Jump to content


Photo
- - - - -

System is popping up continously infected with Trojan Gamethief.Win32.


  • This topic is locked This topic is locked
25 replies to this topic

#1 faraz

faraz

    Member

  • Members
  • PipPipPip
  • 78 posts

Posted 24 July 2013 - 08:38 AM

My system got infected with viruses 

 

& hijack no producing the log got the error see the attachment 

 

and i have doubts some one had put his script in my system  as he his hacking my system & email ids

 

******************************************************************************************************************************************************************

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:33:56 PM, on 24/Jul/13
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
 
Running processes:
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
C:\Program Files (x86)\Nitro\Pro 8\NitroPdfThumbnailHelper.exe
C:\Program Files (x86)\Comodo\Dragon\dragon.exe
C:\Program Files (x86)\Comodo\Dragon\dragon.exe
C:\Program Files (x86)\Comodo\Dragon\dragon.exe
C:\Program Files (x86)\Comodo\Dragon\dragon.exe
C:\Program Files (x86)\Comodo\Dragon\dragon.exe
C:\Program Files (x86)\Comodo\Dragon\dragon.exe
C:\Program Files (x86)\Comodo\Dragon\dragon.exe
C:\Program Files (x86)\Comodo\Dragon\dragon.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\klwtblfs.exe
C:\Program Files (x86)\Comodo\Dragon\dragon.exe
C:\Program Files (x86)\Comodo\Dragon\dragon.exe
C:\Program Files (x86)\Comodo\Dragon\dragon.exe
C:\Program Files (x86)\Comodo\Dragon\dragon.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
R3 - URLSearchHook: (no name) - {08d6b0b4-c132-470d-a8e2-aa2e9c3851c9} - (no file)
R3 - URLSearchHook: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files (x86)\Hotspot_Shield\prxtbHot2.dll
R3 - URLSearchHook: (no name) - {c34bfb11-eff0-4123-a7a5-79051ef24cf5} - (no file)
R3 - URLSearchHook: ToolbarURLSearchHook Class - {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files (x86)\ChatSend Toolbar\tbunsgE75D.tmp\tbhelper.dll (file missing)
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Users\Faraz\AppData\Local\Temp\IDMIECC.dll (file missing)
O2 - BHO: Conduit Engine  - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll (file missing)
O2 - BHO: ContentBlockerBrowserHelperObject - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
O2 - BHO: VirtualKeyboardBrowserHelperObject - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: HelloWorldBHO - {7825CFB6-490A-436B-9F26-4A7B5CFC01A9} - C:\Program Files (x86)\OApps\SelectionLinks.dll (file missing)
O2 - BHO: DefaultTabBHO - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\Faraz\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll (file missing)
O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll
O2 - BHO: ssafEE- saVae - {98ED5451-2AA6-96DB-7012-46C7C9673C57} - C:\ProgramData\ssafEE- saVae\51d19df9cfdfa.dll (file missing)
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (file missing)
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~2\TEXTware\QUICKF~1\PlugIns\IEHelp.dll (file missing)
O2 - BHO: Hotspot Shield - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files (x86)\Hotspot_Shield\prxtbHot2.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll
O2 - BHO: XBTBPos00 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\ChatSend Toolbar\tbunsgE75D.tmp\tbcore3.dll (file missing)
O3 - Toolbar: Conduit Engine  - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll (file missing)
O3 - Toolbar: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files (x86)\Hotspot_Shield\prxtbHot2.dll
O3 - Toolbar: ChatSend Toolbar - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files (x86)\ChatSend Toolbar\tbunsgE75D.tmp\tbcore3.dll (file missing)
O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"  /MINIMIZED
O4 - HKCU\..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Mobile Partner] C:\Program Files (x86)\VIVA WiFi\VIVA WiFi (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Mobile Partner] C:\Program Files (x86)\VIVA WiFi\VIVA WiFi (User 'Default user')
O8 - Extra context menu item: Download all links with IDM - C:\Users\Faraz\AppData\Local\Temp\Rar$EX37.136\Internet Download Manager v6.05.10\crack\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Users\Faraz\AppData\Local\Temp\Rar$EX37.136\Internet Download Manager v6.05.10\crack\IEExt.htm
O8 - Extra context menu item: QuickDefine - C:\Program Files (x86)\Common Files\Microsoft Shared\Reference Titles\eddefine.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre7\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre7\bin\jp2iexp.dll
O9 - Extra button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
O9 - Extra button: ChatSend Toolbar - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files (x86)\ChatSend Toolbar\tbunsgE75D.tmp\tbcore3.dll (file missing)
O9 - Extra 'Tools' menuitem: ChatSend Toolbar - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files (x86)\ChatSend Toolbar\tbunsgE75D.tmp\tbcore3.dll (file missing)
O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll
O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (file missing)
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{50E85FEB-E007-45E8-A588-742A30D19941}: NameServer = 46.184.252.171 46.184.252.82
O17 - HKLM\System\CCS\Services\Tcpip\..\{B4E1DD84-082B-4E48-95F7-B9F21F406F24}: NameServer = 8.8.8.8
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\windows\syswow64\nvinit.dll   C:\Windows\SysWOW64\guard32.dll
O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
O23 - Service: @%systemroot%\system32\CISVC.EXE,-1 (CISVC) - Unknown owner - C:\Windows\system32\CISVC.EXE (file missing)
O23 - Service: COMODO livePCsupport Service (CLPSLS) - COMODO - C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Hotspot Shield Service (hshld) - Unknown owner - C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NitroPDFDriverCreatorReadSpool8 (NitroDriverReadSpool8) - Nitro PDF Software - C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
O23 - Service: Nalpeiron Licensing Service (nlsX86cc) - Nalpeiron Ltd. - C:\Windows\SysWOW64\NLSSRV32.EXE
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: UDisk Monitor - Unknown owner - C:\Program Files\EVDO BROADBAND PTCL\bin\MonServiceUDisk64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VIVA Broadband. OUC (VIVA Broadband. RunOuc) - Unknown owner - C:\Program Files (x86)\VIVA Broadband\UpdateDog\ouc.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
 
--
End of file - 13996 bytes
 

  • royaraHep, swinainkida, hanson200 and 4 others like this

#2 faraz

faraz

    Member

  • Members
  • PipPipPip
  • 78 posts

Posted 24 July 2013 - 08:59 AM

OTL logfile created on: 24/Jul/13 7:40:59 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Faraz\Desktop
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd/MMM/yy
 
3.91 Gb Total Physical Memory | 1.72 Gb Available Physical Memory | 43.98% Memory free
7.82 Gb Paging File | 5.44 Gb Available in Paging File | 69.65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 48.73 Gb Total Space | 5.88 Gb Free Space | 12.06% Space Free | Partition Type: NTFS
Drive D: | 48.83 Gb Total Space | 2.43 Gb Free Space | 4.97% Space Free | Partition Type: NTFS
Drive E: | 368.10 Gb Total Space | 33.39 Gb Free Space | 9.07% Space Free | Partition Type: NTFS
 
Computer Name: SLAIN | User Name: Faraz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 90 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/07/24 18:58:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Faraz\Desktop\OTL.exe
PRC - [2013/04/13 12:07:26 | 000,802,136 | ---- | M] (BitTorrent Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
PRC - [2013/01/14 14:41:14 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
PRC - [2012/09/18 14:28:32 | 000,069,640 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\NLSSRV32.EXE
PRC - [2012/09/18 14:28:30 | 000,081,928 | ---- | M] (Nitro PDF) -- C:\Program Files (x86)\Nitro\Pro 8\NitroPDFThumbnailHelper.exe
PRC - [2012/08/17 21:38:34 | 000,128,440 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\klwtblfs.exe
PRC - [2011/10/28 17:19:26 | 001,700,600 | ---- | M] (Comodo) -- C:\Program Files (x86)\Comodo\Dragon\dragon.exe
PRC - [2011/04/21 19:32:26 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010/10/05 21:04:12 | 002,655,768 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/10/05 21:04:08 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2007/02/10 07:29:54 | 029,178,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\MSSQL\Primavera\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2006/08/28 04:53:48 | 000,092,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\MSSQL\Primavera\MSSQL.1\MSSQL\Binn\msftesql.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/06/12 21:24:12 | 016,033,160 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
MOD - [2012/08/17 21:38:56 | 000,479,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\dblite.dll
MOD - [2011/10/28 17:19:26 | 001,097,480 | ---- | M] () -- C:\Program Files (x86)\Comodo\Dragon\avcodec-53.dll
MOD - [2011/10/28 17:19:26 | 000,189,192 | ---- | M] () -- C:\Program Files (x86)\Comodo\Dragon\avformat-53.dll
MOD - [2011/10/28 17:19:26 | 000,121,608 | ---- | M] () -- C:\Program Files (x86)\Comodo\Dragon\avutil-51.dll
MOD - [2011/04/22 08:13:00 | 000,004,096 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\coprocmanager\detoured.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012/11/08 04:37:39 | 002,828,408 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV:64bit: - [2012/09/18 14:28:28 | 000,230,920 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe -- (NitroDriverReadSpool8)
SRV:64bit: - [2011/11/23 15:27:10 | 001,267,000 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe -- (CLPSLS)
SRV:64bit: - [2010/03/19 01:25:55 | 000,126,976 | ---- | M] (CrypKey (Canada) Ltd.) [Disabled | Stopped] -- C:\Windows\SysNative\Crypserv.exe -- (CrypKey License)
SRV:64bit: - [2009/08/25 09:15:30 | 000,410,112 | ---- | M] () [Auto | Running] -- C:\Program Files\EVDO BROADBAND PTCL\bin\MonServiceUDisk64.exe -- (UDisk Monitor)
SRV:64bit: - [2009/07/14 06:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 06:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/07/14 06:38:59 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\CISVC.EXE -- (CISVC)
SRV - [2013/06/21 06:11:32 | 000,078,512 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.exe -- (HssTrayService)
SRV - [2013/06/21 05:51:32 | 000,548,136 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2013/06/12 21:24:16 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/02/28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/01/14 14:41:14 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe -- (AVP)
SRV - [2012/09/18 14:28:32 | 000,069,640 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2011/04/22 08:13:00 | 002,009,704 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/04/21 19:32:26 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/03/14 20:27:34 | 000,346,976 | ---- | M] () [Disabled | Stopped] -- C:\ProgramData\DatacardService\HWDeviceService64.exe -- (HWDeviceService64.exe)
SRV - [2010/12/17 14:46:48 | 000,053,920 | ---- | M] (Atheros Commnucations) [Disabled | Stopped] -- C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2010/11/03 12:01:34 | 000,983,104 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2010/11/03 12:01:20 | 001,298,496 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)
SRV - [2010/11/03 11:53:28 | 000,897,088 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
SRV - [2010/10/05 21:04:12 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/10/05 21:04:08 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/10/01 11:49:08 | 000,151,552 | ---- | M] (Atheros) [Disabled | Stopped] -- C:\Program Files (x86)\Dell Wireless\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent)
SRV - [2009/07/14 06:15:31 | 000,396,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2009/07/14 06:15:31 | 000,396,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2009/07/14 06:14:53 | 000,061,440 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2009/06/11 02:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/12/03 14:43:06 | 000,841,728 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Primavera Common\BackgroundAgent\PrmBackgroundAgent.exe -- (PrmBackAgent)
SRV - [2007/02/10 07:29:54 | 029,178,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\MSSQL\Primavera\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$PRIMAVERA)
SRV - [2006/08/28 04:53:48 | 000,092,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\MSSQL\Primavera\MSSQL.1\MSSQL\Binn\msftesql.exe -- (msftesql$PRIMAVERA)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013/07/14 22:10:42 | 000,178,448 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kneps.sys -- (kneps)
DRV:64bit: - [2013/07/14 22:10:38 | 000,054,368 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kltdi.sys -- (kltdi)
DRV:64bit: - [2013/07/14 22:10:03 | 000,620,128 | ---- | M] (Kaspersky Lab ZAO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2013/06/21 06:07:16 | 000,046,792 | ---- | M] (AnchorFree Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\hssdrv6.sys -- (HssDRV6)
DRV:64bit: - [2013/04/25 00:28:08 | 000,042,184 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6)
DRV:64bit: - [2013/01/14 14:41:12 | 000,029,528 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2013/01/14 14:41:12 | 000,029,016 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klkbdflt.sys -- (klkbdflt)
DRV:64bit: - [2012/11/08 04:37:57 | 000,022,736 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\cmderd.sys -- (cmderd)
DRV:64bit: - [2012/08/02 15:09:34 | 000,028,504 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2012/06/21 00:15:53 | 000,028,672 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_juextctrl.sys -- (huawei_ext_ctrl)
DRV:64bit: - [2012/06/21 00:15:52 | 000,422,400 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbwwan.sys -- (ewusbmbb)
DRV:64bit: - [2012/06/21 00:15:52 | 000,223,232 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2012/06/21 00:15:52 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV:64bit: - [2012/06/21 00:15:52 | 000,098,304 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_jucdcacm.sys -- (huawei_cdcacm)
DRV:64bit: - [2012/06/21 00:15:52 | 000,087,040 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV:64bit: - [2012/06/21 00:15:52 | 000,072,192 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_jucdcecm.sys -- (huawei_cdcecm)
DRV:64bit: - [2012/06/19 17:28:12 | 000,458,584 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1)
DRV:64bit: - [2012/04/23 16:26:26 | 000,154,272 | ---- | M] (Tonec Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\idmwfp.sys -- (IDMWFP)
DRV:64bit: - [2012/03/01 11:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/05/25 04:40:10 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2011/05/13 00:28:46 | 000,363,856 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2011/04/22 08:13:00 | 000,025,960 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2011/03/26 01:17:50 | 012,262,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/03/11 11:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 11:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/03 21:29:20 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010/12/17 14:47:10 | 000,275,616 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2010/12/17 14:47:08 | 000,201,376 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2010/12/17 14:47:08 | 000,154,272 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2010/12/17 14:47:08 | 000,055,456 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2010/12/17 14:47:08 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2010/12/17 14:47:08 | 000,028,832 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2010/12/17 14:47:06 | 000,298,144 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2010/12/10 13:50:36 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/12/10 13:50:36 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/11/24 11:33:26 | 002,673,664 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/11/04 05:07:06 | 000,058,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux)
DRV:64bit: - [2010/10/19 23:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/05/27 06:30:00 | 001,121,632 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2010/03/19 04:11:09 | 000,030,272 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\Ckldrv.sys -- (NetworkX)
DRV:64bit: - [2009/12/23 19:33:48 | 000,118,360 | ---- | M] (FarStone Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\FVXSCSI.SYS -- (FVXSCSI)
DRV:64bit: - [2009/07/21 16:04:16 | 000,119,168 | ---- | M] (ZTEMT Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT_ZTEMT_U_USBSER.sys -- (ztemtusbser)
DRV:64bit: - [2009/07/14 06:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 06:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 06:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 06:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 05:06:32 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2009/06/11 01:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 01:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 01:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 01:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/02/09 10:38:44 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64j.sys -- (UsbserFilt)
DRV:64bit: - [2009/02/09 10:38:34 | 000,018,944 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcdx64)
DRV:64bit: - [2009/02/09 10:38:34 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2009/02/09 10:38:32 | 000,025,088 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdcx64)
DRV:64bit: - [2008/10/29 10:47:02 | 000,024,592 | ---- | M] (FarStone Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\FCDABUS.SYS -- (fcdabus)
DRV:64bit: - [2008/05/06 18:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV - [2009/07/14 06:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\URLSearchHook: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files (x86)\Hotspot_Shield\prxtbHot2.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...ultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3080215
IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.sea...bs.info/?l=1&q={searchTerms}&pid=914&r=2013/07/01&hid=3788853739&lg=EN&cc=PK&unqvl=22
IE - HKLM\..\SearchScopes\{d3f22a84-2a84-49eb-91e6-5dadaaf0165d}: "URL" = http://search.mywebs...t=sb&searchfor={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://pk.msn.com/?C=PK
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = ED 44 0A 8A 56 41 CC 01  [binary data]
IE - HKCU\..\URLSearchHook: {08d6b0b4-c132-470d-a8e2-aa2e9c3851c9} - No CLSID value found
IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found
IE - HKCU\..\URLSearchHook: {c34bfb11-eff0-4123-a7a5-79051ef24cf5} - No CLSID value found
IE - HKCU\..\URLSearchHook: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files (x86)\Hotspot_Shield\prxtbHot2.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - SOFTWARE\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\InprocServer32 File not found
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www2.delta-search.com/?q={searchTerms}&affID=121240&tt=gc_&babsrc=SP_ss&mntrId=64A300FFB4E1DD84
IE - HKCU\..\SearchScopes\{7902DE1C-DFB2-426C-A5A1-F87FD90FBEEB}: "URL" = http://www.mysearchr...?c=3513&t=07&q={searchTerms}
IE - HKCU\..\SearchScopes\{8EEAC88A-079B-4b2c-80C1-7836F79EB40A}: "URL" = http://us.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={A63E2781-B870-42D9-82C8-A06075A35400}&mid=c81a7d7c81e747d0925b369700e81b25-db1903c4b38bb4be805b7f9e83a77cc34f33ade3&lang=en&ds=gm011&pr=sa&d=2012-04-26 23:17:58&v=11.0.0.9&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...ultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3080215
IE - HKCU\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.sea...bs.info/?l=1&q={searchTerms}&pid=914&r=2013/07/01&hid=3788853739&lg=EN&cc=PK&unqvl=22
IE - HKCU\..\SearchScopes\{c99fdc39-a1ae-4b24-8d71-e5274f8d7c54}: "URL" = http://search.hotspo...ults.php?c=s&q={searchTerms}
IE - HKCU\..\SearchScopes\{d3f22a84-2a84-49eb-91e6-5dadaaf0165d}: "URL" = http://search.mywebs...t=sb&searchfor={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}:6.0.37
FF - prefs.js..extensions.enabledAddons: [email protected]:1.0
FF - prefs.js..browser.search.order.1: "WebSearch"
FF - prefs.js..browser.search.defaulturl: "http://websearch.sea...unqvl=22&l=1&q="
FF - prefs.js..browser.search.order.1,S: S", "WebSearch"
FF - prefs.js..browser.search.defaultenginename,S: S", "WebSearch"
FF - prefs.js..browser.search.selectedEngine,S: S", "WebSearch"
FF - prefs.js..browser.startup.homepage: "http://us.yahoo.com?fr=fp-comodo"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..keyword.URL: "http://us.search.yah...=ytff-comodo&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-comodo"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-comodo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Faraz\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Faraz\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Faraz\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Nokia\Nokia PC Suite 7\bkmrksync\ [2011/07/29 16:13:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\[email protected] [2013/07/14 22:10:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\[email protected] [2013/07/14 22:10:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\[email protected] [2013/07/14 22:10:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/04/12 22:29:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]internetdownloadmanager.com: C:\Users\Faraz\AppData\Roaming\IDM\idmmzcc5 [2013/06/26 07:05:30 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Users\Faraz\AppData\Roaming\IDM\idmmzcc5 [2013/06/26 07:05:30 | 000,000,000 | ---D | M]
 
[2012/04/12 22:30:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Faraz\AppData\Roaming\mozilla\Extensions
[2013/07/03 16:10:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Faraz\AppData\Roaming\mozilla\Firefox\Profiles\3ajw8v5r.default\extensions
[2013/05/07 12:34:31 | 000,000,000 | ---D | M] (SelectionLinks) -- C:\Users\Faraz\AppData\Roaming\mozilla\Firefox\Profiles\3ajw8v5r.default\extensions\{C92DDD27-768C-4E40-B655-740B017E698D}
[2013/07/01 22:41:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Faraz\AppData\Roaming\mozilla\Firefox\Profiles\3ajw8v5r.default\extensions\staged
[2013/05/12 03:01:32 | 000,006,505 | ---- | M] () -- C:\Users\Faraz\AppData\Roaming\mozilla\firefox\profiles\3ajw8v5r.default\searchplugins\babylon.xml
[2013/05/12 03:02:06 | 000,001,294 | ---- | M] () -- C:\Users\Faraz\AppData\Roaming\mozilla\firefox\profiles\3ajw8v5r.default\searchplugins\delta.xml
[2013/07/01 21:18:32 | 000,000,637 | ---- | M] () -- C:\Users\Faraz\AppData\Roaming\mozilla\firefox\profiles\3ajw8v5r.default\searchplugins\WebSearch.xml
[2013/07/16 14:24:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/08/03 02:47:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012/09/03 20:41:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012/04/26 23:00:15 | 000,000,000 | ---D | M] (Hotspot Shield Helper (Please allow this installation)) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
File not found (No name found) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2012/03/13 09:39:39 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/07/10 00:45:35 | 000,003,769 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/03/13 09:38:32 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/03/13 09:38:32 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Faraz\AppData\Local\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Faraz\AppData\Local\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Faraz\AppData\Local\Google\Chrome\Application\28.0.1500.72\pdf.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Java™ Platform SE 7 U13 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Nitro PDF Plug-In (Enabled) = C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Faraz\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
CHR - plugin: Java Deployment Toolkit 7.0.130.20 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - Extension: TV = C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Default\Extensions\beobeededemalmllhkmnkinmfembdimh\1.0.12_0\
CHR - Extension: YouTube = C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Kaspersky URL Advisor = C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\
CHR - Extension: ESPN Cricinfo = C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlklinjgampohhihndkofhhaahoicoip\1.0.0_0\
CHR - Extension: Google+ = C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlppkpafhbajpcmmoheippocdidnckmm\1.2.0.418_0\
CHR - Extension: ssafEE- saVae = C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Default\Extensions\epcacbllddpdcojcggmijaggcpambccj\1\
CHR - Extension: saafe saveo = C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbhkimppigjgkknlpoohbcbfdhhbaeig\1\
CHR - Extension: Content Blocker = C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail\13.0.1.4190_0\
CHR - Extension: ESPN Cricinfo = C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijhlikjoigjegofbedmfmlcfkmhabldh\1.8.4.1_0\
CHR - Extension: Quran = C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iklmggidaneooheckcalppihpgfidbpe\2_0\
CHR - Extension: Virtual Keyboard = C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4292_0\
CHR - Extension: ChatZum.com -  Easy Pictures zoom = C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbpcjmidkkgldeplajgnbpjkfpmpeepb\1.0.9_0\
CHR - Extension: Web Navigation = C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkemddiljapcmhicklfpcbpfffahfbja\1.0_0\
CHR - Extension: Web Navigation = C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkemddiljapcmhicklfpcbpfffahfbja\1.0_0\.bak
CHR - Extension: Gmail = C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2013/07/03 16:10:09 | 000,000,707 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Users\Faraz\AppData\Local\Temp\IDMIECC64.dll File not found
O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll (AnchorFree Inc.)
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Users\Faraz\AppData\Local\Temp\IDMIECC.dll File not found
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll File not found
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (SelectionLinks) - {7825CFB6-490A-436B-9F26-4A7B5CFC01A9} - C:\Program Files (x86)\OApps\SelectionLinks.dll File not found
O2 - BHO: (DefaultTab Browser Helper) - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\Faraz\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll File not found
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (ssafEE- saVae) - {98ED5451-2AA6-96DB-7012-46C7C9673C57} - C:\ProgramData\ssafEE- saVae\51d19df9cfdfa.dll File not found
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
O2 - BHO: (QUICKfind BHO Object) - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~2\TEXTware\QUICKF~1\PlugIns\IEHelp.dll File not found
O2 - BHO: (Hotspot Shield Toolbar) - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files (x86)\Hotspot_Shield\prxtbHot2.dll (Conduit Ltd.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
O2 - BHO: (XBTBPos00 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\ChatSend Toolbar\tbunsgE75D.tmp\tbcore3.dll File not found
O3 - HKLM\..\Toolbar: (ChatSend Toolbar) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files (x86)\ChatSend Toolbar\tbunsgE75D.tmp\tbcore3.dll File not found
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll File not found
O3 - HKLM\..\Toolbar: (Hotspot Shield Toolbar) - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files (x86)\Hotspot_Shield\prxtbHot2.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {08D6B0B4-C132-470D-A8E2-AA2E9C3851C9} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (ChatSend Toolbar) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files (x86)\ChatSend Toolbar\tbunsgE75D.tmp\tbcore3.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll ⠀砀㠀㘀⤀ File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Hotspot Shield Toolbar) - {C95A4E8E-816D-4655-8C79-D736DA1ADB6D} - C:\Program Files (x86)\Hotspot_Shield\prxtbHot2.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [NVHotkey] C:\Windows\SysNative\nvHotkey.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe (Kaspersky Lab ZAO)
O4 - HKCU..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot File not found
O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Download all links with IDM - C:\Users\Faraz\AppData\Local\Temp\Rar$EX37.136\Internet Download Manager v6.05.10\crack\IEGetAll.htm File not found
O8:64bit: - Extra context menu item: Download with IDM - C:\Users\Faraz\AppData\Local\Temp\Rar$EX37.136\Internet Download Manager v6.05.10\crack\IEExt.htm File not found
O8:64bit: - Extra context menu item: QuickDefine - C:\Program Files (x86)\Common Files\microsoft shared\Reference Titles\eddefine.htm ()
O8 - Extra context menu item: Download all links with IDM - C:\Users\Faraz\AppData\Local\Temp\Rar$EX37.136\Internet Download Manager v6.05.10\crack\IEGetAll.htm File not found
O8 - Extra context menu item: Download with IDM - C:\Users\Faraz\AppData\Local\Temp\Rar$EX37.136\Internet Download Manager v6.05.10\crack\IEExt.htm File not found
O8 - Extra context menu item: QuickDefine - C:\Program Files (x86)\Common Files\microsoft shared\Reference Titles\eddefine.htm ()
O9:64bit: - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
O9:64bit: - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre7\bin\jp2iexp.dll ()
O9 - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: ChatSend Toolbar - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files (x86)\ChatSend Toolbar\tbunsgE75D.tmp\tbcore3.dll File not found
O9 - Extra 'Tools' menuitem : ChatSend Toolbar - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files (x86)\ChatSend Toolbar\tbunsgE75D.tmp\tbcore3.dll File not found
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
O9 - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.21.2)
O16 - DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.100.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{50E85FEB-E007-45E8-A588-742A30D19941}: NameServer = 46.184.252.171 46.184.252.82
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{60D8391B-FB23-4063-83BA-281FECD708AE}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8C0BDDB9-9EE1-42AC-8A70-23BE28B8C50A}: DhcpNameServer = 192.168.100.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A267094A-40C3-47D3-8DAE-302A089FA963}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B4E1DD84-082B-4E48-95F7-B9F21F406F24}: NameServer = 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D6CF1441-3187-48F4-915E-017B35738A78}: NameServer = 10.0.1.1 192.168.7.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DD41DE21-F7EB-4434-9DAB-E5924B4B42FB}: DhcpNameServer = 192.168.1.1 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO)
O20 - AppInit_DLLs: (c:\windows\syswow64\nvinit.dll) - c:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) - C:\Windows\SysWOW64\guard32.dll (COMODO)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 0
O33 - MountPoints2\{02c8fcea-4ca3-11e1-bef9-b0f753bc31d4}\Shell - "" = AutoRun
O33 - MountPoints2\{02c8fcea-4ca3-11e1-bef9-b0f753bc31d4}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{33399f99-67c2-11e1-8d4c-a98bf1d84fd7}\Shell - "" = AutoRun
O33 - MountPoints2\{33399f99-67c2-11e1-8d4c-a98bf1d84fd7}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{3c7c41a4-2031-11e1-b52f-ee78cfe267cc}\Shell - "" = AutoRun
O33 - MountPoints2\{3c7c41a4-2031-11e1-b52f-ee78cfe267cc}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{3c7c41cd-2031-11e1-b52f-cfa96447c4ac}\Shell - "" = AutoRun
O33 - MountPoints2\{3c7c41cd-2031-11e1-b52f-cfa96447c4ac}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{3c7c41fc-2031-11e1-b52f-cfa96447c4ac}\Shell - "" = AutoRun
O33 - MountPoints2\{3c7c41fc-2031-11e1-b52f-cfa96447c4ac}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{4af26f6f-30a6-11e1-9b94-910f30baeed7}\Shell - "" = AutoRun
O33 - MountPoints2\{4af26f6f-30a6-11e1-9b94-910f30baeed7}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{4af26f77-30a6-11e1-9b94-910f30baeed7}\Shell - "" = AutoRun
O33 - MountPoints2\{4af26f77-30a6-11e1-9b94-910f30baeed7}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{6e1e4585-2fd1-11e2-a558-c0f8da9ce4fc}\Shell - "" = AutoRun
O33 - MountPoints2\{6e1e4585-2fd1-11e2-a558-c0f8da9ce4fc}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{6e1e459a-2fd1-11e2-a558-c0f8da9ce4fc}\Shell - "" = AutoRun
O33 - MountPoints2\{6e1e459a-2fd1-11e2-a558-c0f8da9ce4fc}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{6e1e45b1-2fd1-11e2-a558-c0f8da9ce4fc}\Shell - "" = AutoRun
O33 - MountPoints2\{6e1e45b1-2fd1-11e2-a558-c0f8da9ce4fc}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{6e1e45c3-2fd1-11e2-a558-c0f8da9ce4fc}\Shell - "" = AutoRun
O33 - MountPoints2\{6e1e45c3-2fd1-11e2-a558-c0f8da9ce4fc}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{73f29098-acba-11e1-b04f-bb72616340ba}\Shell - "" = AutoRun
O33 - MountPoints2\{73f29098-acba-11e1-b04f-bb72616340ba}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{73f290a8-acba-11e1-b04f-bb72616340ba}\Shell - "" = AutoRun
O33 - MountPoints2\{73f290a8-acba-11e1-b04f-bb72616340ba}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{73f290b2-acba-11e1-b04f-bb72616340ba}\Shell - "" = AutoRun
O33 - MountPoints2\{73f290b2-acba-11e1-b04f-bb72616340ba}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{792b117a-79e6-11e2-8803-c0f8da9ce4fc}\Shell - "" = AutoRun
O33 - MountPoints2\{792b117a-79e6-11e2-8803-c0f8da9ce4fc}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{7b2ec2e4-ccc5-11e0-a18e-001e101f50a4}\Shell - "" = AutoRun
O33 - MountPoints2\{7b2ec2e4-ccc5-11e0-a18e-001e101f50a4}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{85dd8db7-99f3-11e2-9cf8-c0f8da9ce4fc}\Shell - "" = AutoRun
O33 - MountPoints2\{85dd8db7-99f3-11e2-9cf8-c0f8da9ce4fc}\Shell\AutoRun\command - "" = G:\Setup.exe /Auto
O33 - MountPoints2\{86568119-c4b4-11e0-b905-001e101f24f1}\Shell - "" = AutoRun
O33 - MountPoints2\{86568119-c4b4-11e0-b905-001e101f24f1}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{86568127-c4b4-11e0-b905-001e101f24f1}\Shell - "" = AutoRun
O33 - MountPoints2\{86568127-c4b4-11e0-b905-001e101f24f1}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{b37abe37-0cab-11e1-8e39-f1be9be713a1}\Shell - "" = AutoRun
O33 - MountPoints2\{b37abe37-0cab-11e1-8e39-f1be9be713a1}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{b37abe3e-0cab-11e1-8e39-f1be9be713a1}\Shell - "" = AutoRun
O33 - MountPoints2\{b37abe3e-0cab-11e1-8e39-f1be9be713a1}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{b3999c83-9c5f-11e1-b456-e3fa1a8666c4}\Shell - "" = AutoRun
O33 - MountPoints2\{b3999c83-9c5f-11e1-b456-e3fa1a8666c4}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{b78e385c-0a03-11e1-916b-95476b19059a}\Shell - "" = AutoRun
O33 - MountPoints2\{b78e385c-0a03-11e1-916b-95476b19059a}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{b78e3869-0a03-11e1-916b-95476b19059a}\Shell - "" = AutoRun
O33 - MountPoints2\{b78e3869-0a03-11e1-916b-95476b19059a}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{b78e3877-0a03-11e1-916b-95476b19059a}\Shell - "" = AutoRun
O33 - MountPoints2\{b78e3877-0a03-11e1-916b-95476b19059a}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{c60b1d03-948a-11e1-b452-a9fb93de33a9}\Shell - "" = AutoRun
O33 - MountPoints2\{c60b1d03-948a-11e1-b452-a9fb93de33a9}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{e453e644-42ec-11e1-ba57-dbe944af10d1}\Shell - "" = AutoRun
O33 - MountPoints2\{e453e644-42ec-11e1-ba57-dbe944af10d1}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{e5e543a2-b458-11e0-8134-c0f8da9ce4fc}\Shell - "" = AutoRun
O33 - MountPoints2\{e5e543a2-b458-11e0-8134-c0f8da9ce4fc}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{e5e543b7-b458-11e0-8134-c0f8da9ce4fc}\Shell - "" = AutoRun
O33 - MountPoints2\{e5e543b7-b458-11e0-8134-c0f8da9ce4fc}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{e5e543d4-b458-11e0-8134-c0f8da9ce4fc}\Shell - "" = AutoRun
O33 - MountPoints2\{e5e543d4-b458-11e0-8134-c0f8da9ce4fc}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{e98d437d-d555-11e0-8ea9-001e101f8ed0}\Shell - "" = AutoRun
O33 - MountPoints2\{e98d437d-d555-11e0-8ea9-001e101f8ed0}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{e98d47ad-d555-11e0-8ea9-001e101f8ed0}\Shell - "" = AutoRun
O33 - MountPoints2\{e98d47ad-d555-11e0-8ea9-001e101f8ed0}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 90 Days ==========
 
[2013/07/24 19:03:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2013/07/24 19:03:10 | 000,000,000 | ---D | C] -- C:\Users\Faraz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2013/07/24 18:58:10 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Faraz\Desktop\OTL.exe
[2013/07/21 00:18:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EVDO BROADBAND PTCL
[2013/07/21 00:18:37 | 000,000,000 | ---D | C] -- C:\Program Files\EVDO BROADBAND PTCL
[2013/07/03 16:19:01 | 000,000,000 | ---D | C] -- C:\Users\Faraz\AppData\Local\Comodo
[2013/07/02 19:53:54 | 000,000,000 | ---D | C] -- C:\ProgramData\CPA_VA
[2013/07/02 19:52:50 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\COMODO
[2013/07/02 16:13:11 | 000,000,000 | -H-D | C] -- C:\VritualRoot
[2013/07/02 16:03:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo
[2013/07/02 16:02:58 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2013/07/02 16:02:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
[2013/07/02 16:02:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Comodo
[2013/07/02 16:02:51 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gdiplus.dll
[2013/07/01 23:35:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus 2013
[2013/07/01 23:35:29 | 000,064,856 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\klfphc.dll
[2013/07/01 23:34:26 | 000,000,000 | ---D | C] -- C:\Windows\ELAMBKUP
[2013/07/01 23:34:13 | 000,620,128 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klif.sys
[2013/07/01 23:34:13 | 000,090,208 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klflt.sys
[2013/07/01 22:46:25 | 000,000,000 | ---D | C] -- C:\Users\Faraz\AppData\Roaming\Zbshareware Lab
[2013/07/01 22:46:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\USB Disk Security
[2013/07/01 22:46:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\USB Disk Security
[2013/06/29 11:41:48 | 000,000,000 | ---D | C] -- C:\Users\Faraz\Desktop\Docs
[2013/06/27 12:19:08 | 000,000,000 | ---D | C] -- C:\Users\Faraz\AppData\Roaming\Nero
[2013/06/27 12:18:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero
[2013/06/27 12:18:03 | 003,036,456 | ---- | C] (BCGSoft Ltd) -- C:\Windows\SysWow64\BCGCBPRO860u80.dll
[2013/06/27 12:18:03 | 000,802,816 | ---- | C] (Pegasus Imaging Corp.) -- C:\Windows\SysWow64\imagXRA7.dll
[2013/06/27 12:18:03 | 000,368,640 | ---- | C] (Pegasus Imaging Corporation) -- C:\Windows\SysWow64\TwnLib4.dll
[2013/06/27 12:18:03 | 000,258,048 | ---- | C] (Pegasus Imaging Corp.) -- C:\Windows\SysWow64\imagXR7.dll
[2013/06/27 12:18:02 | 000,497,296 | ---- | C] (Pegasus Imaging Corp.) -- C:\Windows\SysWow64\imagXpr7.dll
[2013/06/27 12:18:01 | 001,757,184 | ---- | C] (Pegasus Imaging Corp.) -- C:\Windows\SysWow64\imagX7.dll
[2013/06/27 12:17:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Ahead
[2013/06/27 12:17:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nero
[2013/06/26 06:59:33 | 000,000,000 | ---D | C] -- C:\Users\Faraz\AppData\Local\CrashDumps
[2013/06/26 06:31:41 | 000,000,000 | ---D | C] -- C:\Users\Faraz\AppData\Local\Apps
[2013/06/21 06:07:16 | 000,046,792 | ---- | C] (AnchorFree Inc.) -- C:\Windows\SysNative\drivers\hssdrv6.sys
[2013/06/19 12:46:55 | 000,000,000 | R--D | C] -- C:\Users\Faraz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
[2013/06/19 12:46:55 | 000,000,000 | ---D | C] -- C:\Users\Faraz\AppData\Local\BMExplorer
[2013/06/17 14:37:57 | 000,000,000 | ---D | C] -- C:\Users\Faraz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
[2013/06/17 14:37:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
[2013/06/17 14:20:05 | 000,000,000 | ---D | C] -- C:\ProgramData\IDM
[2013/06/17 03:07:41 | 000,000,000 | ---D | C] -- C:\Users\Faraz\AppData\Roaming\Nitro
[2013/06/17 03:07:41 | 000,000,000 | ---D | C] -- C:\Users\Faraz\AppData\Roaming\FileOpen
[2013/06/17 03:07:41 | 000,000,000 | ---D | C] -- C:\ProgramData\FileOpen
[2013/06/17 03:06:05 | 000,029,704 | ---- | C] (Nitro PDF Software) -- C:\Windows\SysNative\nitrolocalmon2.dll
[2013/06/17 03:06:05 | 000,017,928 | ---- | C] (Nitro PDF Software) -- C:\Windows\SysNative\nitrolocalui2.dll
[2013/06/17 03:05:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nitro
[2013/06/17 03:05:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nitro
[2013/06/17 03:05:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Nitro
[2013/06/17 03:05:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nitro
[2013/06/17 00:09:23 | 000,000,000 | ---D | C] -- C:\Users\Faraz\AppData\Roaming\PDF
[2013/05/29 16:09:40 | 000,000,000 | ---D | C] -- C:\Users\Faraz\AppData\Local\Macromedia
[2013/05/18 14:52:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/05/18 14:51:39 | 000,263,584 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013/05/18 14:51:30 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013/05/18 14:51:30 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013/05/18 14:51:30 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/05/12 03:01:08 | 000,000,000 | ---D | C] -- C:\Users\Faraz\AppData\Roaming\Babylon
[2013/05/06 02:21:12 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys
[2013/05/06 02:21:12 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll
[2013/05/06 02:09:26 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2013/05/06 02:09:25 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2013/05/06 02:09:24 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2013/05/06 02:09:24 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2013/05/06 02:07:59 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll
[2013/05/06 02:07:57 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll
[2013/05/06 02:07:56 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll
[2013/05/06 02:07:56 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe
[2013/05/06 01:59:05 | 003,138,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2013/05/06 01:59:00 | 002,691,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2013/05/06 01:58:58 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
[2013/05/06 01:58:58 | 000,131,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
[2013/05/06 01:58:57 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2013/05/06 01:58:55 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2013/05/06 01:53:28 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2013/05/06 01:53:28 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2013/05/06 01:53:27 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2013/05/06 01:53:27 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013/05/06 01:53:26 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2013/05/06 01:53:25 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013/05/06 01:53:24 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013/05/06 01:53:24 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/05/06 01:53:24 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/05/06 01:53:23 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2013/05/06 01:53:23 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013/05/06 01:53:23 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013/05/06 01:53:23 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013/05/06 01:53:20 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2013/05/06 01:53:19 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2013/05/06 01:53:19 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2013/05/06 01:53:19 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2013/05/06 01:53:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2013/05/06 01:53:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2013/05/06 01:53:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2013/05/06 01:53:18 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2013/05/06 01:53:18 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2013/05/06 01:53:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/05/06 01:53:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/05/06 01:53:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2013/05/06 01:53:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2013/05/06 01:53:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/05/06 01:53:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/05/06 01:53:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/05/06 01:53:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/05/06 01:53:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2013/05/06 01:53:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2013/05/06 01:53:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2013/05/06 01:53:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/05/06 01:53:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2013/05/06 01:53:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2013/05/06 01:53:17 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2013/05/06 01:53:17 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2013/05/06 01:53:17 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2013/05/06 01:53:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/05/06 01:53:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2013/05/06 01:53:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2013/05/06 01:53:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2013/05/06 01:53:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2013/05/06 01:53:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2013/05/06 01:53:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2013/05/06 01:53:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2013/05/06 01:53:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2013/05/06 01:53:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2013/05/06 01:53:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2013/05/06 01:53:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2013/05/06 01:53:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2013/05/06 01:53:16 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2013/05/06 01:53:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2013/05/06 01:53:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/05/06 01:53:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/05/06 01:53:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2013/05/06 01:53:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2013/05/06 01:53:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2013/05/06 01:53:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2013/05/06 01:53:15 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2013/05/06 01:53:15 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2013/05/06 01:53:15 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2013/05/06 01:53:15 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2013/05/06 01:53:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2013/05/06 01:53:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2013/05/06 01:53:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2013/05/06 01:53:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2013/05/06 01:53:14 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013/05/06 01:51:28 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2013/05/06 01:51:27 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2013/05/06 01:51:27 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2013/05/06 01:48:31 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2013/05/06 01:48:30 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013/05/06 01:47:16 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
[2013/05/06 01:47:16 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll
[2013/05/06 01:47:15 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll
[2013/05/06 01:46:55 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys
[2013/05/06 01:46:38 | 003,213,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2013/05/06 01:46:11 | 000,154,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iisRtl.dll
[2013/05/06 01:46:10 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admwprox.dll
[2013/05/06 01:46:09 | 000,191,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iisRtl.dll
[2013/05/06 01:46:08 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admwprox.dll
[2013/05/06 01:46:05 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iisreset.exe
[2013/05/06 01:46:04 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ahadmin.dll
[2013/05/06 01:46:04 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iisreset.exe
[2013/05/06 01:46:03 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ahadmin.dll
[2013/05/06 01:46:03 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wamregps.dll
[2013/05/06 01:46:03 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wamregps.dll
[2013/05/06 01:46:02 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iisrstap.dll
[2013/05/06 01:46:02 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iisrstap.dll
[2013/05/06 01:44:22 | 000,287,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2013/05/06 01:43:21 | 001,462,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2013/05/06 01:43:19 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2013/05/06 01:42:43 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll
[2013/05/06 01:42:39 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2013/05/06 01:42:36 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl
[2013/05/06 01:42:35 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl
[2013/05/06 01:42:32 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2013/05/06 01:42:29 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll
[2013/05/06 01:42:28 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll
[2013/05/06 01:42:26 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2013/05/06 01:42:25 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll
[2013/05/06 01:42:25 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll
[2013/05/06 01:42:23 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2013/05/06 01:38:57 | 000,956,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2013/05/06 01:37:59 | 005,497,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/05/06 01:37:56 | 003,958,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013/05/06 01:37:56 | 003,902,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013/05/06 01:37:55 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2013/05/06 01:37:55 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2013/05/06 01:37:54 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2013/05/06 01:37:34 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files - Modified Within 90 Days ==========
 
[2013/07/24 19:33:26 | 000,986,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/07/24 19:33:26 | 000,815,680 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/07/24 19:33:26 | 000,169,078 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/07/24 19:29:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/07/24 19:22:05 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/07/24 19:03:10 | 000,002,975 | ---- | M] () -- C:\Users\Faraz\Desktop\HiJackThis.lnk
[2013/07/24 19:00:04 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-182233152-2924250215-3996894080-1000UA.job
[2013/07/24 18:59:02 | 001,402,880 | ---- | M] () -- C:\Users\Faraz\Desktop\HiJackThis.msi
[2013/07/24 18:58:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Faraz\Desktop\OTL.exe
[2013/07/24 18:55:01 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-182233152-2924250215-3996894080-1000UA.job
[2013/07/24 17:41:49 | 000,019,184 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/24 17:41:49 | 000,019,184 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/24 17:36:27 | 3148,218,368 | -HS- | M] () -- C:\hiberfil.sys
[2013/07/24 01:00:01 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-182233152-2924250215-3996894080-1000Core.job
[2013/07/23 12:36:31 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-182233152-2924250215-3996894080-1000Core.job
[2013/07/21 00:18:49 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\EVDO BROADBAND PTCL.lnk
[2013/07/20 10:48:19 | 000,000,600 | ---- | M] () -- C:\Users\Faraz\PUTTY.RND
[2013/07/20 10:23:20 | 000,580,227 | ---- | M] () -- C:\Users\Faraz\Desktop\How To Hack Any Email Account.pdf
[2013/07/20 09:03:30 | 000,242,310 | ---- | M] () -- C:\Users\Faraz\Desktop\[Tutorial] Disinfecting and Hacking a Keylogger ~ Software Zone.pdf
[2013/07/19 17:23:55 | 001,474,832 | ---- | M] () -- C:\Windows\SysNative\drivers\sfi.dat
[2013/07/19 16:51:11 | 000,222,725 | ---- | M] () -- C:\Users\Faraz\Desktop\Untitled.jpg
[2013/07/18 10:40:14 | 000,344,816 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/07/18 00:54:17 | 000,441,269 | ---- | M] () -- C:\Users\Faraz\Desktop\Q's Blog.pdf
[2013/07/16 16:29:58 | 000,174,956 | ---- | M] () -- C:\Users\Faraz\Desktop\HR Q & A.pdf
[2013/07/14 22:10:42 | 000,178,448 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\kneps.sys
[2013/07/14 22:10:38 | 000,054,368 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\kltdi.sys
[2013/07/14 22:10:03 | 000,620,128 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klif.sys
[2013/07/14 22:09:24 | 000,090,208 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klflt.sys
[2013/07/13 13:19:12 | 000,002,361 | ---- | M] () -- C:\Users\Faraz\Desktop\Google Chrome.lnk
[2013/07/12 02:14:50 | 001,501,408 | ---- | M] () -- C:\Users\Faraz\Desktop\Understanding The Differ..._ Simple Small Business.pdf
[2013/07/12 01:59:48 | 000,644,296 | ---- | M] () -- C:\Users\Faraz\Desktop\Markup vs. Margin. What ...rence_ – Consero Global.pdf
[2013/07/12 01:54:42 | 002,197,905 | ---- | M] () -- C:\Users\Faraz\Desktop\Gross margin .pdf
[2013/07/10 23:38:42 | 000,001,922 | ---- | M] () -- C:\Users\Public\Desktop\Nitro Pro 8.lnk
[2013/07/02 16:03:14 | 000,001,846 | ---- | M] () -- C:\Users\Public\Desktop\COMODO Internet Security.lnk
[2013/07/02 16:03:00 | 000,001,069 | ---- | M] () -- C:\Users\Faraz\Application Data\Microsoft\Internet Explorer\Quick Launch\COMODO GeekBuddy.lnk
[2013/07/02 16:03:00 | 000,001,045 | ---- | M] () -- C:\Users\Public\Desktop\COMODO GeekBuddy.lnk
[2013/07/02 16:02:54 | 000,001,070 | ---- | M] () -- C:\Users\Public\Desktop\Comodo Dragon.lnk
[2013/07/02 16:02:51 | 001,700,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\gdiplus.dll
[2013/07/01 23:35:30 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Kaspersky Anti-Virus 2013.lnk
[2013/07/01 23:10:56 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/07/01 22:46:16 | 000,001,030 | ---- | M] () -- C:\Users\Public\Desktop\USB Disk Security.lnk
[2013/06/27 12:18:06 | 000,001,885 | ---- | M] () -- C:\Users\Faraz\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero Express.lnk
[2013/06/27 12:18:06 | 000,001,861 | ---- | M] () -- C:\Users\Faraz\Desktop\Nero Express.lnk
[2013/06/27 12:09:41 | 000,001,280 | ---- | M] () -- C:\Users\Faraz\Desktop\Command Prompt.lnk
[2013/06/21 11:04:11 | 000,177,592 | ---- | M] () -- C:\Users\Faraz\Desktop\petrokeymia.jpg
[2013/06/21 06:07:16 | 000,046,792 | ---- | M] (AnchorFree Inc.) -- C:\Windows\SysNative\drivers\hssdrv6.sys
[2013/06/17 18:48:34 | 000,003,441 | ---- | M] () -- C:\Users\Faraz\AppData\Roaming\lgr
[2013/06/16 20:21:28 | 000,000,884 | RHS- | M] () -- C:\Users\Faraz\ntuser.pol
[2013/06/12 21:24:15 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/06/12 21:24:14 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/05/31 12:10:39 | 000,007,605 | ---- | M] () -- C:\Users\Faraz\AppData\Local\Resmon.ResmonCfg
[2013/05/18 14:51:20 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/05/18 14:51:16 | 000,263,584 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013/05/18 14:51:16 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013/05/18 14:51:15 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013/05/18 14:51:14 | 000,866,720 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npdeployJava1.dll
[2013/05/18 14:51:14 | 000,788,896 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013/05/09 20:29:30 | 000,131,072 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2013/05/08 00:49:06 | 000,087,185 | ---- | M] () -- C:\Users\Faraz\Documents\935235_463914003688815_2089777530_n.jpg
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/07/24 19:03:10 | 000,002,975 | ---- | C] () -- C:\Users\Faraz\Desktop\HiJackThis.lnk
[2013/07/24 18:58:40 | 001,402,880 | ---- | C] () -- C:\Users\Faraz\Desktop\HiJackThis.msi
[2013/07/22 21:01:17 | 001,039,596 | ---- | C] () -- C:\Users\Faraz\Desktop\23122012639.jpg
[2013/07/21 00:18:49 | 000,000,866 | ---- | C] () -- C:\Users\Public\Desktop\EVDO BROADBAND PTCL.lnk
[2013/07/20 10:23:20 | 000,580,227 | ---- | C] () -- C:\Users\Faraz\Desktop\How To Hack Any Email Account.pdf
[2013/07/20 09:03:23 | 000,242,310 | ---- | C] () -- C:\Users\Faraz\Desktop\[Tutorial] Disinfecting and Hacking a Keylogger ~ Software Zone.pdf
[2013/07/18 00:52:53 | 000,441,269 | ---- | C] () -- C:\Users\Faraz\Desktop\Q's Blog.pdf
[2013/07/16 16:29:21 | 000,174,956 | ---- | C] () -- C:\Users\Faraz\Desktop\HR Q & A.pdf
[2013/07/15 16:16:24 | 002,197,905 | ---- | C] () -- C:\Users\Faraz\Desktop\Gross margin .pdf
[2013/07/15 16:16:24 | 001,501,408 | ---- | C] () -- C:\Users\Faraz\Desktop\Understanding The Differ..._ Simple Small Business.pdf
[2013/07/15 16:16:24 | 000,644,296 | ---- | C] () -- C:\Users\Faraz\Desktop\Markup vs. Margin. What ...rence_ – Consero Global.pdf
[2013/07/02 16:04:44 | 001,474,832 | ---- | C] () -- C:\Windows\SysNative\drivers\sfi.dat
[2013/07/02 16:03:14 | 000,001,846 | ---- | C] () -- C:\Users\Public\Desktop\COMODO Internet Security.lnk
[2013/07/02 16:03:00 | 000,001,069 | ---- | C] () -- C:\Users\Faraz\Application Data\Microsoft\Internet Explorer\Quick Launch\COMODO GeekBuddy.lnk
[2013/07/02 16:03:00 | 000,001,045 | ---- | C] () -- C:\Users\Public\Desktop\COMODO GeekBuddy.lnk
[2013/07/02 16:02:54 | 000,001,070 | ---- | C] () -- C:\Users\Public\Desktop\Comodo Dragon.lnk
[2013/07/01 23:35:49 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Kaspersky Anti-Virus 2013.lnk
[2013/07/01 22:46:16 | 000,001,030 | ---- | C] () -- C:\Users\Public\Desktop\USB Disk Security.lnk
[2013/06/27 12:18:06 | 000,001,885 | ---- | C] () -- C:\Users\Faraz\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero Express.lnk
[2013/06/27 12:18:06 | 000,001,861 | ---- | C] () -- C:\Users\Faraz\Desktop\Nero Express.lnk
[2013/06/27 12:18:04 | 000,033,576 | ---- | C] () -- C:\Windows\SysWow64\BCGPOleAcc.dll
[2013/06/27 12:09:41 | 000,001,280 | ---- | C] () -- C:\Users\Faraz\Desktop\Command Prompt.lnk
[2013/06/21 11:04:06 | 000,177,592 | ---- | C] () -- C:\Users\Faraz\Desktop\petrokeymia.jpg
[2013/06/17 14:22:10 | 000,003,441 | ---- | C] () -- C:\Users\Faraz\AppData\Roaming\lgr
[2013/06/17 03:05:56 | 000,002,531 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nitro Pro 8.lnk
[2013/06/17 03:05:56 | 000,001,922 | ---- | C] () -- C:\Users\Public\Desktop\Nitro Pro 8.lnk
[2013/06/16 20:21:28 | 000,000,884 | RHS- | C] () -- C:\Users\Faraz\ntuser.pol
[2013/05/31 12:10:39 | 000,007,605 | ---- | C] () -- C:\Users\Faraz\AppData\Local\Resmon.ResmonCfg
[2013/05/08 00:49:01 | 000,087,185 | ---- | C] () -- C:\Users\Faraz\Documents\935235_463914003688815_2089777530_n.jpg
[2013/05/06 02:21:18 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2013/05/06 02:07:55 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2013/03/29 14:37:29 | 000,000,004 | ---- | C] () -- C:\Windows\vx86036.dat
[2013/03/29 14:36:01 | 000,000,054 | ---- | C] () -- C:\Windows\Crypkey.ini
[2013/03/29 14:35:58 | 000,011,776 | ---- | C] () -- C:\Windows\Ckrfresh.exe
[2013/03/09 00:05:20 | 000,000,009 | ---- | C] () -- C:\Users\Faraz\AppData\Roaming\WinAcc.EML
[2013/03/08 23:59:52 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\implode.dll
[2012/08/26 01:49:44 | 000,000,022 | ---- | C] () -- C:\Windows\Wininit.ini
[2012/08/05 21:58:10 | 000,002,016 | -HS- | C] () -- C:\Windows\SysWow64\win_fp_sys.dat
[2012/08/05 21:47:33 | 000,000,000 | -HS- | C] () -- C:\Windows\SysWow64\win_fp_app.dat
[2012/08/05 21:47:30 | 000,007,168 | ---- | C] () -- C:\Windows\SysWow64\FPService.exe
[2012/08/05 21:47:29 | 000,116,944 | ---- | C] () -- C:\Windows\Secure.dll
[2012/08/05 21:47:29 | 000,110,800 | ---- | C] () -- C:\Windows\Secure64.dll
[2012/08/05 21:47:29 | 000,035,840 | ---- | C] () -- C:\Windows\SysWow64\WinFPdrv.sys
[2012/08/05 21:47:29 | 000,008,064 | -HS- | C] () -- C:\Windows\SysWow64\win_fp_config.dat
[2012/08/04 22:11:41 | 000,000,327 | ---- | C] () -- C:\Windows\dvdcreator.INI
[2012/08/04 22:07:20 | 000,014,496 | ---- | C] () -- C:\Windows\SysWow64\VDI08X.DAT
[2012/08/04 22:04:00 | 000,135,168 | ---- | C] () -- C:\Windows\SysWow64\VDProductInfoEx.dll
[2012/08/02 01:37:56 | 000,149,504 | ---- | C] () -- C:\Windows\SysWow64\UNWISE.EXE
[2011/10/12 01:02:54 | 000,006,656 | ---- | C] () -- C:\Users\Faraz\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/10 23:25:18 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\cd.dat
[2011/09/27 00:18:38 | 000,037,647 | ---- | C] () -- C:\Users\Faraz\AppData\Roaming\Debut.dmp
[2011/09/01 17:06:21 | 000,000,600 | ---- | C] () -- C:\Users\Faraz\PUTTY.RND
[2011/08/13 23:07:15 | 000,000,990 | -HS- | C] () -- C:\Users\Faraz\AppData\Roaming\systemfl.$dk
[2011/07/29 19:27:03 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\Iyvu9_32.dll
[2011/07/29 19:27:02 | 000,568,850 | ---- | C] () -- C:\Windows\SysWow64\x264vfw.dll
[2011/07/29 19:27:00 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2011/07/29 19:26:57 | 000,005,120 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/07/29 19:24:02 | 000,000,061 | ---- | C] () -- C:\Windows\TEXTware.ini
[2011/07/29 19:24:00 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\Twavbx32.dll
[2011/07/29 19:24:00 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\idiom010227.dll
[2011/07/29 19:23:59 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\ILXTBS.DLL
[2011/07/29 19:23:59 | 000,115,200 | ---- | C] () -- C:\Windows\SysWow64\UnzDll.dll
[2011/07/29 19:23:59 | 000,113,288 | ---- | C] () -- C:\Windows\SysWow64\bass.dll
 
========== ZeroAccess Check ==========
 
[2011/11/17 12:14:10 | 000,002,048 | -HS- | M] () -- C:\Windows\Installer\{7c0eee1f-7b7e-6235-9f22-0f2dea83d0ae}\@
[2013/07/03 16:10:09 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{7c0eee1f-7b7e-6235-9f22-0f2dea83d0ae}\L
[2013/04/19 11:30:38 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{7c0eee1f-7b7e-6235-9f22-0f2dea83d0ae}\U
[2009/07/14 09:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 10:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 09:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 06:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 06:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 06:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
< End of report >


#3 faraz

faraz

    Member

  • Members
  • PipPipPip
  • 78 posts

Posted 24 July 2013 - 09:01 AM

couldn't locate the extras.log of otl scan & it also didn't popped up



#4 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 24 July 2013 - 10:17 AM

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.

Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Delete.
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

Reopen OTL.exe Select 'Use Safelist' under Extra Registry then choose to Run a Scan, when done, post the log that opens>> OTL.txt and also Extras.txt

Do you want to post your own logs from FRST?
Follow the instructions posted Click Here


#5 faraz

faraz

    Member

  • Members
  • PipPipPip
  • 78 posts

Posted 24 July 2013 - 07:24 PM

# AdwCleaner v2.306 - Logfile created 07/25/2013 at 04:36:30

# Updated 19/07/2013 by Xplode
# Operating system : Windows 7 Ultimate  (64 bits)
# User : Faraz - SLAIN
# Boot Mode : Normal
# Running from : C:\Users\Faraz\Desktop\AdwCleaner.exe
# Option [Delete]
 
 
***** [Services] *****
 
 
***** [Files / Folders] *****
 
Deleted on reboot : C:\Program Files (x86)\Hotspot Shield
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_jbpcjmidkkgldeplajgnbpjkfpmpeepb_0.localstorage
File Deleted : C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_jbpcjmidkkgldeplajgnbpjkfpmpeepb_0.localstorage-journal
File Deleted : C:\Users\Faraz\AppData\Roaming\Mozilla\Firefox\Profiles\3ajw8v5r.default\searchplugins\Babylon.xml
File Deleted : C:\Users\Faraz\AppData\Roaming\Mozilla\Firefox\Profiles\3ajw8v5r.default\searchplugins\delta.xml
File Deleted : C:\Users\Faraz\AppData\Roaming\Mozilla\Firefox\Profiles\3ajw8v5r.default\searchplugins\WebSearch.xml
File Deleted : C:\Windows\SysWOW64\conduitEngine.tmp
Folder Deleted : C:\Program Files (x86)\Hotspot_Shield
Folder Deleted : C:\Program Files (x86)\Mozilla Firefox\Extensions\[email protected]
Folder Deleted : C:\ProgramData\Hotspot Shield
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotspot Shield
Folder Deleted : C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbpcjmidkkgldeplajgnbpjkfpmpeepb
Folder Deleted : C:\Users\Faraz\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Faraz\AppData\LocalLow\ConduitEngine
Folder Deleted : C:\Users\Faraz\AppData\LocalLow\delta
Folder Deleted : C:\Users\Faraz\AppData\LocalLow\Hotspot_Shield
Folder Deleted : C:\Users\Faraz\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Faraz\AppData\LocalLow\Toolbar4
Folder Deleted : C:\Users\Faraz\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Faraz\AppData\Roaming\Mozilla\Firefox\Profiles\3ajw8v5r.default\extensions\staged
Folder Deleted : C:\Users\Faraz\AppData\Roaming\OpenCandy
Folder Deleted : C:\Windows\SysWOW64\Hotspot Shield
 
***** [Registry] *****
 
Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\AppDataLow\Software\conduitEngine
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\Hotspot_Shield
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\SProtector
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\BI
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Headlight
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1BB22D38-A411-4B13-A746-C2A4F4EC7344}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A42F6A7C-B5FA-4565-AC08-ECB439C4342D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C95A4E8E-816D-4655-8C79-D736DA1ADB6D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07FCE05F-98B6-4017-8DCE-DCC5823B7678}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1BB22D38-A411-4B13-A746-C2A4F4EC7344}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C522512A-9C2C-4DE5-9F63-976B560FEF14}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C95A4E8E-816D-4655-8C79-D736DA1ADB6D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C99FDC39-A1AE-4B24-8D71-E5274F8D7C54}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D3F22A84-2A84-49EB-91E6-5DADAAF0165D}
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\DefaultTabBHO.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho
Key Deleted : HKLM\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho.1.0
Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler
Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Key Deleted : HKLM\SOFTWARE\Classes\TBSB00001.IEToolbar
Key Deleted : HKLM\SOFTWARE\Classes\TBSB00001.IEToolbar.1
Key Deleted : HKLM\SOFTWARE\Classes\TBSB00001.TBSB00001
Key Deleted : HKLM\SOFTWARE\Classes\TBSB00001.TBSB00001.3
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1561552
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2786678
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3031607
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3080215
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.XBTBPos00
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.XBTBPos00.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}
Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook
Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\conduitEngine
Key Deleted : HKLM\Software\Hotspot_Shield
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{1BB22D38-A411-4B13-A746-C2A4F4EC7344}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07FCE05F-98B6-4017-8DCE-DCC5823B7678}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKLM\Software\SP Global
Key Deleted : HKLM\Software\SProtector
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{07FCE05F-98B6-4017-8DCE-DCC5823B7678}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1BB22D38-A411-4B13-A746-C2A4F4EC7344}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A42F6A7C-B5FA-4565-AC08-ECB439C4342D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C95A4E8E-816D-4655-8C79-D736DA1ADB6D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1ADA9BAD-CD7C-46EE-8DED-2DC3A6D8949D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{219168C6-531A-4FD7-87DD-ABB6C223EE27}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{45188CF8-B603-48DF-A71A-F55D3C918753}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{D3F22A84-2A84-49EB-91E6-5DADAAF0165D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C95A4E8E-816D-4655-8C79-D736DA1ADB6D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2EF17083-57D4-4D64-AE4F-55F32A2C4571}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Conduit Engine 
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Hotspot_Shield Toolbar
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2263BE11-ACB7-49D9-8313-6B1D5CC42FAA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{97FC5555-8BDC-40EA-8DE2-B1E46B9EA629}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Key Deleted : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{1BB22D38-A411-4B13-A746-C2A4F4EC7344}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{C95A4E8E-816D-4655-8C79-D736DA1ADB6D}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{C95A4E8E-816D-4655-8C79-D736DA1ADB6D}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{CA3EB689-8F09-4026-AA10-B9534C691CE0}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{C95A4E8E-816D-4655-8C79-D736DA1ADB6D}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{1BB22D38-A411-4B13-A746-C2A4F4EC7344}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{C95A4E8E-816D-4655-8C79-D736DA1ADB6D}]
 
***** [Internet Browsers] *****
 
-\\ Internet Explorer v9.0.8112.16421
 
[OK] Registry is clean.
 
-\\ Mozilla Firefox v11.0 (en-US)
 
File : C:\Users\Faraz\AppData\Roaming\Mozilla\Firefox\Profiles\3ajw8v5r.default\prefs.js
 
C:\Users\Faraz\AppData\Roaming\Mozilla\Firefox\Profiles\3ajw8v5r.default\user.js ... Deleted !
 
Deleted : user_pref("extensions.delta.admin", false);
Deleted : user_pref("extensions.delta.aflt", "babsst");
Deleted : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Deleted : user_pref("extensions.delta.autoRvrt", "false");
Deleted : user_pref("extensions.delta.dfltLng", "en");
Deleted : user_pref("extensions.delta.excTlbr", false);
Deleted : user_pref("extensions.delta.ffxUnstlRst", true);
Deleted : user_pref("extensions.delta.id", "64a3dba0000000000000000000000000");
Deleted : user_pref("extensions.delta.instlDay", "15836");
Deleted : user_pref("extensions.delta.instlRef", "sst");
Deleted : user_pref("extensions.delta.newTab", false);
Deleted : user_pref("extensions.delta.prdct", "delta");
Deleted : user_pref("extensions.delta.prtnrId", "delta");
Deleted : user_pref("extensions.delta.rvrt", "false");
Deleted : user_pref("extensions.delta.smplGrp", "none");
Deleted : user_pref("extensions.delta.tlbrId", "base");
Deleted : user_pref("extensions.delta.tlbrSrchUrl", "");
Deleted : user_pref("extensions.delta.vrsn", "1.8.16.16");
Deleted : user_pref("extensions.delta.vrsnTs", "1.8.16.163:02:05");
Deleted : user_pref("extensions.delta.vrsni", "1.8.16.16");
Deleted : user_pref("browser.search.order.1", "WebSearch");
Deleted : user_pref("browser.search.order.1,S", "WebSearch");
Deleted : user_pref("browser.search.defaultenginename,S", "WebSearch");
Deleted : user_pref("browser.search.selectedEngine,S", "WebSearch");
 
-\\ Google Chrome v28.0.1500.72
 
File : C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
 
-\\ Opera v11.50.1074.0
 
File : C:\Users\Faraz\AppData\Roaming\Opera\Opera\operaprefs.ini
 
[OK] File is clean.
 
*************************
 
AdwCleaner[S1].txt - [22687 octets] - [25/07/2013 04:36:30]
 
########## EOF - C:\AdwCleaner[S1].txt - [22748 octets] ##########


#6 faraz

faraz

    Member

  • Members
  • PipPipPip
  • 78 posts

Posted 24 July 2013 - 07:26 PM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.2.2 (07.22.2013:2)
OS: Windows 7 Ultimate x64
Ran by Faraz on 25/Jul/13 at  4:49:55.16
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
Successfully stopped: [Service] hshld 
Successfully deleted: [Service] hshld 
Successfully stopped: [Service] hsstrayservice 
Successfully deleted: [Service] hsstrayservice 
Successfully stopped: [Service] hsswd 
Successfully deleted: [Service] hsswd 
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\anchorfree
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\hotspotshield
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\hotspotshield
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\apnstub_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\askpartnercobrandingtool_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\askpartnercobrandingtool_rasmancs
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{7902DE1C-DFB2-426C-A5A1-F87FD90FBEEB}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\ProgramData\codecc"
Successfully deleted: [Folder] "C:\Users\Faraz\appdata\locallow\codecc"
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 25/Jul/13 at  5:42:55.18
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#7 faraz

faraz

    Member

  • Members
  • PipPipPip
  • 78 posts

Posted 24 July 2013 - 07:27 PM

OTL logfile created on: 25/Jul/13 5:45:48 AM - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Faraz\Desktop
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd/MMM/yy
 
3.91 Gb Total Physical Memory | 2.66 Gb Available Physical Memory | 67.97% Memory free
7.82 Gb Paging File | 6.41 Gb Available in Paging File | 81.99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 48.73 Gb Total Space | 5.85 Gb Free Space | 12.01% Space Free | Partition Type: NTFS
Drive D: | 48.83 Gb Total Space | 2.43 Gb Free Space | 4.97% Space Free | Partition Type: NTFS
Drive E: | 368.10 Gb Total Space | 33.39 Gb Free Space | 9.07% Space Free | Partition Type: NTFS
 
Computer Name: SLAIN | User Name: Faraz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 90 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/07/24 18:58:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Faraz\Desktop\OTL.exe
PRC - [2013/04/13 12:07:26 | 000,802,136 | ---- | M] (BitTorrent Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
PRC - [2012/09/18 14:28:32 | 000,069,640 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\NLSSRV32.EXE
PRC - [2011/04/21 19:32:26 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010/10/05 21:04:12 | 002,655,768 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/10/05 21:04:08 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2007/02/10 07:29:54 | 029,178,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\MSSQL\Primavera\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2006/08/28 04:53:48 | 000,092,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\MSSQL\Primavera\MSSQL.1\MSSQL\Binn\msftesql.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011/04/22 08:13:00 | 000,004,096 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\coprocmanager\detoured.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012/11/08 04:37:39 | 002,828,408 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV:64bit: - [2012/09/18 14:28:28 | 000,230,920 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe -- (NitroDriverReadSpool8)
SRV:64bit: - [2011/11/23 15:27:10 | 001,267,000 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe -- (CLPSLS)
SRV:64bit: - [2010/03/19 01:25:55 | 000,126,976 | ---- | M] (CrypKey (Canada) Ltd.) [Disabled | Stopped] -- C:\Windows\SysNative\Crypserv.exe -- (CrypKey License)
SRV:64bit: - [2009/08/25 09:15:30 | 000,410,112 | ---- | M] () [Auto | Running] -- C:\Program Files\EVDO BROADBAND PTCL\bin\MonServiceUDisk64.exe -- (UDisk Monitor)
SRV:64bit: - [2009/07/14 06:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 06:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/07/14 06:38:59 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\CISVC.EXE -- (CISVC)
SRV - [2013/06/12 21:24:16 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/02/28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/01/14 14:41:14 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) [Auto | Stopped] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe -- (AVP)
SRV - [2012/09/18 14:28:32 | 000,069,640 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2011/04/22 08:13:00 | 002,009,704 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/04/21 19:32:26 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/03/14 20:27:34 | 000,346,976 | ---- | M] () [Disabled | Stopped] -- C:\ProgramData\DatacardService\HWDeviceService64.exe -- (HWDeviceService64.exe)
SRV - [2010/12/17 14:46:48 | 000,053,920 | ---- | M] (Atheros Commnucations) [Disabled | Stopped] -- C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2010/11/03 12:01:34 | 000,983,104 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2010/11/03 12:01:20 | 001,298,496 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)
SRV - [2010/11/03 11:53:28 | 000,897,088 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
SRV - [2010/10/05 21:04:12 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/10/05 21:04:08 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/10/01 11:49:08 | 000,151,552 | ---- | M] (Atheros) [Disabled | Stopped] -- C:\Program Files (x86)\Dell Wireless\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent)
SRV - [2009/07/14 06:15:31 | 000,396,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2009/07/14 06:15:31 | 000,396,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2009/07/14 06:14:53 | 000,061,440 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2009/06/11 02:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/12/03 14:43:06 | 000,841,728 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Primavera Common\BackgroundAgent\PrmBackgroundAgent.exe -- (PrmBackAgent)
SRV - [2007/02/10 07:29:54 | 029,178,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\MSSQL\Primavera\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$PRIMAVERA)
SRV - [2006/08/28 04:53:48 | 000,092,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\MSSQL\Primavera\MSSQL.1\MSSQL\Binn\msftesql.exe -- (msftesql$PRIMAVERA)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013/07/14 22:10:42 | 000,178,448 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kneps.sys -- (kneps)
DRV:64bit: - [2013/07/14 22:10:38 | 000,054,368 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kltdi.sys -- (kltdi)
DRV:64bit: - [2013/07/14 22:10:03 | 000,620,128 | ---- | M] (Kaspersky Lab ZAO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2013/06/21 06:07:16 | 000,046,792 | ---- | M] (AnchorFree Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\hssdrv6.sys -- (HssDRV6)
DRV:64bit: - [2013/04/25 00:28:08 | 000,042,184 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6)
DRV:64bit: - [2013/01/14 14:41:12 | 000,029,528 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2013/01/14 14:41:12 | 000,029,016 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klkbdflt.sys -- (klkbdflt)
DRV:64bit: - [2012/11/08 04:37:57 | 000,022,736 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\cmderd.sys -- (cmderd)
DRV:64bit: - [2012/08/02 15:09:34 | 000,028,504 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2012/06/21 00:15:53 | 000,028,672 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_juextctrl.sys -- (huawei_ext_ctrl)
DRV:64bit: - [2012/06/21 00:15:52 | 000,422,400 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbwwan.sys -- (ewusbmbb)
DRV:64bit: - [2012/06/21 00:15:52 | 000,223,232 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2012/06/21 00:15:52 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV:64bit: - [2012/06/21 00:15:52 | 000,098,304 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_jucdcacm.sys -- (huawei_cdcacm)
DRV:64bit: - [2012/06/21 00:15:52 | 000,087,040 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV:64bit: - [2012/06/21 00:15:52 | 000,072,192 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_jucdcecm.sys -- (huawei_cdcecm)
DRV:64bit: - [2012/06/19 17:28:12 | 000,458,584 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1)
DRV:64bit: - [2012/04/23 16:26:26 | 000,154,272 | ---- | M] (Tonec Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\idmwfp.sys -- (IDMWFP)
DRV:64bit: - [2012/03/01 11:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/05/25 04:40:10 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2011/05/13 00:28:46 | 000,363,856 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2011/04/22 08:13:00 | 000,025,960 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2011/03/26 01:17:50 | 012,262,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/03/11 11:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 11:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/03 21:29:20 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010/12/17 14:47:10 | 000,275,616 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2010/12/17 14:47:08 | 000,201,376 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2010/12/17 14:47:08 | 000,154,272 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2010/12/17 14:47:08 | 000,055,456 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2010/12/17 14:47:08 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2010/12/17 14:47:08 | 000,028,832 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2010/12/17 14:47:06 | 000,298,144 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2010/12/10 13:50:36 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/12/10 13:50:36 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/11/24 11:33:26 | 002,673,664 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/11/04 05:07:06 | 000,058,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux)
DRV:64bit: - [2010/10/19 23:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/05/27 06:30:00 | 001,121,632 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2010/03/19 04:11:09 | 000,030,272 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\Ckldrv.sys -- (NetworkX)
DRV:64bit: - [2009/12/23 19:33:48 | 000,118,360 | ---- | M] (FarStone Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\FVXSCSI.SYS -- (FVXSCSI)
DRV:64bit: - [2009/07/21 16:04:16 | 000,119,168 | ---- | M] (ZTEMT Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT_ZTEMT_U_USBSER.sys -- (ztemtusbser)
DRV:64bit: - [2009/07/14 06:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 06:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 06:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 06:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 05:06:32 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2009/06/11 01:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 01:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 01:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 01:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/02/09 10:38:44 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64j.sys -- (UsbserFilt)
DRV:64bit: - [2009/02/09 10:38:34 | 000,018,944 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcdx64)
DRV:64bit: - [2009/02/09 10:38:34 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2009/02/09 10:38:32 | 000,025,088 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdcx64)
DRV:64bit: - [2008/10/29 10:47:02 | 000,024,592 | ---- | M] (FarStone Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\FCDABUS.SYS -- (fcdabus)
DRV:64bit: - [2008/05/06 18:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV - [2009/07/14 06:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://pk.msn.com/?C=PK
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = ED 44 0A 8A 56 41 CC 01  [binary data]
IE - HKCU\..\URLSearchHook: {08d6b0b4-c132-470d-a8e2-aa2e9c3851c9} - No CLSID value found
IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found
IE - HKCU\..\URLSearchHook: {c34bfb11-eff0-4123-a7a5-79051ef24cf5} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{8EEAC88A-079B-4b2c-80C1-7836F79EB40A}: "URL" = http://us.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}:6.0.37
FF - prefs.js..extensions.enabledAddons: [email protected]:1.0
FF - prefs.js..browser.startup.homepage: "http://us.yahoo.com?fr=fp-comodo"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..keyword.URL: "http://us.search.yah...=ytff-comodo&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-comodo"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-comodo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Faraz\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Faraz\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Faraz\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Nokia\Nokia PC Suite 7\bkmrksync\ [2011/07/29 16:13:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\[email protected] [2013/07/14 22:10:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\[email protected] [2013/07/14 22:10:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\[email protected] [2013/07/14 22:10:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/04/12 22:29:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Faraz\AppData\Roaming\IDM\idmmzcc5 [2013/06/26 07:05:30 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Users\Faraz\AppData\Roaming\IDM\idmmzcc5 [2013/06/26 07:05:30 | 000,000,000 | ---D | M]
 
[2012/04/12 22:30:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Faraz\AppData\Roaming\mozilla\Extensions
[2013/07/25 04:37:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Faraz\AppData\Roaming\mozilla\Firefox\Profiles\3ajw8v5r.default\extensions
[2013/05/07 12:34:31 | 000,000,000 | ---D | M] (SelectionLinks) -- C:\Users\Faraz\AppData\Roaming\mozilla\Firefox\Profiles\3ajw8v5r.default\extensions\{C92DDD27-768C-4E40-B655-740B017E698D}
[2013/07/25 04:36:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/08/03 02:47:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012/09/03 20:41:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\[email protected]
[2012/03/13 09:39:39 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/03/13 09:38:32 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/03/13 09:38:32 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Faraz\AppData\Local\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Faraz\AppData\Local\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Faraz\AppData\Local\Google\Chrome\Application\28.0.1500.72\pdf.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Java™ Platform SE 7 U13 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Nitro PDF Plug-In (Enabled) = C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Faraz\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
CHR - plugin: Java Deployment Toolkit 7.0.130.20 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - Extension: TV = C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Default\Extensions\beobeededemalmllhkmnkinmfembdimh\1.0.12_0\
CHR - Extension: YouTube = C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Kaspersky URL Advisor = C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\
CHR - Extension: ESPN Cricinfo = C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlklinjgampohhihndkofhhaahoicoip\1.0.0_0\
CHR - Extension: Google+ = C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlppkpafhbajpcmmoheippocdidnckmm\1.2.0.418_0\
CHR - Extension: ssafEE- saVae = C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Default\Extensions\epcacbllddpdcojcggmijaggcpambccj\1\
CHR - Extension: saafe saveo = C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbhkimppigjgkknlpoohbcbfdhhbaeig\1\
CHR - Extension: Content Blocker = C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail\13.0.1.4190_0\
CHR - Extension: ESPN Cricinfo = C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijhlikjoigjegofbedmfmlcfkmhabldh\1.8.4.1_0\
CHR - Extension: Quran = C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iklmggidaneooheckcalppihpgfidbpe\2_0\
CHR - Extension: Virtual Keyboard = C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4292_0\
CHR - Extension: Web Navigation = C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkemddiljapcmhicklfpcbpfffahfbja\1.0_0\
CHR - Extension: Web Navigation = C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkemddiljapcmhicklfpcbpfffahfbja\1.0_0\.bak
CHR - Extension: Gmail = C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2013/07/03 16:10:09 | 000,000,707 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Users\Faraz\AppData\Local\Temp\IDMIECC64.dll File not found
O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Users\Faraz\AppData\Local\Temp\IDMIECC.dll File not found
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (SelectionLinks) - {7825CFB6-490A-436B-9F26-4A7B5CFC01A9} - C:\Program Files (x86)\OApps\SelectionLinks.dll File not found
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (ssafEE- saVae) - {98ED5451-2AA6-96DB-7012-46C7C9673C57} - C:\ProgramData\ssafEE- saVae\51d19df9cfdfa.dll File not found
O2 - BHO: (QUICKfind BHO Object) - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~2\TEXTware\QUICKF~1\PlugIns\IEHelp.dll File not found
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {08D6B0B4-C132-470D-A8E2-AA2E9C3851C9} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C34BFB11-EFF0-4123-A7A5-79051EF24CF5} - No CLSID value found.
O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [NVHotkey] C:\Windows\SysNative\nvHotkey.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe (Kaspersky Lab ZAO)
O4 - HKCU..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot File not found
O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Download all links with IDM - C:\Users\Faraz\AppData\Local\Temp\Rar$EX37.136\Internet Download Manager v6.05.10\crack\IEGetAll.htm File not found
O8:64bit: - Extra context menu item: Download with IDM - C:\Users\Faraz\AppData\Local\Temp\Rar$EX37.136\Internet Download Manager v6.05.10\crack\IEExt.htm File not found
O8:64bit: - Extra context menu item: QuickDefine - C:\Program Files (x86)\Common Files\microsoft shared\Reference Titles\eddefine.htm ()
O8 - Extra context menu item: Download all links with IDM - C:\Users\Faraz\AppData\Local\Temp\Rar$EX37.136\Internet Download Manager v6.05.10\crack\IEGetAll.htm File not found
O8 - Extra context menu item: Download with IDM - C:\Users\Faraz\AppData\Local\Temp\Rar$EX37.136\Internet Download Manager v6.05.10\crack\IEExt.htm File not found
O8 - Extra context menu item: QuickDefine - C:\Program Files (x86)\Common Files\microsoft shared\Reference Titles\eddefine.htm ()
O9:64bit: - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
O9:64bit: - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre7\bin\jp2iexp.dll ()
O9 - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O9 - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.21.2)
O16 - DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{50E85FEB-E007-45E8-A588-742A30D19941}: NameServer = 46.184.252.171 46.184.252.82
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{60D8391B-FB23-4063-83BA-281FECD708AE}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8C0BDDB9-9EE1-42AC-8A70-23BE28B8C50A}: DhcpNameServer = 192.168.100.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A267094A-40C3-47D3-8DAE-302A089FA963}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B4E1DD84-082B-4E48-95F7-B9F21F406F24}: NameServer = 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DD41DE21-F7EB-4434-9DAB-E5924B4B42FB}: DhcpNameServer = 192.168.1.1 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
O20:64bit: - AppInit_DLLs: (c:\windows\syswow64\nvinit.dll) - c:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) - C:\Windows\SysWOW64\guard32.dll (COMODO)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO)
O20 - AppInit_DLLs: (c:\windows\syswow64\nvinit.dll) - c:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) - C:\Windows\SysWOW64\guard32.dll (COMODO)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 0
O33 - MountPoints2\{02c8fcea-4ca3-11e1-bef9-b0f753bc31d4}\Shell - "" = AutoRun
O33 - MountPoints2\{02c8fcea-4ca3-11e1-bef9-b0f753bc31d4}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{33399f99-67c2-11e1-8d4c-a98bf1d84fd7}\Shell - "" = AutoRun
O33 - MountPoints2\{33399f99-67c2-11e1-8d4c-a98bf1d84fd7}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{3c7c41a4-2031-11e1-b52f-ee78cfe267cc}\Shell - "" = AutoRun
O33 - MountPoints2\{3c7c41a4-2031-11e1-b52f-ee78cfe267cc}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{3c7c41cd-2031-11e1-b52f-cfa96447c4ac}\Shell - "" = AutoRun
O33 - MountPoints2\{3c7c41cd-2031-11e1-b52f-cfa96447c4ac}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{3c7c41fc-2031-11e1-b52f-cfa96447c4ac}\Shell - "" = AutoRun
O33 - MountPoints2\{3c7c41fc-2031-11e1-b52f-cfa96447c4ac}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{4af26f6f-30a6-11e1-9b94-910f30baeed7}\Shell - "" = AutoRun
O33 - MountPoints2\{4af26f6f-30a6-11e1-9b94-910f30baeed7}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{4af26f77-30a6-11e1-9b94-910f30baeed7}\Shell - "" = AutoRun
O33 - MountPoints2\{4af26f77-30a6-11e1-9b94-910f30baeed7}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{6e1e4585-2fd1-11e2-a558-c0f8da9ce4fc}\Shell - "" = AutoRun
O33 - MountPoints2\{6e1e4585-2fd1-11e2-a558-c0f8da9ce4fc}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{6e1e459a-2fd1-11e2-a558-c0f8da9ce4fc}\Shell - "" = AutoRun
O33 - MountPoints2\{6e1e459a-2fd1-11e2-a558-c0f8da9ce4fc}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{6e1e45b1-2fd1-11e2-a558-c0f8da9ce4fc}\Shell - "" = AutoRun
O33 - MountPoints2\{6e1e45b1-2fd1-11e2-a558-c0f8da9ce4fc}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{6e1e45c3-2fd1-11e2-a558-c0f8da9ce4fc}\Shell - "" = AutoRun
O33 - MountPoints2\{6e1e45c3-2fd1-11e2-a558-c0f8da9ce4fc}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{73f29098-acba-11e1-b04f-bb72616340ba}\Shell - "" = AutoRun
O33 - MountPoints2\{73f29098-acba-11e1-b04f-bb72616340ba}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{73f290a8-acba-11e1-b04f-bb72616340ba}\Shell - "" = AutoRun
O33 - MountPoints2\{73f290a8-acba-11e1-b04f-bb72616340ba}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{73f290b2-acba-11e1-b04f-bb72616340ba}\Shell - "" = AutoRun
O33 - MountPoints2\{73f290b2-acba-11e1-b04f-bb72616340ba}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{792b117a-79e6-11e2-8803-c0f8da9ce4fc}\Shell - "" = AutoRun
O33 - MountPoints2\{792b117a-79e6-11e2-8803-c0f8da9ce4fc}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{7b2ec2e4-ccc5-11e0-a18e-001e101f50a4}\Shell - "" = AutoRun
O33 - MountPoints2\{7b2ec2e4-ccc5-11e0-a18e-001e101f50a4}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{85dd8db7-99f3-11e2-9cf8-c0f8da9ce4fc}\Shell - "" = AutoRun
O33 - MountPoints2\{85dd8db7-99f3-11e2-9cf8-c0f8da9ce4fc}\Shell\AutoRun\command - "" = G:\Setup.exe /Auto
O33 - MountPoints2\{86568119-c4b4-11e0-b905-001e101f24f1}\Shell - "" = AutoRun
O33 - MountPoints2\{86568119-c4b4-11e0-b905-001e101f24f1}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{86568127-c4b4-11e0-b905-001e101f24f1}\Shell - "" = AutoRun
O33 - MountPoints2\{86568127-c4b4-11e0-b905-001e101f24f1}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{b37abe37-0cab-11e1-8e39-f1be9be713a1}\Shell - "" = AutoRun
O33 - MountPoints2\{b37abe37-0cab-11e1-8e39-f1be9be713a1}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{b37abe3e-0cab-11e1-8e39-f1be9be713a1}\Shell - "" = AutoRun
O33 - MountPoints2\{b37abe3e-0cab-11e1-8e39-f1be9be713a1}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{b3999c83-9c5f-11e1-b456-e3fa1a8666c4}\Shell - "" = AutoRun
O33 - MountPoints2\{b3999c83-9c5f-11e1-b456-e3fa1a8666c4}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{b78e385c-0a03-11e1-916b-95476b19059a}\Shell - "" = AutoRun
O33 - MountPoints2\{b78e385c-0a03-11e1-916b-95476b19059a}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{b78e3869-0a03-11e1-916b-95476b19059a}\Shell - "" = AutoRun
O33 - MountPoints2\{b78e3869-0a03-11e1-916b-95476b19059a}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{b78e3877-0a03-11e1-916b-95476b19059a}\Shell - "" = AutoRun
O33 - MountPoints2\{b78e3877-0a03-11e1-916b-95476b19059a}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{c60b1d03-948a-11e1-b452-a9fb93de33a9}\Shell - "" = AutoRun
O33 - MountPoints2\{c60b1d03-948a-11e1-b452-a9fb93de33a9}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{e453e644-42ec-11e1-ba57-dbe944af10d1}\Shell - "" = AutoRun
O33 - MountPoints2\{e453e644-42ec-11e1-ba57-dbe944af10d1}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{e5e543a2-b458-11e0-8134-c0f8da9ce4fc}\Shell - "" = AutoRun
O33 - MountPoints2\{e5e543a2-b458-11e0-8134-c0f8da9ce4fc}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{e5e543b7-b458-11e0-8134-c0f8da9ce4fc}\Shell - "" = AutoRun
O33 - MountPoints2\{e5e543b7-b458-11e0-8134-c0f8da9ce4fc}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{e5e543d4-b458-11e0-8134-c0f8da9ce4fc}\Shell - "" = AutoRun
O33 - MountPoints2\{e5e543d4-b458-11e0-8134-c0f8da9ce4fc}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{e98d437d-d555-11e0-8ea9-001e101f8ed0}\Shell - "" = AutoRun
O33 - MountPoints2\{e98d437d-d555-11e0-8ea9-001e101f8ed0}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{e98d47ad-d555-11e0-8ea9-001e101f8ed0}\Shell - "" = AutoRun
O33 - MountPoints2\{e98d47ad-d555-11e0-8ea9-001e101f8ed0}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 90 Days ==========
 
[2013/07/25 04:49:51 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/07/25 04:33:26 | 000,560,934 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Faraz\Desktop\JRT.exe
[2013/07/24 19:03:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2013/07/24 19:03:10 | 000,000,000 | ---D | C] -- C:\Users\Faraz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2013/07/24 18:58:10 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Faraz\Desktop\OTL.exe
[2013/07/21 00:18:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EVDO BROADBAND PTCL
[2013/07/21 00:18:37 | 000,000,000 | ---D | C] -- C:\Program Files\EVDO BROADBAND PTCL
[2013/07/03 16:19:01 | 000,000,000 | ---D | C] -- C:\Users\Faraz\AppData\Local\Comodo
[2013/07/02 19:53:54 | 000,000,000 | ---D | C] -- C:\ProgramData\CPA_VA
[2013/07/02 19:52:50 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\COMODO
[2013/07/02 16:13:11 | 000,000,000 | -H-D | C] -- C:\VritualRoot
[2013/07/02 16:03:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo
[2013/07/02 16:02:58 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2013/07/02 16:02:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
[2013/07/02 16:02:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Comodo
[2013/07/02 16:02:51 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gdiplus.dll
[2013/07/01 23:35:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus 2013
[2013/07/01 23:35:29 | 000,064,856 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\klfphc.dll
[2013/07/01 23:34:26 | 000,000,000 | ---D | C] -- C:\Windows\ELAMBKUP
[2013/07/01 23:34:13 | 000,620,128 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klif.sys
[2013/07/01 23:34:13 | 000,090,208 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klflt.sys
[2013/07/01 22:46:25 | 000,000,000 | ---D | C] -- C:\Users\Faraz\AppData\Roaming\Zbshareware Lab
[2013/07/01 22:46:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\USB Disk Security
[2013/07/01 22:46:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\USB Disk Security
[2013/06/29 11:41:48 | 000,000,000 | ---D | C] -- C:\Users\Faraz\Desktop\Docs
[2013/06/27 12:19:08 | 000,000,000 | ---D | C] -- C:\Users\Faraz\AppData\Roaming\Nero
[2013/06/27 12:18:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero
[2013/06/27 12:18:03 | 003,036,456 | ---- | C] (BCGSoft Ltd) -- C:\Windows\SysWow64\BCGCBPRO860u80.dll
[2013/06/27 12:18:03 | 000,802,816 | ---- | C] (Pegasus Imaging Corp.) -- C:\Windows\SysWow64\imagXRA7.dll
[2013/06/27 12:18:03 | 000,368,640 | ---- | C] (Pegasus Imaging Corporation) -- C:\Windows\SysWow64\TwnLib4.dll
[2013/06/27 12:18:03 | 000,258,048 | ---- | C] (Pegasus Imaging Corp.) -- C:\Windows\SysWow64\imagXR7.dll
[2013/06/27 12:18:02 | 000,497,296 | ---- | C] (Pegasus Imaging Corp.) -- C:\Windows\SysWow64\imagXpr7.dll
[2013/06/27 12:18:01 | 001,757,184 | ---- | C] (Pegasus Imaging Corp.) -- C:\Windows\SysWow64\imagX7.dll
[2013/06/27 12:17:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Ahead
[2013/06/27 12:17:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nero
[2013/06/26 06:59:33 | 000,000,000 | ---D | C] -- C:\Users\Faraz\AppData\Local\CrashDumps
[2013/06/26 06:31:41 | 000,000,000 | ---D | C] -- C:\Users\Faraz\AppData\Local\Apps
[2013/06/21 06:07:16 | 000,046,792 | ---- | C] (AnchorFree Inc.) -- C:\Windows\SysNative\drivers\hssdrv6.sys
[2013/06/19 12:46:55 | 000,000,000 | R--D | C] -- C:\Users\Faraz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
[2013/06/19 12:46:55 | 000,000,000 | ---D | C] -- C:\Users\Faraz\AppData\Local\BMExplorer
[2013/06/17 14:37:57 | 000,000,000 | ---D | C] -- C:\Users\Faraz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
[2013/06/17 14:37:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
[2013/06/17 14:20:05 | 000,000,000 | ---D | C] -- C:\ProgramData\IDM
[2013/06/17 03:07:41 | 000,000,000 | ---D | C] -- C:\Users\Faraz\AppData\Roaming\Nitro
[2013/06/17 03:07:41 | 000,000,000 | ---D | C] -- C:\Users\Faraz\AppData\Roaming\FileOpen
[2013/06/17 03:07:41 | 000,000,000 | ---D | C] -- C:\ProgramData\FileOpen
[2013/06/17 03:06:05 | 000,029,704 | ---- | C] (Nitro PDF Software) -- C:\Windows\SysNative\nitrolocalmon2.dll
[2013/06/17 03:06:05 | 000,017,928 | ---- | C] (Nitro PDF Software) -- C:\Windows\SysNative\nitrolocalui2.dll
[2013/06/17 03:05:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nitro
[2013/06/17 03:05:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nitro
[2013/06/17 03:05:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Nitro
[2013/06/17 03:05:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nitro
[2013/06/17 00:09:23 | 000,000,000 | ---D | C] -- C:\Users\Faraz\AppData\Roaming\PDF
[2013/05/29 16:09:40 | 000,000,000 | ---D | C] -- C:\Users\Faraz\AppData\Local\Macromedia
[2013/05/18 14:52:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/05/18 14:51:39 | 000,263,584 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013/05/18 14:51:30 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013/05/18 14:51:30 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013/05/18 14:51:30 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/05/06 02:21:12 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys
[2013/05/06 02:21:12 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll
[2013/05/06 02:09:26 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2013/05/06 02:09:25 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2013/05/06 02:09:24 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2013/05/06 02:09:24 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2013/05/06 02:07:59 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll
[2013/05/06 02:07:57 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll
[2013/05/06 02:07:56 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll
[2013/05/06 02:07:56 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe
[2013/05/06 01:59:05 | 003,138,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2013/05/06 01:59:00 | 002,691,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2013/05/06 01:58:58 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
[2013/05/06 01:58:58 | 000,131,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
[2013/05/06 01:58:57 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2013/05/06 01:58:55 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2013/05/06 01:53:28 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2013/05/06 01:53:28 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2013/05/06 01:53:27 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2013/05/06 01:53:27 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013/05/06 01:53:26 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2013/05/06 01:53:25 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013/05/06 01:53:24 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013/05/06 01:53:24 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/05/06 01:53:24 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/05/06 01:53:23 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2013/05/06 01:53:23 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013/05/06 01:53:23 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013/05/06 01:53:23 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013/05/06 01:53:20 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2013/05/06 01:53:19 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2013/05/06 01:53:19 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2013/05/06 01:53:19 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2013/05/06 01:53:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2013/05/06 01:53:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2013/05/06 01:53:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2013/05/06 01:53:18 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2013/05/06 01:53:18 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2013/05/06 01:53:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/05/06 01:53:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/05/06 01:53:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2013/05/06 01:53:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2013/05/06 01:53:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/05/06 01:53:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/05/06 01:53:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/05/06 01:53:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/05/06 01:53:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2013/05/06 01:53:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2013/05/06 01:53:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2013/05/06 01:53:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/05/06 01:53:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2013/05/06 01:53:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2013/05/06 01:53:17 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2013/05/06 01:53:17 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2013/05/06 01:53:17 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2013/05/06 01:53:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/05/06 01:53:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2013/05/06 01:53:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2013/05/06 01:53:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2013/05/06 01:53:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2013/05/06 01:53:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2013/05/06 01:53:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2013/05/06 01:53:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2013/05/06 01:53:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2013/05/06 01:53:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2013/05/06 01:53:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2013/05/06 01:53:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2013/05/06 01:53:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2013/05/06 01:53:16 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2013/05/06 01:53:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2013/05/06 01:53:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/05/06 01:53:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/05/06 01:53:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2013/05/06 01:53:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2013/05/06 01:53:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2013/05/06 01:53:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2013/05/06 01:53:15 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2013/05/06 01:53:15 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2013/05/06 01:53:15 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2013/05/06 01:53:15 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2013/05/06 01:53:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2013/05/06 01:53:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2013/05/06 01:53:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2013/05/06 01:53:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2013/05/06 01:53:14 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013/05/06 01:51:28 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2013/05/06 01:51:27 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2013/05/06 01:51:27 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2013/05/06 01:48:31 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2013/05/06 01:48:30 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013/05/06 01:47:16 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
[2013/05/06 01:47:16 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll
[2013/05/06 01:47:15 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll
[2013/05/06 01:46:55 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys
[2013/05/06 01:46:38 | 003,213,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2013/05/06 01:46:11 | 000,154,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iisRtl.dll
[2013/05/06 01:46:10 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admwprox.dll
[2013/05/06 01:46:09 | 000,191,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iisRtl.dll
[2013/05/06 01:46:08 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admwprox.dll
[2013/05/06 01:46:05 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iisreset.exe
[2013/05/06 01:46:04 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ahadmin.dll
[2013/05/06 01:46:04 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iisreset.exe
[2013/05/06 01:46:03 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ahadmin.dll
[2013/05/06 01:46:03 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wamregps.dll
[2013/05/06 01:46:03 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wamregps.dll
[2013/05/06 01:46:02 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iisrstap.dll
[2013/05/06 01:46:02 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iisrstap.dll
[2013/05/06 01:44:22 | 000,287,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2013/05/06 01:43:21 | 001,462,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2013/05/06 01:43:19 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2013/05/06 01:42:43 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll
[2013/05/06 01:42:39 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2013/05/06 01:42:36 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl
[2013/05/06 01:42:35 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl
[2013/05/06 01:42:32 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2013/05/06 01:42:29 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll
[2013/05/06 01:42:28 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll
[2013/05/06 01:42:26 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2013/05/06 01:42:25 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll
[2013/05/06 01:42:25 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll
[2013/05/06 01:42:23 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2013/05/06 01:38:57 | 000,956,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2013/05/06 01:37:59 | 005,497,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/05/06 01:37:56 | 003,958,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013/05/06 01:37:56 | 003,902,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013/05/06 01:37:55 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2013/05/06 01:37:55 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2013/05/06 01:37:54 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2013/05/06 01:37:34 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe
 
========== Files - Modified Within 90 Days ==========
 
[2013/07/25 05:55:11 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-182233152-2924250215-3996894080-1000UA.job
[2013/07/25 05:22:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/07/25 04:46:46 | 000,019,184 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/25 04:46:46 | 000,019,184 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/25 04:41:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/07/25 04:41:27 | 3148,218,368 | -HS- | M] () -- C:\hiberfil.sys
[2013/07/25 04:38:36 | 000,000,105 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013/07/25 04:32:18 | 000,986,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/07/25 04:32:18 | 000,815,680 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/07/25 04:32:18 | 000,169,078 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/07/25 04:28:30 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-182233152-2924250215-3996894080-1000UA.job
[2013/07/25 04:20:28 | 000,666,633 | ---- | M] () -- C:\Users\Faraz\Desktop\AdwCleaner.exe
[2013/07/25 04:19:54 | 000,560,934 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Faraz\Desktop\JRT.exe
[2013/07/25 01:06:39 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-182233152-2924250215-3996894080-1000Core.job
[2013/07/24 19:03:10 | 000,002,975 | ---- | M] () -- C:\Users\Faraz\Desktop\HiJackThis.lnk
[2013/07/24 18:58:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Faraz\Desktop\OTL.exe
[2013/07/23 12:36:31 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-182233152-2924250215-3996894080-1000Core.job
[2013/07/21 00:18:49 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\EVDO BROADBAND PTCL.lnk
[2013/07/20 10:48:19 | 000,000,600 | ---- | M] () -- C:\Users\Faraz\PUTTY.RND
[2013/07/20 10:23:20 | 000,580,227 | ---- | M] () -- C:\Users\Faraz\Desktop\How To Hack Any Email Account.pdf
[2013/07/20 09:03:30 | 000,242,310 | ---- | M] () -- C:\Users\Faraz\Desktop\[Tutorial] Disinfecting and Hacking a Keylogger ~ Software Zone.pdf
[2013/07/19 17:23:55 | 001,474,832 | ---- | M] () -- C:\Windows\SysNative\drivers\sfi.dat
[2013/07/19 16:51:11 | 000,222,725 | ---- | M] () -- C:\Users\Faraz\Desktop\Untitled.jpg
[2013/07/18 10:40:14 | 000,344,816 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/07/18 00:54:17 | 000,441,269 | ---- | M] () -- C:\Users\Faraz\Desktop\Q's Blog.pdf
[2013/07/16 16:29:58 | 000,174,956 | ---- | M] () -- C:\Users\Faraz\Desktop\HR Q & A.pdf
[2013/07/14 22:10:42 | 000,178,448 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\kneps.sys
[2013/07/14 22:10:38 | 000,054,368 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\kltdi.sys
[2013/07/14 22:10:03 | 000,620,128 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klif.sys
[2013/07/14 22:09:24 | 000,090,208 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klflt.sys
[2013/07/13 13:19:12 | 000,002,361 | ---- | M] () -- C:\Users\Faraz\Desktop\Google Chrome.lnk
[2013/07/12 02:14:50 | 001,501,408 | ---- | M] () -- C:\Users\Faraz\Desktop\Understanding The Differ..._ Simple Small Business.pdf
[2013/07/12 01:59:48 | 000,644,296 | ---- | M] () -- C:\Users\Faraz\Desktop\Markup vs. Margin. What ...rence_ – Consero Global.pdf
[2013/07/12 01:54:42 | 002,197,905 | ---- | M] () -- C:\Users\Faraz\Desktop\Gross margin .pdf
[2013/07/10 23:38:42 | 000,001,922 | ---- | M] () -- C:\Users\Public\Desktop\Nitro Pro 8.lnk
[2013/07/02 16:03:14 | 000,001,846 | ---- | M] () -- C:\Users\Public\Desktop\COMODO Internet Security.lnk
[2013/07/02 16:03:00 | 000,001,069 | ---- | M] () -- C:\Users\Faraz\Application Data\Microsoft\Internet Explorer\Quick Launch\COMODO GeekBuddy.lnk
[2013/07/02 16:03:00 | 000,001,045 | ---- | M] () -- C:\Users\Public\Desktop\COMODO GeekBuddy.lnk
[2013/07/02 16:02:54 | 000,001,070 | ---- | M] () -- C:\Users\Public\Desktop\Comodo Dragon.lnk
[2013/07/02 16:02:51 | 001,700,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\gdiplus.dll
[2013/07/01 23:35:30 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Kaspersky Anti-Virus 2013.lnk
[2013/07/01 23:10:56 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/07/01 22:46:16 | 000,001,030 | ---- | M] () -- C:\Users\Public\Desktop\USB Disk Security.lnk
[2013/06/27 12:18:06 | 000,001,885 | ---- | M] () -- C:\Users\Faraz\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero Express.lnk
[2013/06/27 12:18:06 | 000,001,861 | ---- | M] () -- C:\Users\Faraz\Desktop\Nero Express.lnk
[2013/06/27 12:09:41 | 000,001,280 | ---- | M] () -- C:\Users\Faraz\Desktop\Command Prompt.lnk
[2013/06/21 11:04:11 | 000,177,592 | ---- | M] () -- C:\Users\Faraz\Desktop\petrokeymia.jpg
[2013/06/21 06:07:16 | 000,046,792 | ---- | M] (AnchorFree Inc.) -- C:\Windows\SysNative\drivers\hssdrv6.sys
[2013/06/17 18:48:34 | 000,003,441 | ---- | M] () -- C:\Users\Faraz\AppData\Roaming\lgr
[2013/06/16 20:21:28 | 000,000,884 | RHS- | M] () -- C:\Users\Faraz\ntuser.pol
[2013/06/12 21:24:15 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/06/12 21:24:14 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/05/31 12:10:39 | 000,007,605 | ---- | M] () -- C:\Users\Faraz\AppData\Local\Resmon.ResmonCfg
[2013/05/18 14:51:20 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/05/18 14:51:16 | 000,263,584 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013/05/18 14:51:16 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013/05/18 14:51:15 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013/05/18 14:51:14 | 000,866,720 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npdeployJava1.dll
[2013/05/18 14:51:14 | 000,788,896 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013/05/09 20:29:30 | 000,131,072 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2013/05/08 00:49:06 | 000,087,185 | ---- | M] () -- C:\Users\Faraz\Documents\935235_463914003688815_2089777530_n.jpg
 
========== Files Created - No Company Name ==========
 
[2013/07/25 04:36:43 | 000,000,105 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013/07/25 04:33:26 | 000,666,633 | ---- | C] () -- C:\Users\Faraz\Desktop\AdwCleaner.exe
[2013/07/24 19:03:10 | 000,002,975 | ---- | C] () -- C:\Users\Faraz\Desktop\HiJackThis.lnk
[2013/07/21 00:18:49 | 000,000,866 | ---- | C] () -- C:\Users\Public\Desktop\EVDO BROADBAND PTCL.lnk
[2013/07/20 10:23:20 | 000,580,227 | ---- | C] () -- C:\Users\Faraz\Desktop\How To Hack Any Email Account.pdf
[2013/07/20 09:03:23 | 000,242,310 | ---- | C] () -- C:\Users\Faraz\Desktop\[Tutorial] Disinfecting and Hacking a Keylogger ~ Software Zone.pdf
[2013/07/18 00:52:53 | 000,441,269 | ---- | C] () -- C:\Users\Faraz\Desktop\Q's Blog.pdf
[2013/07/16 16:29:21 | 000,174,956 | ---- | C] () -- C:\Users\Faraz\Desktop\HR Q & A.pdf
[2013/07/15 16:16:24 | 002,197,905 | ---- | C] () -- C:\Users\Faraz\Desktop\Gross margin .pdf
[2013/07/15 16:16:24 | 001,501,408 | ---- | C] () -- C:\Users\Faraz\Desktop\Understanding The Differ..._ Simple Small Business.pdf
[2013/07/15 16:16:24 | 000,644,296 | ---- | C] () -- C:\Users\Faraz\Desktop\Markup vs. Margin. What ...rence_ – Consero Global.pdf
[2013/07/02 16:04:44 | 001,474,832 | ---- | C] () -- C:\Windows\SysNative\drivers\sfi.dat
[2013/07/02 16:03:14 | 000,001,846 | ---- | C] () -- C:\Users\Public\Desktop\COMODO Internet Security.lnk
[2013/07/02 16:03:00 | 000,001,069 | ---- | C] () -- C:\Users\Faraz\Application Data\Microsoft\Internet Explorer\Quick Launch\COMODO GeekBuddy.lnk
[2013/07/02 16:03:00 | 000,001,045 | ---- | C] () -- C:\Users\Public\Desktop\COMODO GeekBuddy.lnk
[2013/07/02 16:02:54 | 000,001,070 | ---- | C] () -- C:\Users\Public\Desktop\Comodo Dragon.lnk
[2013/07/01 23:35:49 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Kaspersky Anti-Virus 2013.lnk
[2013/07/01 22:46:16 | 000,001,030 | ---- | C] () -- C:\Users\Public\Desktop\USB Disk Security.lnk
[2013/06/27 12:18:06 | 000,001,885 | ---- | C] () -- C:\Users\Faraz\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero Express.lnk
[2013/06/27 12:18:06 | 000,001,861 | ---- | C] () -- C:\Users\Faraz\Desktop\Nero Express.lnk
[2013/06/27 12:18:04 | 000,033,576 | ---- | C] () -- C:\Windows\SysWow64\BCGPOleAcc.dll
[2013/06/27 12:09:41 | 000,001,280 | ---- | C] () -- C:\Users\Faraz\Desktop\Command Prompt.lnk
[2013/06/21 11:04:06 | 000,177,592 | ---- | C] () -- C:\Users\Faraz\Desktop\petrokeymia.jpg
[2013/06/17 14:22:10 | 000,003,441 | ---- | C] () -- C:\Users\Faraz\AppData\Roaming\lgr
[2013/06/17 03:05:56 | 000,002,531 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nitro Pro 8.lnk
[2013/06/17 03:05:56 | 000,001,922 | ---- | C] () -- C:\Users\Public\Desktop\Nitro Pro 8.lnk
[2013/06/16 20:21:28 | 000,000,884 | RHS- | C] () -- C:\Users\Faraz\ntuser.pol
[2013/05/31 12:10:39 | 000,007,605 | ---- | C] () -- C:\Users\Faraz\AppData\Local\Resmon.ResmonCfg
[2013/05/08 00:49:01 | 000,087,185 | ---- | C] () -- C:\Users\Faraz\Documents\935235_463914003688815_2089777530_n.jpg
[2013/05/06 02:21:18 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2013/05/06 02:07:55 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2013/03/29 14:37:29 | 000,000,004 | ---- | C] () -- C:\Windows\vx86036.dat
[2013/03/29 14:36:01 | 000,000,054 | ---- | C] () -- C:\Windows\Crypkey.ini
[2013/03/29 14:35:58 | 000,011,776 | ---- | C] () -- C:\Windows\Ckrfresh.exe
[2013/03/09 00:05:20 | 000,000,009 | ---- | C] () -- C:\Users\Faraz\AppData\Roaming\WinAcc.EML
[2013/03/08 23:59:52 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\implode.dll
[2012/08/26 01:49:44 | 000,000,022 | ---- | C] () -- C:\Windows\Wininit.ini
[2012/08/05 21:58:10 | 000,002,016 | -HS- | C] () -- C:\Windows\SysWow64\win_fp_sys.dat
[2012/08/05 21:47:33 | 000,000,000 | -HS- | C] () -- C:\Windows\SysWow64\win_fp_app.dat
[2012/08/05 21:47:30 | 000,007,168 | ---- | C] () -- C:\Windows\SysWow64\FPService.exe
[2012/08/05 21:47:29 | 000,116,944 | ---- | C] () -- C:\Windows\Secure.dll
[2012/08/05 21:47:29 | 000,110,800 | ---- | C] () -- C:\Windows\Secure64.dll
[2012/08/05 21:47:29 | 000,035,840 | ---- | C] () -- C:\Windows\SysWow64\WinFPdrv.sys
[2012/08/05 21:47:29 | 000,008,064 | -HS- | C] () -- C:\Windows\SysWow64\win_fp_config.dat
[2012/08/04 22:11:41 | 000,000,327 | ---- | C] () -- C:\Windows\dvdcreator.INI
[2012/08/04 22:07:20 | 000,014,496 | ---- | C] () -- C:\Windows\SysWow64\VDI08X.DAT
[2012/08/04 22:04:00 | 000,135,168 | ---- | C] () -- C:\Windows\SysWow64\VDProductInfoEx.dll
[2012/08/02 01:37:56 | 000,149,504 | ---- | C] () -- C:\Windows\SysWow64\UNWISE.EXE
[2011/10/12 01:02:54 | 000,006,656 | ---- | C] () -- C:\Users\Faraz\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/10 23:25:18 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\cd.dat
[2011/09/27 00:18:38 | 000,037,647 | ---- | C] () -- C:\Users\Faraz\AppData\Roaming\Debut.dmp
[2011/09/01 17:06:21 | 000,000,600 | ---- | C] () -- C:\Users\Faraz\PUTTY.RND
[2011/08/13 23:07:15 | 000,000,990 | -HS- | C] () -- C:\Users\Faraz\AppData\Roaming\systemfl.$dk
[2011/07/29 19:27:03 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\Iyvu9_32.dll
[2011/07/29 19:27:02 | 000,568,850 | ---- | C] () -- C:\Windows\SysWow64\x264vfw.dll
[2011/07/29 19:27:00 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2011/07/29 19:26:57 | 000,005,120 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/07/29 19:24:02 | 000,000,061 | ---- | C] () -- C:\Windows\TEXTware.ini
[2011/07/29 19:24:00 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\Twavbx32.dll
[2011/07/29 19:24:00 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\idiom010227.dll
[2011/07/29 19:23:59 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\ILXTBS.DLL
[2011/07/29 19:23:59 | 000,115,200 | ---- | C] () -- C:\Windows\SysWow64\UnzDll.dll
[2011/07/29 19:23:59 | 000,113,288 | ---- | C] () -- C:\Windows\SysWow64\bass.dll
 
========== ZeroAccess Check ==========
 
[2011/11/17 12:14:10 | 000,002,048 | -HS- | M] () -- C:\Windows\Installer\{7c0eee1f-7b7e-6235-9f22-0f2dea83d0ae}\@
[2013/07/03 16:10:09 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{7c0eee1f-7b7e-6235-9f22-0f2dea83d0ae}\L
[2013/04/19 11:30:38 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{7c0eee1f-7b7e-6235-9f22-0f2dea83d0ae}\U
[2009/07/14 09:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 10:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 09:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 06:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 06:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 06:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
< End of report >


#8 faraz

faraz

    Member

  • Members
  • PipPipPip
  • 78 posts

Posted 24 July 2013 - 07:31 PM

OTL logfile created on: 25/Jul/13 5:45:48 AM - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Faraz\Desktop
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd/MMM/yy
 
3.91 Gb Total Physical Memory | 2.66 Gb Available Physical Memory | 67.97% Memory free
7.82 Gb Paging File | 6.41 Gb Available in Paging File | 81.99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 48.73 Gb Total Space | 5.85 Gb Free Space | 12.01% Space Free | Partition Type: NTFS
Drive D: | 48.83 Gb Total Space | 2.43 Gb Free Space | 4.97% Space Free | Partition Type: NTFS
Drive E: | 368.10 Gb Total Space | 33.39 Gb Free Space | 9.07% Space Free | Partition Type: NTFS
 
Computer Name: SLAIN | User Name: Faraz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 90 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/07/24 18:58:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Faraz\Desktop\OTL.exe
PRC - [2013/04/13 12:07:26 | 000,802,136 | ---- | M] (BitTorrent Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
PRC - [2012/09/18 14:28:32 | 000,069,640 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\NLSSRV32.EXE
PRC - [2011/04/21 19:32:26 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010/10/05 21:04:12 | 002,655,768 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/10/05 21:04:08 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2007/02/10 07:29:54 | 029,178,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\MSSQL\Primavera\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2006/08/28 04:53:48 | 000,092,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\MSSQL\Primavera\MSSQL.1\MSSQL\Binn\msftesql.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011/04/22 08:13:00 | 000,004,096 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\coprocmanager\detoured.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012/11/08 04:37:39 | 002,828,408 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV:64bit: - [2012/09/18 14:28:28 | 000,230,920 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe -- (NitroDriverReadSpool8)
SRV:64bit: - [2011/11/23 15:27:10 | 001,267,000 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe -- (CLPSLS)
SRV:64bit: - [2010/03/19 01:25:55 | 000,126,976 | ---- | M] (CrypKey (Canada) Ltd.) [Disabled | Stopped] -- C:\Windows\SysNative\Crypserv.exe -- (CrypKey License)
SRV:64bit: - [2009/08/25 09:15:30 | 000,410,112 | ---- | M] () [Auto | Running] -- C:\Program Files\EVDO BROADBAND PTCL\bin\MonServiceUDisk64.exe -- (UDisk Monitor)
SRV:64bit: - [2009/07/14 06:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 06:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/07/14 06:38:59 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\CISVC.EXE -- (CISVC)
SRV - [2013/06/12 21:24:16 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/02/28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/01/14 14:41:14 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) [Auto | Stopped] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe -- (AVP)
SRV - [2012/09/18 14:28:32 | 000,069,640 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2011/04/22 08:13:00 | 002,009,704 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/04/21 19:32:26 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/03/14 20:27:34 | 000,346,976 | ---- | M] () [Disabled | Stopped] -- C:\ProgramData\DatacardService\HWDeviceService64.exe -- (HWDeviceService64.exe)
SRV - [2010/12/17 14:46:48 | 000,053,920 | ---- | M] (Atheros Commnucations) [Disabled | Stopped] -- C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2010/11/03 12:01:34 | 000,983,104 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2010/11/03 12:01:20 | 001,298,496 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)
SRV - [2010/11/03 11:53:28 | 000,897,088 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
SRV - [2010/10/05 21:04:12 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/10/05 21:04:08 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/10/01 11:49:08 | 000,151,552 | ---- | M] (Atheros) [Disabled | Stopped] -- C:\Program Files (x86)\Dell Wireless\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent)
SRV - [2009/07/14 06:15:31 | 000,396,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2009/07/14 06:15:31 | 000,396,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2009/07/14 06:14:53 | 000,061,440 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2009/06/11 02:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/12/03 14:43:06 | 000,841,728 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Primavera Common\BackgroundAgent\PrmBackgroundAgent.exe -- (PrmBackAgent)
SRV - [2007/02/10 07:29:54 | 029,178,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\MSSQL\Primavera\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$PRIMAVERA)
SRV - [2006/08/28 04:53:48 | 000,092,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\MSSQL\Primavera\MSSQL.1\MSSQL\Binn\msftesql.exe -- (msftesql$PRIMAVERA)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013/07/14 22:10:42 | 000,178,448 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kneps.sys -- (kneps)
DRV:64bit: - [2013/07/14 22:10:38 | 000,054,368 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kltdi.sys -- (kltdi)
DRV:64bit: - [2013/07/14 22:10:03 | 000,620,128 | ---- | M] (Kaspersky Lab ZAO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2013/06/21 06:07:16 | 000,046,792 | ---- | M] (AnchorFree Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\hssdrv6.sys -- (HssDRV6)
DRV:64bit: - [2013/04/25 00:28:08 | 000,042,184 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6)
DRV:64bit: - [2013/01/14 14:41:12 | 000,029,528 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2013/01/14 14:41:12 | 000,029,016 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klkbdflt.sys -- (klkbdflt)
DRV:64bit: - [2012/11/08 04:37:57 | 000,022,736 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\cmderd.sys -- (cmderd)
DRV:64bit: - [2012/08/02 15:09:34 | 000,028,504 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2012/06/21 00:15:53 | 000,028,672 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_juextctrl.sys -- (huawei_ext_ctrl)
DRV:64bit: - [2012/06/21 00:15:52 | 000,422,400 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbwwan.sys -- (ewusbmbb)
DRV:64bit: - [2012/06/21 00:15:52 | 000,223,232 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2012/06/21 00:15:52 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV:64bit: - [2012/06/21 00:15:52 | 000,098,304 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_jucdcacm.sys -- (huawei_cdcacm)
DRV:64bit: - [2012/06/21 00:15:52 | 000,087,040 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV:64bit: - [2012/06/21 00:15:52 | 000,072,192 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_jucdcecm.sys -- (huawei_cdcecm)
DRV:64bit: - [2012/06/19 17:28:12 | 000,458,584 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1)
DRV:64bit: - [2012/04/23 16:26:26 | 000,154,272 | ---- | M] (Tonec Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\idmwfp.sys -- (IDMWFP)
DRV:64bit: - [2012/03/01 11:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/05/25 04:40:10 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2011/05/13 00:28:46 | 000,363,856 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2011/04/22 08:13:00 | 000,025,960 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2011/03/26 01:17:50 | 012,262,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/03/11 11:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 11:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/03 21:29:20 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010/12/17 14:47:10 | 000,275,616 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2010/12/17 14:47:08 | 000,201,376 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2010/12/17 14:47:08 | 000,154,272 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2010/12/17 14:47:08 | 000,055,456 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2010/12/17 14:47:08 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2010/12/17 14:47:08 | 000,028,832 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2010/12/17 14:47:06 | 000,298,144 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2010/12/10 13:50:36 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/12/10 13:50:36 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/11/24 11:33:26 | 002,673,664 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/11/04 05:07:06 | 000,058,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux)
DRV:64bit: - [2010/10/19 23:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/05/27 06:30:00 | 001,121,632 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2010/03/19 04:11:09 | 000,030,272 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\Ckldrv.sys -- (NetworkX)
DRV:64bit: - [2009/12/23 19:33:48 | 000,118,360 | ---- | M] (FarStone Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\FVXSCSI.SYS -- (FVXSCSI)
DRV:64bit: - [2009/07/21 16:04:16 | 000,119,168 | ---- | M] (ZTEMT Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT_ZTEMT_U_USBSER.sys -- (ztemtusbser)
DRV:64bit: - [2009/07/14 06:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 06:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 06:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 06:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 05:06:32 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2009/06/11 01:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 01:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 01:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 01:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/02/09 10:38:44 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64j.sys -- (UsbserFilt)
DRV:64bit: - [2009/02/09 10:38:34 | 000,018,944 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcdx64)
DRV:64bit: - [2009/02/09 10:38:34 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2009/02/09 10:38:32 | 000,025,088 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdcx64)
DRV:64bit: - [2008/10/29 10:47:02 | 000,024,592 | ---- | M] (FarStone Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\FCDABUS.SYS -- (fcdabus)
DRV:64bit: - [2008/05/06 18:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV - [2009/07/14 06:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://pk.msn.com/?C=PK
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = ED 44 0A 8A 56 41 CC 01  [binary data]
IE - HKCU\..\URLSearchHook: {08d6b0b4-c132-470d-a8e2-aa2e9c3851c9} - No CLSID value found
IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found
IE - HKCU\..\URLSearchHook: {c34bfb11-eff0-4123-a7a5-79051ef24cf5} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{8EEAC88A-079B-4b2c-80C1-7836F79EB40A}: "URL" = http://us.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}:6.0.37
FF - prefs.js..extensions.enabledAddons: [email protected]:1.0
FF - prefs.js..browser.startup.homepage: "http://us.yahoo.com?fr=fp-comodo"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..keyword.URL: "http://us.search.yah...=ytff-comodo&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-comodo"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-comodo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Faraz\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Faraz\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Faraz\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Nokia\Nokia PC Suite 7\bkmrksync\ [2011/07/29 16:13:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\[email protected] [2013/07/14 22:10:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\[email protected] [2013/07/14 22:10:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\[email protected] [2013/07/14 22:10:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/04/12 22:29:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Faraz\AppData\Roaming\IDM\idmmzcc5 [2013/06/26 07:05:30 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Users\Faraz\AppData\Roaming\IDM\idmmzcc5 [2013/06/26 07:05:30 | 000,000,000 | ---D | M]
 
[2012/04/12 22:30:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Faraz\AppData\Roaming\mozilla\Extensions
[2013/07/25 04:37:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Faraz\AppData\Roaming\mozilla\Firefox\Profiles\3ajw8v5r.default\extensions
[2013/05/07 12:34:31 | 000,000,000 | ---D | M] (SelectionLinks) -- C:\Users\Faraz\AppData\Roaming\mozilla\Firefox\Profiles\3ajw8v5r.default\extensions\{C92DDD27-768C-4E40-B655-740B017E698D}
[2013/07/25 04:36:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/08/03 02:47:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012/09/03 20:41:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\[email protected]
[2012/03/13 09:39:39 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/03/13 09:38:32 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/03/13 09:38:32 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Faraz\AppData\Local\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Faraz\AppData\Local\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Faraz\AppData\Local\Google\Chrome\Application\28.0.1500.72\pdf.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Java™ Platform SE 7 U13 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Nitro PDF Plug-In (Enabled) = C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Faraz\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
CHR - plugin: Java Deployment Toolkit 7.0.130.20 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - Extension: TV = C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Default\Extensions\beobeededemalmllhkmnkinmfembdimh\1.0.12_0\
CHR - Extension: YouTube = C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Kaspersky URL Advisor = C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\
CHR - Extension: ESPN Cricinfo = C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlklinjgampohhihndkofhhaahoicoip\1.0.0_0\
CHR - Extension: Google+ = C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlppkpafhbajpcmmoheippocdidnckmm\1.2.0.418_0\
CHR - Extension: ssafEE- saVae = C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Default\Extensions\epcacbllddpdcojcggmijaggcpambccj\1\
CHR - Extension: saafe saveo = C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbhkimppigjgkknlpoohbcbfdhhbaeig\1\
CHR - Extension: Content Blocker = C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail\13.0.1.4190_0\
CHR - Extension: ESPN Cricinfo = C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijhlikjoigjegofbedmfmlcfkmhabldh\1.8.4.1_0\
CHR - Extension: Quran = C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iklmggidaneooheckcalppihpgfidbpe\2_0\
CHR - Extension: Virtual Keyboard = C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4292_0\
CHR - Extension: Web Navigation = C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkemddiljapcmhicklfpcbpfffahfbja\1.0_0\
CHR - Extension: Web Navigation = C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkemddiljapcmhicklfpcbpfffahfbja\1.0_0\.bak
CHR - Extension: Gmail = C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2013/07/03 16:10:09 | 000,000,707 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Users\Faraz\AppData\Local\Temp\IDMIECC64.dll File not found
O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Users\Faraz\AppData\Local\Temp\IDMIECC.dll File not found
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (SelectionLinks) - {7825CFB6-490A-436B-9F26-4A7B5CFC01A9} - C:\Program Files (x86)\OApps\SelectionLinks.dll File not found
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (ssafEE- saVae) - {98ED5451-2AA6-96DB-7012-46C7C9673C57} - C:\ProgramData\ssafEE- saVae\51d19df9cfdfa.dll File not found
O2 - BHO: (QUICKfind BHO Object) - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~2\TEXTware\QUICKF~1\PlugIns\IEHelp.dll File not found
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {08D6B0B4-C132-470D-A8E2-AA2E9C3851C9} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C34BFB11-EFF0-4123-A7A5-79051EF24CF5} - No CLSID value found.
O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [NVHotkey] C:\Windows\SysNative\nvHotkey.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe (Kaspersky Lab ZAO)
O4 - HKCU..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot File not found
O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Download all links with IDM - C:\Users\Faraz\AppData\Local\Temp\Rar$EX37.136\Internet Download Manager v6.05.10\crack\IEGetAll.htm File not found
O8:64bit: - Extra context menu item: Download with IDM - C:\Users\Faraz\AppData\Local\Temp\Rar$EX37.136\Internet Download Manager v6.05.10\crack\IEExt.htm File not found
O8:64bit: - Extra context menu item: QuickDefine - C:\Program Files (x86)\Common Files\microsoft shared\Reference Titles\eddefine.htm ()
O8 - Extra context menu item: Download all links with IDM - C:\Users\Faraz\AppData\Local\Temp\Rar$EX37.136\Internet Download Manager v6.05.10\crack\IEGetAll.htm File not found
O8 - Extra context menu item: Download with IDM - C:\Users\Faraz\AppData\Local\Temp\Rar$EX37.136\Internet Download Manager v6.05.10\crack\IEExt.htm File not found
O8 - Extra context menu item: QuickDefine - C:\Program Files (x86)\Common Files\microsoft shared\Reference Titles\eddefine.htm ()
O9:64bit: - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
O9:64bit: - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre7\bin\jp2iexp.dll ()
O9 - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O9 - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.21.2)
O16 - DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{50E85FEB-E007-45E8-A588-742A30D19941}: NameServer = 46.184.252.171 46.184.252.82
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{60D8391B-FB23-4063-83BA-281FECD708AE}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8C0BDDB9-9EE1-42AC-8A70-23BE28B8C50A}: DhcpNameServer = 192.168.100.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A267094A-40C3-47D3-8DAE-302A089FA963}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B4E1DD84-082B-4E48-95F7-B9F21F406F24}: NameServer = 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DD41DE21-F7EB-4434-9DAB-E5924B4B42FB}: DhcpNameServer = 192.168.1.1 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
O20:64bit: - AppInit_DLLs: (c:\windows\syswow64\nvinit.dll) - c:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) - C:\Windows\SysWOW64\guard32.dll (COMODO)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO)
O20 - AppInit_DLLs: (c:\windows\syswow64\nvinit.dll) - c:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) - C:\Windows\SysWOW64\guard32.dll (COMODO)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 0
O33 - MountPoints2\{02c8fcea-4ca3-11e1-bef9-b0f753bc31d4}\Shell - "" = AutoRun
O33 - MountPoints2\{02c8fcea-4ca3-11e1-bef9-b0f753bc31d4}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{33399f99-67c2-11e1-8d4c-a98bf1d84fd7}\Shell - "" = AutoRun
O33 - MountPoints2\{33399f99-67c2-11e1-8d4c-a98bf1d84fd7}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{3c7c41a4-2031-11e1-b52f-ee78cfe267cc}\Shell - "" = AutoRun
O33 - MountPoints2\{3c7c41a4-2031-11e1-b52f-ee78cfe267cc}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{3c7c41cd-2031-11e1-b52f-cfa96447c4ac}\Shell - "" = AutoRun
O33 - MountPoints2\{3c7c41cd-2031-11e1-b52f-cfa96447c4ac}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{3c7c41fc-2031-11e1-b52f-cfa96447c4ac}\Shell - "" = AutoRun
O33 - MountPoints2\{3c7c41fc-2031-11e1-b52f-cfa96447c4ac}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{4af26f6f-30a6-11e1-9b94-910f30baeed7}\Shell - "" = AutoRun
O33 - MountPoints2\{4af26f6f-30a6-11e1-9b94-910f30baeed7}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{4af26f77-30a6-11e1-9b94-910f30baeed7}\Shell - "" = AutoRun
O33 - MountPoints2\{4af26f77-30a6-11e1-9b94-910f30baeed7}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{6e1e4585-2fd1-11e2-a558-c0f8da9ce4fc}\Shell - "" = AutoRun
O33 - MountPoints2\{6e1e4585-2fd1-11e2-a558-c0f8da9ce4fc}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{6e1e459a-2fd1-11e2-a558-c0f8da9ce4fc}\Shell - "" = AutoRun
O33 - MountPoints2\{6e1e459a-2fd1-11e2-a558-c0f8da9ce4fc}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{6e1e45b1-2fd1-11e2-a558-c0f8da9ce4fc}\Shell - "" = AutoRun
O33 - MountPoints2\{6e1e45b1-2fd1-11e2-a558-c0f8da9ce4fc}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{6e1e45c3-2fd1-11e2-a558-c0f8da9ce4fc}\Shell - "" = AutoRun
O33 - MountPoints2\{6e1e45c3-2fd1-11e2-a558-c0f8da9ce4fc}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{73f29098-acba-11e1-b04f-bb72616340ba}\Shell - "" = AutoRun
O33 - MountPoints2\{73f29098-acba-11e1-b04f-bb72616340ba}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{73f290a8-acba-11e1-b04f-bb72616340ba}\Shell - "" = AutoRun
O33 - MountPoints2\{73f290a8-acba-11e1-b04f-bb72616340ba}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{73f290b2-acba-11e1-b04f-bb72616340ba}\Shell - "" = AutoRun
O33 - MountPoints2\{73f290b2-acba-11e1-b04f-bb72616340ba}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{792b117a-79e6-11e2-8803-c0f8da9ce4fc}\Shell - "" = AutoRun
O33 - MountPoints2\{792b117a-79e6-11e2-8803-c0f8da9ce4fc}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{7b2ec2e4-ccc5-11e0-a18e-001e101f50a4}\Shell - "" = AutoRun
O33 - MountPoints2\{7b2ec2e4-ccc5-11e0-a18e-001e101f50a4}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{85dd8db7-99f3-11e2-9cf8-c0f8da9ce4fc}\Shell - "" = AutoRun
O33 - MountPoints2\{85dd8db7-99f3-11e2-9cf8-c0f8da9ce4fc}\Shell\AutoRun\command - "" = G:\Setup.exe /Auto
O33 - MountPoints2\{86568119-c4b4-11e0-b905-001e101f24f1}\Shell - "" = AutoRun
O33 - MountPoints2\{86568119-c4b4-11e0-b905-001e101f24f1}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{86568127-c4b4-11e0-b905-001e101f24f1}\Shell - "" = AutoRun
O33 - MountPoints2\{86568127-c4b4-11e0-b905-001e101f24f1}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{b37abe37-0cab-11e1-8e39-f1be9be713a1}\Shell - "" = AutoRun
O33 - MountPoints2\{b37abe37-0cab-11e1-8e39-f1be9be713a1}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{b37abe3e-0cab-11e1-8e39-f1be9be713a1}\Shell - "" = AutoRun
O33 - MountPoints2\{b37abe3e-0cab-11e1-8e39-f1be9be713a1}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{b3999c83-9c5f-11e1-b456-e3fa1a8666c4}\Shell - "" = AutoRun
O33 - MountPoints2\{b3999c83-9c5f-11e1-b456-e3fa1a8666c4}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{b78e385c-0a03-11e1-916b-95476b19059a}\Shell - "" = AutoRun
O33 - MountPoints2\{b78e385c-0a03-11e1-916b-95476b19059a}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{b78e3869-0a03-11e1-916b-95476b19059a}\Shell - "" = AutoRun
O33 - MountPoints2\{b78e3869-0a03-11e1-916b-95476b19059a}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{b78e3877-0a03-11e1-916b-95476b19059a}\Shell - "" = AutoRun
O33 - MountPoints2\{b78e3877-0a03-11e1-916b-95476b19059a}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{c60b1d03-948a-11e1-b452-a9fb93de33a9}\Shell - "" = AutoRun
O33 - MountPoints2\{c60b1d03-948a-11e1-b452-a9fb93de33a9}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{e453e644-42ec-11e1-ba57-dbe944af10d1}\Shell - "" = AutoRun
O33 - MountPoints2\{e453e644-42ec-11e1-ba57-dbe944af10d1}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{e5e543a2-b458-11e0-8134-c0f8da9ce4fc}\Shell - "" = AutoRun
O33 - MountPoints2\{e5e543a2-b458-11e0-8134-c0f8da9ce4fc}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{e5e543b7-b458-11e0-8134-c0f8da9ce4fc}\Shell - "" = AutoRun
O33 - MountPoints2\{e5e543b7-b458-11e0-8134-c0f8da9ce4fc}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{e5e543d4-b458-11e0-8134-c0f8da9ce4fc}\Shell - "" = AutoRun
O33 - MountPoints2\{e5e543d4-b458-11e0-8134-c0f8da9ce4fc}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{e98d437d-d555-11e0-8ea9-001e101f8ed0}\Shell - "" = AutoRun
O33 - MountPoints2\{e98d437d-d555-11e0-8ea9-001e101f8ed0}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{e98d47ad-d555-11e0-8ea9-001e101f8ed0}\Shell - "" = AutoRun
O33 - MountPoints2\{e98d47ad-d555-11e0-8ea9-001e101f8ed0}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 90 Days ==========
 
[2013/07/25 04:49:51 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/07/25 04:33:26 | 000,560,934 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Faraz\Desktop\JRT.exe
[2013/07/24 19:03:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2013/07/24 19:03:10 | 000,000,000 | ---D | C] -- C:\Users\Faraz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2013/07/24 18:58:10 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Faraz\Desktop\OTL.exe
[2013/07/21 00:18:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EVDO BROADBAND PTCL
[2013/07/21 00:18:37 | 000,000,000 | ---D | C] -- C:\Program Files\EVDO BROADBAND PTCL
[2013/07/03 16:19:01 | 000,000,000 | ---D | C] -- C:\Users\Faraz\AppData\Local\Comodo
[2013/07/02 19:53:54 | 000,000,000 | ---D | C] -- C:\ProgramData\CPA_VA
[2013/07/02 19:52:50 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\COMODO
[2013/07/02 16:13:11 | 000,000,000 | -H-D | C] -- C:\VritualRoot
[2013/07/02 16:03:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo
[2013/07/02 16:02:58 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2013/07/02 16:02:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
[2013/07/02 16:02:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Comodo
[2013/07/02 16:02:51 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gdiplus.dll
[2013/07/01 23:35:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus 2013
[2013/07/01 23:35:29 | 000,064,856 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\klfphc.dll
[2013/07/01 23:34:26 | 000,000,000 | ---D | C] -- C:\Windows\ELAMBKUP
[2013/07/01 23:34:13 | 000,620,128 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klif.sys
[2013/07/01 23:34:13 | 000,090,208 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klflt.sys
[2013/07/01 22:46:25 | 000,000,000 | ---D | C] -- C:\Users\Faraz\AppData\Roaming\Zbshareware Lab
[2013/07/01 22:46:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\USB Disk Security
[2013/07/01 22:46:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\USB Disk Security
[2013/06/29 11:41:48 | 000,000,000 | ---D | C] -- C:\Users\Faraz\Desktop\Docs
[2013/06/27 12:19:08 | 000,000,000 | ---D | C] -- C:\Users\Faraz\AppData\Roaming\Nero
[2013/06/27 12:18:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero
[2013/06/27 12:18:03 | 003,036,456 | ---- | C] (BCGSoft Ltd) -- C:\Windows\SysWow64\BCGCBPRO860u80.dll
[2013/06/27 12:18:03 | 000,802,816 | ---- | C] (Pegasus Imaging Corp.) -- C:\Windows\SysWow64\imagXRA7.dll
[2013/06/27 12:18:03 | 000,368,640 | ---- | C] (Pegasus Imaging Corporation) -- C:\Windows\SysWow64\TwnLib4.dll
[2013/06/27 12:18:03 | 000,258,048 | ---- | C] (Pegasus Imaging Corp.) -- C:\Windows\SysWow64\imagXR7.dll
[2013/06/27 12:18:02 | 000,497,296 | ---- | C] (Pegasus Imaging Corp.) -- C:\Windows\SysWow64\imagXpr7.dll
[2013/06/27 12:18:01 | 001,757,184 | ---- | C] (Pegasus Imaging Corp.) -- C:\Windows\SysWow64\imagX7.dll
[2013/06/27 12:17:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Ahead
[2013/06/27 12:17:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nero
[2013/06/26 06:59:33 | 000,000,000 | ---D | C] -- C:\Users\Faraz\AppData\Local\CrashDumps
[2013/06/26 06:31:41 | 000,000,000 | ---D | C] -- C:\Users\Faraz\AppData\Local\Apps
[2013/06/21 06:07:16 | 000,046,792 | ---- | C] (AnchorFree Inc.) -- C:\Windows\SysNative\drivers\hssdrv6.sys
[2013/06/19 12:46:55 | 000,000,000 | R--D | C] -- C:\Users\Faraz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
[2013/06/19 12:46:55 | 000,000,000 | ---D | C] -- C:\Users\Faraz\AppData\Local\BMExplorer
[2013/06/17 14:37:57 | 000,000,000 | ---D | C] -- C:\Users\Faraz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
[2013/06/17 14:37:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
[2013/06/17 14:20:05 | 000,000,000 | ---D | C] -- C:\ProgramData\IDM
[2013/06/17 03:07:41 | 000,000,000 | ---D | C] -- C:\Users\Faraz\AppData\Roaming\Nitro
[2013/06/17 03:07:41 | 000,000,000 | ---D | C] -- C:\Users\Faraz\AppData\Roaming\FileOpen
[2013/06/17 03:07:41 | 000,000,000 | ---D | C] -- C:\ProgramData\FileOpen
[2013/06/17 03:06:05 | 000,029,704 | ---- | C] (Nitro PDF Software) -- C:\Windows\SysNative\nitrolocalmon2.dll
[2013/06/17 03:06:05 | 000,017,928 | ---- | C] (Nitro PDF Software) -- C:\Windows\SysNative\nitrolocalui2.dll
[2013/06/17 03:05:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nitro
[2013/06/17 03:05:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nitro
[2013/06/17 03:05:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Nitro
[2013/06/17 03:05:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nitro
[2013/06/17 00:09:23 | 000,000,000 | ---D | C] -- C:\Users\Faraz\AppData\Roaming\PDF
[2013/05/29 16:09:40 | 000,000,000 | ---D | C] -- C:\Users\Faraz\AppData\Local\Macromedia
[2013/05/18 14:52:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/05/18 14:51:39 | 000,263,584 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013/05/18 14:51:30 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013/05/18 14:51:30 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013/05/18 14:51:30 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/05/06 02:21:12 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys
[2013/05/06 02:21:12 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll
[2013/05/06 02:09:26 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2013/05/06 02:09:25 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2013/05/06 02:09:24 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2013/05/06 02:09:24 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2013/05/06 02:07:59 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll
[2013/05/06 02:07:57 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll
[2013/05/06 02:07:56 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll
[2013/05/06 02:07:56 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe
[2013/05/06 01:59:05 | 003,138,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2013/05/06 01:59:00 | 002,691,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2013/05/06 01:58:58 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
[2013/05/06 01:58:58 | 000,131,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
[2013/05/06 01:58:57 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2013/05/06 01:58:55 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2013/05/06 01:53:28 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2013/05/06 01:53:28 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2013/05/06 01:53:27 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2013/05/06 01:53:27 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013/05/06 01:53:26 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2013/05/06 01:53:25 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013/05/06 01:53:24 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013/05/06 01:53:24 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/05/06 01:53:24 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/05/06 01:53:23 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2013/05/06 01:53:23 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013/05/06 01:53:23 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013/05/06 01:53:23 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013/05/06 01:53:20 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2013/05/06 01:53:19 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2013/05/06 01:53:19 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2013/05/06 01:53:19 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2013/05/06 01:53:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2013/05/06 01:53:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2013/05/06 01:53:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2013/05/06 01:53:18 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2013/05/06 01:53:18 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2013/05/06 01:53:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/05/06 01:53:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/05/06 01:53:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2013/05/06 01:53:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2013/05/06 01:53:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/05/06 01:53:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/05/06 01:53:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/05/06 01:53:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/05/06 01:53:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2013/05/06 01:53:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2013/05/06 01:53:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2013/05/06 01:53:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/05/06 01:53:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2013/05/06 01:53:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2013/05/06 01:53:17 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2013/05/06 01:53:17 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2013/05/06 01:53:17 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2013/05/06 01:53:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/05/06 01:53:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2013/05/06 01:53:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2013/05/06 01:53:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2013/05/06 01:53:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2013/05/06 01:53:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2013/05/06 01:53:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2013/05/06 01:53:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2013/05/06 01:53:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2013/05/06 01:53:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2013/05/06 01:53:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2013/05/06 01:53:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2013/05/06 01:53:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2013/05/06 01:53:16 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2013/05/06 01:53:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2013/05/06 01:53:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/05/06 01:53:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/05/06 01:53:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2013/05/06 01:53:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2013/05/06 01:53:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2013/05/06 01:53:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2013/05/06 01:53:15 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2013/05/06 01:53:15 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2013/05/06 01:53:15 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2013/05/06 01:53:15 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2013/05/06 01:53:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2013/05/06 01:53:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2013/05/06 01:53:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2013/05/06 01:53:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2013/05/06 01:53:14 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013/05/06 01:51:28 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2013/05/06 01:51:27 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2013/05/06 01:51:27 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2013/05/06 01:48:31 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2013/05/06 01:48:30 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013/05/06 01:47:16 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
[2013/05/06 01:47:16 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll
[2013/05/06 01:47:15 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll
[2013/05/06 01:46:55 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys
[2013/05/06 01:46:38 | 003,213,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2013/05/06 01:46:11 | 000,154,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iisRtl.dll
[2013/05/06 01:46:10 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admwprox.dll
[2013/05/06 01:46:09 | 000,191,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iisRtl.dll
[2013/05/06 01:46:08 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admwprox.dll
[2013/05/06 01:46:05 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iisreset.exe
[2013/05/06 01:46:04 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ahadmin.dll
[2013/05/06 01:46:04 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iisreset.exe
[2013/05/06 01:46:03 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ahadmin.dll
[2013/05/06 01:46:03 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wamregps.dll
[2013/05/06 01:46:03 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wamregps.dll
[2013/05/06 01:46:02 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iisrstap.dll
[2013/05/06 01:46:02 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iisrstap.dll
[2013/05/06 01:44:22 | 000,287,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2013/05/06 01:43:21 | 001,462,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2013/05/06 01:43:19 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2013/05/06 01:42:43 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll
[2013/05/06 01:42:39 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2013/05/06 01:42:36 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl
[2013/05/06 01:42:35 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl
[2013/05/06 01:42:32 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2013/05/06 01:42:29 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll
[2013/05/06 01:42:28 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll
[2013/05/06 01:42:26 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2013/05/06 01:42:25 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll
[2013/05/06 01:42:25 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll
[2013/05/06 01:42:23 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2013/05/06 01:38:57 | 000,956,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2013/05/06 01:37:59 | 005,497,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/05/06 01:37:56 | 003,958,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013/05/06 01:37:56 | 003,902,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013/05/06 01:37:55 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2013/05/06 01:37:55 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2013/05/06 01:37:54 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2013/05/06 01:37:34 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe
 
========== Files - Modified Within 90 Days ==========
 
[2013/07/25 05:55:11 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-182233152-2924250215-3996894080-1000UA.job
[2013/07/25 05:22:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/07/25 04:46:46 | 000,019,184 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/25 04:46:46 | 000,019,184 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/25 04:41:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/07/25 04:41:27 | 3148,218,368 | -HS- | M] () -- C:\hiberfil.sys
[2013/07/25 04:38:36 | 000,000,105 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013/07/25 04:32:18 | 000,986,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/07/25 04:32:18 | 000,815,680 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/07/25 04:32:18 | 000,169,078 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/07/25 04:28:30 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-182233152-2924250215-3996894080-1000UA.job
[2013/07/25 04:20:28 | 000,666,633 | ---- | M] () -- C:\Users\Faraz\Desktop\AdwCleaner.exe
[2013/07/25 04:19:54 | 000,560,934 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Faraz\Desktop\JRT.exe
[2013/07/25 01:06:39 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-182233152-2924250215-3996894080-1000Core.job
[2013/07/24 19:03:10 | 000,002,975 | ---- | M] () -- C:\Users\Faraz\Desktop\HiJackThis.lnk
[2013/07/24 18:58:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Faraz\Desktop\OTL.exe
[2013/07/23 12:36:31 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-182233152-2924250215-3996894080-1000Core.job
[2013/07/21 00:18:49 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\EVDO BROADBAND PTCL.lnk
[2013/07/20 10:48:19 | 000,000,600 | ---- | M] () -- C:\Users\Faraz\PUTTY.RND
[2013/07/20 10:23:20 | 000,580,227 | ---- | M] () -- C:\Users\Faraz\Desktop\How To Hack Any Email Account.pdf
[2013/07/20 09:03:30 | 000,242,310 | ---- | M] () -- C:\Users\Faraz\Desktop\[Tutorial] Disinfecting and Hacking a Keylogger ~ Software Zone.pdf
[2013/07/19 17:23:55 | 001,474,832 | ---- | M] () -- C:\Windows\SysNative\drivers\sfi.dat
[2013/07/19 16:51:11 | 000,222,725 | ---- | M] () -- C:\Users\Faraz\Desktop\Untitled.jpg
[2013/07/18 10:40:14 | 000,344,816 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/07/18 00:54:17 | 000,441,269 | ---- | M] () -- C:\Users\Faraz\Desktop\Q's Blog.pdf
[2013/07/16 16:29:58 | 000,174,956 | ---- | M] () -- C:\Users\Faraz\Desktop\HR Q & A.pdf
[2013/07/14 22:10:42 | 000,178,448 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\kneps.sys
[2013/07/14 22:10:38 | 000,054,368 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\kltdi.sys
[2013/07/14 22:10:03 | 000,620,128 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klif.sys
[2013/07/14 22:09:24 | 000,090,208 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klflt.sys
[2013/07/13 13:19:12 | 000,002,361 | ---- | M] () -- C:\Users\Faraz\Desktop\Google Chrome.lnk
[2013/07/12 02:14:50 | 001,501,408 | ---- | M] () -- C:\Users\Faraz\Desktop\Understanding The Differ..._ Simple Small Business.pdf
[2013/07/12 01:59:48 | 000,644,296 | ---- | M] () -- C:\Users\Faraz\Desktop\Markup vs. Margin. What ...rence_ – Consero Global.pdf
[2013/07/12 01:54:42 | 002,197,905 | ---- | M] () -- C:\Users\Faraz\Desktop\Gross margin .pdf
[2013/07/10 23:38:42 | 000,001,922 | ---- | M] () -- C:\Users\Public\Desktop\Nitro Pro 8.lnk
[2013/07/02 16:03:14 | 000,001,846 | ---- | M] () -- C:\Users\Public\Desktop\COMODO Internet Security.lnk
[2013/07/02 16:03:00 | 000,001,069 | ---- | M] () -- C:\Users\Faraz\Application Data\Microsoft\Internet Explorer\Quick Launch\COMODO GeekBuddy.lnk
[2013/07/02 16:03:00 | 000,001,045 | ---- | M] () -- C:\Users\Public\Desktop\COMODO GeekBuddy.lnk
[2013/07/02 16:02:54 | 000,001,070 | ---- | M] () -- C:\Users\Public\Desktop\Comodo Dragon.lnk
[2013/07/02 16:02:51 | 001,700,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\gdiplus.dll
[2013/07/01 23:35:30 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Kaspersky Anti-Virus 2013.lnk
[2013/07/01 23:10:56 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/07/01 22:46:16 | 000,001,030 | ---- | M] () -- C:\Users\Public\Desktop\USB Disk Security.lnk
[2013/06/27 12:18:06 | 000,001,885 | ---- | M] () -- C:\Users\Faraz\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero Express.lnk
[2013/06/27 12:18:06 | 000,001,861 | ---- | M] () -- C:\Users\Faraz\Desktop\Nero Express.lnk
[2013/06/27 12:09:41 | 000,001,280 | ---- | M] () -- C:\Users\Faraz\Desktop\Command Prompt.lnk
[2013/06/21 11:04:11 | 000,177,592 | ---- | M] () -- C:\Users\Faraz\Desktop\petrokeymia.jpg
[2013/06/21 06:07:16 | 000,046,792 | ---- | M] (AnchorFree Inc.) -- C:\Windows\SysNative\drivers\hssdrv6.sys
[2013/06/17 18:48:34 | 000,003,441 | ---- | M] () -- C:\Users\Faraz\AppData\Roaming\lgr
[2013/06/16 20:21:28 | 000,000,884 | RHS- | M] () -- C:\Users\Faraz\ntuser.pol
[2013/06/12 21:24:15 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/06/12 21:24:14 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/05/31 12:10:39 | 000,007,605 | ---- | M] () -- C:\Users\Faraz\AppData\Local\Resmon.ResmonCfg
[2013/05/18 14:51:20 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/05/18 14:51:16 | 000,263,584 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013/05/18 14:51:16 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013/05/18 14:51:15 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013/05/18 14:51:14 | 000,866,720 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npdeployJava1.dll
[2013/05/18 14:51:14 | 000,788,896 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013/05/09 20:29:30 | 000,131,072 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2013/05/08 00:49:06 | 000,087,185 | ---- | M] () -- C:\Users\Faraz\Documents\935235_463914003688815_2089777530_n.jpg
 
========== Files Created - No Company Name ==========
 
[2013/07/25 04:36:43 | 000,000,105 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013/07/25 04:33:26 | 000,666,633 | ---- | C] () -- C:\Users\Faraz\Desktop\AdwCleaner.exe
[2013/07/24 19:03:10 | 000,002,975 | ---- | C] () -- C:\Users\Faraz\Desktop\HiJackThis.lnk
[2013/07/21 00:18:49 | 000,000,866 | ---- | C] () -- C:\Users\Public\Desktop\EVDO BROADBAND PTCL.lnk
[2013/07/20 10:23:20 | 000,580,227 | ---- | C] () -- C:\Users\Faraz\Desktop\How To Hack Any Email Account.pdf
[2013/07/20 09:03:23 | 000,242,310 | ---- | C] () -- C:\Users\Faraz\Desktop\[Tutorial] Disinfecting and Hacking a Keylogger ~ Software Zone.pdf
[2013/07/18 00:52:53 | 000,441,269 | ---- | C] () -- C:\Users\Faraz\Desktop\Q's Blog.pdf
[2013/07/16 16:29:21 | 000,174,956 | ---- | C] () -- C:\Users\Faraz\Desktop\HR Q & A.pdf
[2013/07/15 16:16:24 | 002,197,905 | ---- | C] () -- C:\Users\Faraz\Desktop\Gross margin .pdf
[2013/07/15 16:16:24 | 001,501,408 | ---- | C] () -- C:\Users\Faraz\Desktop\Understanding The Differ..._ Simple Small Business.pdf
[2013/07/15 16:16:24 | 000,644,296 | ---- | C] () -- C:\Users\Faraz\Desktop\Markup vs. Margin. What ...rence_ – Consero Global.pdf
[2013/07/02 16:04:44 | 001,474,832 | ---- | C] () -- C:\Windows\SysNative\drivers\sfi.dat
[2013/07/02 16:03:14 | 000,001,846 | ---- | C] () -- C:\Users\Public\Desktop\COMODO Internet Security.lnk
[2013/07/02 16:03:00 | 000,001,069 | ---- | C] () -- C:\Users\Faraz\Application Data\Microsoft\Internet Explorer\Quick Launch\COMODO GeekBuddy.lnk
[2013/07/02 16:03:00 | 000,001,045 | ---- | C] () -- C:\Users\Public\Desktop\COMODO GeekBuddy.lnk
[2013/07/02 16:02:54 | 000,001,070 | ---- | C] () -- C:\Users\Public\Desktop\Comodo Dragon.lnk
[2013/07/01 23:35:49 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Kaspersky Anti-Virus 2013.lnk
[2013/07/01 22:46:16 | 000,001,030 | ---- | C] () -- C:\Users\Public\Desktop\USB Disk Security.lnk
[2013/06/27 12:18:06 | 000,001,885 | ---- | C] () -- C:\Users\Faraz\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero Express.lnk
[2013/06/27 12:18:06 | 000,001,861 | ---- | C] () -- C:\Users\Faraz\Desktop\Nero Express.lnk
[2013/06/27 12:18:04 | 000,033,576 | ---- | C] () -- C:\Windows\SysWow64\BCGPOleAcc.dll
[2013/06/27 12:09:41 | 000,001,280 | ---- | C] () -- C:\Users\Faraz\Desktop\Command Prompt.lnk
[2013/06/21 11:04:06 | 000,177,592 | ---- | C] () -- C:\Users\Faraz\Desktop\petrokeymia.jpg
[2013/06/17 14:22:10 | 000,003,441 | ---- | C] () -- C:\Users\Faraz\AppData\Roaming\lgr
[2013/06/17 03:05:56 | 000,002,531 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nitro Pro 8.lnk
[2013/06/17 03:05:56 | 000,001,922 | ---- | C] () -- C:\Users\Public\Desktop\Nitro Pro 8.lnk
[2013/06/16 20:21:28 | 000,000,884 | RHS- | C] () -- C:\Users\Faraz\ntuser.pol
[2013/05/31 12:10:39 | 000,007,605 | ---- | C] () -- C:\Users\Faraz\AppData\Local\Resmon.ResmonCfg
[2013/05/08 00:49:01 | 000,087,185 | ---- | C] () -- C:\Users\Faraz\Documents\935235_463914003688815_2089777530_n.jpg
[2013/05/06 02:21:18 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2013/05/06 02:07:55 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2013/03/29 14:37:29 | 000,000,004 | ---- | C] () -- C:\Windows\vx86036.dat
[2013/03/29 14:36:01 | 000,000,054 | ---- | C] () -- C:\Windows\Crypkey.ini
[2013/03/29 14:35:58 | 000,011,776 | ---- | C] () -- C:\Windows\Ckrfresh.exe
[2013/03/09 00:05:20 | 000,000,009 | ---- | C] () -- C:\Users\Faraz\AppData\Roaming\WinAcc.EML
[2013/03/08 23:59:52 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\implode.dll
[2012/08/26 01:49:44 | 000,000,022 | ---- | C] () -- C:\Windows\Wininit.ini
[2012/08/05 21:58:10 | 000,002,016 | -HS- | C] () -- C:\Windows\SysWow64\win_fp_sys.dat
[2012/08/05 21:47:33 | 000,000,000 | -HS- | C] () -- C:\Windows\SysWow64\win_fp_app.dat
[2012/08/05 21:47:30 | 000,007,168 | ---- | C] () -- C:\Windows\SysWow64\FPService.exe
[2012/08/05 21:47:29 | 000,116,944 | ---- | C] () -- C:\Windows\Secure.dll
[2012/08/05 21:47:29 | 000,110,800 | ---- | C] () -- C:\Windows\Secure64.dll
[2012/08/05 21:47:29 | 000,035,840 | ---- | C] () -- C:\Windows\SysWow64\WinFPdrv.sys
[2012/08/05 21:47:29 | 000,008,064 | -HS- | C] () -- C:\Windows\SysWow64\win_fp_config.dat
[2012/08/04 22:11:41 | 000,000,327 | ---- | C] () -- C:\Windows\dvdcreator.INI
[2012/08/04 22:07:20 | 000,014,496 | ---- | C] () -- C:\Windows\SysWow64\VDI08X.DAT
[2012/08/04 22:04:00 | 000,135,168 | ---- | C] () -- C:\Windows\SysWow64\VDProductInfoEx.dll
[2012/08/02 01:37:56 | 000,149,504 | ---- | C] () -- C:\Windows\SysWow64\UNWISE.EXE
[2011/10/12 01:02:54 | 000,006,656 | ---- | C] () -- C:\Users\Faraz\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/10 23:25:18 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\cd.dat
[2011/09/27 00:18:38 | 000,037,647 | ---- | C] () -- C:\Users\Faraz\AppData\Roaming\Debut.dmp
[2011/09/01 17:06:21 | 000,000,600 | ---- | C] () -- C:\Users\Faraz\PUTTY.RND
[2011/08/13 23:07:15 | 000,000,990 | -HS- | C] () -- C:\Users\Faraz\AppData\Roaming\systemfl.$dk
[2011/07/29 19:27:03 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\Iyvu9_32.dll
[2011/07/29 19:27:02 | 000,568,850 | ---- | C] () -- C:\Windows\SysWow64\x264vfw.dll
[2011/07/29 19:27:00 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2011/07/29 19:26:57 | 000,005,120 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/07/29 19:24:02 | 000,000,061 | ---- | C] () -- C:\Windows\TEXTware.ini
[2011/07/29 19:24:00 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\Twavbx32.dll
[2011/07/29 19:24:00 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\idiom010227.dll
[2011/07/29 19:23:59 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\ILXTBS.DLL
[2011/07/29 19:23:59 | 000,115,200 | ---- | C] () -- C:\Windows\SysWow64\UnzDll.dll
[2011/07/29 19:23:59 | 000,113,288 | ---- | C] () -- C:\Windows\SysWow64\bass.dll
 
========== ZeroAccess Check ==========
 
[2011/11/17 12:14:10 | 000,002,048 | -HS- | M] () -- C:\Windows\Installer\{7c0eee1f-7b7e-6235-9f22-0f2dea83d0ae}\@
[2013/07/03 16:10:09 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{7c0eee1f-7b7e-6235-9f22-0f2dea83d0ae}\L
[2013/04/19 11:30:38 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{7c0eee1f-7b7e-6235-9f22-0f2dea83d0ae}\U
[2009/07/14 09:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 10:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 09:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 06:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 06:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 06:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
< End of report >
 
****************************************************************************************************************************
 

OTL Extras logfile created on: 25/Jul/13 5:45:48 AM - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Faraz\Desktop
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd/MMM/yy
 
3.91 Gb Total Physical Memory | 2.66 Gb Available Physical Memory | 67.97% Memory free
7.82 Gb Paging File | 6.41 Gb Available in Paging File | 81.99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 48.73 Gb Total Space | 5.85 Gb Free Space | 12.01% Space Free | Partition Type: NTFS
Drive D: | 48.83 Gb Total Space | 2.43 Gb Free Space | 4.97% Space Free | Partition Type: NTFS
Drive E: | 368.10 Gb Total Space | 33.39 Gb Free Space | 9.07% Space Free | Partition Type: NTFS
 
Computer Name: SLAIN | User Name: Faraz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 90 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DoNotAllowExceptions" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DoNotAllowExceptions" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe" = C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe:*:Enabled:Windows Messanger -- (Microsoft Corporation)
"C:\Users\Faraz\AppData\Roaming\local.exe" = C:\Users\Faraz\AppData\Roaming\local.exe:*:Enabled:Windows Messanger
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe" = C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe:*:Enabled:Windows Messanger -- (Microsoft Corporation)
"C:\Users\Faraz\AppData\Roaming\local.exe" = C:\Users\Faraz\AppData\Roaming\local.exe:*:Enabled:Windows Messanger
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07615532-D31E-4FAF-A183-63DAA1496985}" = protocol=6 | dir=in | app=c:\users\faraz\desktop\iconz\u1301.exe | 
"{0E46709D-C106-4341-B2B4-09516DE3A0C1}" = protocol=6 | dir=in | app=c:\users\faraz\desktop\iconz\u1210.exe | 
"{5D802493-B4DF-4388-B5B5-07027C32A690}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{75100302-EA27-4CA7-A85B-33699A5FB0C3}" = protocol=17 | dir=in | app=c:\users\faraz\desktop\iconz\u1301.exe | 
"{A2D3FAAC-85C4-44C9-BF60-AE2553D67C90}" = protocol=17 | dir=in | app=c:\users\faraz\desktop\iconz\u1210.exe | 
"{FD46FE5D-89D1-4979-9174-3DF7374A8E3F}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"TCP Query User{0C82B245-2FCC-4F8C-BB8F-3E63C2EA9E04}C:\program files (x86)\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"TCP Query User{0CEB582F-8E0E-4AEC-8C6A-EC9E5EA7014A}C:\program files (x86)\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"TCP Query User{1326218B-C22C-4B11-B830-909BA9A6C248}C:\program files (x86)\torntv.com\torntv downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\torntv.com\torntv downloader.exe | 
"TCP Query User{195FF06F-EBE8-418B-8328-7122BAFD123D}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"TCP Query User{4027BED8-C322-43BD-915B-1F09A2DF361F}C:\users\faraz\appdata\local\facebook\video\skype\facebookvideocalling.exe" = protocol=6 | dir=in | app=c:\users\faraz\appdata\local\facebook\video\skype\facebookvideocalling.exe | 
"TCP Query User{4A9547B6-FB9F-4526-8368-41D77D6AF7F9}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"TCP Query User{69EE9624-C871-457B-B09D-915095D4AAE5}C:\users\faraz\desktop\iconz\u1301.exe" = protocol=6 | dir=in | app=c:\users\faraz\desktop\iconz\u1301.exe | 
"TCP Query User{BE04720D-2A98-416B-B332-23B1AAE31EB0}C:\users\faraz\desktop\iconz\u1210.exe" = protocol=6 | dir=in | app=c:\users\faraz\desktop\iconz\u1210.exe | 
"UDP Query User{3D2BACB2-217E-4D73-98E2-D99A95AABDAA}C:\users\faraz\appdata\local\facebook\video\skype\facebookvideocalling.exe" = protocol=17 | dir=in | app=c:\users\faraz\appdata\local\facebook\video\skype\facebookvideocalling.exe | 
"UDP Query User{57AE0C85-A879-41BD-BC83-B315799255CF}C:\program files (x86)\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"UDP Query User{6512BEA6-A9F0-4AFD-9514-DEA9B1455049}C:\users\faraz\desktop\iconz\u1210.exe" = protocol=17 | dir=in | app=c:\users\faraz\desktop\iconz\u1210.exe | 
"UDP Query User{862FA32E-8D7A-4E60-B66B-2346C8B8F7AC}C:\users\faraz\desktop\iconz\u1301.exe" = protocol=17 | dir=in | app=c:\users\faraz\desktop\iconz\u1301.exe | 
"UDP Query User{ACD6C87E-DBF2-4334-B209-09B34679BE71}C:\program files (x86)\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"UDP Query User{B67320A0-F08B-4184-A0F2-27C95A94E948}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"UDP Query User{F8D8E166-D450-4495-9618-B413D067113A}C:\program files (x86)\torntv.com\torntv downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\torntv.com\torntv downloader.exe | 
"UDP Query User{FB804985-5CA8-4641-A8F0-A5FC41EDA70E}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0C6A0300-181F-400D-80C2-833A7E7461ED}" = Nitro Pro 8
"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64)
"{50822200-2E95-4E62-A8D8-41C3B308DF5E}" = Microsoft SQL Server VSS Writer
"{68660049-8D48-427C-9FF7-139D8340CDC0}" = MSVC80_x64
"{6E740973-8E71-42F9-A910-C18452E60450}" = Microsoft SQL Server Native Client
"{7CE8BE79-ABC3-4B2C-9543-28ED2B0A9EA8}" = Intel® PROSet/Wireless Software for Bluetooth® Technology
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 268.30
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 268.30
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 268.30
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.0.21
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.2.22.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{CBCDC8C3-8783-4AAC-BB72-31FB8A5E63CB}" = Microsoft SQL Server Management Studio Express
"{D6AB1F5B-FED6-49A9-9747-327BD28FB3C7}" = COMODO Internet Security
"E8A6D621B6D3FC5D43C68C549D959DE76EEF5D84" = Windows Driver Package - Nokia Modem  (06/01/2009 4.1)
"F779F5541ABD99C95C03B0FD5E3C058B22DA0FF7" = Windows Driver Package - Nokia Modem  (06/01/2009 7.01.0.3)
"WinRAR archiver" = WinRAR 4.01 (64-bit)
"ZTEWireless-101_is1" = EVDO BROADBAND PTCL
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{021B4CD1-D0DA-11D4-9610-00D0B74E3F77}" = Stahlschluessel 2001
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Dell WLAN and Bluetooth Client Installation
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{3D39E775-DDDA-4327-B747-0BDC5F191331}" = Nokia PC Suite
"{40443320-CDB0-43E9-9CD4-6C5F6FBF35FD}" = PipeData-PRO 8.0
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
"{451517F1-7E41-400B-AA36-FB7E2563526D}" = Dell Wireless Driver Installation
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4856B299-DFCD-44F0-AC0A-B3D102E19B5F}" = Primavera 6.1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{52D02A2B-03D2-4E34-A358-DC5D951FD296}" = Nokia Connectivity Cable Driver
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Anti-Virus 2013
"{58D379F7-62BC-4748-8237-FE071ECE797C}" = Microsoft SQL Server 2005 Tools
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{87655413-1064-1017-2250-851555730017}" = MAXORING
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_PRJSTD_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-003A-0000-0000-0000000FF1CE}" = Microsoft Office Project Standard 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}_PRJSTD_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00B4-0409-0000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PRJPROR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PRJPROR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PRJPROR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PRJPROR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PRJPROR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PRJPROR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PRJPROR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00B4-0409-0000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2010
"{90140000-00B4-0409-0000-0000000FF1CE}_Office14.PRJPROR_{18A0C151-8F8A-4B68-A960-60C464B94329}" = Microsoft Project 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PRJPROR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PRJPROR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91140000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2010
"{91140000-003B-0000-0000-0000000FF1CE}_Office14.PRJPROR_{8A8F117F-8EDB-440D-B679-F08909D729F7}" = Microsoft Project 2010 Service Pack 1 (SP1)
"{A13D16C5-38A9-4D96-9647-59FCCAB12A85}" = Visual Basic for Applications ® Core - English
"{B0F9497C-52B4-4686-8E73-74D866BBDF59}" = Microsoft SQL Server 2005 (PRIMAVERA)
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{C3F5DBA5-ABFC-443E-AA60-928223AADF53}" = Microsoft SQL Server 2005 (SQLEXPRESS)
"{E3E30FF7-5EAE-4E0E-B394-78214222D60C}" = Windows Internet Explorer Platform Preview
"{F0C2AD51-9F09-4B75-82EE-74DA80F708D8}" = Nitro PDF Professional
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FB97C283-1F3C-42D4-AE01-ADC1DC12F774}" = Visual Basic for Applications ® Core
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"ChatSend Toolbar" = ChatSend Toolbar
"Comodo Dragon" = Comodo Dragon
"COMODO GeekBuddy" = COMODO GeekBuddy
"CoreAAC" = CoreAAC
"Counter-Strike 1.6" = Counter-Strike 1.6
"Debut" = Debut Video Capture Software
"Dell Webcam Center" = Dell Webcam Center
"Dell Webcam Manager" = Dell Webcam Manager
"ENTERPRISE" = Microsoft Office Enterprise 2007
"GOM Player" = GOM Player
"HotspotShield" = Hotspot Shield 3.09
"InstallShield_{4856B299-DFCD-44F0-AC0A-B3D102E19B5F}" = Primavera 6.1
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Anti-Virus 2013
"Internet Download Manager" = Internet Download Manager
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 1.53
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US)
"MPEG2 Codec(libmpeg2/mad)" = MPEG2 Codec(libmpeg2/mad)
"Nero8030_Micro_is1" = Nero 8 Micro v8.0.3.0
"Nokia PC Suite" = Nokia PC Suite
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.PRJPROR" = Microsoft Project Professional 2010
"Opera 11.50.1074" = Opera 11.50
"Oxford Advanced Genie" = Oxford Advanced Genie
"PM FASTrack v7" = PM FASTrack v7
"Primavera Group Server" = Primavera Group Server
"PRJSTD" = Microsoft Office Project Standard 2007
"USB Disk Security_is1" = USB Disk Security
"uTorrent" = µTorrent
"VIVA WiFi" = VIVA WiFi
"VLC media player" = VLC media player 1.0.5
"Yahoo! Messenger" = Yahoo! Messenger
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"bd4d3a0508d364f5" = Dell Driver Download Manager
"Google Chrome" = Google Chrome
 
========== Last 20 Event Log Errors ==========
 
[ System Events ]
Error - 24/Jul/13 9:08:19 PM | Computer Name = Slain | Source = BTHUSB | ID = 327697
Description = The local Bluetooth adapter has failed in an undetermined manner and
 will not be used. The driver has been unloaded.
 
 
< End of report >
 

 



#9 faraz

faraz

    Member

  • Members
  • PipPipPip
  • 78 posts

Posted 24 July 2013 - 07:33 PM

OTL logfile created on: 25/Jul/13 5:45:48 AM - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Faraz\Desktop
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd/MMM/yy
 
3.91 Gb Total Physical Memory | 2.66 Gb Available Physical Memory | 67.97% Memory free
7.82 Gb Paging File | 6.41 Gb Available in Paging File | 81.99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 48.73 Gb Total Space | 5.85 Gb Free Space | 12.01% Space Free | Partition Type: NTFS
Drive D: | 48.83 Gb Total Space | 2.43 Gb Free Space | 4.97% Space Free | Partition Type: NTFS
Drive E: | 368.10 Gb Total Space | 33.39 Gb Free Space | 9.07% Space Free | Partition Type: NTFS
 
Computer Name: SLAIN | User Name: Faraz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 90 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/07/24 18:58:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Faraz\Desktop\OTL.exe
PRC - [2013/04/13 12:07:26 | 000,802,136 | ---- | M] (BitTorrent Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
PRC - [2012/09/18 14:28:32 | 000,069,640 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\NLSSRV32.EXE
PRC - [2011/04/21 19:32:26 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010/10/05 21:04:12 | 002,655,768 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/10/05 21:04:08 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2007/02/10 07:29:54 | 029,178,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\MSSQL\Primavera\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2006/08/28 04:53:48 | 000,092,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\MSSQL\Primavera\MSSQL.1\MSSQL\Binn\msftesql.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011/04/22 08:13:00 | 000,004,096 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\coprocmanager\detoured.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012/11/08 04:37:39 | 002,828,408 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV:64bit: - [2012/09/18 14:28:28 | 000,230,920 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe -- (NitroDriverReadSpool8)
SRV:64bit: - [2011/11/23 15:27:10 | 001,267,000 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe -- (CLPSLS)
SRV:64bit: - [2010/03/19 01:25:55 | 000,126,976 | ---- | M] (CrypKey (Canada) Ltd.) [Disabled | Stopped] -- C:\Windows\SysNative\Crypserv.exe -- (CrypKey License)
SRV:64bit: - [2009/08/25 09:15:30 | 000,410,112 | ---- | M] () [Auto | Running] -- C:\Program Files\EVDO BROADBAND PTCL\bin\MonServiceUDisk64.exe -- (UDisk Monitor)
SRV:64bit: - [2009/07/14 06:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 06:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/07/14 06:38:59 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\CISVC.EXE -- (CISVC)
SRV - [2013/06/12 21:24:16 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/02/28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/01/14 14:41:14 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) [Auto | Stopped] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe -- (AVP)
SRV - [2012/09/18 14:28:32 | 000,069,640 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2011/04/22 08:13:00 | 002,009,704 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/04/21 19:32:26 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/03/14 20:27:34 | 000,346,976 | ---- | M] () [Disabled | Stopped] -- C:\ProgramData\DatacardService\HWDeviceService64.exe -- (HWDeviceService64.exe)
SRV - [2010/12/17 14:46:48 | 000,053,920 | ---- | M] (Atheros Commnucations) [Disabled | Stopped] -- C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2010/11/03 12:01:34 | 000,983,104 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2010/11/03 12:01:20 | 001,298,496 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)
SRV - [2010/11/03 11:53:28 | 000,897,088 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
SRV - [2010/10/05 21:04:12 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/10/05 21:04:08 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/10/01 11:49:08 | 000,151,552 | ---- | M] (Atheros) [Disabled | Stopped] -- C:\Program Files (x86)\Dell Wireless\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent)
SRV - [2009/07/14 06:15:31 | 000,396,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2009/07/14 06:15:31 | 000,396,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2009/07/14 06:14:53 | 000,061,440 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2009/06/11 02:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/12/03 14:43:06 | 000,841,728 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Primavera Common\BackgroundAgent\PrmBackgroundAgent.exe -- (PrmBackAgent)
SRV - [2007/02/10 07:29:54 | 029,178,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\MSSQL\Primavera\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$PRIMAVERA)
SRV - [2006/08/28 04:53:48 | 000,092,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\MSSQL\Primavera\MSSQL.1\MSSQL\Binn\msftesql.exe -- (msftesql$PRIMAVERA)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013/07/14 22:10:42 | 000,178,448 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kneps.sys -- (kneps)
DRV:64bit: - [2013/07/14 22:10:38 | 000,054,368 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kltdi.sys -- (kltdi)
DRV:64bit: - [2013/07/14 22:10:03 | 000,620,128 | ---- | M] (Kaspersky Lab ZAO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2013/06/21 06:07:16 | 000,046,792 | ---- | M] (AnchorFree Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\hssdrv6.sys -- (HssDRV6)
DRV:64bit: - [2013/04/25 00:28:08 | 000,042,184 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6)
DRV:64bit: - [2013/01/14 14:41:12 | 000,029,528 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2013/01/14 14:41:12 | 000,029,016 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klkbdflt.sys -- (klkbdflt)
DRV:64bit: - [2012/11/08 04:37:57 | 000,022,736 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\cmderd.sys -- (cmderd)
DRV:64bit: - [2012/08/02 15:09:34 | 000,028,504 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2012/06/21 00:15:53 | 000,028,672 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_juextctrl.sys -- (huawei_ext_ctrl)
DRV:64bit: - [2012/06/21 00:15:52 | 000,422,400 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbwwan.sys -- (ewusbmbb)
DRV:64bit: - [2012/06/21 00:15:52 | 000,223,232 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2012/06/21 00:15:52 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV:64bit: - [2012/06/21 00:15:52 | 000,098,304 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_jucdcacm.sys -- (huawei_cdcacm)
DRV:64bit: - [2012/06/21 00:15:52 | 000,087,040 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV:64bit: - [2012/06/21 00:15:52 | 000,072,192 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_jucdcecm.sys -- (huawei_cdcecm)
DRV:64bit: - [2012/06/19 17:28:12 | 000,458,584 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1)
DRV:64bit: - [2012/04/23 16:26:26 | 000,154,272 | ---- | M] (Tonec Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\idmwfp.sys -- (IDMWFP)
DRV:64bit: - [2012/03/01 11:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/05/25 04:40:10 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2011/05/13 00:28:46 | 000,363,856 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2011/04/22 08:13:00 | 000,025,960 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2011/03/26 01:17:50 | 012,262,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/03/11 11:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 11:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/03 21:29:20 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010/12/17 14:47:10 | 000,275,616 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2010/12/17 14:47:08 | 000,201,376 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2010/12/17 14:47:08 | 000,154,272 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2010/12/17 14:47:08 | 000,055,456 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2010/12/17 14:47:08 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2010/12/17 14:47:08 | 000,028,832 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2010/12/17 14:47:06 | 000,298,144 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2010/12/10 13:50:36 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/12/10 13:50:36 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/11/24 11:33:26 | 002,673,664 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/11/04 05:07:06 | 000,058,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux)
DRV:64bit: - [2010/10/19 23:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/05/27 06:30:00 | 001,121,632 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2010/03/19 04:11:09 | 000,030,272 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\Ckldrv.sys -- (NetworkX)
DRV:64bit: - [2009/12/23 19:33:48 | 000,118,360 | ---- | M] (FarStone Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\FVXSCSI.SYS -- (FVXSCSI)
DRV:64bit: - [2009/07/21 16:04:16 | 000,119,168 | ---- | M] (ZTEMT Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT_ZTEMT_U_USBSER.sys -- (ztemtusbser)
DRV:64bit: - [2009/07/14 06:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 06:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 06:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 06:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 05:06:32 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2009/06/11 01:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 01:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 01:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 01:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/02/09 10:38:44 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64j.sys -- (UsbserFilt)
DRV:64bit: - [2009/02/09 10:38:34 | 000,018,944 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcdx64)
DRV:64bit: - [2009/02/09 10:38:34 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2009/02/09 10:38:32 | 000,025,088 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdcx64)
DRV:64bit: - [2008/10/29 10:47:02 | 000,024,592 | ---- | M] (FarStone Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\FCDABUS.SYS -- (fcdabus)
DRV:64bit: - [2008/05/06 18:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV - [2009/07/14 06:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://pk.msn.com/?C=PK
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = ED 44 0A 8A 56 41 CC 01  [binary data]
IE - HKCU\..\URLSearchHook: {08d6b0b4-c132-470d-a8e2-aa2e9c3851c9} - No CLSID value found
IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found
IE - HKCU\..\URLSearchHook: {c34bfb11-eff0-4123-a7a5-79051ef24cf5} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{8EEAC88A-079B-4b2c-80C1-7836F79EB40A}: "URL" = http://us.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}:6.0.37
FF - prefs.js..extensions.enabledAddons: [email protected]:1.0
FF - prefs.js..browser.startup.homepage: "http://us.yahoo.com?fr=fp-comodo"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..keyword.URL: "http://us.search.yah...=ytff-comodo&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-comodo"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-comodo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Faraz\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Faraz\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Faraz\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Nokia\Nokia PC Suite 7\bkmrksync\ [2011/07/29 16:13:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\[email protected] [2013/07/14 22:10:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\[email protected] [2013/07/14 22:10:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\[email protected] [2013/07/14 22:10:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/04/12 22:29:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Faraz\AppData\Roaming\IDM\idmmzcc5 [2013/06/26 07:05:30 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Users\Faraz\AppData\Roaming\IDM\idmmzcc5 [2013/06/26 07:05:30 | 000,000,000 | ---D | M]
 
[2012/04/12 22:30:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Faraz\AppData\Roaming\mozilla\Extensions
[2013/07/25 04:37:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Faraz\AppData\Roaming\mozilla\Firefox\Profiles\3ajw8v5r.default\extensions
[2013/05/07 12:34:31 | 000,000,000 | ---D | M] (SelectionLinks) -- C:\Users\Faraz\AppData\Roaming\mozilla\Firefox\Profiles\3ajw8v5r.default\extensions\{C92DDD27-768C-4E40-B655-740B017E698D}
[2013/07/25 04:36:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/08/03 02:47:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012/09/03 20:41:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\[email protected]
[2012/03/13 09:39:39 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/03/13 09:38:32 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/03/13 09:38:32 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Faraz\AppData\Local\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Faraz\AppData\Local\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Faraz\AppData\Local\Google\Chrome\Application\28.0.1500.72\pdf.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Java™ Platform SE 7 U13 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Nitro PDF Plug-In (Enabled) = C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Faraz\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
CHR - plugin: Java Deployment Toolkit 7.0.130.20 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - Extension: TV = C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Default\Extensions\beobeededemalmllhkmnkinmfembdimh\1.0.12_0\
CHR - Extension: YouTube = C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Kaspersky URL Advisor = C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\
CHR - Extension: ESPN Cricinfo = C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlklinjgampohhihndkofhhaahoicoip\1.0.0_0\
CHR - Extension: Google+ = C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlppkpafhbajpcmmoheippocdidnckmm\1.2.0.418_0\
CHR - Extension: ssafEE- saVae = C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Default\Extensions\epcacbllddpdcojcggmijaggcpambccj\1\
CHR - Extension: saafe saveo = C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbhkimppigjgkknlpoohbcbfdhhbaeig\1\
CHR - Extension: Content Blocker = C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail\13.0.1.4190_0\
CHR - Extension: ESPN Cricinfo = C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijhlikjoigjegofbedmfmlcfkmhabldh\1.8.4.1_0\
CHR - Extension: Quran = C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iklmggidaneooheckcalppihpgfidbpe\2_0\
CHR - Extension: Virtual Keyboard = C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4292_0\
CHR - Extension: Web Navigation = C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkemddiljapcmhicklfpcbpfffahfbja\1.0_0\
CHR - Extension: Web Navigation = C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkemddiljapcmhicklfpcbpfffahfbja\1.0_0\.bak
CHR - Extension: Gmail = C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2013/07/03 16:10:09 | 000,000,707 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Users\Faraz\AppData\Local\Temp\IDMIECC64.dll File not found
O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Users\Faraz\AppData\Local\Temp\IDMIECC.dll File not found
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (SelectionLinks) - {7825CFB6-490A-436B-9F26-4A7B5CFC01A9} - C:\Program Files (x86)\OApps\SelectionLinks.dll File not found
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (ssafEE- saVae) - {98ED5451-2AA6-96DB-7012-46C7C9673C57} - C:\ProgramData\ssafEE- saVae\51d19df9cfdfa.dll File not found
O2 - BHO: (QUICKfind BHO Object) - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~2\TEXTware\QUICKF~1\PlugIns\IEHelp.dll File not found
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {08D6B0B4-C132-470D-A8E2-AA2E9C3851C9} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C34BFB11-EFF0-4123-A7A5-79051EF24CF5} - No CLSID value found.
O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [NVHotkey] C:\Windows\SysNative\nvHotkey.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe (Kaspersky Lab ZAO)
O4 - HKCU..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot File not found
O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Download all links with IDM - C:\Users\Faraz\AppData\Local\Temp\Rar$EX37.136\Internet Download Manager v6.05.10\crack\IEGetAll.htm File not found
O8:64bit: - Extra context menu item: Download with IDM - C:\Users\Faraz\AppData\Local\Temp\Rar$EX37.136\Internet Download Manager v6.05.10\crack\IEExt.htm File not found
O8:64bit: - Extra context menu item: QuickDefine - C:\Program Files (x86)\Common Files\microsoft shared\Reference Titles\eddefine.htm ()
O8 - Extra context menu item: Download all links with IDM - C:\Users\Faraz\AppData\Local\Temp\Rar$EX37.136\Internet Download Manager v6.05.10\crack\IEGetAll.htm File not found
O8 - Extra context menu item: Download with IDM - C:\Users\Faraz\AppData\Local\Temp\Rar$EX37.136\Internet Download Manager v6.05.10\crack\IEExt.htm File not found
O8 - Extra context menu item: QuickDefine - C:\Program Files (x86)\Common Files\microsoft shared\Reference Titles\eddefine.htm ()
O9:64bit: - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
O9:64bit: - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre7\bin\jp2iexp.dll ()
O9 - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O9 - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.21.2)
O16 - DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{50E85FEB-E007-45E8-A588-742A30D19941}: NameServer = 46.184.252.171 46.184.252.82
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{60D8391B-FB23-4063-83BA-281FECD708AE}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8C0BDDB9-9EE1-42AC-8A70-23BE28B8C50A}: DhcpNameServer = 192.168.100.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A267094A-40C3-47D3-8DAE-302A089FA963}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B4E1DD84-082B-4E48-95F7-B9F21F406F24}: NameServer = 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DD41DE21-F7EB-4434-9DAB-E5924B4B42FB}: DhcpNameServer = 192.168.1.1 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
O20:64bit: - AppInit_DLLs: (c:\windows\syswow64\nvinit.dll) - c:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) - C:\Windows\SysWOW64\guard32.dll (COMODO)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO)
O20 - AppInit_DLLs: (c:\windows\syswow64\nvinit.dll) - c:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) - C:\Windows\SysWOW64\guard32.dll (COMODO)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 0
O33 - MountPoints2\{02c8fcea-4ca3-11e1-bef9-b0f753bc31d4}\Shell - "" = AutoRun
O33 - MountPoints2\{02c8fcea-4ca3-11e1-bef9-b0f753bc31d4}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{33399f99-67c2-11e1-8d4c-a98bf1d84fd7}\Shell - "" = AutoRun
O33 - MountPoints2\{33399f99-67c2-11e1-8d4c-a98bf1d84fd7}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{3c7c41a4-2031-11e1-b52f-ee78cfe267cc}\Shell - "" = AutoRun
O33 - MountPoints2\{3c7c41a4-2031-11e1-b52f-ee78cfe267cc}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{3c7c41cd-2031-11e1-b52f-cfa96447c4ac}\Shell - "" = AutoRun
O33 - MountPoints2\{3c7c41cd-2031-11e1-b52f-cfa96447c4ac}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{3c7c41fc-2031-11e1-b52f-cfa96447c4ac}\Shell - "" = AutoRun
O33 - MountPoints2\{3c7c41fc-2031-11e1-b52f-cfa96447c4ac}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{4af26f6f-30a6-11e1-9b94-910f30baeed7}\Shell - "" = AutoRun
O33 - MountPoints2\{4af26f6f-30a6-11e1-9b94-910f30baeed7}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{4af26f77-30a6-11e1-9b94-910f30baeed7}\Shell - "" = AutoRun
O33 - MountPoints2\{4af26f77-30a6-11e1-9b94-910f30baeed7}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{6e1e4585-2fd1-11e2-a558-c0f8da9ce4fc}\Shell - "" = AutoRun
O33 - MountPoints2\{6e1e4585-2fd1-11e2-a558-c0f8da9ce4fc}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{6e1e459a-2fd1-11e2-a558-c0f8da9ce4fc}\Shell - "" = AutoRun
O33 - MountPoints2\{6e1e459a-2fd1-11e2-a558-c0f8da9ce4fc}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{6e1e45b1-2fd1-11e2-a558-c0f8da9ce4fc}\Shell - "" = AutoRun
O33 - MountPoints2\{6e1e45b1-2fd1-11e2-a558-c0f8da9ce4fc}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{6e1e45c3-2fd1-11e2-a558-c0f8da9ce4fc}\Shell - "" = AutoRun
O33 - MountPoints2\{6e1e45c3-2fd1-11e2-a558-c0f8da9ce4fc}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{73f29098-acba-11e1-b04f-bb72616340ba}\Shell - "" = AutoRun
O33 - MountPoints2\{73f29098-acba-11e1-b04f-bb72616340ba}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{73f290a8-acba-11e1-b04f-bb72616340ba}\Shell - "" = AutoRun
O33 - MountPoints2\{73f290a8-acba-11e1-b04f-bb72616340ba}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{73f290b2-acba-11e1-b04f-bb72616340ba}\Shell - "" = AutoRun
O33 - MountPoints2\{73f290b2-acba-11e1-b04f-bb72616340ba}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{792b117a-79e6-11e2-8803-c0f8da9ce4fc}\Shell - "" = AutoRun
O33 - MountPoints2\{792b117a-79e6-11e2-8803-c0f8da9ce4fc}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{7b2ec2e4-ccc5-11e0-a18e-001e101f50a4}\Shell - "" = AutoRun
O33 - MountPoints2\{7b2ec2e4-ccc5-11e0-a18e-001e101f50a4}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{85dd8db7-99f3-11e2-9cf8-c0f8da9ce4fc}\Shell - "" = AutoRun
O33 - MountPoints2\{85dd8db7-99f3-11e2-9cf8-c0f8da9ce4fc}\Shell\AutoRun\command - "" = G:\Setup.exe /Auto
O33 - MountPoints2\{86568119-c4b4-11e0-b905-001e101f24f1}\Shell - "" = AutoRun
O33 - MountPoints2\{86568119-c4b4-11e0-b905-001e101f24f1}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{86568127-c4b4-11e0-b905-001e101f24f1}\Shell - "" = AutoRun
O33 - MountPoints2\{86568127-c4b4-11e0-b905-001e101f24f1}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{b37abe37-0cab-11e1-8e39-f1be9be713a1}\Shell - "" = AutoRun
O33 - MountPoints2\{b37abe37-0cab-11e1-8e39-f1be9be713a1}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{b37abe3e-0cab-11e1-8e39-f1be9be713a1}\Shell - "" = AutoRun
O33 - MountPoints2\{b37abe3e-0cab-11e1-8e39-f1be9be713a1}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{b3999c83-9c5f-11e1-b456-e3fa1a8666c4}\Shell - "" = AutoRun
O33 - MountPoints2\{b3999c83-9c5f-11e1-b456-e3fa1a8666c4}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{b78e385c-0a03-11e1-916b-95476b19059a}\Shell - "" = AutoRun
O33 - MountPoints2\{b78e385c-0a03-11e1-916b-95476b19059a}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{b78e3869-0a03-11e1-916b-95476b19059a}\Shell - "" = AutoRun
O33 - MountPoints2\{b78e3869-0a03-11e1-916b-95476b19059a}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{b78e3877-0a03-11e1-916b-95476b19059a}\Shell - "" = AutoRun
O33 - MountPoints2\{b78e3877-0a03-11e1-916b-95476b19059a}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{c60b1d03-948a-11e1-b452-a9fb93de33a9}\Shell - "" = AutoRun
O33 - MountPoints2\{c60b1d03-948a-11e1-b452-a9fb93de33a9}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{e453e644-42ec-11e1-ba57-dbe944af10d1}\Shell - "" = AutoRun
O33 - MountPoints2\{e453e644-42ec-11e1-ba57-dbe944af10d1}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{e5e543a2-b458-11e0-8134-c0f8da9ce4fc}\Shell - "" = AutoRun
O33 - MountPoints2\{e5e543a2-b458-11e0-8134-c0f8da9ce4fc}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{e5e543b7-b458-11e0-8134-c0f8da9ce4fc}\Shell - "" = AutoRun
O33 - MountPoints2\{e5e543b7-b458-11e0-8134-c0f8da9ce4fc}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{e5e543d4-b458-11e0-8134-c0f8da9ce4fc}\Shell - "" = AutoRun
O33 - MountPoints2\{e5e543d4-b458-11e0-8134-c0f8da9ce4fc}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{e98d437d-d555-11e0-8ea9-001e101f8ed0}\Shell - "" = AutoRun
O33 - MountPoints2\{e98d437d-d555-11e0-8ea9-001e101f8ed0}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{e98d47ad-d555-11e0-8ea9-001e101f8ed0}\Shell - "" = AutoRun
O33 - MountPoints2\{e98d47ad-d555-11e0-8ea9-001e101f8ed0}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 90 Days ==========
 
[2013/07/25 04:49:51 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/07/25 04:33:26 | 000,560,934 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Faraz\Desktop\JRT.exe
[2013/07/24 19:03:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2013/07/24 19:03:10 | 000,000,000 | ---D | C] -- C:\Users\Faraz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2013/07/24 18:58:10 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Faraz\Desktop\OTL.exe
[2013/07/21 00:18:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EVDO BROADBAND PTCL
[2013/07/21 00:18:37 | 000,000,000 | ---D | C] -- C:\Program Files\EVDO BROADBAND PTCL
[2013/07/03 16:19:01 | 000,000,000 | ---D | C] -- C:\Users\Faraz\AppData\Local\Comodo
[2013/07/02 19:53:54 | 000,000,000 | ---D | C] -- C:\ProgramData\CPA_VA
[2013/07/02 19:52:50 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\COMODO
[2013/07/02 16:13:11 | 000,000,000 | -H-D | C] -- C:\VritualRoot
[2013/07/02 16:03:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo
[2013/07/02 16:02:58 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2013/07/02 16:02:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
[2013/07/02 16:02:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Comodo
[2013/07/02 16:02:51 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gdiplus.dll
[2013/07/01 23:35:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus 2013
[2013/07/01 23:35:29 | 000,064,856 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\klfphc.dll
[2013/07/01 23:34:26 | 000,000,000 | ---D | C] -- C:\Windows\ELAMBKUP
[2013/07/01 23:34:13 | 000,620,128 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klif.sys
[2013/07/01 23:34:13 | 000,090,208 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klflt.sys
[2013/07/01 22:46:25 | 000,000,000 | ---D | C] -- C:\Users\Faraz\AppData\Roaming\Zbshareware Lab
[2013/07/01 22:46:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\USB Disk Security
[2013/07/01 22:46:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\USB Disk Security
[2013/06/29 11:41:48 | 000,000,000 | ---D | C] -- C:\Users\Faraz\Desktop\Docs
[2013/06/27 12:19:08 | 000,000,000 | ---D | C] -- C:\Users\Faraz\AppData\Roaming\Nero
[2013/06/27 12:18:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero
[2013/06/27 12:18:03 | 003,036,456 | ---- | C] (BCGSoft Ltd) -- C:\Windows\SysWow64\BCGCBPRO860u80.dll
[2013/06/27 12:18:03 | 000,802,816 | ---- | C] (Pegasus Imaging Corp.) -- C:\Windows\SysWow64\imagXRA7.dll
[2013/06/27 12:18:03 | 000,368,640 | ---- | C] (Pegasus Imaging Corporation) -- C:\Windows\SysWow64\TwnLib4.dll
[2013/06/27 12:18:03 | 000,258,048 | ---- | C] (Pegasus Imaging Corp.) -- C:\Windows\SysWow64\imagXR7.dll
[2013/06/27 12:18:02 | 000,497,296 | ---- | C] (Pegasus Imaging Corp.) -- C:\Windows\SysWow64\imagXpr7.dll
[2013/06/27 12:18:01 | 001,757,184 | ---- | C] (Pegasus Imaging Corp.) -- C:\Windows\SysWow64\imagX7.dll
[2013/06/27 12:17:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Ahead
[2013/06/27 12:17:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nero
[2013/06/26 06:59:33 | 000,000,000 | ---D | C] -- C:\Users\Faraz\AppData\Local\CrashDumps
[2013/06/26 06:31:41 | 000,000,000 | ---D | C] -- C:\Users\Faraz\AppData\Local\Apps
[2013/06/21 06:07:16 | 000,046,792 | ---- | C] (AnchorFree Inc.) -- C:\Windows\SysNative\drivers\hssdrv6.sys
[2013/06/19 12:46:55 | 000,000,000 | R--D | C] -- C:\Users\Faraz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
[2013/06/19 12:46:55 | 000,000,000 | ---D | C] -- C:\Users\Faraz\AppData\Local\BMExplorer
[2013/06/17 14:37:57 | 000,000,000 | ---D | C] -- C:\Users\Faraz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
[2013/06/17 14:37:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
[2013/06/17 14:20:05 | 000,000,000 | ---D | C] -- C:\ProgramData\IDM
[2013/06/17 03:07:41 | 000,000,000 | ---D | C] -- C:\Users\Faraz\AppData\Roaming\Nitro
[2013/06/17 03:07:41 | 000,000,000 | ---D | C] -- C:\Users\Faraz\AppData\Roaming\FileOpen
[2013/06/17 03:07:41 | 000,000,000 | ---D | C] -- C:\ProgramData\FileOpen
[2013/06/17 03:06:05 | 000,029,704 | ---- | C] (Nitro PDF Software) -- C:\Windows\SysNative\nitrolocalmon2.dll
[2013/06/17 03:06:05 | 000,017,928 | ---- | C] (Nitro PDF Software) -- C:\Windows\SysNative\nitrolocalui2.dll
[2013/06/17 03:05:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nitro
[2013/06/17 03:05:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nitro
[2013/06/17 03:05:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Nitro
[2013/06/17 03:05:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nitro
[2013/06/17 00:09:23 | 000,000,000 | ---D | C] -- C:\Users\Faraz\AppData\Roaming\PDF
[2013/05/29 16:09:40 | 000,000,000 | ---D | C] -- C:\Users\Faraz\AppData\Local\Macromedia
[2013/05/18 14:52:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/05/18 14:51:39 | 000,263,584 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013/05/18 14:51:30 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013/05/18 14:51:30 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013/05/18 14:51:30 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/05/06 02:21:12 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys
[2013/05/06 02:21:12 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll
[2013/05/06 02:09:26 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2013/05/06 02:09:25 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2013/05/06 02:09:24 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2013/05/06 02:09:24 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2013/05/06 02:07:59 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll
[2013/05/06 02:07:57 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll
[2013/05/06 02:07:56 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll
[2013/05/06 02:07:56 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe
[2013/05/06 01:59:05 | 003,138,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2013/05/06 01:59:00 | 002,691,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2013/05/06 01:58:58 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
[2013/05/06 01:58:58 | 000,131,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
[2013/05/06 01:58:57 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2013/05/06 01:58:55 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2013/05/06 01:53:28 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2013/05/06 01:53:28 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2013/05/06 01:53:27 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2013/05/06 01:53:27 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013/05/06 01:53:26 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2013/05/06 01:53:25 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013/05/06 01:53:24 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013/05/06 01:53:24 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/05/06 01:53:24 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/05/06 01:53:23 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2013/05/06 01:53:23 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013/05/06 01:53:23 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013/05/06 01:53:23 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013/05/06 01:53:20 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2013/05/06 01:53:19 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2013/05/06 01:53:19 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2013/05/06 01:53:19 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2013/05/06 01:53:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2013/05/06 01:53:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2013/05/06 01:53:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2013/05/06 01:53:18 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2013/05/06 01:53:18 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2013/05/06 01:53:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/05/06 01:53:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/05/06 01:53:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2013/05/06 01:53:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2013/05/06 01:53:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/05/06 01:53:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/05/06 01:53:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/05/06 01:53:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/05/06 01:53:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2013/05/06 01:53:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2013/05/06 01:53:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2013/05/06 01:53:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/05/06 01:53:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2013/05/06 01:53:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2013/05/06 01:53:17 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2013/05/06 01:53:17 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2013/05/06 01:53:17 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2013/05/06 01:53:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/05/06 01:53:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2013/05/06 01:53:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2013/05/06 01:53:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2013/05/06 01:53:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2013/05/06 01:53:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2013/05/06 01:53:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2013/05/06 01:53:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2013/05/06 01:53:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2013/05/06 01:53:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2013/05/06 01:53:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2013/05/06 01:53:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2013/05/06 01:53:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2013/05/06 01:53:16 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2013/05/06 01:53:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2013/05/06 01:53:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/05/06 01:53:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/05/06 01:53:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2013/05/06 01:53:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2013/05/06 01:53:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2013/05/06 01:53:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2013/05/06 01:53:15 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2013/05/06 01:53:15 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2013/05/06 01:53:15 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2013/05/06 01:53:15 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2013/05/06 01:53:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2013/05/06 01:53:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2013/05/06 01:53:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2013/05/06 01:53:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2013/05/06 01:53:14 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013/05/06 01:51:28 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2013/05/06 01:51:27 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2013/05/06 01:51:27 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2013/05/06 01:48:31 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2013/05/06 01:48:30 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013/05/06 01:47:16 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
[2013/05/06 01:47:16 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll
[2013/05/06 01:47:15 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll
[2013/05/06 01:46:55 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys
[2013/05/06 01:46:38 | 003,213,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2013/05/06 01:46:11 | 000,154,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iisRtl.dll
[2013/05/06 01:46:10 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admwprox.dll
[2013/05/06 01:46:09 | 000,191,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iisRtl.dll
[2013/05/06 01:46:08 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admwprox.dll
[2013/05/06 01:46:05 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iisreset.exe
[2013/05/06 01:46:04 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ahadmin.dll
[2013/05/06 01:46:04 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iisreset.exe
[2013/05/06 01:46:03 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ahadmin.dll
[2013/05/06 01:46:03 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wamregps.dll
[2013/05/06 01:46:03 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wamregps.dll
[2013/05/06 01:46:02 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iisrstap.dll
[2013/05/06 01:46:02 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iisrstap.dll
[2013/05/06 01:44:22 | 000,287,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2013/05/06 01:43:21 | 001,462,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2013/05/06 01:43:19 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2013/05/06 01:42:43 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll
[2013/05/06 01:42:39 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2013/05/06 01:42:36 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl
[2013/05/06 01:42:35 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl
[2013/05/06 01:42:32 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2013/05/06 01:42:29 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll
[2013/05/06 01:42:28 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll
[2013/05/06 01:42:26 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2013/05/06 01:42:25 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll
[2013/05/06 01:42:25 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll
[2013/05/06 01:42:23 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2013/05/06 01:38:57 | 000,956,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2013/05/06 01:37:59 | 005,497,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/05/06 01:37:56 | 003,958,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013/05/06 01:37:56 | 003,902,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013/05/06 01:37:55 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2013/05/06 01:37:55 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2013/05/06 01:37:54 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2013/05/06 01:37:34 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe
 
========== Files - Modified Within 90 Days ==========
 
[2013/07/25 05:55:11 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-182233152-2924250215-3996894080-1000UA.job
[2013/07/25 05:22:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/07/25 04:46:46 | 000,019,184 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/25 04:46:46 | 000,019,184 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/25 04:41:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/07/25 04:41:27 | 3148,218,368 | -HS- | M] () -- C:\hiberfil.sys
[2013/07/25 04:38:36 | 000,000,105 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013/07/25 04:32:18 | 000,986,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/07/25 04:32:18 | 000,815,680 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/07/25 04:32:18 | 000,169,078 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/07/25 04:28:30 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-182233152-2924250215-3996894080-1000UA.job
[2013/07/25 04:20:28 | 000,666,633 | ---- | M] () -- C:\Users\Faraz\Desktop\AdwCleaner.exe
[2013/07/25 04:19:54 | 000,560,934 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Faraz\Desktop\JRT.exe
[2013/07/25 01:06:39 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-182233152-2924250215-3996894080-1000Core.job
[2013/07/24 19:03:10 | 000,002,975 | ---- | M] () -- C:\Users\Faraz\Desktop\HiJackThis.lnk
[2013/07/24 18:58:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Faraz\Desktop\OTL.exe
[2013/07/23 12:36:31 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-182233152-2924250215-3996894080-1000Core.job
[2013/07/21 00:18:49 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\EVDO BROADBAND PTCL.lnk
[2013/07/20 10:48:19 | 000,000,600 | ---- | M] () -- C:\Users\Faraz\PUTTY.RND
[2013/07/20 10:23:20 | 000,580,227 | ---- | M] () -- C:\Users\Faraz\Desktop\How To Hack Any Email Account.pdf
[2013/07/20 09:03:30 | 000,242,310 | ---- | M] () -- C:\Users\Faraz\Desktop\[Tutorial] Disinfecting and Hacking a Keylogger ~ Software Zone.pdf
[2013/07/19 17:23:55 | 001,474,832 | ---- | M] () -- C:\Windows\SysNative\drivers\sfi.dat
[2013/07/19 16:51:11 | 000,222,725 | ---- | M] () -- C:\Users\Faraz\Desktop\Untitled.jpg
[2013/07/18 10:40:14 | 000,344,816 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/07/18 00:54:17 | 000,441,269 | ---- | M] () -- C:\Users\Faraz\Desktop\Q's Blog.pdf
[2013/07/16 16:29:58 | 000,174,956 | ---- | M] () -- C:\Users\Faraz\Desktop\HR Q & A.pdf
[2013/07/14 22:10:42 | 000,178,448 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\kneps.sys
[2013/07/14 22:10:38 | 000,054,368 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\kltdi.sys
[2013/07/14 22:10:03 | 000,620,128 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klif.sys
[2013/07/14 22:09:24 | 000,090,208 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klflt.sys
[2013/07/13 13:19:12 | 000,002,361 | ---- | M] () -- C:\Users\Faraz\Desktop\Google Chrome.lnk
[2013/07/12 02:14:50 | 001,501,408 | ---- | M] () -- C:\Users\Faraz\Desktop\Understanding The Differ..._ Simple Small Business.pdf
[2013/07/12 01:59:48 | 000,644,296 | ---- | M] () -- C:\Users\Faraz\Desktop\Markup vs. Margin. What ...rence_ – Consero Global.pdf
[2013/07/12 01:54:42 | 002,197,905 | ---- | M] () -- C:\Users\Faraz\Desktop\Gross margin .pdf
[2013/07/10 23:38:42 | 000,001,922 | ---- | M] () -- C:\Users\Public\Desktop\Nitro Pro 8.lnk
[2013/07/02 16:03:14 | 000,001,846 | ---- | M] () -- C:\Users\Public\Desktop\COMODO Internet Security.lnk
[2013/07/02 16:03:00 | 000,001,069 | ---- | M] () -- C:\Users\Faraz\Application Data\Microsoft\Internet Explorer\Quick Launch\COMODO GeekBuddy.lnk
[2013/07/02 16:03:00 | 000,001,045 | ---- | M] () -- C:\Users\Public\Desktop\COMODO GeekBuddy.lnk
[2013/07/02 16:02:54 | 000,001,070 | ---- | M] () -- C:\Users\Public\Desktop\Comodo Dragon.lnk
[2013/07/02 16:02:51 | 001,700,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\gdiplus.dll
[2013/07/01 23:35:30 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Kaspersky Anti-Virus 2013.lnk
[2013/07/01 23:10:56 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/07/01 22:46:16 | 000,001,030 | ---- | M] () -- C:\Users\Public\Desktop\USB Disk Security.lnk
[2013/06/27 12:18:06 | 000,001,885 | ---- | M] () -- C:\Users\Faraz\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero Express.lnk
[2013/06/27 12:18:06 | 000,001,861 | ---- | M] () -- C:\Users\Faraz\Desktop\Nero Express.lnk
[2013/06/27 12:09:41 | 000,001,280 | ---- | M] () -- C:\Users\Faraz\Desktop\Command Prompt.lnk
[2013/06/21 11:04:11 | 000,177,592 | ---- | M] () -- C:\Users\Faraz\Desktop\petrokeymia.jpg
[2013/06/21 06:07:16 | 000,046,792 | ---- | M] (AnchorFree Inc.) -- C:\Windows\SysNative\drivers\hssdrv6.sys
[2013/06/17 18:48:34 | 000,003,441 | ---- | M] () -- C:\Users\Faraz\AppData\Roaming\lgr
[2013/06/16 20:21:28 | 000,000,884 | RHS- | M] () -- C:\Users\Faraz\ntuser.pol
[2013/06/12 21:24:15 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/06/12 21:24:14 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/05/31 12:10:39 | 000,007,605 | ---- | M] () -- C:\Users\Faraz\AppData\Local\Resmon.ResmonCfg
[2013/05/18 14:51:20 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/05/18 14:51:16 | 000,263,584 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013/05/18 14:51:16 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013/05/18 14:51:15 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013/05/18 14:51:14 | 000,866,720 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npdeployJava1.dll
[2013/05/18 14:51:14 | 000,788,896 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013/05/09 20:29:30 | 000,131,072 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2013/05/08 00:49:06 | 000,087,185 | ---- | M] () -- C:\Users\Faraz\Documents\935235_463914003688815_2089777530_n.jpg
 
========== Files Created - No Company Name ==========
 
[2013/07/25 04:36:43 | 000,000,105 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013/07/25 04:33:26 | 000,666,633 | ---- | C] () -- C:\Users\Faraz\Desktop\AdwCleaner.exe
[2013/07/24 19:03:10 | 000,002,975 | ---- | C] () -- C:\Users\Faraz\Desktop\HiJackThis.lnk
[2013/07/21 00:18:49 | 000,000,866 | ---- | C] () -- C:\Users\Public\Desktop\EVDO BROADBAND PTCL.lnk
[2013/07/20 10:23:20 | 000,580,227 | ---- | C] () -- C:\Users\Faraz\Desktop\How To Hack Any Email Account.pdf
[2013/07/20 09:03:23 | 000,242,310 | ---- | C] () -- C:\Users\Faraz\Desktop\[Tutorial] Disinfecting and Hacking a Keylogger ~ Software Zone.pdf
[2013/07/18 00:52:53 | 000,441,269 | ---- | C] () -- C:\Users\Faraz\Desktop\Q's Blog.pdf
[2013/07/16 16:29:21 | 000,174,956 | ---- | C] () -- C:\Users\Faraz\Desktop\HR Q & A.pdf
[2013/07/15 16:16:24 | 002,197,905 | ---- | C] () -- C:\Users\Faraz\Desktop\Gross margin .pdf
[2013/07/15 16:16:24 | 001,501,408 | ---- | C] () -- C:\Users\Faraz\Desktop\Understanding The Differ..._ Simple Small Business.pdf
[2013/07/15 16:16:24 | 000,644,296 | ---- | C] () -- C:\Users\Faraz\Desktop\Markup vs. Margin. What ...rence_ – Consero Global.pdf
[2013/07/02 16:04:44 | 001,474,832 | ---- | C] () -- C:\Windows\SysNative\drivers\sfi.dat
[2013/07/02 16:03:14 | 000,001,846 | ---- | C] () -- C:\Users\Public\Desktop\COMODO Internet Security.lnk
[2013/07/02 16:03:00 | 000,001,069 | ---- | C] () -- C:\Users\Faraz\Application Data\Microsoft\Internet Explorer\Quick Launch\COMODO GeekBuddy.lnk
[2013/07/02 16:03:00 | 000,001,045 | ---- | C] () -- C:\Users\Public\Desktop\COMODO GeekBuddy.lnk
[2013/07/02 16:02:54 | 000,001,070 | ---- | C] () -- C:\Users\Public\Desktop\Comodo Dragon.lnk
[2013/07/01 23:35:49 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Kaspersky Anti-Virus 2013.lnk
[2013/07/01 22:46:16 | 000,001,030 | ---- | C] () -- C:\Users\Public\Desktop\USB Disk Security.lnk
[2013/06/27 12:18:06 | 000,001,885 | ---- | C] () -- C:\Users\Faraz\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero Express.lnk
[2013/06/27 12:18:06 | 000,001,861 | ---- | C] () -- C:\Users\Faraz\Desktop\Nero Express.lnk
[2013/06/27 12:18:04 | 000,033,576 | ---- | C] () -- C:\Windows\SysWow64\BCGPOleAcc.dll
[2013/06/27 12:09:41 | 000,001,280 | ---- | C] () -- C:\Users\Faraz\Desktop\Command Prompt.lnk
[2013/06/21 11:04:06 | 000,177,592 | ---- | C] () -- C:\Users\Faraz\Desktop\petrokeymia.jpg
[2013/06/17 14:22:10 | 000,003,441 | ---- | C] () -- C:\Users\Faraz\AppData\Roaming\lgr
[2013/06/17 03:05:56 | 000,002,531 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nitro Pro 8.lnk
[2013/06/17 03:05:56 | 000,001,922 | ---- | C] () -- C:\Users\Public\Desktop\Nitro Pro 8.lnk
[2013/06/16 20:21:28 | 000,000,884 | RHS- | C] () -- C:\Users\Faraz\ntuser.pol
[2013/05/31 12:10:39 | 000,007,605 | ---- | C] () -- C:\Users\Faraz\AppData\Local\Resmon.ResmonCfg
[2013/05/08 00:49:01 | 000,087,185 | ---- | C] () -- C:\Users\Faraz\Documents\935235_463914003688815_2089777530_n.jpg
[2013/05/06 02:21:18 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2013/05/06 02:07:55 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2013/03/29 14:37:29 | 000,000,004 | ---- | C] () -- C:\Windows\vx86036.dat
[2013/03/29 14:36:01 | 000,000,054 | ---- | C] () -- C:\Windows\Crypkey.ini
[2013/03/29 14:35:58 | 000,011,776 | ---- | C] () -- C:\Windows\Ckrfresh.exe
[2013/03/09 00:05:20 | 000,000,009 | ---- | C] () -- C:\Users\Faraz\AppData\Roaming\WinAcc.EML
[2013/03/08 23:59:52 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\implode.dll
[2012/08/26 01:49:44 | 000,000,022 | ---- | C] () -- C:\Windows\Wininit.ini
[2012/08/05 21:58:10 | 000,002,016 | -HS- | C] () -- C:\Windows\SysWow64\win_fp_sys.dat
[2012/08/05 21:47:33 | 000,000,000 | -HS- | C] () -- C:\Windows\SysWow64\win_fp_app.dat
[2012/08/05 21:47:30 | 000,007,168 | ---- | C] () -- C:\Windows\SysWow64\FPService.exe
[2012/08/05 21:47:29 | 000,116,944 | ---- | C] () -- C:\Windows\Secure.dll
[2012/08/05 21:47:29 | 000,110,800 | ---- | C] () -- C:\Windows\Secure64.dll
[2012/08/05 21:47:29 | 000,035,840 | ---- | C] () -- C:\Windows\SysWow64\WinFPdrv.sys
[2012/08/05 21:47:29 | 000,008,064 | -HS- | C] () -- C:\Windows\SysWow64\win_fp_config.dat
[2012/08/04 22:11:41 | 000,000,327 | ---- | C] () -- C:\Windows\dvdcreator.INI
[2012/08/04 22:07:20 | 000,014,496 | ---- | C] () -- C:\Windows\SysWow64\VDI08X.DAT
[2012/08/04 22:04:00 | 000,135,168 | ---- | C] () -- C:\Windows\SysWow64\VDProductInfoEx.dll
[2012/08/02 01:37:56 | 000,149,504 | ---- | C] () -- C:\Windows\SysWow64\UNWISE.EXE
[2011/10/12 01:02:54 | 000,006,656 | ---- | C] () -- C:\Users\Faraz\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/10 23:25:18 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\cd.dat
[2011/09/27 00:18:38 | 000,037,647 | ---- | C] () -- C:\Users\Faraz\AppData\Roaming\Debut.dmp
[2011/09/01 17:06:21 | 000,000,600 | ---- | C] () -- C:\Users\Faraz\PUTTY.RND
[2011/08/13 23:07:15 | 000,000,990 | -HS- | C] () -- C:\Users\Faraz\AppData\Roaming\systemfl.$dk
[2011/07/29 19:27:03 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\Iyvu9_32.dll
[2011/07/29 19:27:02 | 000,568,850 | ---- | C] () -- C:\Windows\SysWow64\x264vfw.dll
[2011/07/29 19:27:00 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2011/07/29 19:26:57 | 000,005,120 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/07/29 19:24:02 | 000,000,061 | ---- | C] () -- C:\Windows\TEXTware.ini
[2011/07/29 19:24:00 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\Twavbx32.dll
[2011/07/29 19:24:00 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\idiom010227.dll
[2011/07/29 19:23:59 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\ILXTBS.DLL
[2011/07/29 19:23:59 | 000,115,200 | ---- | C] () -- C:\Windows\SysWow64\UnzDll.dll
[2011/07/29 19:23:59 | 000,113,288 | ---- | C] () -- C:\Windows\SysWow64\bass.dll
 
========== ZeroAccess Check ==========
 
[2011/11/17 12:14:10 | 000,002,048 | -HS- | M] () -- C:\Windows\Installer\{7c0eee1f-7b7e-6235-9f22-0f2dea83d0ae}\@
[2013/07/03 16:10:09 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{7c0eee1f-7b7e-6235-9f22-0f2dea83d0ae}\L
[2013/04/19 11:30:38 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{7c0eee1f-7b7e-6235-9f22-0f2dea83d0ae}\U
[2009/07/14 09:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 10:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 09:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 06:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 06:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 06:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
< End of report >
 
****************************************************************************************************************************
 

OTL Extras logfile created on: 25/Jul/13 5:45:48 AM - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Faraz\Desktop
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd/MMM/yy
 
3.91 Gb Total Physical Memory | 2.66 Gb Available Physical Memory | 67.97% Memory free
7.82 Gb Paging File | 6.41 Gb Available in Paging File | 81.99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 48.73 Gb Total Space | 5.85 Gb Free Space | 12.01% Space Free | Partition Type: NTFS
Drive D: | 48.83 Gb Total Space | 2.43 Gb Free Space | 4.97% Space Free | Partition Type: NTFS
Drive E: | 368.10 Gb Total Space | 33.39 Gb Free Space | 9.07% Space Free | Partition Type: NTFS
 
Computer Name: SLAIN | User Name: Faraz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 90 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DoNotAllowExceptions" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DoNotAllowExceptions" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe" = C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe:*:Enabled:Windows Messanger -- (Microsoft Corporation)
"C:\Users\Faraz\AppData\Roaming\local.exe" = C:\Users\Faraz\AppData\Roaming\local.exe:*:Enabled:Windows Messanger
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe" = C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe:*:Enabled:Windows Messanger -- (Microsoft Corporation)
"C:\Users\Faraz\AppData\Roaming\local.exe" = C:\Users\Faraz\AppData\Roaming\local.exe:*:Enabled:Windows Messanger
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07615532-D31E-4FAF-A183-63DAA1496985}" = protocol=6 | dir=in | app=c:\users\faraz\desktop\iconz\u1301.exe | 
"{0E46709D-C106-4341-B2B4-09516DE3A0C1}" = protocol=6 | dir=in | app=c:\users\faraz\desktop\iconz\u1210.exe | 
"{5D802493-B4DF-4388-B5B5-07027C32A690}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{75100302-EA27-4CA7-A85B-33699A5FB0C3}" = protocol=17 | dir=in | app=c:\users\faraz\desktop\iconz\u1301.exe | 
"{A2D3FAAC-85C4-44C9-BF60-AE2553D67C90}" = protocol=17 | dir=in | app=c:\users\faraz\desktop\iconz\u1210.exe | 
"{FD46FE5D-89D1-4979-9174-3DF7374A8E3F}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"TCP Query User{0C82B245-2FCC-4F8C-BB8F-3E63C2EA9E04}C:\program files (x86)\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"TCP Query User{0CEB582F-8E0E-4AEC-8C6A-EC9E5EA7014A}C:\program files (x86)\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"TCP Query User{1326218B-C22C-4B11-B830-909BA9A6C248}C:\program files (x86)\torntv.com\torntv downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\torntv.com\torntv downloader.exe | 
"TCP Query User{195FF06F-EBE8-418B-8328-7122BAFD123D}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"TCP Query User{4027BED8-C322-43BD-915B-1F09A2DF361F}C:\users\faraz\appdata\local\facebook\video\skype\facebookvideocalling.exe" = protocol=6 | dir=in | app=c:\users\faraz\appdata\local\facebook\video\skype\facebookvideocalling.exe | 
"TCP Query User{4A9547B6-FB9F-4526-8368-41D77D6AF7F9}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"TCP Query User{69EE9624-C871-457B-B09D-915095D4AAE5}C:\users\faraz\desktop\iconz\u1301.exe" = protocol=6 | dir=in | app=c:\users\faraz\desktop\iconz\u1301.exe | 
"TCP Query User{BE04720D-2A98-416B-B332-23B1AAE31EB0}C:\users\faraz\desktop\iconz\u1210.exe" = protocol=6 | dir=in | app=c:\users\faraz\desktop\iconz\u1210.exe | 
"UDP Query User{3D2BACB2-217E-4D73-98E2-D99A95AABDAA}C:\users\faraz\appdata\local\facebook\video\skype\facebookvideocalling.exe" = protocol=17 | dir=in | app=c:\users\faraz\appdata\local\facebook\video\skype\facebookvideocalling.exe | 
"UDP Query User{57AE0C85-A879-41BD-BC83-B315799255CF}C:\program files (x86)\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"UDP Query User{6512BEA6-A9F0-4AFD-9514-DEA9B1455049}C:\users\faraz\desktop\iconz\u1210.exe" = protocol=17 | dir=in | app=c:\users\faraz\desktop\iconz\u1210.exe | 
"UDP Query User{862FA32E-8D7A-4E60-B66B-2346C8B8F7AC}C:\users\faraz\desktop\iconz\u1301.exe" = protocol=17 | dir=in | app=c:\users\faraz\desktop\iconz\u1301.exe | 
"UDP Query User{ACD6C87E-DBF2-4334-B209-09B34679BE71}C:\program files (x86)\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"UDP Query User{B67320A0-F08B-4184-A0F2-27C95A94E948}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"UDP Query User{F8D8E166-D450-4495-9618-B413D067113A}C:\program files (x86)\torntv.com\torntv downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\torntv.com\torntv downloader.exe | 
"UDP Query User{FB804985-5CA8-4641-A8F0-A5FC41EDA70E}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0C6A0300-181F-400D-80C2-833A7E7461ED}" = Nitro Pro 8
"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64)
"{50822200-2E95-4E62-A8D8-41C3B308DF5E}" = Microsoft SQL Server VSS Writer
"{68660049-8D48-427C-9FF7-139D8340CDC0}" = MSVC80_x64
"{6E740973-8E71-42F9-A910-C18452E60450}" = Microsoft SQL Server Native Client
"{7CE8BE79-ABC3-4B2C-9543-28ED2B0A9EA8}" = Intel® PROSet/Wireless Software for Bluetooth® Technology
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 268.30
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 268.30
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 268.30
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.0.21
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.2.22.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{CBCDC8C3-8783-4AAC-BB72-31FB8A5E63CB}" = Microsoft SQL Server Management Studio Express
"{D6AB1F5B-FED6-49A9-9747-327BD28FB3C7}" = COMODO Internet Security
"E8A6D621B6D3FC5D43C68C549D959DE76EEF5D84" = Windows Driver Package - Nokia Modem  (06/01/2009 4.1)
"F779F5541ABD99C95C03B0FD5E3C058B22DA0FF7" = Windows Driver Package - Nokia Modem  (06/01/2009 7.01.0.3)
"WinRAR archiver" = WinRAR 4.01 (64-bit)
"ZTEWireless-101_is1" = EVDO BROADBAND PTCL
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{021B4CD1-D0DA-11D4-9610-00D0B74E3F77}" = Stahlschluessel 2001
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Dell WLAN and Bluetooth Client Installation
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{3D39E775-DDDA-4327-B747-0BDC5F191331}" = Nokia PC Suite
"{40443320-CDB0-43E9-9CD4-6C5F6FBF35FD}" = PipeData-PRO 8.0
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
"{451517F1-7E41-400B-AA36-FB7E2563526D}" = Dell Wireless Driver Installation
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4856B299-DFCD-44F0-AC0A-B3D102E19B5F}" = Primavera 6.1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{52D02A2B-03D2-4E34-A358-DC5D951FD296}" = Nokia Connectivity Cable Driver
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Anti-Virus 2013
"{58D379F7-62BC-4748-8237-FE071ECE797C}" = Microsoft SQL Server 2005 Tools
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{87655413-1064-1017-2250-851555730017}" = MAXORING
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_PRJSTD_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-003A-0000-0000-0000000FF1CE}" = Microsoft Office Project Standard 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}_PRJSTD_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00B4-0409-0000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PRJPROR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PRJPROR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PRJPROR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PRJPROR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PRJPROR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PRJPROR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PRJPROR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00B4-0409-0000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2010
"{90140000-00B4-0409-0000-0000000FF1CE}_Office14.PRJPROR_{18A0C151-8F8A-4B68-A960-60C464B94329}" = Microsoft Project 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PRJPROR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PRJPROR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91140000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2010
"{91140000-003B-0000-0000-0000000FF1CE}_Office14.PRJPROR_{8A8F117F-8EDB-440D-B679-F08909D729F7}" = Microsoft Project 2010 Service Pack 1 (SP1)
"{A13D16C5-38A9-4D96-9647-59FCCAB12A85}" = Visual Basic for Applications ® Core - English
"{B0F9497C-52B4-4686-8E73-74D866BBDF59}" = Microsoft SQL Server 2005 (PRIMAVERA)
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{C3F5DBA5-ABFC-443E-AA60-928223AADF53}" = Microsoft SQL Server 2005 (SQLEXPRESS)
"{E3E30FF7-5EAE-4E0E-B394-78214222D60C}" = Windows Internet Explorer Platform Preview
"{F0C2AD51-9F09-4B75-82EE-74DA80F708D8}" = Nitro PDF Professional
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FB97C283-1F3C-42D4-AE01-ADC1DC12F774}" = Visual Basic for Applications ® Core
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"ChatSend Toolbar" = ChatSend Toolbar
"Comodo Dragon" = Comodo Dragon
"COMODO GeekBuddy" = COMODO GeekBuddy
"CoreAAC" = CoreAAC
"Counter-Strike 1.6" = Counter-Strike 1.6
"Debut" = Debut Video Capture Software
"Dell Webcam Center" = Dell Webcam Center
"Dell Webcam Manager" = Dell Webcam Manager
"ENTERPRISE" = Microsoft Office Enterprise 2007
"GOM Player" = GOM Player
"HotspotShield" = Hotspot Shield 3.09
"InstallShield_{4856B299-DFCD-44F0-AC0A-B3D102E19B5F}" = Primavera 6.1
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Anti-Virus 2013
"Internet Download Manager" = Internet Download Manager
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 1.53
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US)
"MPEG2 Codec(libmpeg2/mad)" = MPEG2 Codec(libmpeg2/mad)
"Nero8030_Micro_is1" = Nero 8 Micro v8.0.3.0
"Nokia PC Suite" = Nokia PC Suite
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.PRJPROR" = Microsoft Project Professional 2010
"Opera 11.50.1074" = Opera 11.50
"Oxford Advanced Genie" = Oxford Advanced Genie
"PM FASTrack v7" = PM FASTrack v7
"Primavera Group Server" = Primavera Group Server
"PRJSTD" = Microsoft Office Project Standard 2007
"USB Disk Security_is1" = USB Disk Security
"uTorrent" = µTorrent
"VIVA WiFi" = VIVA WiFi
"VLC media player" = VLC media player 1.0.5
"Yahoo! Messenger" = Yahoo! Messenger
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"bd4d3a0508d364f5" = Dell Driver Download Manager
"Google Chrome" = Google Chrome
 
========== Last 20 Event Log Errors ==========
 
[ System Events ]
Error - 24/Jul/13 9:08:19 PM | Computer Name = Slain | Source = BTHUSB | ID = 327697
Description = The local Bluetooth adapter has failed in an undetermined manner and
 will not be used. The driver has been unloaded.
 
 
< End of report >
 

 



#10 faraz

faraz

    Member

  • Members
  • PipPipPip
  • 78 posts

Posted 24 July 2013 - 07:34 PM

OTL logfile created on: 25/Jul/13 5:45:48 AM - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Faraz\Desktop
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd/MMM/yy
 
3.91 Gb Total Physical Memory | 2.66 Gb Available Physical Memory | 67.97% Memory free
7.82 Gb Paging File | 6.41 Gb Available in Paging File | 81.99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 48.73 Gb Total Space | 5.85 Gb Free Space | 12.01% Space Free | Partition Type: NTFS
Drive D: | 48.83 Gb Total Space | 2.43 Gb Free Space | 4.97% Space Free | Partition Type: NTFS
Drive E: | 368.10 Gb Total Space | 33.39 Gb Free Space | 9.07% Space Free | Partition Type: NTFS
 
Computer Name: SLAIN | User Name: Faraz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 90 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/07/24 18:58:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Faraz\Desktop\OTL.exe
PRC - [2013/04/13 12:07:26 | 000,802,136 | ---- | M] (BitTorrent Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
PRC - [2012/09/18 14:28:32 | 000,069,640 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\NLSSRV32.EXE
PRC - [2011/04/21 19:32:26 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010/10/05 21:04:12 | 002,655,768 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/10/05 21:04:08 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2007/02/10 07:29:54 | 029,178,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\MSSQL\Primavera\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2006/08/28 04:53:48 | 000,092,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\MSSQL\Primavera\MSSQL.1\MSSQL\Binn\msftesql.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011/04/22 08:13:00 | 000,004,096 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\coprocmanager\detoured.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012/11/08 04:37:39 | 002,828,408 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV:64bit: - [2012/09/18 14:28:28 | 000,230,920 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe -- (NitroDriverReadSpool8)
SRV:64bit: - [2011/11/23 15:27:10 | 001,267,000 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe -- (CLPSLS)
SRV:64bit: - [2010/03/19 01:25:55 | 000,126,976 | ---- | M] (CrypKey (Canada) Ltd.) [Disabled | Stopped] -- C:\Windows\SysNative\Crypserv.exe -- (CrypKey License)
SRV:64bit: - [2009/08/25 09:15:30 | 000,410,112 | ---- | M] () [Auto | Running] -- C:\Program Files\EVDO BROADBAND PTCL\bin\MonServiceUDisk64.exe -- (UDisk Monitor)
SRV:64bit: - [2009/07/14 06:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 06:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/07/14 06:38:59 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\CISVC.EXE -- (CISVC)
SRV - [2013/06/12 21:24:16 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/02/28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/01/14 14:41:14 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) [Auto | Stopped] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe -- (AVP)
SRV - [2012/09/18 14:28:32 | 000,069,640 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2011/04/22 08:13:00 | 002,009,704 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/04/21 19:32:26 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/03/14 20:27:34 | 000,346,976 | ---- | M] () [Disabled | Stopped] -- C:\ProgramData\DatacardService\HWDeviceService64.exe -- (HWDeviceService64.exe)
SRV - [2010/12/17 14:46:48 | 000,053,920 | ---- | M] (Atheros Commnucations) [Disabled | Stopped] -- C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2010/11/03 12:01:34 | 000,983,104 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2010/11/03 12:01:20 | 001,298,496 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)
SRV - [2010/11/03 11:53:28 | 000,897,088 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
SRV - [2010/10/05 21:04:12 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/10/05 21:04:08 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/10/01 11:49:08 | 000,151,552 | ---- | M] (Atheros) [Disabled | Stopped] -- C:\Program Files (x86)\Dell Wireless\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent)
SRV - [2009/07/14 06:15:31 | 000,396,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2009/07/14 06:15:31 | 000,396,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2009/07/14 06:14:53 | 000,061,440 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2009/06/11 02:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/12/03 14:43:06 | 000,841,728 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Primavera Common\BackgroundAgent\PrmBackgroundAgent.exe -- (PrmBackAgent)
SRV - [2007/02/10 07:29:54 | 029,178,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\MSSQL\Primavera\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$PRIMAVERA)
SRV - [2006/08/28 04:53:48 | 000,092,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\MSSQL\Primavera\MSSQL.1\MSSQL\Binn\msftesql.exe -- (msftesql$PRIMAVERA)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013/07/14 22:10:42 | 000,178,448 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kneps.sys -- (kneps)
DRV:64bit: - [2013/07/14 22:10:38 | 000,054,368 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kltdi.sys -- (kltdi)
DRV:64bit: - [2013/07/14 22:10:03 | 000,620,128 | ---- | M] (Kaspersky Lab ZAO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2013/06/21 06:07:16 | 000,046,792 | ---- | M] (AnchorFree Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\hssdrv6.sys -- (HssDRV6)
DRV:64bit: - [2013/04/25 00:28:08 | 000,042,184 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6)
DRV:64bit: - [2013/01/14 14:41:12 | 000,029,528 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2013/01/14 14:41:12 | 000,029,016 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klkbdflt.sys -- (klkbdflt)
DRV:64bit: - [2012/11/08 04:37:57 | 000,022,736 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\cmderd.sys -- (cmderd)
DRV:64bit: - [2012/08/02 15:09:34 | 000,028,504 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2012/06/21 00:15:53 | 000,028,672 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_juextctrl.sys -- (huawei_ext_ctrl)
DRV:64bit: - [2012/06/21 00:15:52 | 000,422,400 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbwwan.sys -- (ewusbmbb)
DRV:64bit: - [2012/06/21 00:15:52 | 000,223,232 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2012/06/21 00:15:52 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV:64bit: - [2012/06/21 00:15:52 | 000,098,304 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_jucdcacm.sys -- (huawei_cdcacm)
DRV:64bit: - [2012/06/21 00:15:52 | 000,087,040 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV:64bit: - [2012/06/21 00:15:52 | 000,072,192 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_jucdcecm.sys -- (huawei_cdcecm)
DRV:64bit: - [2012/06/19 17:28:12 | 000,458,584 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1)
DRV:64bit: - [2012/04/23 16:26:26 | 000,154,272 | ---- | M] (Tonec Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\idmwfp.sys -- (IDMWFP)
DRV:64bit: - [2012/03/01 11:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/05/25 04:40:10 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2011/05/13 00:28:46 | 000,363,856 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2011/04/22 08:13:00 | 000,025,960 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2011/03/26 01:17:50 | 012,262,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/03/11 11:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 11:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/03 21:29:20 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010/12/17 14:47:10 | 000,275,616 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2010/12/17 14:47:08 | 000,201,376 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2010/12/17 14:47:08 | 000,154,272 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2010/12/17 14:47:08 | 000,055,456 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2010/12/17 14:47:08 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2010/12/17 14:47:08 | 000,028,832 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2010/12/17 14:47:06 | 000,298,144 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2010/12/10 13:50:36 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/12/10 13:50:36 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/11/24 11:33:26 | 002,673,664 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/11/04 05:07:06 | 000,058,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux)
DRV:64bit: - [2010/10/19 23:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/05/27 06:30:00 | 001,121,632 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2010/03/19 04:11:09 | 000,030,272 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\Ckldrv.sys -- (NetworkX)
DRV:64bit: - [2009/12/23 19:33:48 | 000,118,360 | ---- | M] (FarStone Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\FVXSCSI.SYS -- (FVXSCSI)
DRV:64bit: - [2009/07/21 16:04:16 | 000,119,168 | ---- | M] (ZTEMT Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT_ZTEMT_U_USBSER.sys -- (ztemtusbser)
DRV:64bit: - [2009/07/14 06:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 06:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 06:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 06:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 05:06:32 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2009/06/11 01:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 01:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 01:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 01:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/02/09 10:38:44 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64j.sys -- (UsbserFilt)
DRV:64bit: - [2009/02/09 10:38:34 | 000,018,944 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcdx64)
DRV:64bit: - [2009/02/09 10:38:34 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2009/02/09 10:38:32 | 000,025,088 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdcx64)
DRV:64bit: - [2008/10/29 10:47:02 | 000,024,592 | ---- | M] (FarStone Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\FCDABUS.SYS -- (fcdabus)
DRV:64bit: - [2008/05/06 18:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV - [2009/07/14 06:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://pk.msn.com/?C=PK
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = ED 44 0A 8A 56 41 CC 01  [binary data]
IE - HKCU\..\URLSearchHook: {08d6b0b4-c132-470d-a8e2-aa2e9c3851c9} - No CLSID value found
IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found
IE - HKCU\..\URLSearchHook: {c34bfb11-eff0-4123-a7a5-79051ef24cf5} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{8EEAC88A-079B-4b2c-80C1-7836F79EB40A}: "URL" = http://us.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}:6.0.37
FF - prefs.js..extensions.enabledAddons: [email protected]:1.0
FF - prefs.js..browser.startup.homepage: "http://us.yahoo.com?fr=fp-comodo"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..keyword.URL: "http://us.search.yah...=ytff-comodo&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-comodo"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-comodo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Faraz\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Faraz\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Faraz\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Nokia\Nokia PC Suite 7\bkmrksync\ [2011/07/29 16:13:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\[email protected] [2013/07/14 22:10:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\[email protected] [2013/07/14 22:10:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\[email protected] [2013/07/14 22:10:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/04/12 22:29:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Faraz\AppData\Roaming\IDM\idmmzcc5 [2013/06/26 07:05:30 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Users\Faraz\AppData\Roaming\IDM\idmmzcc5 [2013/06/26 07:05:30 | 000,000,000 | ---D | M]
 
[2012/04/12 22:30:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Faraz\AppData\Roaming\mozilla\Extensions
[2013/07/25 04:37:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Faraz\AppData\Roaming\mozilla\Firefox\Profiles\3ajw8v5r.default\extensions
[2013/05/07 12:34:31 | 000,000,000 | ---D | M] (SelectionLinks) -- C:\Users\Faraz\AppData\Roaming\mozilla\Firefox\Profiles\3ajw8v5r.default\extensions\{C92DDD27-768C-4E40-B655-740B017E698D}
[2013/07/25 04:36:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/08/03 02:47:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012/09/03 20:41:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\[email protected]
[2012/03/13 09:39:39 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/03/13 09:38:32 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/03/13 09:38:32 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Faraz\AppData\Local\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Faraz\AppData\Local\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Faraz\AppData\Local\Google\Chrome\Application\28.0.1500.72\pdf.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Java™ Platform SE 7 U13 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Nitro PDF Plug-In (Enabled) = C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Faraz\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
CHR - plugin: Java Deployment Toolkit 7.0.130.20 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - Extension: TV = C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Default\Extensions\beobeededemalmllhkmnkinmfembdimh\1.0.12_0\
CHR - Extension: YouTube = C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Kaspersky URL Advisor = C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\
CHR - Extension: ESPN Cricinfo = C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlklinjgampohhihndkofhhaahoicoip\1.0.0_0\
CHR - Extension: Google+ = C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlppkpafhbajpcmmoheippocdidnckmm\1.2.0.418_0\
CHR - Extension: ssafEE- saVae = C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Default\Extensions\epcacbllddpdcojcggmijaggcpambccj\1\
CHR - Extension: saafe saveo = C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbhkimppigjgkknlpoohbcbfdhhbaeig\1\
CHR - Extension: Content Blocker = C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail\13.0.1.4190_0\
CHR - Extension: ESPN Cricinfo = C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijhlikjoigjegofbedmfmlcfkmhabldh\1.8.4.1_0\
CHR - Extension: Quran = C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iklmggidaneooheckcalppihpgfidbpe\2_0\
CHR - Extension: Virtual Keyboard = C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4292_0\
CHR - Extension: Web Navigation = C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkemddiljapcmhicklfpcbpfffahfbja\1.0_0\
CHR - Extension: Web Navigation = C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkemddiljapcmhicklfpcbpfffahfbja\1.0_0\.bak
CHR - Extension: Gmail = C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2013/07/03 16:10:09 | 000,000,707 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Users\Faraz\AppData\Local\Temp\IDMIECC64.dll File not found
O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Users\Faraz\AppData\Local\Temp\IDMIECC.dll File not found
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (SelectionLinks) - {7825CFB6-490A-436B-9F26-4A7B5CFC01A9} - C:\Program Files (x86)\OApps\SelectionLinks.dll File not found
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (ssafEE- saVae) - {98ED5451-2AA6-96DB-7012-46C7C9673C57} - C:\ProgramData\ssafEE- saVae\51d19df9cfdfa.dll File not found
O2 - BHO: (QUICKfind BHO Object) - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~2\TEXTware\QUICKF~1\PlugIns\IEHelp.dll File not found
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {08D6B0B4-C132-470D-A8E2-AA2E9C3851C9} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C34BFB11-EFF0-4123-A7A5-79051EF24CF5} - No CLSID value found.
O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [NVHotkey] C:\Windows\SysNative\nvHotkey.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe (Kaspersky Lab ZAO)
O4 - HKCU..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot File not found
O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Download all links with IDM - C:\Users\Faraz\AppData\Local\Temp\Rar$EX37.136\Internet Download Manager v6.05.10\crack\IEGetAll.htm File not found
O8:64bit: - Extra context menu item: Download with IDM - C:\Users\Faraz\AppData\Local\Temp\Rar$EX37.136\Internet Download Manager v6.05.10\crack\IEExt.htm File not found
O8:64bit: - Extra context menu item: QuickDefine - C:\Program Files (x86)\Common Files\microsoft shared\Reference Titles\eddefine.htm ()
O8 - Extra context menu item: Download all links with IDM - C:\Users\Faraz\AppData\Local\Temp\Rar$EX37.136\Internet Download Manager v6.05.10\crack\IEGetAll.htm File not found
O8 - Extra context menu item: Download with IDM - C:\Users\Faraz\AppData\Local\Temp\Rar$EX37.136\Internet Download Manager v6.05.10\crack\IEExt.htm File not found
O8 - Extra context menu item: QuickDefine - C:\Program Files (x86)\Common Files\microsoft shared\Reference Titles\eddefine.htm ()
O9:64bit: - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
O9:64bit: - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre7\bin\jp2iexp.dll ()
O9 - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O9 - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.21.2)
O16 - DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{50E85FEB-E007-45E8-A588-742A30D19941}: NameServer = 46.184.252.171 46.184.252.82
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{60D8391B-FB23-4063-83BA-281FECD708AE}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8C0BDDB9-9EE1-42AC-8A70-23BE28B8C50A}: DhcpNameServer = 192.168.100.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A267094A-40C3-47D3-8DAE-302A089FA963}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B4E1DD84-082B-4E48-95F7-B9F21F406F24}: NameServer = 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DD41DE21-F7EB-4434-9DAB-E5924B4B42FB}: DhcpNameServer = 192.168.1.1 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
O20:64bit: - AppInit_DLLs: (c:\windows\syswow64\nvinit.dll) - c:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) - C:\Windows\SysWOW64\guard32.dll (COMODO)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO)
O20 - AppInit_DLLs: (c:\windows\syswow64\nvinit.dll) - c:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) - C:\Windows\SysWOW64\guard32.dll (COMODO)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 0
O33 - MountPoints2\{02c8fcea-4ca3-11e1-bef9-b0f753bc31d4}\Shell - "" = AutoRun
O33 - MountPoints2\{02c8fcea-4ca3-11e1-bef9-b0f753bc31d4}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{33399f99-67c2-11e1-8d4c-a98bf1d84fd7}\Shell - "" = AutoRun
O33 - MountPoints2\{33399f99-67c2-11e1-8d4c-a98bf1d84fd7}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{3c7c41a4-2031-11e1-b52f-ee78cfe267cc}\Shell - "" = AutoRun
O33 - MountPoints2\{3c7c41a4-2031-11e1-b52f-ee78cfe267cc}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{3c7c41cd-2031-11e1-b52f-cfa96447c4ac}\Shell - "" = AutoRun
O33 - MountPoints2\{3c7c41cd-2031-11e1-b52f-cfa96447c4ac}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{3c7c41fc-2031-11e1-b52f-cfa96447c4ac}\Shell - "" = AutoRun
O33 - MountPoints2\{3c7c41fc-2031-11e1-b52f-cfa96447c4ac}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{4af26f6f-30a6-11e1-9b94-910f30baeed7}\Shell - "" = AutoRun
O33 - MountPoints2\{4af26f6f-30a6-11e1-9b94-910f30baeed7}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{4af26f77-30a6-11e1-9b94-910f30baeed7}\Shell - "" = AutoRun
O33 - MountPoints2\{4af26f77-30a6-11e1-9b94-910f30baeed7}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{6e1e4585-2fd1-11e2-a558-c0f8da9ce4fc}\Shell - "" = AutoRun
O33 - MountPoints2\{6e1e4585-2fd1-11e2-a558-c0f8da9ce4fc}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{6e1e459a-2fd1-11e2-a558-c0f8da9ce4fc}\Shell - "" = AutoRun
O33 - MountPoints2\{6e1e459a-2fd1-11e2-a558-c0f8da9ce4fc}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{6e1e45b1-2fd1-11e2-a558-c0f8da9ce4fc}\Shell - "" = AutoRun
O33 - MountPoints2\{6e1e45b1-2fd1-11e2-a558-c0f8da9ce4fc}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{6e1e45c3-2fd1-11e2-a558-c0f8da9ce4fc}\Shell - "" = AutoRun
O33 - MountPoints2\{6e1e45c3-2fd1-11e2-a558-c0f8da9ce4fc}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{73f29098-acba-11e1-b04f-bb72616340ba}\Shell - "" = AutoRun
O33 - MountPoints2\{73f29098-acba-11e1-b04f-bb72616340ba}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{73f290a8-acba-11e1-b04f-bb72616340ba}\Shell - "" = AutoRun
O33 - MountPoints2\{73f290a8-acba-11e1-b04f-bb72616340ba}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{73f290b2-acba-11e1-b04f-bb72616340ba}\Shell - "" = AutoRun
O33 - MountPoints2\{73f290b2-acba-11e1-b04f-bb72616340ba}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{792b117a-79e6-11e2-8803-c0f8da9ce4fc}\Shell - "" = AutoRun
O33 - MountPoints2\{792b117a-79e6-11e2-8803-c0f8da9ce4fc}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{7b2ec2e4-ccc5-11e0-a18e-001e101f50a4}\Shell - "" = AutoRun
O33 - MountPoints2\{7b2ec2e4-ccc5-11e0-a18e-001e101f50a4}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{85dd8db7-99f3-11e2-9cf8-c0f8da9ce4fc}\Shell - "" = AutoRun
O33 - MountPoints2\{85dd8db7-99f3-11e2-9cf8-c0f8da9ce4fc}\Shell\AutoRun\command - "" = G:\Setup.exe /Auto
O33 - MountPoints2\{86568119-c4b4-11e0-b905-001e101f24f1}\Shell - "" = AutoRun
O33 - MountPoints2\{86568119-c4b4-11e0-b905-001e101f24f1}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{86568127-c4b4-11e0-b905-001e101f24f1}\Shell - "" = AutoRun
O33 - MountPoints2\{86568127-c4b4-11e0-b905-001e101f24f1}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{b37abe37-0cab-11e1-8e39-f1be9be713a1}\Shell - "" = AutoRun
O33 - MountPoints2\{b37abe37-0cab-11e1-8e39-f1be9be713a1}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{b37abe3e-0cab-11e1-8e39-f1be9be713a1}\Shell - "" = AutoRun
O33 - MountPoints2\{b37abe3e-0cab-11e1-8e39-f1be9be713a1}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{b3999c83-9c5f-11e1-b456-e3fa1a8666c4}\Shell - "" = AutoRun
O33 - MountPoints2\{b3999c83-9c5f-11e1-b456-e3fa1a8666c4}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{b78e385c-0a03-11e1-916b-95476b19059a}\Shell - "" = AutoRun
O33 - MountPoints2\{b78e385c-0a03-11e1-916b-95476b19059a}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{b78e3869-0a03-11e1-916b-95476b19059a}\Shell - "" = AutoRun
O33 - MountPoints2\{b78e3869-0a03-11e1-916b-95476b19059a}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{b78e3877-0a03-11e1-916b-95476b19059a}\Shell - "" = AutoRun
O33 - MountPoints2\{b78e3877-0a03-11e1-916b-95476b19059a}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{c60b1d03-948a-11e1-b452-a9fb93de33a9}\Shell - "" = AutoRun
O33 - MountPoints2\{c60b1d03-948a-11e1-b452-a9fb93de33a9}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{e453e644-42ec-11e1-ba57-dbe944af10d1}\Shell - "" = AutoRun
O33 - MountPoints2\{e453e644-42ec-11e1-ba57-dbe944af10d1}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{e5e543a2-b458-11e0-8134-c0f8da9ce4fc}\Shell - "" = AutoRun
O33 - MountPoints2\{e5e543a2-b458-11e0-8134-c0f8da9ce4fc}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{e5e543b7-b458-11e0-8134-c0f8da9ce4fc}\Shell - "" = AutoRun
O33 - MountPoints2\{e5e543b7-b458-11e0-8134-c0f8da9ce4fc}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{e5e543d4-b458-11e0-8134-c0f8da9ce4fc}\Shell - "" = AutoRun
O33 - MountPoints2\{e5e543d4-b458-11e0-8134-c0f8da9ce4fc}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{e98d437d-d555-11e0-8ea9-001e101f8ed0}\Shell - "" = AutoRun
O33 - MountPoints2\{e98d437d-d555-11e0-8ea9-001e101f8ed0}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{e98d47ad-d555-11e0-8ea9-001e101f8ed0}\Shell - "" = AutoRun
O33 - MountPoints2\{e98d47ad-d555-11e0-8ea9-001e101f8ed0}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 90 Days ==========
 
[2013/07/25 04:49:51 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/07/25 04:33:26 | 000,560,934 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Faraz\Desktop\JRT.exe
[2013/07/24 19:03:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2013/07/24 19:03:10 | 000,000,000 | ---D | C] -- C:\Users\Faraz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2013/07/24 18:58:10 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Faraz\Desktop\OTL.exe
[2013/07/21 00:18:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EVDO BROADBAND PTCL
[2013/07/21 00:18:37 | 000,000,000 | ---D | C] -- C:\Program Files\EVDO BROADBAND PTCL
[2013/07/03 16:19:01 | 000,000,000 | ---D | C] -- C:\Users\Faraz\AppData\Local\Comodo
[2013/07/02 19:53:54 | 000,000,000 | ---D | C] -- C:\ProgramData\CPA_VA
[2013/07/02 19:52:50 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\COMODO
[2013/07/02 16:13:11 | 000,000,000 | -H-D | C] -- C:\VritualRoot
[2013/07/02 16:03:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo
[2013/07/02 16:02:58 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2013/07/02 16:02:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
[2013/07/02 16:02:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Comodo
[2013/07/02 16:02:51 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gdiplus.dll
[2013/07/01 23:35:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus 2013
[2013/07/01 23:35:29 | 000,064,856 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\klfphc.dll
[2013/07/01 23:34:26 | 000,000,000 | ---D | C] -- C:\Windows\ELAMBKUP
[2013/07/01 23:34:13 | 000,620,128 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klif.sys
[2013/07/01 23:34:13 | 000,090,208 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klflt.sys
[2013/07/01 22:46:25 | 000,000,000 | ---D | C] -- C:\Users\Faraz\AppData\Roaming\Zbshareware Lab
[2013/07/01 22:46:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\USB Disk Security
[2013/07/01 22:46:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\USB Disk Security
[2013/06/29 11:41:48 | 000,000,000 | ---D | C] -- C:\Users\Faraz\Desktop\Docs
[2013/06/27 12:19:08 | 000,000,000 | ---D | C] -- C:\Users\Faraz\AppData\Roaming\Nero
[2013/06/27 12:18:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero
[2013/06/27 12:18:03 | 003,036,456 | ---- | C] (BCGSoft Ltd) -- C:\Windows\SysWow64\BCGCBPRO860u80.dll
[2013/06/27 12:18:03 | 000,802,816 | ---- | C] (Pegasus Imaging Corp.) -- C:\Windows\SysWow64\imagXRA7.dll
[2013/06/27 12:18:03 | 000,368,640 | ---- | C] (Pegasus Imaging Corporation) -- C:\Windows\SysWow64\TwnLib4.dll
[2013/06/27 12:18:03 | 000,258,048 | ---- | C] (Pegasus Imaging Corp.) -- C:\Windows\SysWow64\imagXR7.dll
[2013/06/27 12:18:02 | 000,497,296 | ---- | C] (Pegasus Imaging Corp.) -- C:\Windows\SysWow64\imagXpr7.dll
[2013/06/27 12:18:01 | 001,757,184 | ---- | C] (Pegasus Imaging Corp.) -- C:\Windows\SysWow64\imagX7.dll
[2013/06/27 12:17:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Ahead
[2013/06/27 12:17:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nero
[2013/06/26 06:59:33 | 000,000,000 | ---D | C] -- C:\Users\Faraz\AppData\Local\CrashDumps
[2013/06/26 06:31:41 | 000,000,000 | ---D | C] -- C:\Users\Faraz\AppData\Local\Apps
[2013/06/21 06:07:16 | 000,046,792 | ---- | C] (AnchorFree Inc.) -- C:\Windows\SysNative\drivers\hssdrv6.sys
[2013/06/19 12:46:55 | 000,000,000 | R--D | C] -- C:\Users\Faraz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
[2013/06/19 12:46:55 | 000,000,000 | ---D | C] -- C:\Users\Faraz\AppData\Local\BMExplorer
[2013/06/17 14:37:57 | 000,000,000 | ---D | C] -- C:\Users\Faraz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
[2013/06/17 14:37:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
[2013/06/17 14:20:05 | 000,000,000 | ---D | C] -- C:\ProgramData\IDM
[2013/06/17 03:07:41 | 000,000,000 | ---D | C] -- C:\Users\Faraz\AppData\Roaming\Nitro
[2013/06/17 03:07:41 | 000,000,000 | ---D | C] -- C:\Users\Faraz\AppData\Roaming\FileOpen
[2013/06/17 03:07:41 | 000,000,000 | ---D | C] -- C:\ProgramData\FileOpen
[2013/06/17 03:06:05 | 000,029,704 | ---- | C] (Nitro PDF Software) -- C:\Windows\SysNative\nitrolocalmon2.dll
[2013/06/17 03:06:05 | 000,017,928 | ---- | C] (Nitro PDF Software) -- C:\Windows\SysNative\nitrolocalui2.dll
[2013/06/17 03:05:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nitro
[2013/06/17 03:05:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nitro
[2013/06/17 03:05:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Nitro
[2013/06/17 03:05:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nitro
[2013/06/17 00:09:23 | 000,000,000 | ---D | C] -- C:\Users\Faraz\AppData\Roaming\PDF
[2013/05/29 16:09:40 | 000,000,000 | ---D | C] -- C:\Users\Faraz\AppData\Local\Macromedia
[2013/05/18 14:52:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/05/18 14:51:39 | 000,263,584 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013/05/18 14:51:30 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013/05/18 14:51:30 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013/05/18 14:51:30 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/05/06 02:21:12 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys
[2013/05/06 02:21:12 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll
[2013/05/06 02:09:26 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2013/05/06 02:09:25 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2013/05/06 02:09:24 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2013/05/06 02:09:24 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2013/05/06 02:07:59 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll
[2013/05/06 02:07:57 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll
[2013/05/06 02:07:56 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll
[2013/05/06 02:07:56 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe
[2013/05/06 01:59:05 | 003,138,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2013/05/06 01:59:00 | 002,691,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2013/05/06 01:58:58 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
[2013/05/06 01:58:58 | 000,131,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
[2013/05/06 01:58:57 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2013/05/06 01:58:55 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2013/05/06 01:53:28 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2013/05/06 01:53:28 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2013/05/06 01:53:27 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2013/05/06 01:53:27 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013/05/06 01:53:26 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2013/05/06 01:53:25 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013/05/06 01:53:24 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013/05/06 01:53:24 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/05/06 01:53:24 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/05/06 01:53:23 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2013/05/06 01:53:23 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013/05/06 01:53:23 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013/05/06 01:53:23 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013/05/06 01:53:20 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2013/05/06 01:53:19 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2013/05/06 01:53:19 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2013/05/06 01:53:19 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2013/05/06 01:53:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2013/05/06 01:53:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2013/05/06 01:53:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2013/05/06 01:53:18 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2013/05/06 01:53:18 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2013/05/06 01:53:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/05/06 01:53:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/05/06 01:53:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2013/05/06 01:53:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2013/05/06 01:53:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/05/06 01:53:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/05/06 01:53:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/05/06 01:53:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/05/06 01:53:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2013/05/06 01:53:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2013/05/06 01:53:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2013/05/06 01:53:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/05/06 01:53:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2013/05/06 01:53:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2013/05/06 01:53:17 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2013/05/06 01:53:17 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2013/05/06 01:53:17 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2013/05/06 01:53:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/05/06 01:53:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2013/05/06 01:53:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2013/05/06 01:53:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2013/05/06 01:53:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2013/05/06 01:53:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2013/05/06 01:53:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2013/05/06 01:53:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2013/05/06 01:53:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2013/05/06 01:53:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2013/05/06 01:53:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2013/05/06 01:53:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2013/05/06 01:53:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2013/05/06 01:53:16 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2013/05/06 01:53:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2013/05/06 01:53:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/05/06 01:53:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/05/06 01:53:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2013/05/06 01:53:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2013/05/06 01:53:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2013/05/06 01:53:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2013/05/06 01:53:15 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2013/05/06 01:53:15 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2013/05/06 01:53:15 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2013/05/06 01:53:15 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2013/05/06 01:53:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2013/05/06 01:53:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2013/05/06 01:53:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2013/05/06 01:53:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2013/05/06 01:53:14 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013/05/06 01:51:28 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2013/05/06 01:51:27 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2013/05/06 01:51:27 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2013/05/06 01:48:31 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2013/05/06 01:48:30 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013/05/06 01:47:16 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
[2013/05/06 01:47:16 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll
[2013/05/06 01:47:15 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll
[2013/05/06 01:46:55 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys
[2013/05/06 01:46:38 | 003,213,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2013/05/06 01:46:11 | 000,154,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iisRtl.dll
[2013/05/06 01:46:10 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admwprox.dll
[2013/05/06 01:46:09 | 000,191,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iisRtl.dll
[2013/05/06 01:46:08 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admwprox.dll
[2013/05/06 01:46:05 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iisreset.exe
[2013/05/06 01:46:04 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ahadmin.dll
[2013/05/06 01:46:04 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iisreset.exe
[2013/05/06 01:46:03 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ahadmin.dll
[2013/05/06 01:46:03 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wamregps.dll
[2013/05/06 01:46:03 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wamregps.dll
[2013/05/06 01:46:02 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iisrstap.dll
[2013/05/06 01:46:02 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iisrstap.dll
[2013/05/06 01:44:22 | 000,287,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2013/05/06 01:43:21 | 001,462,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2013/05/06 01:43:19 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2013/05/06 01:42:43 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll
[2013/05/06 01:42:39 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2013/05/06 01:42:36 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl
[2013/05/06 01:42:35 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl
[2013/05/06 01:42:32 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2013/05/06 01:42:29 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll
[2013/05/06 01:42:28 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll
[2013/05/06 01:42:26 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2013/05/06 01:42:25 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll
[2013/05/06 01:42:25 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll
[2013/05/06 01:42:23 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2013/05/06 01:38:57 | 000,956,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2013/05/06 01:37:59 | 005,497,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/05/06 01:37:56 | 003,958,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013/05/06 01:37:56 | 003,902,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013/05/06 01:37:55 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2013/05/06 01:37:55 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2013/05/06 01:37:54 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2013/05/06 01:37:34 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe
 
========== Files - Modified Within 90 Days ==========
 
[2013/07/25 05:55:11 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-182233152-2924250215-3996894080-1000UA.job
[2013/07/25 05:22:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/07/25 04:46:46 | 000,019,184 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/25 04:46:46 | 000,019,184 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/25 04:41:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/07/25 04:41:27 | 3148,218,368 | -HS- | M] () -- C:\hiberfil.sys
[2013/07/25 04:38:36 | 000,000,105 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013/07/25 04:32:18 | 000,986,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/07/25 04:32:18 | 000,815,680 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/07/25 04:32:18 | 000,169,078 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/07/25 04:28:30 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-182233152-2924250215-3996894080-1000UA.job
[2013/07/25 04:20:28 | 000,666,633 | ---- | M] () -- C:\Users\Faraz\Desktop\AdwCleaner.exe
[2013/07/25 04:19:54 | 000,560,934 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Faraz\Desktop\JRT.exe
[2013/07/25 01:06:39 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-182233152-2924250215-3996894080-1000Core.job
[2013/07/24 19:03:10 | 000,002,975 | ---- | M] () -- C:\Users\Faraz\Desktop\HiJackThis.lnk
[2013/07/24 18:58:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Faraz\Desktop\OTL.exe
[2013/07/23 12:36:31 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-182233152-2924250215-3996894080-1000Core.job
[2013/07/21 00:18:49 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\EVDO BROADBAND PTCL.lnk
[2013/07/20 10:48:19 | 000,000,600 | ---- | M] () -- C:\Users\Faraz\PUTTY.RND
[2013/07/20 10:23:20 | 000,580,227 | ---- | M] () -- C:\Users\Faraz\Desktop\How To Hack Any Email Account.pdf
[2013/07/20 09:03:30 | 000,242,310 | ---- | M] () -- C:\Users\Faraz\Desktop\[Tutorial] Disinfecting and Hacking a Keylogger ~ Software Zone.pdf
[2013/07/19 17:23:55 | 001,474,832 | ---- | M] () -- C:\Windows\SysNative\drivers\sfi.dat
[2013/07/19 16:51:11 | 000,222,725 | ---- | M] () -- C:\Users\Faraz\Desktop\Untitled.jpg
[2013/07/18 10:40:14 | 000,344,816 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/07/18 00:54:17 | 000,441,269 | ---- | M] () -- C:\Users\Faraz\Desktop\Q's Blog.pdf
[2013/07/16 16:29:58 | 000,174,956 | ---- | M] () -- C:\Users\Faraz\Desktop\HR Q & A.pdf
[2013/07/14 22:10:42 | 000,178,448 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\kneps.sys
[2013/07/14 22:10:38 | 000,054,368 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\kltdi.sys
[2013/07/14 22:10:03 | 000,620,128 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klif.sys
[2013/07/14 22:09:24 | 000,090,208 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klflt.sys
[2013/07/13 13:19:12 | 000,002,361 | ---- | M] () -- C:\Users\Faraz\Desktop\Google Chrome.lnk
[2013/07/12 02:14:50 | 001,501,408 | ---- | M] () -- C:\Users\Faraz\Desktop\Understanding The Differ..._ Simple Small Business.pdf
[2013/07/12 01:59:48 | 000,644,296 | ---- | M] () -- C:\Users\Faraz\Desktop\Markup vs. Margin. What ...rence_ – Consero Global.pdf
[2013/07/12 01:54:42 | 002,197,905 | ---- | M] () -- C:\Users\Faraz\Desktop\Gross margin .pdf
[2013/07/10 23:38:42 | 000,001,922 | ---- | M] () -- C:\Users\Public\Desktop\Nitro Pro 8.lnk
[2013/07/02 16:03:14 | 000,001,846 | ---- | M] () -- C:\Users\Public\Desktop\COMODO Internet Security.lnk
[2013/07/02 16:03:00 | 000,001,069 | ---- | M] () -- C:\Users\Faraz\Application Data\Microsoft\Internet Explorer\Quick Launch\COMODO GeekBuddy.lnk
[2013/07/02 16:03:00 | 000,001,045 | ---- | M] () -- C:\Users\Public\Desktop\COMODO GeekBuddy.lnk
[2013/07/02 16:02:54 | 000,001,070 | ---- | M] () -- C:\Users\Public\Desktop\Comodo Dragon.lnk
[2013/07/02 16:02:51 | 001,700,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\gdiplus.dll
[2013/07/01 23:35:30 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Kaspersky Anti-Virus 2013.lnk
[2013/07/01 23:10:56 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/07/01 22:46:16 | 000,001,030 | ---- | M] () -- C:\Users\Public\Desktop\USB Disk Security.lnk
[2013/06/27 12:18:06 | 000,001,885 | ---- | M] () -- C:\Users\Faraz\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero Express.lnk
[2013/06/27 12:18:06 | 000,001,861 | ---- | M] () -- C:\Users\Faraz\Desktop\Nero Express.lnk
[2013/06/27 12:09:41 | 000,001,280 | ---- | M] () -- C:\Users\Faraz\Desktop\Command Prompt.lnk
[2013/06/21 11:04:11 | 000,177,592 | ---- | M] () -- C:\Users\Faraz\Desktop\petrokeymia.jpg
[2013/06/21 06:07:16 | 000,046,792 | ---- | M] (AnchorFree Inc.) -- C:\Windows\SysNative\drivers\hssdrv6.sys
[2013/06/17 18:48:34 | 000,003,441 | ---- | M] () -- C:\Users\Faraz\AppData\Roaming\lgr
[2013/06/16 20:21:28 | 000,000,884 | RHS- | M] () -- C:\Users\Faraz\ntuser.pol
[2013/06/12 21:24:15 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/06/12 21:24:14 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/05/31 12:10:39 | 000,007,605 | ---- | M] () -- C:\Users\Faraz\AppData\Local\Resmon.ResmonCfg
[2013/05/18 14:51:20 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/05/18 14:51:16 | 000,263,584 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013/05/18 14:51:16 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013/05/18 14:51:15 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013/05/18 14:51:14 | 000,866,720 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npdeployJava1.dll
[2013/05/18 14:51:14 | 000,788,896 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013/05/09 20:29:30 | 000,131,072 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2013/05/08 00:49:06 | 000,087,185 | ---- | M] () -- C:\Users\Faraz\Documents\935235_463914003688815_2089777530_n.jpg
 
========== Files Created - No Company Name ==========
 
[2013/07/25 04:36:43 | 000,000,105 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013/07/25 04:33:26 | 000,666,633 | ---- | C] () -- C:\Users\Faraz\Desktop\AdwCleaner.exe
[2013/07/24 19:03:10 | 000,002,975 | ---- | C] () -- C:\Users\Faraz\Desktop\HiJackThis.lnk
[2013/07/21 00:18:49 | 000,000,866 | ---- | C] () -- C:\Users\Public\Desktop\EVDO BROADBAND PTCL.lnk
[2013/07/20 10:23:20 | 000,580,227 | ---- | C] () -- C:\Users\Faraz\Desktop\How To Hack Any Email Account.pdf
[2013/07/20 09:03:23 | 000,242,310 | ---- | C] () -- C:\Users\Faraz\Desktop\[Tutorial] Disinfecting and Hacking a Keylogger ~ Software Zone.pdf
[2013/07/18 00:52:53 | 000,441,269 | ---- | C] () -- C:\Users\Faraz\Desktop\Q's Blog.pdf
[2013/07/16 16:29:21 | 000,174,956 | ---- | C] () -- C:\Users\Faraz\Desktop\HR Q & A.pdf
[2013/07/15 16:16:24 | 002,197,905 | ---- | C] () -- C:\Users\Faraz\Desktop\Gross margin .pdf
[2013/07/15 16:16:24 | 001,501,408 | ---- | C] () -- C:\Users\Faraz\Desktop\Understanding The Differ..._ Simple Small Business.pdf
[2013/07/15 16:16:24 | 000,644,296 | ---- | C] () -- C:\Users\Faraz\Desktop\Markup vs. Margin. What ...rence_ – Consero Global.pdf
[2013/07/02 16:04:44 | 001,474,832 | ---- | C] () -- C:\Windows\SysNative\drivers\sfi.dat
[2013/07/02 16:03:14 | 000,001,846 | ---- | C] () -- C:\Users\Public\Desktop\COMODO Internet Security.lnk
[2013/07/02 16:03:00 | 000,001,069 | ---- | C] () -- C:\Users\Faraz\Application Data\Microsoft\Internet Explorer\Quick Launch\COMODO GeekBuddy.lnk
[2013/07/02 16:03:00 | 000,001,045 | ---- | C] () -- C:\Users\Public\Desktop\COMODO GeekBuddy.lnk
[2013/07/02 16:02:54 | 000,001,070 | ---- | C] () -- C:\Users\Public\Desktop\Comodo Dragon.lnk
[2013/07/01 23:35:49 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Kaspersky Anti-Virus 2013.lnk
[2013/07/01 22:46:16 | 000,001,030 | ---- | C] () -- C:\Users\Public\Desktop\USB Disk Security.lnk
[2013/06/27 12:18:06 | 000,001,885 | ---- | C] () -- C:\Users\Faraz\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero Express.lnk
[2013/06/27 12:18:06 | 000,001,861 | ---- | C] () -- C:\Users\Faraz\Desktop\Nero Express.lnk
[2013/06/27 12:18:04 | 000,033,576 | ---- | C] () -- C:\Windows\SysWow64\BCGPOleAcc.dll
[2013/06/27 12:09:41 | 000,001,280 | ---- | C] () -- C:\Users\Faraz\Desktop\Command Prompt.lnk
[2013/06/21 11:04:06 | 000,177,592 | ---- | C] () -- C:\Users\Faraz\Desktop\petrokeymia.jpg
[2013/06/17 14:22:10 | 000,003,441 | ---- | C] () -- C:\Users\Faraz\AppData\Roaming\lgr
[2013/06/17 03:05:56 | 000,002,531 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nitro Pro 8.lnk
[2013/06/17 03:05:56 | 000,001,922 | ---- | C] () -- C:\Users\Public\Desktop\Nitro Pro 8.lnk
[2013/06/16 20:21:28 | 000,000,884 | RHS- | C] () -- C:\Users\Faraz\ntuser.pol
[2013/05/31 12:10:39 | 000,007,605 | ---- | C] () -- C:\Users\Faraz\AppData\Local\Resmon.ResmonCfg
[2013/05/08 00:49:01 | 000,087,185 | ---- | C] () -- C:\Users\Faraz\Documents\935235_463914003688815_2089777530_n.jpg
[2013/05/06 02:21:18 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2013/05/06 02:07:55 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2013/03/29 14:37:29 | 000,000,004 | ---- | C] () -- C:\Windows\vx86036.dat
[2013/03/29 14:36:01 | 000,000,054 | ---- | C] () -- C:\Windows\Crypkey.ini
[2013/03/29 14:35:58 | 000,011,776 | ---- | C] () -- C:\Windows\Ckrfresh.exe
[2013/03/09 00:05:20 | 000,000,009 | ---- | C] () -- C:\Users\Faraz\AppData\Roaming\WinAcc.EML
[2013/03/08 23:59:52 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\implode.dll
[2012/08/26 01:49:44 | 000,000,022 | ---- | C] () -- C:\Windows\Wininit.ini
[2012/08/05 21:58:10 | 000,002,016 | -HS- | C] () -- C:\Windows\SysWow64\win_fp_sys.dat
[2012/08/05 21:47:33 | 000,000,000 | -HS- | C] () -- C:\Windows\SysWow64\win_fp_app.dat
[2012/08/05 21:47:30 | 000,007,168 | ---- | C] () -- C:\Windows\SysWow64\FPService.exe
[2012/08/05 21:47:29 | 000,116,944 | ---- | C] () -- C:\Windows\Secure.dll
[2012/08/05 21:47:29 | 000,110,800 | ---- | C] () -- C:\Windows\Secure64.dll
[2012/08/05 21:47:29 | 000,035,840 | ---- | C] () -- C:\Windows\SysWow64\WinFPdrv.sys
[2012/08/05 21:47:29 | 000,008,064 | -HS- | C] () -- C:\Windows\SysWow64\win_fp_config.dat
[2012/08/04 22:11:41 | 000,000,327 | ---- | C] () -- C:\Windows\dvdcreator.INI
[2012/08/04 22:07:20 | 000,014,496 | ---- | C] () -- C:\Windows\SysWow64\VDI08X.DAT
[2012/08/04 22:04:00 | 000,135,168 | ---- | C] () -- C:\Windows\SysWow64\VDProductInfoEx.dll
[2012/08/02 01:37:56 | 000,149,504 | ---- | C] () -- C:\Windows\SysWow64\UNWISE.EXE
[2011/10/12 01:02:54 | 000,006,656 | ---- | C] () -- C:\Users\Faraz\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/10 23:25:18 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\cd.dat
[2011/09/27 00:18:38 | 000,037,647 | ---- | C] () -- C:\Users\Faraz\AppData\Roaming\Debut.dmp
[2011/09/01 17:06:21 | 000,000,600 | ---- | C] () -- C:\Users\Faraz\PUTTY.RND
[2011/08/13 23:07:15 | 000,000,990 | -HS- | C] () -- C:\Users\Faraz\AppData\Roaming\systemfl.$dk
[2011/07/29 19:27:03 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\Iyvu9_32.dll
[2011/07/29 19:27:02 | 000,568,850 | ---- | C] () -- C:\Windows\SysWow64\x264vfw.dll
[2011/07/29 19:27:00 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2011/07/29 19:26:57 | 000,005,120 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/07/29 19:24:02 | 000,000,061 | ---- | C] () -- C:\Windows\TEXTware.ini
[2011/07/29 19:24:00 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\Twavbx32.dll
[2011/07/29 19:24:00 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\idiom010227.dll
[2011/07/29 19:23:59 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\ILXTBS.DLL
[2011/07/29 19:23:59 | 000,115,200 | ---- | C] () -- C:\Windows\SysWow64\UnzDll.dll
[2011/07/29 19:23:59 | 000,113,288 | ---- | C] () -- C:\Windows\SysWow64\bass.dll
 
========== ZeroAccess Check ==========
 
[2011/11/17 12:14:10 | 000,002,048 | -HS- | M] () -- C:\Windows\Installer\{7c0eee1f-7b7e-6235-9f22-0f2dea83d0ae}\@
[2013/07/03 16:10:09 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{7c0eee1f-7b7e-6235-9f22-0f2dea83d0ae}\L
[2013/04/19 11:30:38 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{7c0eee1f-7b7e-6235-9f22-0f2dea83d0ae}\U
[2009/07/14 09:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 10:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 09:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 06:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 06:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 06:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
< End of report >
 
****************************************************************************************************************************
 

OTL Extras logfile created on: 25/Jul/13 5:45:48 AM - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Faraz\Desktop
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd/MMM/yy
 
3.91 Gb Total Physical Memory | 2.66 Gb Available Physical Memory | 67.97% Memory free
7.82 Gb Paging File | 6.41 Gb Available in Paging File | 81.99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 48.73 Gb Total Space | 5.85 Gb Free Space | 12.01% Space Free | Partition Type: NTFS
Drive D: | 48.83 Gb Total Space | 2.43 Gb Free Space | 4.97% Space Free | Partition Type: NTFS
Drive E: | 368.10 Gb Total Space | 33.39 Gb Free Space | 9.07% Space Free | Partition Type: NTFS
 
Computer Name: SLAIN | User Name: Faraz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 90 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DoNotAllowExceptions" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DoNotAllowExceptions" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe" = C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe:*:Enabled:Windows Messanger -- (Microsoft Corporation)
"C:\Users\Faraz\AppData\Roaming\local.exe" = C:\Users\Faraz\AppData\Roaming\local.exe:*:Enabled:Windows Messanger
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe" = C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe:*:Enabled:Windows Messanger -- (Microsoft Corporation)
"C:\Users\Faraz\AppData\Roaming\local.exe" = C:\Users\Faraz\AppData\Roaming\local.exe:*:Enabled:Windows Messanger
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07615532-D31E-4FAF-A183-63DAA1496985}" = protocol=6 | dir=in | app=c:\users\faraz\desktop\iconz\u1301.exe | 
"{0E46709D-C106-4341-B2B4-09516DE3A0C1}" = protocol=6 | dir=in | app=c:\users\faraz\desktop\iconz\u1210.exe | 
"{5D802493-B4DF-4388-B5B5-07027C32A690}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{75100302-EA27-4CA7-A85B-33699A5FB0C3}" = protocol=17 | dir=in | app=c:\users\faraz\desktop\iconz\u1301.exe | 
"{A2D3FAAC-85C4-44C9-BF60-AE2553D67C90}" = protocol=17 | dir=in | app=c:\users\faraz\desktop\iconz\u1210.exe | 
"{FD46FE5D-89D1-4979-9174-3DF7374A8E3F}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"TCP Query User{0C82B245-2FCC-4F8C-BB8F-3E63C2EA9E04}C:\program files (x86)\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"TCP Query User{0CEB582F-8E0E-4AEC-8C6A-EC9E5EA7014A}C:\program files (x86)\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"TCP Query User{1326218B-C22C-4B11-B830-909BA9A6C248}C:\program files (x86)\torntv.com\torntv downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\torntv.com\torntv downloader.exe | 
"TCP Query User{195FF06F-EBE8-418B-8328-7122BAFD123D}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"TCP Query User{4027BED8-C322-43BD-915B-1F09A2DF361F}C:\users\faraz\appdata\local\facebook\video\skype\facebookvideocalling.exe" = protocol=6 | dir=in | app=c:\users\faraz\appdata\local\facebook\video\skype\facebookvideocalling.exe | 
"TCP Query User{4A9547B6-FB9F-4526-8368-41D77D6AF7F9}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"TCP Query User{69EE9624-C871-457B-B09D-915095D4AAE5}C:\users\faraz\desktop\iconz\u1301.exe" = protocol=6 | dir=in | app=c:\users\faraz\desktop\iconz\u1301.exe | 
"TCP Query User{BE04720D-2A98-416B-B332-23B1AAE31EB0}C:\users\faraz\desktop\iconz\u1210.exe" = protocol=6 | dir=in | app=c:\users\faraz\desktop\iconz\u1210.exe | 
"UDP Query User{3D2BACB2-217E-4D73-98E2-D99A95AABDAA}C:\users\faraz\appdata\local\facebook\video\skype\facebookvideocalling.exe" = protocol=17 | dir=in | app=c:\users\faraz\appdata\local\facebook\video\skype\facebookvideocalling.exe | 
"UDP Query User{57AE0C85-A879-41BD-BC83-B315799255CF}C:\program files (x86)\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"UDP Query User{6512BEA6-A9F0-4AFD-9514-DEA9B1455049}C:\users\faraz\desktop\iconz\u1210.exe" = protocol=17 | dir=in | app=c:\users\faraz\desktop\iconz\u1210.exe | 
"UDP Query User{862FA32E-8D7A-4E60-B66B-2346C8B8F7AC}C:\users\faraz\desktop\iconz\u1301.exe" = protocol=17 | dir=in | app=c:\users\faraz\desktop\iconz\u1301.exe | 
"UDP Query User{ACD6C87E-DBF2-4334-B209-09B34679BE71}C:\program files (x86)\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"UDP Query User{B67320A0-F08B-4184-A0F2-27C95A94E948}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"UDP Query User{F8D8E166-D450-4495-9618-B413D067113A}C:\program files (x86)\torntv.com\torntv downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\torntv.com\torntv downloader.exe | 
"UDP Query User{FB804985-5CA8-4641-A8F0-A5FC41EDA70E}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0C6A0300-181F-400D-80C2-833A7E7461ED}" = Nitro Pro 8
"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64)
"{50822200-2E95-4E62-A8D8-41C3B308DF5E}" = Microsoft SQL Server VSS Writer
"{68660049-8D48-427C-9FF7-139D8340CDC0}" = MSVC80_x64
"{6E740973-8E71-42F9-A910-C18452E60450}" = Microsoft SQL Server Native Client
"{7CE8BE79-ABC3-4B2C-9543-28ED2B0A9EA8}" = Intel® PROSet/Wireless Software for Bluetooth® Technology
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 268.30
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 268.30
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 268.30
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.0.21
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.2.22.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{CBCDC8C3-8783-4AAC-BB72-31FB8A5E63CB}" = Microsoft SQL Server Management Studio Express
"{D6AB1F5B-FED6-49A9-9747-327BD28FB3C7}" = COMODO Internet Security
"E8A6D621B6D3FC5D43C68C549D959DE76EEF5D84" = Windows Driver Package - Nokia Modem  (06/01/2009 4.1)
"F779F5541ABD99C95C03B0FD5E3C058B22DA0FF7" = Windows Driver Package - Nokia Modem  (06/01/2009 7.01.0.3)
"WinRAR archiver" = WinRAR 4.01 (64-bit)
"ZTEWireless-101_is1" = EVDO BROADBAND PTCL
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{021B4CD1-D0DA-11D4-9610-00D0B74E3F77}" = Stahlschluessel 2001
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Dell WLAN and Bluetooth Client Installation
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{3D39E775-DDDA-4327-B747-0BDC5F191331}" = Nokia PC Suite
"{40443320-CDB0-43E9-9CD4-6C5F6FBF35FD}" = PipeData-PRO 8.0
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
"{451517F1-7E41-400B-AA36-FB7E2563526D}" = Dell Wireless Driver Installation
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4856B299-DFCD-44F0-AC0A-B3D102E19B5F}" = Primavera 6.1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{52D02A2B-03D2-4E34-A358-DC5D951FD296}" = Nokia Connectivity Cable Driver
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Anti-Virus 2013
"{58D379F7-62BC-4748-8237-FE071ECE797C}" = Microsoft SQL Server 2005 Tools
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{87655413-1064-1017-2250-851555730017}" = MAXORING
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_PRJSTD_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-003A-0000-0000-0000000FF1CE}" = Microsoft Office Project Standard 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}_PRJSTD_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00B4-0409-0000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PRJPROR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PRJPROR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PRJPROR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PRJPROR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PRJPROR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PRJPROR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PRJPROR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00B4-0409-0000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2010
"{90140000-00B4-0409-0000-0000000FF1CE}_Office14.PRJPROR_{18A0C151-8F8A-4B68-A960-60C464B94329}" = Microsoft Project 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PRJPROR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PRJPROR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91140000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2010
"{91140000-003B-0000-0000-0000000FF1CE}_Office14.PRJPROR_{8A8F117F-8EDB-440D-B679-F08909D729F7}" = Microsoft Project 2010 Service Pack 1 (SP1)
"{A13D16C5-38A9-4D96-9647-59FCCAB12A85}" = Visual Basic for Applications ® Core - English
"{B0F9497C-52B4-4686-8E73-74D866BBDF59}" = Microsoft SQL Server 2005 (PRIMAVERA)
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{C3F5DBA5-ABFC-443E-AA60-928223AADF53}" = Microsoft SQL Server 2005 (SQLEXPRESS)
"{E3E30FF7-5EAE-4E0E-B394-78214222D60C}" = Windows Internet Explorer Platform Preview
"{F0C2AD51-9F09-4B75-82EE-74DA80F708D8}" = Nitro PDF Professional
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FB97C283-1F3C-42D4-AE01-ADC1DC12F774}" = Visual Basic for Applications ® Core
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"ChatSend Toolbar" = ChatSend Toolbar
"Comodo Dragon" = Comodo Dragon
"COMODO GeekBuddy" = COMODO GeekBuddy
"CoreAAC" = CoreAAC
"Counter-Strike 1.6" = Counter-Strike 1.6
"Debut" = Debut Video Capture Software
"Dell Webcam Center" = Dell Webcam Center
"Dell Webcam Manager" = Dell Webcam Manager
"ENTERPRISE" = Microsoft Office Enterprise 2007
"GOM Player" = GOM Player
"HotspotShield" = Hotspot Shield 3.09
"InstallShield_{4856B299-DFCD-44F0-AC0A-B3D102E19B5F}" = Primavera 6.1
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Anti-Virus 2013
"Internet Download Manager" = Internet Download Manager
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 1.53
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US)
"MPEG2 Codec(libmpeg2/mad)" = MPEG2 Codec(libmpeg2/mad)
"Nero8030_Micro_is1" = Nero 8 Micro v8.0.3.0
"Nokia PC Suite" = Nokia PC Suite
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.PRJPROR" = Microsoft Project Professional 2010
"Opera 11.50.1074" = Opera 11.50
"Oxford Advanced Genie" = Oxford Advanced Genie
"PM FASTrack v7" = PM FASTrack v7
"Primavera Group Server" = Primavera Group Server
"PRJSTD" = Microsoft Office Project Standard 2007
"USB Disk Security_is1" = USB Disk Security
"uTorrent" = µTorrent
"VIVA WiFi" = VIVA WiFi
"VLC media player" = VLC media player 1.0.5
"Yahoo! Messenger" = Yahoo! Messenger
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"bd4d3a0508d364f5" = Dell Driver Download Manager
"Google Chrome" = Google Chrome
 
========== Last 20 Event Log Errors ==========
 
[ System Events ]
Error - 24/Jul/13 9:08:19 PM | Computer Name = Slain | Source = BTHUSB | ID = 327697
Description = The local Bluetooth adapter has failed in an undetermined manner and
 will not be used. The driver has been unloaded.
 
 
< End of report >
 

 



#11 faraz

faraz

    Member

  • Members
  • PipPipPip
  • 78 posts

Posted 24 July 2013 - 07:36 PM

OTL logfile created on: 25/Jul/13 5:45:48 AM - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Faraz\Desktop
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd/MMM/yy
 
3.91 Gb Total Physical Memory | 2.66 Gb Available Physical Memory | 67.97% Memory free
7.82 Gb Paging File | 6.41 Gb Available in Paging File | 81.99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 48.73 Gb Total Space | 5.85 Gb Free Space | 12.01% Space Free | Partition Type: NTFS
Drive D: | 48.83 Gb Total Space | 2.43 Gb Free Space | 4.97% Space Free | Partition Type: NTFS
Drive E: | 368.10 Gb Total Space | 33.39 Gb Free Space | 9.07% Space Free | Partition Type: NTFS
 
Computer Name: SLAIN | User Name: Faraz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 90 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/07/24 18:58:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Faraz\Desktop\OTL.exe
PRC - [2013/04/13 12:07:26 | 000,802,136 | ---- | M] (BitTorrent Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
PRC - [2012/09/18 14:28:32 | 000,069,640 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\NLSSRV32.EXE
PRC - [2011/04/21 19:32:26 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010/10/05 21:04:12 | 002,655,768 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/10/05 21:04:08 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2007/02/10 07:29:54 | 029,178,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\MSSQL\Primavera\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2006/08/28 04:53:48 | 000,092,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\MSSQL\Primavera\MSSQL.1\MSSQL\Binn\msftesql.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011/04/22 08:13:00 | 000,004,096 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\coprocmanager\detoured.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012/11/08 04:37:39 | 002,828,408 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV:64bit: - [2012/09/18 14:28:28 | 000,230,920 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe -- (NitroDriverReadSpool8)
SRV:64bit: - [2011/11/23 15:27:10 | 001,267,000 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe -- (CLPSLS)
SRV:64bit: - [2010/03/19 01:25:55 | 000,126,976 | ---- | M] (CrypKey (Canada) Ltd.) [Disabled | Stopped] -- C:\Windows\SysNative\Crypserv.exe -- (CrypKey License)
SRV:64bit: - [2009/08/25 09:15:30 | 000,410,112 | ---- | M] () [Auto | Running] -- C:\Program Files\EVDO BROADBAND PTCL\bin\MonServiceUDisk64.exe -- (UDisk Monitor)
SRV:64bit: - [2009/07/14 06:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 06:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/07/14 06:38:59 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\CISVC.EXE -- (CISVC)
SRV - [2013/06/12 21:24:16 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/02/28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/01/14 14:41:14 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) [Auto | Stopped] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe -- (AVP)
SRV - [2012/09/18 14:28:32 | 000,069,640 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2011/04/22 08:13:00 | 002,009,704 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/04/21 19:32:26 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/03/14 20:27:34 | 000,346,976 | ---- | M] () [Disabled | Stopped] -- C:\ProgramData\DatacardService\HWDeviceService64.exe -- (HWDeviceService64.exe)
SRV - [2010/12/17 14:46:48 | 000,053,920 | ---- | M] (Atheros Commnucations) [Disabled | Stopped] -- C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2010/11/03 12:01:34 | 000,983,104 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2010/11/03 12:01:20 | 001,298,496 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)
SRV - [2010/11/03 11:53:28 | 000,897,088 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
SRV - [2010/10/05 21:04:12 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/10/05 21:04:08 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/10/01 11:49:08 | 000,151,552 | ---- | M] (Atheros) [Disabled | Stopped] -- C:\Program Files (x86)\Dell Wireless\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent)
SRV - [2009/07/14 06:15:31 | 000,396,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2009/07/14 06:15:31 | 000,396,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2009/07/14 06:14:53 | 000,061,440 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2009/06/11 02:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/12/03 14:43:06 | 000,841,728 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Primavera Common\BackgroundAgent\PrmBackgroundAgent.exe -- (PrmBackAgent)
SRV - [2007/02/10 07:29:54 | 029,178,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\MSSQL\Primavera\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$PRIMAVERA)
SRV - [2006/08/28 04:53:48 | 000,092,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\MSSQL\Primavera\MSSQL.1\MSSQL\Binn\msftesql.exe -- (msftesql$PRIMAVERA)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013/07/14 22:10:42 | 000,178,448 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kneps.sys -- (kneps)
DRV:64bit: - [2013/07/14 22:10:38 | 000,054,368 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kltdi.sys -- (kltdi)
DRV:64bit: - [2013/07/14 22:10:03 | 000,620,128 | ---- | M] (Kaspersky Lab ZAO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2013/06/21 06:07:16 | 000,046,792 | ---- | M] (AnchorFree Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\hssdrv6.sys -- (HssDRV6)
DRV:64bit: - [2013/04/25 00:28:08 | 000,042,184 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6)
DRV:64bit: - [2013/01/14 14:41:12 | 000,029,528 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2013/01/14 14:41:12 | 000,029,016 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klkbdflt.sys -- (klkbdflt)
DRV:64bit: - [2012/11/08 04:37:57 | 000,022,736 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\cmderd.sys -- (cmderd)
DRV:64bit: - [2012/08/02 15:09:34 | 000,028,504 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2012/06/21 00:15:53 | 000,028,672 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_juextctrl.sys -- (huawei_ext_ctrl)
DRV:64bit: - [2012/06/21 00:15:52 | 000,422,400 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbwwan.sys -- (ewusbmbb)
DRV:64bit: - [2012/06/21 00:15:52 | 000,223,232 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2012/06/21 00:15:52 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV:64bit: - [2012/06/21 00:15:52 | 000,098,304 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_jucdcacm.sys -- (huawei_cdcacm)
DRV:64bit: - [2012/06/21 00:15:52 | 000,087,040 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV:64bit: - [2012/06/21 00:15:52 | 000,072,192 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_jucdcecm.sys -- (huawei_cdcecm)
DRV:64bit: - [2012/06/19 17:28:12 | 000,458,584 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1)
DRV:64bit: - [2012/04/23 16:26:26 | 000,154,272 | ---- | M] (Tonec Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\idmwfp.sys -- (IDMWFP)
DRV:64bit: - [2012/03/01 11:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/05/25 04:40:10 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2011/05/13 00:28:46 | 000,363,856 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2011/04/22 08:13:00 | 000,025,960 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2011/03/26 01:17:50 | 012,262,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/03/11 11:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 11:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/03 21:29:20 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010/12/17 14:47:10 | 000,275,616 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2010/12/17 14:47:08 | 000,201,376 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2010/12/17 14:47:08 | 000,154,272 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2010/12/17 14:47:08 | 000,055,456 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2010/12/17 14:47:08 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2010/12/17 14:47:08 | 000,028,832 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2010/12/17 14:47:06 | 000,298,144 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2010/12/10 13:50:36 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/12/10 13:50:36 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/11/24 11:33:26 | 002,673,664 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/11/04 05:07:06 | 000,058,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux)
DRV:64bit: - [2010/10/19 23:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/05/27 06:30:00 | 001,121,632 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2010/03/19 04:11:09 | 000,030,272 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\Ckldrv.sys -- (NetworkX)
DRV:64bit: - [2009/12/23 19:33:48 | 000,118,360 | ---- | M] (FarStone Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\FVXSCSI.SYS -- (FVXSCSI)
DRV:64bit: - [2009/07/21 16:04:16 | 000,119,168 | ---- | M] (ZTEMT Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT_ZTEMT_U_USBSER.sys -- (ztemtusbser)
DRV:64bit: - [2009/07/14 06:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 06:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 06:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 06:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 05:06:32 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2009/06/11 01:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 01:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 01:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 01:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/02/09 10:38:44 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64j.sys -- (UsbserFilt)
DRV:64bit: - [2009/02/09 10:38:34 | 000,018,944 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcdx64)
DRV:64bit: - [2009/02/09 10:38:34 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2009/02/09 10:38:32 | 000,025,088 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdcx64)
DRV:64bit: - [2008/10/29 10:47:02 | 000,024,592 | ---- | M] (FarStone Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\FCDABUS.SYS -- (fcdabus)
DRV:64bit: - [2008/05/06 18:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV - [2009/07/14 06:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://pk.msn.com/?C=PK
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = ED 44 0A 8A 56 41 CC 01  [binary data]
IE - HKCU\..\URLSearchHook: {08d6b0b4-c132-470d-a8e2-aa2e9c3851c9} - No CLSID value found
IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found
IE - HKCU\..\URLSearchHook: {c34bfb11-eff0-4123-a7a5-79051ef24cf5} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{8EEAC88A-079B-4b2c-80C1-7836F79EB40A}: "URL" = http://us.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}:6.0.37
FF - prefs.js..extensions.enabledAddons: [email protected]:1.0
FF - prefs.js..browser.startup.homepage: "http://us.yahoo.com?fr=fp-comodo"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..keyword.URL: "http://us.search.yah...=ytff-comodo&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-comodo"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-comodo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Faraz\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Faraz\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Faraz\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Nokia\Nokia PC Suite 7\bkmrksync\ [2011/07/29 16:13:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\[email protected] [2013/07/14 22:10:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\[email protected] [2013/07/14 22:10:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\[email protected] [2013/07/14 22:10:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/04/12 22:29:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Faraz\AppData\Roaming\IDM\idmmzcc5 [2013/06/26 07:05:30 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Users\Faraz\AppData\Roaming\IDM\idmmzcc5 [2013/06/26 07:05:30 | 000,000,000 | ---D | M]
 
[2012/04/12 22:30:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Faraz\AppData\Roaming\mozilla\Extensions
[2013/07/25 04:37:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Faraz\AppData\Roaming\mozilla\Firefox\Profiles\3ajw8v5r.default\extensions
[2013/05/07 12:34:31 | 000,000,000 | ---D | M] (SelectionLinks) -- C:\Users\Faraz\AppData\Roaming\mozilla\Firefox\Profiles\3ajw8v5r.default\extensions\{C92DDD27-768C-4E40-B655-740B017E698D}
[2013/07/25 04:36:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/08/03 02:47:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012/09/03 20:41:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\[email protected]
[2012/03/13 09:39:39 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/03/13 09:38:32 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/03/13 09:38:32 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Faraz\AppData\Local\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Faraz\AppData\Local\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Faraz\AppData\Local\Google\Chrome\Application\28.0.1500.72\pdf.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Java™ Platform SE 7 U13 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Nitro PDF Plug-In (Enabled) = C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Faraz\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
CHR - plugin: Java Deployment Toolkit 7.0.130.20 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - Extension: TV = C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Default\Extensions\beobeededemalmllhkmnkinmfembdimh\1.0.12_0\
CHR - Extension: YouTube = C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Kaspersky URL Advisor = C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\
CHR - Extension: ESPN Cricinfo = C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlklinjgampohhihndkofhhaahoicoip\1.0.0_0\
CHR - Extension: Google+ = C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlppkpafhbajpcmmoheippocdidnckmm\1.2.0.418_0\
CHR - Extension: ssafEE- saVae = C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Default\Extensions\epcacbllddpdcojcggmijaggcpambccj\1\
CHR - Extension: saafe saveo = C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbhkimppigjgkknlpoohbcbfdhhbaeig\1\
CHR - Extension: Content Blocker = C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail\13.0.1.4190_0\
CHR - Extension: ESPN Cricinfo = C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijhlikjoigjegofbedmfmlcfkmhabldh\1.8.4.1_0\
CHR - Extension: Quran = C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iklmggidaneooheckcalppihpgfidbpe\2_0\
CHR - Extension: Virtual Keyboard = C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4292_0\
CHR - Extension: Web Navigation = C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkemddiljapcmhicklfpcbpfffahfbja\1.0_0\
CHR - Extension: Web Navigation = C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkemddiljapcmhicklfpcbpfffahfbja\1.0_0\.bak
CHR - Extension: Gmail = C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2013/07/03 16:10:09 | 000,000,707 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Users\Faraz\AppData\Local\Temp\IDMIECC64.dll File not found
O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Users\Faraz\AppData\Local\Temp\IDMIECC.dll File not found
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (SelectionLinks) - {7825CFB6-490A-436B-9F26-4A7B5CFC01A9} - C:\Program Files (x86)\OApps\SelectionLinks.dll File not found
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (ssafEE- saVae) - {98ED5451-2AA6-96DB-7012-46C7C9673C57} - C:\ProgramData\ssafEE- saVae\51d19df9cfdfa.dll File not found
O2 - BHO: (QUICKfind BHO Object) - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~2\TEXTware\QUICKF~1\PlugIns\IEHelp.dll File not found
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {08D6B0B4-C132-470D-A8E2-AA2E9C3851C9} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C34BFB11-EFF0-4123-A7A5-79051EF24CF5} - No CLSID value found.
O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [NVHotkey] C:\Windows\SysNative\nvHotkey.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe (Kaspersky Lab ZAO)
O4 - HKCU..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot File not found
O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Download all links with IDM - C:\Users\Faraz\AppData\Local\Temp\Rar$EX37.136\Internet Download Manager v6.05.10\crack\IEGetAll.htm File not found
O8:64bit: - Extra context menu item: Download with IDM - C:\Users\Faraz\AppData\Local\Temp\Rar$EX37.136\Internet Download Manager v6.05.10\crack\IEExt.htm File not found
O8:64bit: - Extra context menu item: QuickDefine - C:\Program Files (x86)\Common Files\microsoft shared\Reference Titles\eddefine.htm ()
O8 - Extra context menu item: Download all links with IDM - C:\Users\Faraz\AppData\Local\Temp\Rar$EX37.136\Internet Download Manager v6.05.10\crack\IEGetAll.htm File not found
O8 - Extra context menu item: Download with IDM - C:\Users\Faraz\AppData\Local\Temp\Rar$EX37.136\Internet Download Manager v6.05.10\crack\IEExt.htm File not found
O8 - Extra context menu item: QuickDefine - C:\Program Files (x86)\Common Files\microsoft shared\Reference Titles\eddefine.htm ()
O9:64bit: - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
O9:64bit: - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre7\bin\jp2iexp.dll ()
O9 - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O9 - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.21.2)
O16 - DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{50E85FEB-E007-45E8-A588-742A30D19941}: NameServer = 46.184.252.171 46.184.252.82
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{60D8391B-FB23-4063-83BA-281FECD708AE}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8C0BDDB9-9EE1-42AC-8A70-23BE28B8C50A}: DhcpNameServer = 192.168.100.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A267094A-40C3-47D3-8DAE-302A089FA963}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B4E1DD84-082B-4E48-95F7-B9F21F406F24}: NameServer = 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DD41DE21-F7EB-4434-9DAB-E5924B4B42FB}: DhcpNameServer = 192.168.1.1 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
O20:64bit: - AppInit_DLLs: (c:\windows\syswow64\nvinit.dll) - c:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) - C:\Windows\SysWOW64\guard32.dll (COMODO)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO)
O20 - AppInit_DLLs: (c:\windows\syswow64\nvinit.dll) - c:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) - C:\Windows\SysWOW64\guard32.dll (COMODO)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 0
O33 - MountPoints2\{02c8fcea-4ca3-11e1-bef9-b0f753bc31d4}\Shell - "" = AutoRun
O33 - MountPoints2\{02c8fcea-4ca3-11e1-bef9-b0f753bc31d4}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{33399f99-67c2-11e1-8d4c-a98bf1d84fd7}\Shell - "" = AutoRun
O33 - MountPoints2\{33399f99-67c2-11e1-8d4c-a98bf1d84fd7}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{3c7c41a4-2031-11e1-b52f-ee78cfe267cc}\Shell - "" = AutoRun
O33 - MountPoints2\{3c7c41a4-2031-11e1-b52f-ee78cfe267cc}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{3c7c41cd-2031-11e1-b52f-cfa96447c4ac}\Shell - "" = AutoRun
O33 - MountPoints2\{3c7c41cd-2031-11e1-b52f-cfa96447c4ac}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{3c7c41fc-2031-11e1-b52f-cfa96447c4ac}\Shell - "" = AutoRun
O33 - MountPoints2\{3c7c41fc-2031-11e1-b52f-cfa96447c4ac}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{4af26f6f-30a6-11e1-9b94-910f30baeed7}\Shell - "" = AutoRun
O33 - MountPoints2\{4af26f6f-30a6-11e1-9b94-910f30baeed7}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{4af26f77-30a6-11e1-9b94-910f30baeed7}\Shell - "" = AutoRun
O33 - MountPoints2\{4af26f77-30a6-11e1-9b94-910f30baeed7}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{6e1e4585-2fd1-11e2-a558-c0f8da9ce4fc}\Shell - "" = AutoRun
O33 - MountPoints2\{6e1e4585-2fd1-11e2-a558-c0f8da9ce4fc}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{6e1e459a-2fd1-11e2-a558-c0f8da9ce4fc}\Shell - "" = AutoRun
O33 - MountPoints2\{6e1e459a-2fd1-11e2-a558-c0f8da9ce4fc}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{6e1e45b1-2fd1-11e2-a558-c0f8da9ce4fc}\Shell - "" = AutoRun
O33 - MountPoints2\{6e1e45b1-2fd1-11e2-a558-c0f8da9ce4fc}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{6e1e45c3-2fd1-11e2-a558-c0f8da9ce4fc}\Shell - "" = AutoRun
O33 - MountPoints2\{6e1e45c3-2fd1-11e2-a558-c0f8da9ce4fc}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{73f29098-acba-11e1-b04f-bb72616340ba}\Shell - "" = AutoRun
O33 - MountPoints2\{73f29098-acba-11e1-b04f-bb72616340ba}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{73f290a8-acba-11e1-b04f-bb72616340ba}\Shell - "" = AutoRun
O33 - MountPoints2\{73f290a8-acba-11e1-b04f-bb72616340ba}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{73f290b2-acba-11e1-b04f-bb72616340ba}\Shell - "" = AutoRun
O33 - MountPoints2\{73f290b2-acba-11e1-b04f-bb72616340ba}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{792b117a-79e6-11e2-8803-c0f8da9ce4fc}\Shell - "" = AutoRun
O33 - MountPoints2\{792b117a-79e6-11e2-8803-c0f8da9ce4fc}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{7b2ec2e4-ccc5-11e0-a18e-001e101f50a4}\Shell - "" = AutoRun
O33 - MountPoints2\{7b2ec2e4-ccc5-11e0-a18e-001e101f50a4}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{85dd8db7-99f3-11e2-9cf8-c0f8da9ce4fc}\Shell - "" = AutoRun
O33 - MountPoints2\{85dd8db7-99f3-11e2-9cf8-c0f8da9ce4fc}\Shell\AutoRun\command - "" = G:\Setup.exe /Auto
O33 - MountPoints2\{86568119-c4b4-11e0-b905-001e101f24f1}\Shell - "" = AutoRun
O33 - MountPoints2\{86568119-c4b4-11e0-b905-001e101f24f1}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{86568127-c4b4-11e0-b905-001e101f24f1}\Shell - "" = AutoRun
O33 - MountPoints2\{86568127-c4b4-11e0-b905-001e101f24f1}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{b37abe37-0cab-11e1-8e39-f1be9be713a1}\Shell - "" = AutoRun
O33 - MountPoints2\{b37abe37-0cab-11e1-8e39-f1be9be713a1}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{b37abe3e-0cab-11e1-8e39-f1be9be713a1}\Shell - "" = AutoRun
O33 - MountPoints2\{b37abe3e-0cab-11e1-8e39-f1be9be713a1}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{b3999c83-9c5f-11e1-b456-e3fa1a8666c4}\Shell - "" = AutoRun
O33 - MountPoints2\{b3999c83-9c5f-11e1-b456-e3fa1a8666c4}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{b78e385c-0a03-11e1-916b-95476b19059a}\Shell - "" = AutoRun
O33 - MountPoints2\{b78e385c-0a03-11e1-916b-95476b19059a}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{b78e3869-0a03-11e1-916b-95476b19059a}\Shell - "" = AutoRun
O33 - MountPoints2\{b78e3869-0a03-11e1-916b-95476b19059a}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{b78e3877-0a03-11e1-916b-95476b19059a}\Shell - "" = AutoRun
O33 - MountPoints2\{b78e3877-0a03-11e1-916b-95476b19059a}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{c60b1d03-948a-11e1-b452-a9fb93de33a9}\Shell - "" = AutoRun
O33 - MountPoints2\{c60b1d03-948a-11e1-b452-a9fb93de33a9}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{e453e644-42ec-11e1-ba57-dbe944af10d1}\Shell - "" = AutoRun
O33 - MountPoints2\{e453e644-42ec-11e1-ba57-dbe944af10d1}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{e5e543a2-b458-11e0-8134-c0f8da9ce4fc}\Shell - "" = AutoRun
O33 - MountPoints2\{e5e543a2-b458-11e0-8134-c0f8da9ce4fc}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{e5e543b7-b458-11e0-8134-c0f8da9ce4fc}\Shell - "" = AutoRun
O33 - MountPoints2\{e5e543b7-b458-11e0-8134-c0f8da9ce4fc}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{e5e543d4-b458-11e0-8134-c0f8da9ce4fc}\Shell - "" = AutoRun
O33 - MountPoints2\{e5e543d4-b458-11e0-8134-c0f8da9ce4fc}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{e98d437d-d555-11e0-8ea9-001e101f8ed0}\Shell - "" = AutoRun
O33 - MountPoints2\{e98d437d-d555-11e0-8ea9-001e101f8ed0}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{e98d47ad-d555-11e0-8ea9-001e101f8ed0}\Shell - "" = AutoRun
O33 - MountPoints2\{e98d47ad-d555-11e0-8ea9-001e101f8ed0}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 90 Days ==========
 
[2013/07/25 04:49:51 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/07/25 04:33:26 | 000,560,934 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Faraz\Desktop\JRT.exe
[2013/07/24 19:03:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2013/07/24 19:03:10 | 000,000,000 | ---D | C] -- C:\Users\Faraz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2013/07/24 18:58:10 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Faraz\Desktop\OTL.exe
[2013/07/21 00:18:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EVDO BROADBAND PTCL
[2013/07/21 00:18:37 | 000,000,000 | ---D | C] -- C:\Program Files\EVDO BROADBAND PTCL
[2013/07/03 16:19:01 | 000,000,000 | ---D | C] -- C:\Users\Faraz\AppData\Local\Comodo
[2013/07/02 19:53:54 | 000,000,000 | ---D | C] -- C:\ProgramData\CPA_VA
[2013/07/02 19:52:50 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\COMODO
[2013/07/02 16:13:11 | 000,000,000 | -H-D | C] -- C:\VritualRoot
[2013/07/02 16:03:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo
[2013/07/02 16:02:58 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2013/07/02 16:02:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
[2013/07/02 16:02:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Comodo
[2013/07/02 16:02:51 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gdiplus.dll
[2013/07/01 23:35:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus 2013
[2013/07/01 23:35:29 | 000,064,856 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\klfphc.dll
[2013/07/01 23:34:26 | 000,000,000 | ---D | C] -- C:\Windows\ELAMBKUP
[2013/07/01 23:34:13 | 000,620,128 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klif.sys
[2013/07/01 23:34:13 | 000,090,208 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klflt.sys
[2013/07/01 22:46:25 | 000,000,000 | ---D | C] -- C:\Users\Faraz\AppData\Roaming\Zbshareware Lab
[2013/07/01 22:46:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\USB Disk Security
[2013/07/01 22:46:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\USB Disk Security
[2013/06/29 11:41:48 | 000,000,000 | ---D | C] -- C:\Users\Faraz\Desktop\Docs
[2013/06/27 12:19:08 | 000,000,000 | ---D | C] -- C:\Users\Faraz\AppData\Roaming\Nero
[2013/06/27 12:18:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero
[2013/06/27 12:18:03 | 003,036,456 | ---- | C] (BCGSoft Ltd) -- C:\Windows\SysWow64\BCGCBPRO860u80.dll
[2013/06/27 12:18:03 | 000,802,816 | ---- | C] (Pegasus Imaging Corp.) -- C:\Windows\SysWow64\imagXRA7.dll
[2013/06/27 12:18:03 | 000,368,640 | ---- | C] (Pegasus Imaging Corporation) -- C:\Windows\SysWow64\TwnLib4.dll
[2013/06/27 12:18:03 | 000,258,048 | ---- | C] (Pegasus Imaging Corp.) -- C:\Windows\SysWow64\imagXR7.dll
[2013/06/27 12:18:02 | 000,497,296 | ---- | C] (Pegasus Imaging Corp.) -- C:\Windows\SysWow64\imagXpr7.dll
[2013/06/27 12:18:01 | 001,757,184 | ---- | C] (Pegasus Imaging Corp.) -- C:\Windows\SysWow64\imagX7.dll
[2013/06/27 12:17:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Ahead
[2013/06/27 12:17:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nero
[2013/06/26 06:59:33 | 000,000,000 | ---D | C] -- C:\Users\Faraz\AppData\Local\CrashDumps
[2013/06/26 06:31:41 | 000,000,000 | ---D | C] -- C:\Users\Faraz\AppData\Local\Apps
[2013/06/21 06:07:16 | 000,046,792 | ---- | C] (AnchorFree Inc.) -- C:\Windows\SysNative\drivers\hssdrv6.sys
[2013/06/19 12:46:55 | 000,000,000 | R--D | C] -- C:\Users\Faraz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
[2013/06/19 12:46:55 | 000,000,000 | ---D | C] -- C:\Users\Faraz\AppData\Local\BMExplorer
[2013/06/17 14:37:57 | 000,000,000 | ---D | C] -- C:\Users\Faraz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
[2013/06/17 14:37:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
[2013/06/17 14:20:05 | 000,000,000 | ---D | C] -- C:\ProgramData\IDM
[2013/06/17 03:07:41 | 000,000,000 | ---D | C] -- C:\Users\Faraz\AppData\Roaming\Nitro
[2013/06/17 03:07:41 | 000,000,000 | ---D | C] -- C:\Users\Faraz\AppData\Roaming\FileOpen
[2013/06/17 03:07:41 | 000,000,000 | ---D | C] -- C:\ProgramData\FileOpen
[2013/06/17 03:06:05 | 000,029,704 | ---- | C] (Nitro PDF Software) -- C:\Windows\SysNative\nitrolocalmon2.dll
[2013/06/17 03:06:05 | 000,017,928 | ---- | C] (Nitro PDF Software) -- C:\Windows\SysNative\nitrolocalui2.dll
[2013/06/17 03:05:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nitro
[2013/06/17 03:05:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nitro
[2013/06/17 03:05:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Nitro
[2013/06/17 03:05:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nitro
[2013/06/17 00:09:23 | 000,000,000 | ---D | C] -- C:\Users\Faraz\AppData\Roaming\PDF
[2013/05/29 16:09:40 | 000,000,000 | ---D | C] -- C:\Users\Faraz\AppData\Local\Macromedia
[2013/05/18 14:52:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/05/18 14:51:39 | 000,263,584 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013/05/18 14:51:30 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013/05/18 14:51:30 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013/05/18 14:51:30 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/05/06 02:21:12 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys
[2013/05/06 02:21:12 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll
[2013/05/06 02:09:26 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2013/05/06 02:09:25 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2013/05/06 02:09:24 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2013/05/06 02:09:24 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2013/05/06 02:07:59 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll
[2013/05/06 02:07:57 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll
[2013/05/06 02:07:56 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll
[2013/05/06 02:07:56 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe
[2013/05/06 01:59:05 | 003,138,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2013/05/06 01:59:00 | 002,691,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2013/05/06 01:58:58 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
[2013/05/06 01:58:58 | 000,131,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
[2013/05/06 01:58:57 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2013/05/06 01:58:55 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2013/05/06 01:53:28 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2013/05/06 01:53:28 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2013/05/06 01:53:27 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2013/05/06 01:53:27 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013/05/06 01:53:26 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2013/05/06 01:53:25 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013/05/06 01:53:24 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013/05/06 01:53:24 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/05/06 01:53:24 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/05/06 01:53:23 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2013/05/06 01:53:23 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013/05/06 01:53:23 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013/05/06 01:53:23 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013/05/06 01:53:20 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2013/05/06 01:53:19 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2013/05/06 01:53:19 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2013/05/06 01:53:19 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2013/05/06 01:53:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2013/05/06 01:53:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2013/05/06 01:53:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2013/05/06 01:53:18 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2013/05/06 01:53:18 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2013/05/06 01:53:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/05/06 01:53:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/05/06 01:53:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2013/05/06 01:53:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2013/05/06 01:53:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/05/06 01:53:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/05/06 01:53:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/05/06 01:53:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/05/06 01:53:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2013/05/06 01:53:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2013/05/06 01:53:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2013/05/06 01:53:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/05/06 01:53:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2013/05/06 01:53:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2013/05/06 01:53:17 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2013/05/06 01:53:17 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2013/05/06 01:53:17 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2013/05/06 01:53:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/05/06 01:53:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2013/05/06 01:53:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2013/05/06 01:53:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2013/05/06 01:53:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2013/05/06 01:53:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2013/05/06 01:53:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2013/05/06 01:53:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2013/05/06 01:53:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2013/05/06 01:53:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2013/05/06 01:53:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2013/05/06 01:53:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2013/05/06 01:53:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2013/05/06 01:53:16 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2013/05/06 01:53:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2013/05/06 01:53:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/05/06 01:53:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/05/06 01:53:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2013/05/06 01:53:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2013/05/06 01:53:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2013/05/06 01:53:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2013/05/06 01:53:15 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2013/05/06 01:53:15 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2013/05/06 01:53:15 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2013/05/06 01:53:15 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2013/05/06 01:53:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2013/05/06 01:53:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2013/05/06 01:53:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2013/05/06 01:53:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2013/05/06 01:53:14 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013/05/06 01:51:28 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2013/05/06 01:51:27 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2013/05/06 01:51:27 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2013/05/06 01:48:31 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2013/05/06 01:48:30 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013/05/06 01:47:16 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
[2013/05/06 01:47:16 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll
[2013/05/06 01:47:15 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll
[2013/05/06 01:46:55 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys
[2013/05/06 01:46:38 | 003,213,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2013/05/06 01:46:11 | 000,154,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iisRtl.dll
[2013/05/06 01:46:10 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admwprox.dll
[2013/05/06 01:46:09 | 000,191,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iisRtl.dll
[2013/05/06 01:46:08 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admwprox.dll
[2013/05/06 01:46:05 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iisreset.exe
[2013/05/06 01:46:04 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ahadmin.dll
[2013/05/06 01:46:04 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iisreset.exe
[2013/05/06 01:46:03 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ahadmin.dll
[2013/05/06 01:46:03 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wamregps.dll
[2013/05/06 01:46:03 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wamregps.dll
[2013/05/06 01:46:02 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iisrstap.dll
[2013/05/06 01:46:02 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iisrstap.dll
[2013/05/06 01:44:22 | 000,287,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2013/05/06 01:43:21 | 001,462,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2013/05/06 01:43:19 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2013/05/06 01:42:43 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll
[2013/05/06 01:42:39 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2013/05/06 01:42:36 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl
[2013/05/06 01:42:35 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl
[2013/05/06 01:42:32 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2013/05/06 01:42:29 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll
[2013/05/06 01:42:28 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll
[2013/05/06 01:42:26 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2013/05/06 01:42:25 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll
[2013/05/06 01:42:25 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll
[2013/05/06 01:42:23 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2013/05/06 01:38:57 | 000,956,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2013/05/06 01:37:59 | 005,497,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/05/06 01:37:56 | 003,958,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013/05/06 01:37:56 | 003,902,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013/05/06 01:37:55 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2013/05/06 01:37:55 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2013/05/06 01:37:54 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2013/05/06 01:37:34 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe
 
========== Files - Modified Within 90 Days ==========
 
[2013/07/25 05:55:11 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-182233152-2924250215-3996894080-1000UA.job
[2013/07/25 05:22:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/07/25 04:46:46 | 000,019,184 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/25 04:46:46 | 000,019,184 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/25 04:41:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/07/25 04:41:27 | 3148,218,368 | -HS- | M] () -- C:\hiberfil.sys
[2013/07/25 04:38:36 | 000,000,105 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013/07/25 04:32:18 | 000,986,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/07/25 04:32:18 | 000,815,680 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/07/25 04:32:18 | 000,169,078 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/07/25 04:28:30 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-182233152-2924250215-3996894080-1000UA.job
[2013/07/25 04:20:28 | 000,666,633 | ---- | M] () -- C:\Users\Faraz\Desktop\AdwCleaner.exe
[2013/07/25 04:19:54 | 000,560,934 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Faraz\Desktop\JRT.exe
[2013/07/25 01:06:39 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-182233152-2924250215-3996894080-1000Core.job
[2013/07/24 19:03:10 | 000,002,975 | ---- | M] () -- C:\Users\Faraz\Desktop\HiJackThis.lnk
[2013/07/24 18:58:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Faraz\Desktop\OTL.exe
[2013/07/23 12:36:31 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-182233152-2924250215-3996894080-1000Core.job
[2013/07/21 00:18:49 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\EVDO BROADBAND PTCL.lnk
[2013/07/20 10:48:19 | 000,000,600 | ---- | M] () -- C:\Users\Faraz\PUTTY.RND
[2013/07/20 10:23:20 | 000,580,227 | ---- | M] () -- C:\Users\Faraz\Desktop\How To Hack Any Email Account.pdf
[2013/07/20 09:03:30 | 000,242,310 | ---- | M] () -- C:\Users\Faraz\Desktop\[Tutorial] Disinfecting and Hacking a Keylogger ~ Software Zone.pdf
[2013/07/19 17:23:55 | 001,474,832 | ---- | M] () -- C:\Windows\SysNative\drivers\sfi.dat
[2013/07/19 16:51:11 | 000,222,725 | ---- | M] () -- C:\Users\Faraz\Desktop\Untitled.jpg
[2013/07/18 10:40:14 | 000,344,816 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/07/18 00:54:17 | 000,441,269 | ---- | M] () -- C:\Users\Faraz\Desktop\Q's Blog.pdf
[2013/07/16 16:29:58 | 000,174,956 | ---- | M] () -- C:\Users\Faraz\Desktop\HR Q & A.pdf
[2013/07/14 22:10:42 | 000,178,448 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\kneps.sys
[2013/07/14 22:10:38 | 000,054,368 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\kltdi.sys
[2013/07/14 22:10:03 | 000,620,128 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klif.sys
[2013/07/14 22:09:24 | 000,090,208 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klflt.sys
[2013/07/13 13:19:12 | 000,002,361 | ---- | M] () -- C:\Users\Faraz\Desktop\Google Chrome.lnk
[2013/07/12 02:14:50 | 001,501,408 | ---- | M] () -- C:\Users\Faraz\Desktop\Understanding The Differ..._ Simple Small Business.pdf
[2013/07/12 01:59:48 | 000,644,296 | ---- | M] () -- C:\Users\Faraz\Desktop\Markup vs. Margin. What ...rence_ – Consero Global.pdf
[2013/07/12 01:54:42 | 002,197,905 | ---- | M] () -- C:\Users\Faraz\Desktop\Gross margin .pdf
[2013/07/10 23:38:42 | 000,001,922 | ---- | M] () -- C:\Users\Public\Desktop\Nitro Pro 8.lnk
[2013/07/02 16:03:14 | 000,001,846 | ---- | M] () -- C:\Users\Public\Desktop\COMODO Internet Security.lnk
[2013/07/02 16:03:00 | 000,001,069 | ---- | M] () -- C:\Users\Faraz\Application Data\Microsoft\Internet Explorer\Quick Launch\COMODO GeekBuddy.lnk
[2013/07/02 16:03:00 | 000,001,045 | ---- | M] () -- C:\Users\Public\Desktop\COMODO GeekBuddy.lnk
[2013/07/02 16:02:54 | 000,001,070 | ---- | M] () -- C:\Users\Public\Desktop\Comodo Dragon.lnk
[2013/07/02 16:02:51 | 001,700,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\gdiplus.dll
[2013/07/01 23:35:30 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Kaspersky Anti-Virus 2013.lnk
[2013/07/01 23:10:56 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/07/01 22:46:16 | 000,001,030 | ---- | M] () -- C:\Users\Public\Desktop\USB Disk Security.lnk
[2013/06/27 12:18:06 | 000,001,885 | ---- | M] () -- C:\Users\Faraz\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero Express.lnk
[2013/06/27 12:18:06 | 000,001,861 | ---- | M] () -- C:\Users\Faraz\Desktop\Nero Express.lnk
[2013/06/27 12:09:41 | 000,001,280 | ---- | M] () -- C:\Users\Faraz\Desktop\Command Prompt.lnk
[2013/06/21 11:04:11 | 000,177,592 | ---- | M] () -- C:\Users\Faraz\Desktop\petrokeymia.jpg
[2013/06/21 06:07:16 | 000,046,792 | ---- | M] (AnchorFree Inc.) -- C:\Windows\SysNative\drivers\hssdrv6.sys
[2013/06/17 18:48:34 | 000,003,441 | ---- | M] () -- C:\Users\Faraz\AppData\Roaming\lgr
[2013/06/16 20:21:28 | 000,000,884 | RHS- | M] () -- C:\Users\Faraz\ntuser.pol
[2013/06/12 21:24:15 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/06/12 21:24:14 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/05/31 12:10:39 | 000,007,605 | ---- | M] () -- C:\Users\Faraz\AppData\Local\Resmon.ResmonCfg
[2013/05/18 14:51:20 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/05/18 14:51:16 | 000,263,584 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013/05/18 14:51:16 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013/05/18 14:51:15 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013/05/18 14:51:14 | 000,866,720 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npdeployJava1.dll
[2013/05/18 14:51:14 | 000,788,896 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013/05/09 20:29:30 | 000,131,072 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2013/05/08 00:49:06 | 000,087,185 | ---- | M] () -- C:\Users\Faraz\Documents\935235_463914003688815_2089777530_n.jpg
 
========== Files Created - No Company Name ==========
 
[2013/07/25 04:36:43 | 000,000,105 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013/07/25 04:33:26 | 000,666,633 | ---- | C] () -- C:\Users\Faraz\Desktop\AdwCleaner.exe
[2013/07/24 19:03:10 | 000,002,975 | ---- | C] () -- C:\Users\Faraz\Desktop\HiJackThis.lnk
[2013/07/21 00:18:49 | 000,000,866 | ---- | C] () -- C:\Users\Public\Desktop\EVDO BROADBAND PTCL.lnk
[2013/07/20 10:23:20 | 000,580,227 | ---- | C] () -- C:\Users\Faraz\Desktop\How To Hack Any Email Account.pdf
[2013/07/20 09:03:23 | 000,242,310 | ---- | C] () -- C:\Users\Faraz\Desktop\[Tutorial] Disinfecting and Hacking a Keylogger ~ Software Zone.pdf
[2013/07/18 00:52:53 | 000,441,269 | ---- | C] () -- C:\Users\Faraz\Desktop\Q's Blog.pdf
[2013/07/16 16:29:21 | 000,174,956 | ---- | C] () -- C:\Users\Faraz\Desktop\HR Q & A.pdf
[2013/07/15 16:16:24 | 002,197,905 | ---- | C] () -- C:\Users\Faraz\Desktop\Gross margin .pdf
[2013/07/15 16:16:24 | 001,501,408 | ---- | C] () -- C:\Users\Faraz\Desktop\Understanding The Differ..._ Simple Small Business.pdf
[2013/07/15 16:16:24 | 000,644,296 | ---- | C] () -- C:\Users\Faraz\Desktop\Markup vs. Margin. What ...rence_ – Consero Global.pdf
[2013/07/02 16:04:44 | 001,474,832 | ---- | C] () -- C:\Windows\SysNative\drivers\sfi.dat
[2013/07/02 16:03:14 | 000,001,846 | ---- | C] () -- C:\Users\Public\Desktop\COMODO Internet Security.lnk
[2013/07/02 16:03:00 | 000,001,069 | ---- | C] () -- C:\Users\Faraz\Application Data\Microsoft\Internet Explorer\Quick Launch\COMODO GeekBuddy.lnk
[2013/07/02 16:03:00 | 000,001,045 | ---- | C] () -- C:\Users\Public\Desktop\COMODO GeekBuddy.lnk
[2013/07/02 16:02:54 | 000,001,070 | ---- | C] () -- C:\Users\Public\Desktop\Comodo Dragon.lnk
[2013/07/01 23:35:49 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Kaspersky Anti-Virus 2013.lnk
[2013/07/01 22:46:16 | 000,001,030 | ---- | C] () -- C:\Users\Public\Desktop\USB Disk Security.lnk
[2013/06/27 12:18:06 | 000,001,885 | ---- | C] () -- C:\Users\Faraz\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero Express.lnk
[2013/06/27 12:18:06 | 000,001,861 | ---- | C] () -- C:\Users\Faraz\Desktop\Nero Express.lnk
[2013/06/27 12:18:04 | 000,033,576 | ---- | C] () -- C:\Windows\SysWow64\BCGPOleAcc.dll
[2013/06/27 12:09:41 | 000,001,280 | ---- | C] () -- C:\Users\Faraz\Desktop\Command Prompt.lnk
[2013/06/21 11:04:06 | 000,177,592 | ---- | C] () -- C:\Users\Faraz\Desktop\petrokeymia.jpg
[2013/06/17 14:22:10 | 000,003,441 | ---- | C] () -- C:\Users\Faraz\AppData\Roaming\lgr
[2013/06/17 03:05:56 | 000,002,531 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nitro Pro 8.lnk
[2013/06/17 03:05:56 | 000,001,922 | ---- | C] () -- C:\Users\Public\Desktop\Nitro Pro 8.lnk
[2013/06/16 20:21:28 | 000,000,884 | RHS- | C] () -- C:\Users\Faraz\ntuser.pol
[2013/05/31 12:10:39 | 000,007,605 | ---- | C] () -- C:\Users\Faraz\AppData\Local\Resmon.ResmonCfg
[2013/05/08 00:49:01 | 000,087,185 | ---- | C] () -- C:\Users\Faraz\Documents\935235_463914003688815_2089777530_n.jpg
[2013/05/06 02:21:18 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2013/05/06 02:07:55 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2013/03/29 14:37:29 | 000,000,004 | ---- | C] () -- C:\Windows\vx86036.dat
[2013/03/29 14:36:01 | 000,000,054 | ---- | C] () -- C:\Windows\Crypkey.ini
[2013/03/29 14:35:58 | 000,011,776 | ---- | C] () -- C:\Windows\Ckrfresh.exe
[2013/03/09 00:05:20 | 000,000,009 | ---- | C] () -- C:\Users\Faraz\AppData\Roaming\WinAcc.EML
[2013/03/08 23:59:52 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\implode.dll
[2012/08/26 01:49:44 | 000,000,022 | ---- | C] () -- C:\Windows\Wininit.ini
[2012/08/05 21:58:10 | 000,002,016 | -HS- | C] () -- C:\Windows\SysWow64\win_fp_sys.dat
[2012/08/05 21:47:33 | 000,000,000 | -HS- | C] () -- C:\Windows\SysWow64\win_fp_app.dat
[2012/08/05 21:47:30 | 000,007,168 | ---- | C] () -- C:\Windows\SysWow64\FPService.exe
[2012/08/05 21:47:29 | 000,116,944 | ---- | C] () -- C:\Windows\Secure.dll
[2012/08/05 21:47:29 | 000,110,800 | ---- | C] () -- C:\Windows\Secure64.dll
[2012/08/05 21:47:29 | 000,035,840 | ---- | C] () -- C:\Windows\SysWow64\WinFPdrv.sys
[2012/08/05 21:47:29 | 000,008,064 | -HS- | C] () -- C:\Windows\SysWow64\win_fp_config.dat
[2012/08/04 22:11:41 | 000,000,327 | ---- | C] () -- C:\Windows\dvdcreator.INI
[2012/08/04 22:07:20 | 000,014,496 | ---- | C] () -- C:\Windows\SysWow64\VDI08X.DAT
[2012/08/04 22:04:00 | 000,135,168 | ---- | C] () -- C:\Windows\SysWow64\VDProductInfoEx.dll
[2012/08/02 01:37:56 | 000,149,504 | ---- | C] () -- C:\Windows\SysWow64\UNWISE.EXE
[2011/10/12 01:02:54 | 000,006,656 | ---- | C] () -- C:\Users\Faraz\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/10 23:25:18 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\cd.dat
[2011/09/27 00:18:38 | 000,037,647 | ---- | C] () -- C:\Users\Faraz\AppData\Roaming\Debut.dmp
[2011/09/01 17:06:21 | 000,000,600 | ---- | C] () -- C:\Users\Faraz\PUTTY.RND
[2011/08/13 23:07:15 | 000,000,990 | -HS- | C] () -- C:\Users\Faraz\AppData\Roaming\systemfl.$dk
[2011/07/29 19:27:03 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\Iyvu9_32.dll
[2011/07/29 19:27:02 | 000,568,850 | ---- | C] () -- C:\Windows\SysWow64\x264vfw.dll
[2011/07/29 19:27:00 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2011/07/29 19:26:57 | 000,005,120 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/07/29 19:24:02 | 000,000,061 | ---- | C] () -- C:\Windows\TEXTware.ini
[2011/07/29 19:24:00 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\Twavbx32.dll
[2011/07/29 19:24:00 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\idiom010227.dll
[2011/07/29 19:23:59 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\ILXTBS.DLL
[2011/07/29 19:23:59 | 000,115,200 | ---- | C] () -- C:\Windows\SysWow64\UnzDll.dll
[2011/07/29 19:23:59 | 000,113,288 | ---- | C] () -- C:\Windows\SysWow64\bass.dll
 
========== ZeroAccess Check ==========
 
[2011/11/17 12:14:10 | 000,002,048 | -HS- | M] () -- C:\Windows\Installer\{7c0eee1f-7b7e-6235-9f22-0f2dea83d0ae}\@
[2013/07/03 16:10:09 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{7c0eee1f-7b7e-6235-9f22-0f2dea83d0ae}\L
[2013/04/19 11:30:38 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{7c0eee1f-7b7e-6235-9f22-0f2dea83d0ae}\U
[2009/07/14 09:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 10:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 09:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 06:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 06:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 06:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
< End of report >
 
****************************************************************************************************************************
 

OTL Extras logfile created on: 25/Jul/13 5:45:48 AM - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Faraz\Desktop
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd/MMM/yy
 
3.91 Gb Total Physical Memory | 2.66 Gb Available Physical Memory | 67.97% Memory free
7.82 Gb Paging File | 6.41 Gb Available in Paging File | 81.99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 48.73 Gb Total Space | 5.85 Gb Free Space | 12.01% Space Free | Partition Type: NTFS
Drive D: | 48.83 Gb Total Space | 2.43 Gb Free Space | 4.97% Space Free | Partition Type: NTFS
Drive E: | 368.10 Gb Total Space | 33.39 Gb Free Space | 9.07% Space Free | Partition Type: NTFS
 
Computer Name: SLAIN | User Name: Faraz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 90 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DoNotAllowExceptions" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DoNotAllowExceptions" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe" = C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe:*:Enabled:Windows Messanger -- (Microsoft Corporation)
"C:\Users\Faraz\AppData\Roaming\local.exe" = C:\Users\Faraz\AppData\Roaming\local.exe:*:Enabled:Windows Messanger
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe" = C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe:*:Enabled:Windows Messanger -- (Microsoft Corporation)
"C:\Users\Faraz\AppData\Roaming\local.exe" = C:\Users\Faraz\AppData\Roaming\local.exe:*:Enabled:Windows Messanger
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07615532-D31E-4FAF-A183-63DAA1496985}" = protocol=6 | dir=in | app=c:\users\faraz\desktop\iconz\u1301.exe | 
"{0E46709D-C106-4341-B2B4-09516DE3A0C1}" = protocol=6 | dir=in | app=c:\users\faraz\desktop\iconz\u1210.exe | 
"{5D802493-B4DF-4388-B5B5-07027C32A690}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{75100302-EA27-4CA7-A85B-33699A5FB0C3}" = protocol=17 | dir=in | app=c:\users\faraz\desktop\iconz\u1301.exe | 
"{A2D3FAAC-85C4-44C9-BF60-AE2553D67C90}" = protocol=17 | dir=in | app=c:\users\faraz\desktop\iconz\u1210.exe | 
"{FD46FE5D-89D1-4979-9174-3DF7374A8E3F}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"TCP Query User{0C82B245-2FCC-4F8C-BB8F-3E63C2EA9E04}C:\program files (x86)\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"TCP Query User{0CEB582F-8E0E-4AEC-8C6A-EC9E5EA7014A}C:\program files (x86)\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"TCP Query User{1326218B-C22C-4B11-B830-909BA9A6C248}C:\program files (x86)\torntv.com\torntv downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\torntv.com\torntv downloader.exe | 
"TCP Query User{195FF06F-EBE8-418B-8328-7122BAFD123D}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"TCP Query User{4027BED8-C322-43BD-915B-1F09A2DF361F}C:\users\faraz\appdata\local\facebook\video\skype\facebookvideocalling.exe" = protocol=6 | dir=in | app=c:\users\faraz\appdata\local\facebook\video\skype\facebookvideocalling.exe | 
"TCP Query User{4A9547B6-FB9F-4526-8368-41D77D6AF7F9}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"TCP Query User{69EE9624-C871-457B-B09D-915095D4AAE5}C:\users\faraz\desktop\iconz\u1301.exe" = protocol=6 | dir=in | app=c:\users\faraz\desktop\iconz\u1301.exe | 
"TCP Query User{BE04720D-2A98-416B-B332-23B1AAE31EB0}C:\users\faraz\desktop\iconz\u1210.exe" = protocol=6 | dir=in | app=c:\users\faraz\desktop\iconz\u1210.exe | 
"UDP Query User{3D2BACB2-217E-4D73-98E2-D99A95AABDAA}C:\users\faraz\appdata\local\facebook\video\skype\facebookvideocalling.exe" = protocol=17 | dir=in | app=c:\users\faraz\appdata\local\facebook\video\skype\facebookvideocalling.exe | 
"UDP Query User{57AE0C85-A879-41BD-BC83-B315799255CF}C:\program files (x86)\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"UDP Query User{6512BEA6-A9F0-4AFD-9514-DEA9B1455049}C:\users\faraz\desktop\iconz\u1210.exe" = protocol=17 | dir=in | app=c:\users\faraz\desktop\iconz\u1210.exe | 
"UDP Query User{862FA32E-8D7A-4E60-B66B-2346C8B8F7AC}C:\users\faraz\desktop\iconz\u1301.exe" = protocol=17 | dir=in | app=c:\users\faraz\desktop\iconz\u1301.exe | 
"UDP Query User{ACD6C87E-DBF2-4334-B209-09B34679BE71}C:\program files (x86)\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"UDP Query User{B67320A0-F08B-4184-A0F2-27C95A94E948}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"UDP Query User{F8D8E166-D450-4495-9618-B413D067113A}C:\program files (x86)\torntv.com\torntv downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\torntv.com\torntv downloader.exe | 
"UDP Query User{FB804985-5CA8-4641-A8F0-A5FC41EDA70E}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0C6A0300-181F-400D-80C2-833A7E7461ED}" = Nitro Pro 8
"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64)
"{50822200-2E95-4E62-A8D8-41C3B308DF5E}" = Microsoft SQL Server VSS Writer
"{68660049-8D48-427C-9FF7-139D8340CDC0}" = MSVC80_x64
"{6E740973-8E71-42F9-A910-C18452E60450}" = Microsoft SQL Server Native Client
"{7CE8BE79-ABC3-4B2C-9543-28ED2B0A9EA8}" = Intel® PROSet/Wireless Software for Bluetooth® Technology
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 268.30
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 268.30
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 268.30
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.0.21
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.2.22.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{CBCDC8C3-8783-4AAC-BB72-31FB8A5E63CB}" = Microsoft SQL Server Management Studio Express
"{D6AB1F5B-FED6-49A9-9747-327BD28FB3C7}" = COMODO Internet Security
"E8A6D621B6D3FC5D43C68C549D959DE76EEF5D84" = Windows Driver Package - Nokia Modem  (06/01/2009 4.1)
"F779F5541ABD99C95C03B0FD5E3C058B22DA0FF7" = Windows Driver Package - Nokia Modem  (06/01/2009 7.01.0.3)
"WinRAR archiver" = WinRAR 4.01 (64-bit)
"ZTEWireless-101_is1" = EVDO BROADBAND PTCL
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{021B4CD1-D0DA-11D4-9610-00D0B74E3F77}" = Stahlschluessel 2001
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Dell WLAN and Bluetooth Client Installation
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{3D39E775-DDDA-4327-B747-0BDC5F191331}" = Nokia PC Suite
"{40443320-CDB0-43E9-9CD4-6C5F6FBF35FD}" = PipeData-PRO 8.0
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
"{451517F1-7E41-400B-AA36-FB7E2563526D}" = Dell Wireless Driver Installation
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4856B299-DFCD-44F0-AC0A-B3D102E19B5F}" = Primavera 6.1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{52D02A2B-03D2-4E34-A358-DC5D951FD296}" = Nokia Connectivity Cable Driver
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Anti-Virus 2013
"{58D379F7-62BC-4748-8237-FE071ECE797C}" = Microsoft SQL Server 2005 Tools
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{87655413-1064-1017-2250-851555730017}" = MAXORING
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_PRJSTD_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-003A-0000-0000-0000000FF1CE}" = Microsoft Office Project Standard 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}_PRJSTD_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00B4-0409-0000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PRJPROR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PRJPROR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PRJPROR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PRJPROR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PRJPROR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PRJPROR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PRJPROR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00B4-0409-0000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2010
"{90140000-00B4-0409-0000-0000000FF1CE}_Office14.PRJPROR_{18A0C151-8F8A-4B68-A960-60C464B94329}" = Microsoft Project 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PRJPROR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PRJPROR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91140000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2010
"{91140000-003B-0000-0000-0000000FF1CE}_Office14.PRJPROR_{8A8F117F-8EDB-440D-B679-F08909D729F7}" = Microsoft Project 2010 Service Pack 1 (SP1)
"{A13D16C5-38A9-4D96-9647-59FCCAB12A85}" = Visual Basic for Applications ® Core - English
"{B0F9497C-52B4-4686-8E73-74D866BBDF59}" = Microsoft SQL Server 2005 (PRIMAVERA)
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{C3F5DBA5-ABFC-443E-AA60-928223AADF53}" = Microsoft SQL Server 2005 (SQLEXPRESS)
"{E3E30FF7-5EAE-4E0E-B394-78214222D60C}" = Windows Internet Explorer Platform Preview
"{F0C2AD51-9F09-4B75-82EE-74DA80F708D8}" = Nitro PDF Professional
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FB97C283-1F3C-42D4-AE01-ADC1DC12F774}" = Visual Basic for Applications ® Core
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"ChatSend Toolbar" = ChatSend Toolbar
"Comodo Dragon" = Comodo Dragon
"COMODO GeekBuddy" = COMODO GeekBuddy
"CoreAAC" = CoreAAC
"Counter-Strike 1.6" = Counter-Strike 1.6
"Debut" = Debut Video Capture Software
"Dell Webcam Center" = Dell Webcam Center
"Dell Webcam Manager" = Dell Webcam Manager
"ENTERPRISE" = Microsoft Office Enterprise 2007
"GOM Player" = GOM Player
"HotspotShield" = Hotspot Shield 3.09
"InstallShield_{4856B299-DFCD-44F0-AC0A-B3D102E19B5F}" = Primavera 6.1
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Anti-Virus 2013
"Internet Download Manager" = Internet Download Manager
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 1.53
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US)
"MPEG2 Codec(libmpeg2/mad)" = MPEG2 Codec(libmpeg2/mad)
"Nero8030_Micro_is1" = Nero 8 Micro v8.0.3.0
"Nokia PC Suite" = Nokia PC Suite
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.PRJPROR" = Microsoft Project Professional 2010
"Opera 11.50.1074" = Opera 11.50
"Oxford Advanced Genie" = Oxford Advanced Genie
"PM FASTrack v7" = PM FASTrack v7
"Primavera Group Server" = Primavera Group Server
"PRJSTD" = Microsoft Office Project Standard 2007
"USB Disk Security_is1" = USB Disk Security
"uTorrent" = µTorrent
"VIVA WiFi" = VIVA WiFi
"VLC media player" = VLC media player 1.0.5
"Yahoo! Messenger" = Yahoo! Messenger
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"bd4d3a0508d364f5" = Dell Driver Download Manager
"Google Chrome" = Google Chrome
 
========== Last 20 Event Log Errors ==========
 
[ System Events ]
Error - 24/Jul/13 9:08:19 PM | Computer Name = Slain | Source = BTHUSB | ID = 327697
Description = The local Bluetooth adapter has failed in an undetermined manner and
 will not be used. The driver has been unloaded.
 
 
< End of report >
 

 



#12 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 25 July 2013 - 09:44 AM

Can you do the following:
You appear to be running 2 antivirus software, both battling against each other possibly even do more harm than good
I see
COMODO Internet Security
and
Kaspersky Anti-Virus 2013

Why don't you uninstall one of them, keep the one your happiest with
NOTE: It may be best to disable the Protection of the one your going to keep so it
won't interfere with the uninstall process
Reboot the computer afterwards

Back in Windows. Temporarily keep your AV protection disable
Run another scan with OTL.exe and post the log that opens afterwards

Do you want to post your own logs from FRST?
Follow the instructions posted Click Here


#13 faraz

faraz

    Member

  • Members
  • PipPipPip
  • 78 posts

Posted 03 August 2013 - 01:21 PM

OTL logfile created on: 03/Aug/13 11:38:56 PM - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Faraz\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd/MMM/yy
 
3.91 Gb Total Physical Memory | 2.30 Gb Available Physical Memory | 58.89% Memory free
7.82 Gb Paging File | 6.15 Gb Available in Paging File | 78.69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 48.73 Gb Total Space | 7.81 Gb Free Space | 16.03% Space Free | Partition Type: NTFS
Drive D: | 48.83 Gb Total Space | 2.40 Gb Free Space | 4.92% Space Free | Partition Type: NTFS
Drive E: | 368.10 Gb Total Space | 32.71 Gb Free Space | 8.89% Space Free | Partition Type: NTFS
 
Computer Name: SLAIN | User Name: Faraz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/07/24 18:58:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Faraz\Desktop\OTL.exe
PRC - [2013/04/13 12:07:26 | 000,802,136 | ---- | M] (BitTorrent Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
PRC - [2012/09/18 14:28:32 | 000,069,640 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\NLSSRV32.EXE
PRC - [2011/04/21 19:32:26 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010/10/05 21:04:12 | 002,655,768 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/10/05 21:04:08 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2007/02/10 07:29:54 | 029,178,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\MSSQL\Primavera\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2006/08/28 04:53:48 | 000,092,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\MSSQL\Primavera\MSSQL.1\MSSQL\Binn\msftesql.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011/04/22 08:13:00 | 000,004,096 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\coprocmanager\detoured.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012/11/08 04:37:39 | 002,828,408 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV:64bit: - [2012/09/18 14:28:28 | 000,230,920 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe -- (NitroDriverReadSpool8)
SRV:64bit: - [2011/11/23 15:27:10 | 001,267,000 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe -- (CLPSLS)
SRV:64bit: - [2010/03/19 01:25:55 | 000,126,976 | ---- | M] (CrypKey (Canada) Ltd.) [Disabled | Stopped] -- C:\Windows\SysNative\Crypserv.exe -- (CrypKey License)
SRV:64bit: - [2009/08/25 09:15:30 | 000,410,112 | ---- | M] () [Auto | Running] -- C:\Program Files\EVDO BROADBAND PTCL\bin\MonServiceUDisk64.exe -- (UDisk Monitor)
SRV:64bit: - [2009/07/14 06:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 06:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/07/14 06:38:59 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\CISVC.EXE -- (CISVC)
SRV - [2013/06/12 21:24:16 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/02/28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/09/18 14:28:32 | 000,069,640 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2011/04/22 08:13:00 | 002,009,704 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/04/21 19:32:26 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/03/14 20:27:34 | 000,346,976 | ---- | M] () [Disabled | Stopped] -- C:\ProgramData\DatacardService\HWDeviceService64.exe -- (HWDeviceService64.exe)
SRV - [2010/12/17 14:46:48 | 000,053,920 | ---- | M] (Atheros Commnucations) [Disabled | Stopped] -- C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2010/11/20 17:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/11/20 17:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/11/20 17:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010/11/03 12:01:34 | 000,983,104 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2010/11/03 12:01:20 | 001,298,496 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)
SRV - [2010/11/03 11:53:28 | 000,897,088 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
SRV - [2010/10/05 21:04:12 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/10/05 21:04:08 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/10/01 11:49:08 | 000,151,552 | ---- | M] (Atheros) [Disabled | Stopped] -- C:\Program Files (x86)\Dell Wireless\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent)
SRV - [2009/06/11 02:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/12/03 14:43:06 | 000,841,728 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Primavera Common\BackgroundAgent\PrmBackgroundAgent.exe -- (PrmBackAgent)
SRV - [2007/02/10 07:29:54 | 029,178,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\MSSQL\Primavera\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$PRIMAVERA)
SRV - [2006/08/28 04:53:48 | 000,092,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\MSSQL\Primavera\MSSQL.1\MSSQL\Binn\msftesql.exe -- (msftesql$PRIMAVERA)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013/06/21 06:07:16 | 000,046,792 | ---- | M] (AnchorFree Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\hssdrv6.sys -- (HssDRV6)
DRV:64bit: - [2013/04/25 00:28:08 | 000,042,184 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6)
DRV:64bit: - [2012/11/08 04:37:57 | 000,022,736 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\cmderd.sys -- (cmderd)
DRV:64bit: - [2012/06/21 00:15:53 | 000,028,672 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_juextctrl.sys -- (huawei_ext_ctrl)
DRV:64bit: - [2012/06/21 00:15:52 | 000,422,400 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbwwan.sys -- (ewusbmbb)
DRV:64bit: - [2012/06/21 00:15:52 | 000,223,232 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2012/06/21 00:15:52 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV:64bit: - [2012/06/21 00:15:52 | 000,098,304 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_jucdcacm.sys -- (huawei_cdcacm)
DRV:64bit: - [2012/06/21 00:15:52 | 000,087,040 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV:64bit: - [2012/06/21 00:15:52 | 000,072,192 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_jucdcecm.sys -- (huawei_cdcecm)
DRV:64bit: - [2012/04/23 16:26:26 | 000,154,272 | ---- | M] (Tonec Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\idmwfp.sys -- (IDMWFP)
DRV:64bit: - [2012/03/01 11:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/05/25 04:40:10 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2011/05/13 00:28:46 | 000,363,856 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2011/04/22 08:13:00 | 000,025,960 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2011/03/26 01:17:50 | 012,262,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/03/11 11:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 11:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/03 21:29:20 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010/12/17 14:47:10 | 000,275,616 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2010/12/17 14:47:08 | 000,201,376 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2010/12/17 14:47:08 | 000,154,272 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2010/12/17 14:47:08 | 000,055,456 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2010/12/17 14:47:08 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2010/12/17 14:47:08 | 000,028,832 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2010/12/17 14:47:06 | 000,298,144 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2010/12/10 13:50:36 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/12/10 13:50:36 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/11/24 11:33:26 | 002,673,664 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/11/20 18:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 16:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 16:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/20 15:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010/11/04 05:07:06 | 000,058,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux)
DRV:64bit: - [2010/10/19 23:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/05/27 06:30:00 | 001,121,632 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2010/03/19 04:11:09 | 000,030,272 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\Ckldrv.sys -- (NetworkX)
DRV:64bit: - [2009/12/23 19:33:48 | 000,118,360 | ---- | M] (FarStone Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\FVXSCSI.SYS -- (FVXSCSI)
DRV:64bit: - [2009/07/21 16:04:16 | 000,119,168 | ---- | M] (ZTEMT Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT_ZTEMT_U_USBSER.sys -- (ztemtusbser)
DRV:64bit: - [2009/07/14 06:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 06:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 06:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/11 01:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 01:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 01:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 01:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/02/09 10:38:44 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64j.sys -- (UsbserFilt)
DRV:64bit: - [2009/02/09 10:38:34 | 000,018,944 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcdx64)
DRV:64bit: - [2009/02/09 10:38:34 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2009/02/09 10:38:32 | 000,025,088 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdcx64)
DRV:64bit: - [2008/10/29 10:47:02 | 000,024,592 | ---- | M] (FarStone Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\FCDABUS.SYS -- (fcdabus)
DRV:64bit: - [2008/05/06 18:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV - [2009/07/14 06:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://pk.msn.com/?C=PK
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = ED 44 0A 8A 56 41 CC 01  [binary data]
IE - HKCU\..\URLSearchHook: {08d6b0b4-c132-470d-a8e2-aa2e9c3851c9} - No CLSID value found
IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found
IE - HKCU\..\URLSearchHook: {c34bfb11-eff0-4123-a7a5-79051ef24cf5} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{8EEAC88A-079B-4b2c-80C1-7836F79EB40A}: "URL" = http://us.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}:6.0.37
FF - prefs.js..extensions.enabledAddons: [email protected]:1.0
FF - prefs.js..browser.startup.homepage: "http://us.yahoo.com?fr=fp-comodo"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..keyword.URL: "http://us.search.yah...=ytff-comodo&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-comodo"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-comodo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Faraz\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Faraz\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Faraz\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Nokia\Nokia PC Suite 7\bkmrksync\ [2011/07/29 16:13:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/04/12 22:29:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Faraz\AppData\Roaming\IDM\idmmzcc5 [2013/06/26 07:05:30 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Users\Faraz\AppData\Roaming\IDM\idmmzcc5 [2013/06/26 07:05:30 | 000,000,000 | ---D | M]
 
[2012/04/12 22:30:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Faraz\AppData\Roaming\mozilla\Extensions
[2013/07/25 04:37:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Faraz\AppData\Roaming\mozilla\Firefox\Profiles\3ajw8v5r.default\extensions
[2013/05/07 12:34:31 | 000,000,000 | ---D | M] (SelectionLinks) -- C:\Users\Faraz\AppData\Roaming\mozilla\Firefox\Profiles\3ajw8v5r.default\extensions\{C92DDD27-768C-4E40-B655-740B017E698D}
[2013/07/25 04:36:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/08/03 02:47:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012/09/03 20:41:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\[email protected]
[2012/03/13 09:39:39 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/03/13 09:38:32 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/03/13 09:38:32 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR - Extension: Kaspersky URL Advisor = C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\
CHR - Extension: Content Blocker = C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail\13.0.1.4190_0\
CHR - Extension: Virtual Keyboard = C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4292_0\
CHR - Extension: Web Navigation = C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkemddiljapcmhicklfpcbpfffahfbja\1.0_0\
CHR - Extension: Web Navigation = C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkemddiljapcmhicklfpcbpfffahfbja\1.0_0\.bak
 
O1 HOSTS File: ([2013/07/03 16:10:09 | 000,000,707 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Users\Faraz\AppData\Local\Temp\IDMIECC64.dll File not found
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Users\Faraz\AppData\Local\Temp\IDMIECC.dll File not found
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (SelectionLinks) - {7825CFB6-490A-436B-9F26-4A7B5CFC01A9} - C:\Program Files (x86)\OApps\SelectionLinks.dll File not found
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (ssafEE- saVae) - {98ED5451-2AA6-96DB-7012-46C7C9673C57} - C:\ProgramData\ssafEE- saVae\51d19df9cfdfa.dll File not found
O2 - BHO: (QUICKfind BHO Object) - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~2\TEXTware\QUICKF~1\PlugIns\IEHelp.dll File not found
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {08D6B0B4-C132-470D-A8E2-AA2E9C3851C9} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C34BFB11-EFF0-4123-A7A5-79051EF24CF5} - No CLSID value found.
O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [NVHotkey] C:\Windows\SysNative\nvHotkey.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKCU..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot File not found
O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Download all links with IDM - C:\Users\Faraz\AppData\Local\Temp\Rar$EX37.136\Internet Download Manager v6.05.10\crack\IEGetAll.htm File not found
O8:64bit: - Extra context menu item: Download with IDM - C:\Users\Faraz\AppData\Local\Temp\Rar$EX37.136\Internet Download Manager v6.05.10\crack\IEExt.htm File not found
O8:64bit: - Extra context menu item: QuickDefine - C:\Program Files (x86)\Common Files\microsoft shared\Reference Titles\eddefine.htm ()
O8 - Extra context menu item: Download all links with IDM - C:\Users\Faraz\AppData\Local\Temp\Rar$EX37.136\Internet Download Manager v6.05.10\crack\IEGetAll.htm File not found
O8 - Extra context menu item: Download with IDM - C:\Users\Faraz\AppData\Local\Temp\Rar$EX37.136\Internet Download Manager v6.05.10\crack\IEExt.htm File not found
O8 - Extra context menu item: QuickDefine - C:\Program Files (x86)\Common Files\microsoft shared\Reference Titles\eddefine.htm ()
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre7\bin\jp2iexp.dll ()
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.21.2)
O16 - DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{50E85FEB-E007-45E8-A588-742A30D19941}: NameServer = 46.184.252.171 46.184.252.82
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{60D8391B-FB23-4063-83BA-281FECD708AE}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8C0BDDB9-9EE1-42AC-8A70-23BE28B8C50A}: DhcpNameServer = 192.168.100.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A267094A-40C3-47D3-8DAE-302A089FA963}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B4E1DD84-082B-4E48-95F7-B9F21F406F24}: NameServer = 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DD41DE21-F7EB-4434-9DAB-E5924B4B42FB}: DhcpNameServer = 192.168.1.1 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL File not found
O20:64bit: - AppInit_DLLs: (c:\windows\syswow64\nvinit.dll) - c:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) - C:\Windows\SysWOW64\guard32.dll (COMODO)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO)
O20 - AppInit_DLLs: (c:\windows\syswow64\nvinit.dll) - c:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) - C:\Windows\SysWOW64\guard32.dll (COMODO)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 0
O33 - MountPoints2\{02c8fcea-4ca3-11e1-bef9-b0f753bc31d4}\Shell - "" = AutoRun
O33 - MountPoints2\{02c8fcea-4ca3-11e1-bef9-b0f753bc31d4}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{33399f99-67c2-11e1-8d4c-a98bf1d84fd7}\Shell - "" = AutoRun
O33 - MountPoints2\{33399f99-67c2-11e1-8d4c-a98bf1d84fd7}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{3c7c41a4-2031-11e1-b52f-ee78cfe267cc}\Shell - "" = AutoRun
O33 - MountPoints2\{3c7c41a4-2031-11e1-b52f-ee78cfe267cc}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{3c7c41cd-2031-11e1-b52f-cfa96447c4ac}\Shell - "" = AutoRun
O33 - MountPoints2\{3c7c41cd-2031-11e1-b52f-cfa96447c4ac}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{3c7c41fc-2031-11e1-b52f-cfa96447c4ac}\Shell - "" = AutoRun
O33 - MountPoints2\{3c7c41fc-2031-11e1-b52f-cfa96447c4ac}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{4af26f6f-30a6-11e1-9b94-910f30baeed7}\Shell - "" = AutoRun
O33 - MountPoints2\{4af26f6f-30a6-11e1-9b94-910f30baeed7}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{4af26f77-30a6-11e1-9b94-910f30baeed7}\Shell - "" = AutoRun
O33 - MountPoints2\{4af26f77-30a6-11e1-9b94-910f30baeed7}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{6e1e4585-2fd1-11e2-a558-c0f8da9ce4fc}\Shell - "" = AutoRun
O33 - MountPoints2\{6e1e4585-2fd1-11e2-a558-c0f8da9ce4fc}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{6e1e459a-2fd1-11e2-a558-c0f8da9ce4fc}\Shell - "" = AutoRun
O33 - MountPoints2\{6e1e459a-2fd1-11e2-a558-c0f8da9ce4fc}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{6e1e45b1-2fd1-11e2-a558-c0f8da9ce4fc}\Shell - "" = AutoRun
O33 - MountPoints2\{6e1e45b1-2fd1-11e2-a558-c0f8da9ce4fc}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{6e1e45c3-2fd1-11e2-a558-c0f8da9ce4fc}\Shell - "" = AutoRun
O33 - MountPoints2\{6e1e45c3-2fd1-11e2-a558-c0f8da9ce4fc}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{73f29098-acba-11e1-b04f-bb72616340ba}\Shell - "" = AutoRun
O33 - MountPoints2\{73f29098-acba-11e1-b04f-bb72616340ba}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{73f290a8-acba-11e1-b04f-bb72616340ba}\Shell - "" = AutoRun
O33 - MountPoints2\{73f290a8-acba-11e1-b04f-bb72616340ba}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{73f290b2-acba-11e1-b04f-bb72616340ba}\Shell - "" = AutoRun
O33 - MountPoints2\{73f290b2-acba-11e1-b04f-bb72616340ba}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{792b117a-79e6-11e2-8803-c0f8da9ce4fc}\Shell - "" = AutoRun
O33 - MountPoints2\{792b117a-79e6-11e2-8803-c0f8da9ce4fc}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{7b2ec2e4-ccc5-11e0-a18e-001e101f50a4}\Shell - "" = AutoRun
O33 - MountPoints2\{7b2ec2e4-ccc5-11e0-a18e-001e101f50a4}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{85dd8db7-99f3-11e2-9cf8-c0f8da9ce4fc}\Shell - "" = AutoRun
O33 - MountPoints2\{85dd8db7-99f3-11e2-9cf8-c0f8da9ce4fc}\Shell\AutoRun\command - "" = G:\Setup.exe /Auto
O33 - MountPoints2\{86568119-c4b4-11e0-b905-001e101f24f1}\Shell - "" = AutoRun
O33 - MountPoints2\{86568119-c4b4-11e0-b905-001e101f24f1}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{86568127-c4b4-11e0-b905-001e101f24f1}\Shell - "" = AutoRun
O33 - MountPoints2\{86568127-c4b4-11e0-b905-001e101f24f1}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{b37abe37-0cab-11e1-8e39-f1be9be713a1}\Shell - "" = AutoRun
O33 - MountPoints2\{b37abe37-0cab-11e1-8e39-f1be9be713a1}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{b37abe3e-0cab-11e1-8e39-f1be9be713a1}\Shell - "" = AutoRun
O33 - MountPoints2\{b37abe3e-0cab-11e1-8e39-f1be9be713a1}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{b3999c83-9c5f-11e1-b456-e3fa1a8666c4}\Shell - "" = AutoRun
O33 - MountPoints2\{b3999c83-9c5f-11e1-b456-e3fa1a8666c4}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{b78e385c-0a03-11e1-916b-95476b19059a}\Shell - "" = AutoRun
O33 - MountPoints2\{b78e385c-0a03-11e1-916b-95476b19059a}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{b78e3869-0a03-11e1-916b-95476b19059a}\Shell - "" = AutoRun
O33 - MountPoints2\{b78e3869-0a03-11e1-916b-95476b19059a}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{b78e3877-0a03-11e1-916b-95476b19059a}\Shell - "" = AutoRun
O33 - MountPoints2\{b78e3877-0a03-11e1-916b-95476b19059a}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{c60b1d03-948a-11e1-b452-a9fb93de33a9}\Shell - "" = AutoRun
O33 - MountPoints2\{c60b1d03-948a-11e1-b452-a9fb93de33a9}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{e453e644-42ec-11e1-ba57-dbe944af10d1}\Shell - "" = AutoRun
O33 - MountPoints2\{e453e644-42ec-11e1-ba57-dbe944af10d1}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{e5e543a2-b458-11e0-8134-c0f8da9ce4fc}\Shell - "" = AutoRun
O33 - MountPoints2\{e5e543a2-b458-11e0-8134-c0f8da9ce4fc}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{e5e543b7-b458-11e0-8134-c0f8da9ce4fc}\Shell - "" = AutoRun
O33 - MountPoints2\{e5e543b7-b458-11e0-8134-c0f8da9ce4fc}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{e5e543d4-b458-11e0-8134-c0f8da9ce4fc}\Shell - "" = AutoRun
O33 - MountPoints2\{e5e543d4-b458-11e0-8134-c0f8da9ce4fc}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{e98d437d-d555-11e0-8ea9-001e101f8ed0}\Shell - "" = AutoRun
O33 - MountPoints2\{e98d437d-d555-11e0-8ea9-001e101f8ed0}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{e98d47ad-d555-11e0-8ea9-001e101f8ed0}\Shell - "" = AutoRun
O33 - MountPoints2\{e98d47ad-d555-11e0-8ea9-001e101f8ed0}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/08/01 23:20:32 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2013/08/01 23:19:26 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2013/08/01 23:19:14 | 000,000,000 | ---D | C] -- C:\3ca1477372be1ce35eb66ac4b2
[2013/07/29 11:51:10 | 000,000,000 | ---D | C] -- C:\Users\Faraz\Desktop\T
[2013/07/25 04:49:51 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/07/25 04:33:26 | 000,560,934 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Faraz\Desktop\JRT.exe
[2013/07/24 19:03:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2013/07/24 19:03:10 | 000,000,000 | ---D | C] -- C:\Users\Faraz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2013/07/24 18:58:10 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Faraz\Desktop\OTL.exe
[2013/07/21 00:18:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EVDO BROADBAND PTCL
[2013/07/21 00:18:37 | 000,000,000 | ---D | C] -- C:\Program Files\EVDO BROADBAND PTCL
 
========== Files - Modified Within 30 Days ==========
 
[2013/08/03 23:35:53 | 000,019,184 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/08/03 23:35:53 | 000,019,184 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/08/03 23:30:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/08/03 23:30:23 | 3148,218,368 | -HS- | M] () -- C:\hiberfil.sys
[2013/08/03 23:22:06 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/08/03 23:08:28 | 000,986,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/08/03 23:08:28 | 000,815,680 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/08/03 23:08:28 | 000,169,078 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/08/03 23:07:02 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-182233152-2924250215-3996894080-1000UA.job
[2013/08/03 22:00:15 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-182233152-2924250215-3996894080-1000UA.job
[2013/08/03 11:55:03 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-182233152-2924250215-3996894080-1000Core.job
[2013/08/03 01:00:02 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-182233152-2924250215-3996894080-1000Core.job
[2013/08/02 22:21:22 | 000,002,361 | ---- | M] () -- C:\Users\Faraz\Desktop\Google Chrome.lnk
[2013/08/02 21:17:57 | 000,344,816 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/08/01 23:41:46 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msclmd.dll
[2013/08/01 23:41:45 | 000,175,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msclmd.dll
[2013/07/25 04:38:36 | 000,000,105 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013/07/25 04:20:28 | 000,666,633 | ---- | M] () -- C:\Users\Faraz\Desktop\AdwCleaner.exe
[2013/07/25 04:19:54 | 000,560,934 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Faraz\Desktop\JRT.exe
[2013/07/24 19:03:10 | 000,002,975 | ---- | M] () -- C:\Users\Faraz\Desktop\HiJackThis.lnk
[2013/07/24 18:58:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Faraz\Desktop\OTL.exe
[2013/07/21 00:18:49 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\EVDO BROADBAND PTCL.lnk
[2013/07/20 10:48:19 | 000,000,600 | ---- | M] () -- C:\Users\Faraz\PUTTY.RND
[2013/07/20 10:23:20 | 000,580,227 | ---- | M] () -- C:\Users\Faraz\Desktop\How To Hack Any Email Account.pdf
[2013/07/20 09:03:30 | 000,242,310 | ---- | M] () -- C:\Users\Faraz\Desktop\[Tutorial] Disinfecting and Hacking a Keylogger ~ Software Zone.pdf
[2013/07/19 17:23:55 | 001,474,832 | ---- | M] () -- C:\Windows\SysNative\drivers\sfi.dat
[2013/07/19 16:51:11 | 000,222,725 | ---- | M] () -- C:\Users\Faraz\Desktop\Untitled.jpg
[2013/07/18 00:54:17 | 000,441,269 | ---- | M] () -- C:\Users\Faraz\Desktop\Q's Blog.pdf
[2013/07/16 16:29:58 | 000,174,956 | ---- | M] () -- C:\Users\Faraz\Desktop\HR Q & A.pdf
[2013/07/12 02:14:50 | 001,501,408 | ---- | M] () -- C:\Users\Faraz\Desktop\Understanding The Differ..._ Simple Small Business.pdf
[2013/07/12 01:59:48 | 000,644,296 | ---- | M] () -- C:\Users\Faraz\Desktop\Markup vs. Margin. What ...rence_ – Consero Global.pdf
[2013/07/12 01:54:42 | 002,197,905 | ---- | M] () -- C:\Users\Faraz\Desktop\Gross margin .pdf
[2013/07/10 23:38:42 | 000,001,922 | ---- | M] () -- C:\Users\Public\Desktop\Nitro Pro 8.lnk
 
========== Files Created - No Company Name ==========
 
[2013/07/25 04:36:43 | 000,000,105 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013/07/25 04:33:26 | 000,666,633 | ---- | C] () -- C:\Users\Faraz\Desktop\AdwCleaner.exe
[2013/07/24 19:03:10 | 000,002,975 | ---- | C] () -- C:\Users\Faraz\Desktop\HiJackThis.lnk
[2013/07/21 00:18:49 | 000,000,866 | ---- | C] () -- C:\Users\Public\Desktop\EVDO BROADBAND PTCL.lnk
[2013/07/20 10:23:20 | 000,580,227 | ---- | C] () -- C:\Users\Faraz\Desktop\How To Hack Any Email Account.pdf
[2013/07/20 09:03:23 | 000,242,310 | ---- | C] () -- C:\Users\Faraz\Desktop\[Tutorial] Disinfecting and Hacking a Keylogger ~ Software Zone.pdf
[2013/07/18 00:52:53 | 000,441,269 | ---- | C] () -- C:\Users\Faraz\Desktop\Q's Blog.pdf
[2013/07/16 16:29:21 | 000,174,956 | ---- | C] () -- C:\Users\Faraz\Desktop\HR Q & A.pdf
[2013/07/15 16:16:24 | 002,197,905 | ---- | C] () -- C:\Users\Faraz\Desktop\Gross margin .pdf
[2013/07/15 16:16:24 | 001,501,408 | ---- | C] () -- C:\Users\Faraz\Desktop\Understanding The Differ..._ Simple Small Business.pdf
[2013/07/15 16:16:24 | 000,644,296 | ---- | C] () -- C:\Users\Faraz\Desktop\Markup vs. Margin. What ...rence_ – Consero Global.pdf
[2013/06/27 12:18:04 | 000,033,576 | ---- | C] () -- C:\Windows\SysWow64\BCGPOleAcc.dll
[2013/06/17 14:22:10 | 000,003,441 | ---- | C] () -- C:\Users\Faraz\AppData\Roaming\lgr
[2013/06/16 20:21:28 | 000,000,884 | RHS- | C] () -- C:\Users\Faraz\ntuser.pol
[2013/05/31 12:10:39 | 000,007,605 | ---- | C] () -- C:\Users\Faraz\AppData\Local\Resmon.ResmonCfg
[2013/03/29 14:37:29 | 000,000,004 | ---- | C] () -- C:\Windows\vx86036.dat
[2013/03/29 14:36:01 | 000,000,054 | ---- | C] () -- C:\Windows\Crypkey.ini
[2013/03/29 14:35:58 | 000,011,776 | ---- | C] () -- C:\Windows\Ckrfresh.exe
[2013/03/09 00:05:20 | 000,000,009 | ---- | C] () -- C:\Users\Faraz\AppData\Roaming\WinAcc.EML
[2013/03/08 23:59:52 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\implode.dll
[2012/08/26 01:49:44 | 000,000,022 | ---- | C] () -- C:\Windows\Wininit.ini
[2012/08/05 21:58:10 | 000,002,016 | -HS- | C] () -- C:\Windows\SysWow64\win_fp_sys.dat
[2012/08/05 21:47:33 | 000,000,000 | -HS- | C] () -- C:\Windows\SysWow64\win_fp_app.dat
[2012/08/05 21:47:30 | 000,007,168 | ---- | C] () -- C:\Windows\SysWow64\FPService.exe
[2012/08/05 21:47:29 | 000,116,944 | ---- | C] () -- C:\Windows\Secure.dll
[2012/08/05 21:47:29 | 000,110,800 | ---- | C] () -- C:\Windows\Secure64.dll
[2012/08/05 21:47:29 | 000,035,840 | ---- | C] () -- C:\Windows\SysWow64\WinFPdrv.sys
[2012/08/05 21:47:29 | 000,008,064 | -HS- | C] () -- C:\Windows\SysWow64\win_fp_config.dat
[2012/08/04 22:11:41 | 000,000,327 | ---- | C] () -- C:\Windows\dvdcreator.INI
[2012/08/04 22:07:20 | 000,014,496 | ---- | C] () -- C:\Windows\SysWow64\VDI08X.DAT
[2012/08/04 22:04:00 | 000,135,168 | ---- | C] () -- C:\Windows\SysWow64\VDProductInfoEx.dll
[2012/08/02 01:37:56 | 000,149,504 | ---- | C] () -- C:\Windows\SysWow64\UNWISE.EXE
[2011/10/12 01:02:54 | 000,006,656 | ---- | C] () -- C:\Users\Faraz\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/10 23:25:18 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\cd.dat
[2011/09/27 00:18:38 | 000,037,647 | ---- | C] () -- C:\Users\Faraz\AppData\Roaming\Debut.dmp
[2011/09/01 17:06:21 | 000,000,600 | ---- | C] () -- C:\Users\Faraz\PUTTY.RND
[2011/08/13 23:07:15 | 000,000,990 | -HS- | C] () -- C:\Users\Faraz\AppData\Roaming\systemfl.$dk
 
========== ZeroAccess Check ==========
 
[2011/11/17 12:14:10 | 000,002,048 | -HS- | M] () -- C:\Windows\Installer\{7c0eee1f-7b7e-6235-9f22-0f2dea83d0ae}\@
[2013/07/03 16:10:09 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{7c0eee1f-7b7e-6235-9f22-0f2dea83d0ae}\L
[2013/04/19 11:30:38 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{7c0eee1f-7b7e-6235-9f22-0f2dea83d0ae}\U
[2009/07/14 09:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 10:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 09:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 06:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 17:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 06:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
< End of report >
 


#14 faraz

faraz

    Member

  • Members
  • PipPipPip
  • 78 posts

Posted 03 August 2013 - 01:23 PM

Again the Extras.txt didn't popped up & also it is not on desktop 

 

what should i do ?



#15 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 03 August 2013 - 11:28 PM

Don't worry about Extra.txt

It wasn't needed or asked to popup... We'll set OTL to run it if needed

 

Right click on OTL.exe and choose to "Run as Admin...." allow to run

  • Under the Custom Scans/Fixes box at the bottom, copy/paste in the following in the quote box below. don't include the word Quote please

    :OTL

    IE - HKCU\..\URLSearchHook: {08d6b0b4-c132-470d-a8e2-aa2e9c3851c9} - No CLSID value found
    IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found
    IE - HKCU\..\URLSearchHook: {c34bfb11-eff0-4123-a7a5-79051ef24cf5} - No CLSID value found
    O2:64bit: - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Users\Faraz\AppData\Local\Temp\IDMIECC64.dll File not found
    O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Users\Faraz\AppData\Local\Temp\IDMIECC.dll File not found
    O2 - BHO: (SelectionLinks) - {7825CFB6-490A-436B-9F26-4A7B5CFC01A9} - C:\Program Files (x86)\OApps\SelectionLinks.dll File not found
    O2 - BHO: (ssafEE- saVae) - {98ED5451-2AA6-96DB-7012-46C7C9673C57} - C:\ProgramData\ssafEE- saVae\51d19df9cfdfa.dll File not found
    O2 - BHO: (QUICKfind BHO Object) - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~2\TEXTware\QUICKF~1\PlugIns\IEHelp.dll File not found
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {08D6B0B4-C132-470D-A8E2-AA2E9C3851C9} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C34BFB11-EFF0-4123-A7A5-79051EF24CF5} - No CLSID value found.

    O4 - HKCU..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot File not found

    O8:64bit: - Extra context menu item: Download all links with IDM - C:\Users\Faraz\AppData\Local\Temp\Rar$EX37.136\Internet Download Manager v6.05.10\crack\IEGetAll.htm File not found
    O8:64bit: - Extra context menu item: Download with IDM - C:\Users\Faraz\AppData\Local\Temp\Rar$EX37.136\Internet Download Manager v6.05.10\crack\IEExt.htm File not found
    O8:64bit: - Extra context menu item: QuickDefine - C:\Program Files (x86)\Common Files\microsoft shared\Reference Titles\eddefine.htm ()
    O8 - Extra context menu item: Download all links with IDM - C:\Users\Faraz\AppData\Local\Temp\Rar$EX37.136\Internet Download Manager v6.05.10\crack\IEGetAll.htm File not found
    O8 - Extra context menu item: Download with IDM - C:\Users\Faraz\AppData\Local\Temp\Rar$EX37.136\Internet Download Manager v6.05.10\crack\IEExt.htm File not found
    O33 - MountPoints2\{02c8fcea-4ca3-11e1-bef9-b0f753bc31d4}\Shell - "" = AutoRun
    O33 - MountPoints2\{02c8fcea-4ca3-11e1-bef9-b0f753bc31d4}\Shell\AutoRun\command - "" = G:\AutoRun.exe
    O33 - MountPoints2\{33399f99-67c2-11e1-8d4c-a98bf1d84fd7}\Shell - "" = AutoRun
    O33 - MountPoints2\{33399f99-67c2-11e1-8d4c-a98bf1d84fd7}\Shell\AutoRun\command - "" = G:\AutoRun.exe
    O33 - MountPoints2\{3c7c41a4-2031-11e1-b52f-ee78cfe267cc}\Shell - "" = AutoRun
    O33 - MountPoints2\{3c7c41a4-2031-11e1-b52f-ee78cfe267cc}\Shell\AutoRun\command - "" = G:\AutoRun.exe
    O33 - MountPoints2\{3c7c41cd-2031-11e1-b52f-cfa96447c4ac}\Shell - "" = AutoRun
    O33 - MountPoints2\{3c7c41cd-2031-11e1-b52f-cfa96447c4ac}\Shell\AutoRun\command - "" = G:\AutoRun.exe
    O33 - MountPoints2\{3c7c41fc-2031-11e1-b52f-cfa96447c4ac}\Shell - "" = AutoRun
    O33 - MountPoints2\{3c7c41fc-2031-11e1-b52f-cfa96447c4ac}\Shell\AutoRun\command - "" = G:\AutoRun.exe
    O33 - MountPoints2\{4af26f6f-30a6-11e1-9b94-910f30baeed7}\Shell - "" = AutoRun
    O33 - MountPoints2\{4af26f6f-30a6-11e1-9b94-910f30baeed7}\Shell\AutoRun\command - "" = G:\AutoRun.exe
    O33 - MountPoints2\{4af26f77-30a6-11e1-9b94-910f30baeed7}\Shell - "" = AutoRun
    O33 - MountPoints2\{4af26f77-30a6-11e1-9b94-910f30baeed7}\Shell\AutoRun\command - "" = G:\AutoRun.exe
    O33 - MountPoints2\{6e1e4585-2fd1-11e2-a558-c0f8da9ce4fc}\Shell - "" = AutoRun
    O33 - MountPoints2\{6e1e4585-2fd1-11e2-a558-c0f8da9ce4fc}\Shell\AutoRun\command - "" = G:\AutoRun.exe
    O33 - MountPoints2\{6e1e459a-2fd1-11e2-a558-c0f8da9ce4fc}\Shell - "" = AutoRun
    O33 - MountPoints2\{6e1e459a-2fd1-11e2-a558-c0f8da9ce4fc}\Shell\AutoRun\command - "" = G:\AutoRun.exe
    O33 - MountPoints2\{6e1e45b1-2fd1-11e2-a558-c0f8da9ce4fc}\Shell - "" = AutoRun
    O33 - MountPoints2\{6e1e45b1-2fd1-11e2-a558-c0f8da9ce4fc}\Shell\AutoRun\command - "" = G:\AutoRun.exe
    O33 - MountPoints2\{6e1e45c3-2fd1-11e2-a558-c0f8da9ce4fc}\Shell - "" = AutoRun
    O33 - MountPoints2\{6e1e45c3-2fd1-11e2-a558-c0f8da9ce4fc}\Shell\AutoRun\command - "" = G:\AutoRun.exe
    O33 - MountPoints2\{73f29098-acba-11e1-b04f-bb72616340ba}\Shell - "" = AutoRun
    O33 - MountPoints2\{73f29098-acba-11e1-b04f-bb72616340ba}\Shell\AutoRun\command - "" = G:\AutoRun.exe
    O33 - MountPoints2\{73f290a8-acba-11e1-b04f-bb72616340ba}\Shell - "" = AutoRun
    O33 - MountPoints2\{73f290a8-acba-11e1-b04f-bb72616340ba}\Shell\AutoRun\command - "" = G:\AutoRun.exe
    O33 - MountPoints2\{73f290b2-acba-11e1-b04f-bb72616340ba}\Shell - "" = AutoRun
    O33 - MountPoints2\{73f290b2-acba-11e1-b04f-bb72616340ba}\Shell\AutoRun\command - "" = I:\AutoRun.exe
    O33 - MountPoints2\{792b117a-79e6-11e2-8803-c0f8da9ce4fc}\Shell - "" = AutoRun
    O33 - MountPoints2\{792b117a-79e6-11e2-8803-c0f8da9ce4fc}\Shell\AutoRun\command - "" = G:\AutoRun.exe
    O33 - MountPoints2\{7b2ec2e4-ccc5-11e0-a18e-001e101f50a4}\Shell - "" = AutoRun
    O33 - MountPoints2\{7b2ec2e4-ccc5-11e0-a18e-001e101f50a4}\Shell\AutoRun\command - "" = G:\AutoRun.exe
    O33 - MountPoints2\{85dd8db7-99f3-11e2-9cf8-c0f8da9ce4fc}\Shell - "" = AutoRun
    O33 - MountPoints2\{85dd8db7-99f3-11e2-9cf8-c0f8da9ce4fc}\Shell\AutoRun\command - "" = G:\Setup.exe /Auto
    O33 - MountPoints2\{86568119-c4b4-11e0-b905-001e101f24f1}\Shell - "" = AutoRun
    O33 - MountPoints2\{86568119-c4b4-11e0-b905-001e101f24f1}\Shell\AutoRun\command - "" = G:\AutoRun.exe
    O33 - MountPoints2\{86568127-c4b4-11e0-b905-001e101f24f1}\Shell - "" = AutoRun
    O33 - MountPoints2\{86568127-c4b4-11e0-b905-001e101f24f1}\Shell\AutoRun\command - "" = G:\AutoRun.exe
    O33 - MountPoints2\{b37abe37-0cab-11e1-8e39-f1be9be713a1}\Shell - "" = AutoRun
    O33 - MountPoints2\{b37abe37-0cab-11e1-8e39-f1be9be713a1}\Shell\AutoRun\command - "" = G:\AutoRun.exe
    O33 - MountPoints2\{b37abe3e-0cab-11e1-8e39-f1be9be713a1}\Shell - "" = AutoRun
    O33 - MountPoints2\{b37abe3e-0cab-11e1-8e39-f1be9be713a1}\Shell\AutoRun\command - "" = G:\AutoRun.exe
    O33 - MountPoints2\{b3999c83-9c5f-11e1-b456-e3fa1a8666c4}\Shell - "" = AutoRun
    O33 - MountPoints2\{b3999c83-9c5f-11e1-b456-e3fa1a8666c4}\Shell\AutoRun\command - "" = G:\AutoRun.exe
    O33 - MountPoints2\{b78e385c-0a03-11e1-916b-95476b19059a}\Shell - "" = AutoRun
    O33 - MountPoints2\{b78e385c-0a03-11e1-916b-95476b19059a}\Shell\AutoRun\command - "" = G:\AutoRun.exe
    O33 - MountPoints2\{b78e3869-0a03-11e1-916b-95476b19059a}\Shell - "" = AutoRun
    O33 - MountPoints2\{b78e3869-0a03-11e1-916b-95476b19059a}\Shell\AutoRun\command - "" = G:\AutoRun.exe
    O33 - MountPoints2\{b78e3877-0a03-11e1-916b-95476b19059a}\Shell - "" = AutoRun
    O33 - MountPoints2\{b78e3877-0a03-11e1-916b-95476b19059a}\Shell\AutoRun\command - "" = G:\AutoRun.exe
    O33 - MountPoints2\{c60b1d03-948a-11e1-b452-a9fb93de33a9}\Shell - "" = AutoRun
    O33 - MountPoints2\{c60b1d03-948a-11e1-b452-a9fb93de33a9}\Shell\AutoRun\command - "" = G:\AutoRun.exe
    O33 - MountPoints2\{e453e644-42ec-11e1-ba57-dbe944af10d1}\Shell - "" = AutoRun
    O33 - MountPoints2\{e453e644-42ec-11e1-ba57-dbe944af10d1}\Shell\AutoRun\command - "" = G:\AutoRun.exe
    O33 - MountPoints2\{e5e543a2-b458-11e0-8134-c0f8da9ce4fc}\Shell - "" = AutoRun
    O33 - MountPoints2\{e5e543a2-b458-11e0-8134-c0f8da9ce4fc}\Shell\AutoRun\command - "" = H:\AutoRun.exe
    O33 - MountPoints2\{e5e543b7-b458-11e0-8134-c0f8da9ce4fc}\Shell - "" = AutoRun
    O33 - MountPoints2\{e5e543b7-b458-11e0-8134-c0f8da9ce4fc}\Shell\AutoRun\command - "" = G:\AutoRun.exe
    O33 - MountPoints2\{e5e543d4-b458-11e0-8134-c0f8da9ce4fc}\Shell - "" = AutoRun
    O33 - MountPoints2\{e5e543d4-b458-11e0-8134-c0f8da9ce4fc}\Shell\AutoRun\command - "" = G:\AutoRun.exe
    O33 - MountPoints2\{e98d437d-d555-11e0-8ea9-001e101f8ed0}\Shell - "" = AutoRun
    O33 - MountPoints2\{e98d437d-d555-11e0-8ea9-001e101f8ed0}\Shell\AutoRun\command - "" = G:\AutoRun.exe
    O33 - MountPoints2\{e98d47ad-d555-11e0-8ea9-001e101f8ed0}\Shell - "" = AutoRun
    O33 - MountPoints2\{e98d47ad-d555-11e0-8ea9-001e101f8ed0}\Shell\AutoRun\command - "" = I:\AutoRun.exe

    :Commands
    [EmptyTemp]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

On startup, Allow OTL to run if prompted
A log should open, can you post it please
A copy of this log can also be found in
C:\_OTL\Moved Files folder

 

 

Let me know how things are running please


Do you want to post your own logs from FRST?
Follow the instructions posted Click Here


#16 faraz

faraz

    Member

  • Members
  • PipPipPip
  • 78 posts

Posted 04 August 2013 - 07:42 AM

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{08d6b0b4-c132-470d-a8e2-aa2e9c3851c9} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08d6b0b4-c132-470d-a8e2-aa2e9c3851c9}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{c34bfb11-eff0-4123-a7a5-79051ef24cf5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c34bfb11-eff0-4123-a7a5-79051ef24cf5}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7825CFB6-490A-436B-9F26-4A7B5CFC01A9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7825CFB6-490A-436B-9F26-4A7B5CFC01A9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{98ED5451-2AA6-96DB-7012-46C7C9673C57}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98ED5451-2AA6-96DB-7012-46C7C9673C57}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C08DF07A-3E49-4E25-9AB0-D3882835F153}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C08DF07A-3E49-4E25-9AB0-D3882835F153}\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{08D6B0B4-C132-470D-A8E2-AA2E9C3851C9} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08D6B0B4-C132-470D-A8E2-AA2E9C3851C9}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C34BFB11-EFF0-4123-A7A5-79051EF24CF5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C34BFB11-EFF0-4123-A7A5-79051EF24CF5}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\IDMan deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Download all links with IDM\ deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Download with IDM\ deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\QuickDefine\ deleted successfully.
C:\Program Files (x86)\Common Files\microsoft shared\Reference Titles\eddefine.htm moved successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Download all links with IDM\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Download with IDM\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{02c8fcea-4ca3-11e1-bef9-b0f753bc31d4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02c8fcea-4ca3-11e1-bef9-b0f753bc31d4}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{02c8fcea-4ca3-11e1-bef9-b0f753bc31d4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02c8fcea-4ca3-11e1-bef9-b0f753bc31d4}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{33399f99-67c2-11e1-8d4c-a98bf1d84fd7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33399f99-67c2-11e1-8d4c-a98bf1d84fd7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{33399f99-67c2-11e1-8d4c-a98bf1d84fd7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33399f99-67c2-11e1-8d4c-a98bf1d84fd7}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3c7c41a4-2031-11e1-b52f-ee78cfe267cc}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3c7c41a4-2031-11e1-b52f-ee78cfe267cc}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3c7c41a4-2031-11e1-b52f-ee78cfe267cc}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3c7c41a4-2031-11e1-b52f-ee78cfe267cc}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3c7c41cd-2031-11e1-b52f-cfa96447c4ac}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3c7c41cd-2031-11e1-b52f-cfa96447c4ac}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3c7c41cd-2031-11e1-b52f-cfa96447c4ac}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3c7c41cd-2031-11e1-b52f-cfa96447c4ac}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3c7c41fc-2031-11e1-b52f-cfa96447c4ac}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3c7c41fc-2031-11e1-b52f-cfa96447c4ac}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3c7c41fc-2031-11e1-b52f-cfa96447c4ac}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3c7c41fc-2031-11e1-b52f-cfa96447c4ac}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4af26f6f-30a6-11e1-9b94-910f30baeed7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4af26f6f-30a6-11e1-9b94-910f30baeed7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4af26f6f-30a6-11e1-9b94-910f30baeed7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4af26f6f-30a6-11e1-9b94-910f30baeed7}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4af26f77-30a6-11e1-9b94-910f30baeed7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4af26f77-30a6-11e1-9b94-910f30baeed7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4af26f77-30a6-11e1-9b94-910f30baeed7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4af26f77-30a6-11e1-9b94-910f30baeed7}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6e1e4585-2fd1-11e2-a558-c0f8da9ce4fc}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6e1e4585-2fd1-11e2-a558-c0f8da9ce4fc}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6e1e4585-2fd1-11e2-a558-c0f8da9ce4fc}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6e1e4585-2fd1-11e2-a558-c0f8da9ce4fc}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6e1e459a-2fd1-11e2-a558-c0f8da9ce4fc}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6e1e459a-2fd1-11e2-a558-c0f8da9ce4fc}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6e1e459a-2fd1-11e2-a558-c0f8da9ce4fc}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6e1e459a-2fd1-11e2-a558-c0f8da9ce4fc}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6e1e45b1-2fd1-11e2-a558-c0f8da9ce4fc}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6e1e45b1-2fd1-11e2-a558-c0f8da9ce4fc}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6e1e45b1-2fd1-11e2-a558-c0f8da9ce4fc}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6e1e45b1-2fd1-11e2-a558-c0f8da9ce4fc}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6e1e45c3-2fd1-11e2-a558-c0f8da9ce4fc}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6e1e45c3-2fd1-11e2-a558-c0f8da9ce4fc}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6e1e45c3-2fd1-11e2-a558-c0f8da9ce4fc}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6e1e45c3-2fd1-11e2-a558-c0f8da9ce4fc}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{73f29098-acba-11e1-b04f-bb72616340ba}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73f29098-acba-11e1-b04f-bb72616340ba}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{73f29098-acba-11e1-b04f-bb72616340ba}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73f29098-acba-11e1-b04f-bb72616340ba}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{73f290a8-acba-11e1-b04f-bb72616340ba}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73f290a8-acba-11e1-b04f-bb72616340ba}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{73f290a8-acba-11e1-b04f-bb72616340ba}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73f290a8-acba-11e1-b04f-bb72616340ba}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{73f290b2-acba-11e1-b04f-bb72616340ba}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73f290b2-acba-11e1-b04f-bb72616340ba}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{73f290b2-acba-11e1-b04f-bb72616340ba}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73f290b2-acba-11e1-b04f-bb72616340ba}\ not found.
File I:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{792b117a-79e6-11e2-8803-c0f8da9ce4fc}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{792b117a-79e6-11e2-8803-c0f8da9ce4fc}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{792b117a-79e6-11e2-8803-c0f8da9ce4fc}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{792b117a-79e6-11e2-8803-c0f8da9ce4fc}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7b2ec2e4-ccc5-11e0-a18e-001e101f50a4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7b2ec2e4-ccc5-11e0-a18e-001e101f50a4}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7b2ec2e4-ccc5-11e0-a18e-001e101f50a4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7b2ec2e4-ccc5-11e0-a18e-001e101f50a4}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{85dd8db7-99f3-11e2-9cf8-c0f8da9ce4fc}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{85dd8db7-99f3-11e2-9cf8-c0f8da9ce4fc}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{85dd8db7-99f3-11e2-9cf8-c0f8da9ce4fc}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{85dd8db7-99f3-11e2-9cf8-c0f8da9ce4fc}\ not found.
File G:\Setup.exe /Auto not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{86568119-c4b4-11e0-b905-001e101f24f1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{86568119-c4b4-11e0-b905-001e101f24f1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{86568119-c4b4-11e0-b905-001e101f24f1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{86568119-c4b4-11e0-b905-001e101f24f1}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{86568127-c4b4-11e0-b905-001e101f24f1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{86568127-c4b4-11e0-b905-001e101f24f1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{86568127-c4b4-11e0-b905-001e101f24f1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{86568127-c4b4-11e0-b905-001e101f24f1}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b37abe37-0cab-11e1-8e39-f1be9be713a1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b37abe37-0cab-11e1-8e39-f1be9be713a1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b37abe37-0cab-11e1-8e39-f1be9be713a1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b37abe37-0cab-11e1-8e39-f1be9be713a1}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b37abe3e-0cab-11e1-8e39-f1be9be713a1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b37abe3e-0cab-11e1-8e39-f1be9be713a1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b37abe3e-0cab-11e1-8e39-f1be9be713a1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b37abe3e-0cab-11e1-8e39-f1be9be713a1}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b3999c83-9c5f-11e1-b456-e3fa1a8666c4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b3999c83-9c5f-11e1-b456-e3fa1a8666c4}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b3999c83-9c5f-11e1-b456-e3fa1a8666c4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b3999c83-9c5f-11e1-b456-e3fa1a8666c4}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b78e385c-0a03-11e1-916b-95476b19059a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b78e385c-0a03-11e1-916b-95476b19059a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b78e385c-0a03-11e1-916b-95476b19059a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b78e385c-0a03-11e1-916b-95476b19059a}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b78e3869-0a03-11e1-916b-95476b19059a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b78e3869-0a03-11e1-916b-95476b19059a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b78e3869-0a03-11e1-916b-95476b19059a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b78e3869-0a03-11e1-916b-95476b19059a}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b78e3877-0a03-11e1-916b-95476b19059a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b78e3877-0a03-11e1-916b-95476b19059a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b78e3877-0a03-11e1-916b-95476b19059a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b78e3877-0a03-11e1-916b-95476b19059a}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c60b1d03-948a-11e1-b452-a9fb93de33a9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c60b1d03-948a-11e1-b452-a9fb93de33a9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c60b1d03-948a-11e1-b452-a9fb93de33a9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c60b1d03-948a-11e1-b452-a9fb93de33a9}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e453e644-42ec-11e1-ba57-dbe944af10d1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e453e644-42ec-11e1-ba57-dbe944af10d1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e453e644-42ec-11e1-ba57-dbe944af10d1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e453e644-42ec-11e1-ba57-dbe944af10d1}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e5e543a2-b458-11e0-8134-c0f8da9ce4fc}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e5e543a2-b458-11e0-8134-c0f8da9ce4fc}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e5e543a2-b458-11e0-8134-c0f8da9ce4fc}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e5e543a2-b458-11e0-8134-c0f8da9ce4fc}\ not found.
File H:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e5e543b7-b458-11e