33 - 2014-06-04 08:21 - 00128288 _____ (Oracle Corporation) C:\Windows\System32\Drivers\VBoxUSBMon.sys
2014-05-16 00:33 - 2014-05-16 00:33 - 00156448 _____ (Oracle Corporation) C:\Windows\System32\Drivers\VBoxNetFlt.sys
2014-05-16 00:33 - 2014-05-16 00:33 - 00141600 _____ (Oracle Corporation) C:\Windows\System32\Drivers\VBoxNetAdp.sys
2014-05-16 00:31 - 2014-05-16 00:31 - 00204064 _____ (Oracle Corporation) C:\Windows\System32\VBoxNetFltNobj.dll
2014-05-15 10:56 - 2012-08-04 03:15 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-05-15 10:16 - 2014-05-11 07:49 - 00332288 _____ (Microsoft Corporation) C:\Windows\System32\uxtheme.new
2014-05-15 07:40 - 2014-05-11 06:14 - 00000199 _____ () C:\Windows\System32\Partizan.RRI
2014-05-15 05:49 - 2013-05-01 12:54 - 00054368 ____N (Kaspersky Lab ZAO) C:\Windows\System32\Drivers\kltdi.sys
2014-05-15 05:49 - 2012-08-02 01:39 - 00029792 _____ (Kaspersky Lab ZAO) C:\Windows\System32\Drivers\klim6.sys
2014-05-15 05:49 - 2012-06-19 03:58 - 00458336 ____N (Kaspersky Lab ZAO) C:\Windows\System32\Drivers\kl1.sys
2014-05-15 05:15 - 2013-05-01 12:54 - 00029280 ____N (Kaspersky Lab ZAO) C:\Windows\System32\Drivers\klmouflt.sys
2014-05-15 05:15 - 2013-05-01 12:54 - 00029280 ____N (Kaspersky Lab ZAO) C:\Windows\System32\Drivers\klkbdflt.sys
2014-05-15 05:11 - 2014-05-15 05:11 - 00003230 _____ () C:\Windows\System32\Tasks\SidebarExecute
2014-05-14 13:22 - 2012-09-03 13:27 - 00000000 ____D () C:\Windows\Sun
2014-05-13 11:33 - 2014-05-13 10:26 - 00000000 ____D () C:\Users\Naveen Admin\AppData\Roaming\SoftGrid Client
2014-05-13 10:28 - 2014-05-11 10:19 - 00000000 ____D () C:\Users\Naveen Admin\AppData\Roaming\RegRun
2014-05-13 10:28 - 2014-05-10 20:27 - 00000002 RSHOT () C:\Windows\winstart.bat
2014-05-13 10:28 - 2014-05-10 20:27 - 00000002 RSHOT () C:\Windows\SysWOW64\CONFIG.NT
2014-05-13 10:28 - 2014-05-10 20:27 - 00000002 RSHOT () C:\Windows\SysWOW64\AUTOEXEC.NT
2014-05-13 10:26 - 2014-05-13 10:26 - 00000000 ____D () C:\Users\Naveen Admin\AppData\Local\SoftGrid Client
2014-05-13 05:58 - 2014-05-13 05:58 - 00000000 _____ () C:\Users\NAVEEN\AppData\Local\{4534B097-2E1A-4637-8A52-D3E85AF0E8B2}
2014-05-13 00:24 - 2014-05-13 00:24 - 00001056 _____ () C:\Windows\System32\SettingsFile

Files to move or delete:
====================
C:\Users\NAVEEN\AppData\Roaming\Network Meter_Usage.ini
C:\ProgramData\PKP_DLdu.DAT
C:\ProgramData\PKP_DLer.DAT


Some content of TEMP:
====================
C:\Users\NAVEEN\AppData\Local\Temp\{43437567-24BB-4102-8C81-E77D520449BA}-35.0.1916.114_34.0.1847.137_chrome_updater.exe


==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points =========================

Restore point made on: 2014-06-11 12:18:02
Restore point made on: 2014-06-11 13:37:14
Restore point made on: 2014-06-11 14:03:43
Restore point made on: 2014-06-11 14:29:47
Restore point made on: 2014-06-11 15:06:15
Restore point made on: 2014-06-12 00:49:22

==================== BCD ================================

Windows Boot Manager
--------------------
identifier {bootmgr}
device partition=Y:
description Windows Boot Manager
locale en-US
inherit {globalsettings}
extendedinput Yes
default {default}
resumeobject {158181c0-9a00-11db-8a1d-b11d19fd3102}
displayorder {default}
toolsdisplayorder {memdiag}
timeout 30
customactions 0x1000085000001
0x5400000f
custom:5400000f {current}

Windows Boot Loader
-------------------
identifier {default}
device partition=C:
path \Windows\system32\winload.exe
description Windows 7
locale en-US
inherit {bootloadersettings}
recoverysequence {current}
recoveryenabled Yes
osdevice partition=C:
systemroot \Windows
resumeobject {158181c0-9a00-11db-8a1d-b11d19fd3102}
nx OptOut

Windows Boot Loader
-------------------
identifier {572bcd60-ffa7-11d9-aae0-0007e994107d}
device ramdisk=[boot]\sources\boot.wim,{ramdiskoptions}
path \windows\system32\boot\winload.exe
description Microsoft Windows PE 2.0
osdevice ramdisk=[boot]\sources\boot.wim,{ramdiskoptions}
systemroot \windows
detecthal Yes
winpe Yes
ems Yes

Windows Boot Loader
-------------------
identifier {current}
device ramdisk=[E:]\Recovery\WindowsRE\Winre.wim,{af0267eb-6d70-11e1-97dc-cf23f06ae1fa}
path \windows\system32\winload.exe
description Windows Recovery Environment
inherit {bootloadersettings}
osdevice ramdisk=[E:]\Recovery\WindowsRE\Winre.wim,{af0267eb-6d70-11e1-97dc-cf23f06ae1fa}
systemroot \windows
nx OptIn
winpe Yes

Resume from Hibernate
---------------------
identifier {158181c0-9a00-11db-8a1d-b11d19fd3102}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale en-US
inherit {resumeloadersettings}
filedevice partition=C:
filepath \hiberfil.sys
debugoptionenabled No

Windows Memory Tester
---------------------
identifier {memdiag}
device partition=Y:
path \boot\memtest.exe
description Windows Memory Diagnostic
locale en-US
inherit {globalsettings}
badmemoryaccess Yes

EMS Settings
------------
identifier {emssettings}
bootems Yes

Debugger Settings
-----------------
identifier {dbgsettings}
debugtype Serial
debugport 1
baudrate 115200

RAM Defects
-----------
identifier {badmemory}

Global Settings
---------------
identifier {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}

Boot Loader Settings
--------------------
identifier {bootloadersettings}
inherit {globalsettings}
{hypervisorsettings}

Hypervisor Settings
-------------------
identifier {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200

Resume Loader Settings
----------------------
identifier {resumeloadersettings}
inherit {globalsettings}

Setup Ramdisk Options
---------------------
identifier {ramdiskoptions}
description Ramdisk Options
ramdisksdidevice boot
ramdisksdipath \boot\boot.sdi

Device options
--------------
identifier {af0267eb-6d70-11e1-97dc-cf23f06ae1fa}
description Ramdisk Options
ramdisksdidevice partition=E:
ramdisksdipath \Recovery\WindowsRE\boot.sdi


==================== Memory info ===========================

Percentage of memory in use: 12%
Total physical RAM: 8139.6 MB
Available physical RAM: 7140.99 MB
Total Pagefile: 8137.75 MB
Available Pagefile: 7128.3 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:673.14 GB) (Free:546 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (Recovery) (Fixed) (Total:21.33 GB) (Free:1.83 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:1.07 GB) FAT32
Drive h: (KINGSTON) (Removable) (Total:7.4 GB) (Free:7.4 GB) FAT32
Drive i: (My Passport) (Fixed) (Total:931.48 GB) (Free:319.59 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.25 GB) (Free:0.25 GB) NTFS
Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]
anniyan
Regular Member
 
Posts: 19
Joined: May 6th, 2014, 12:49 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 47 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware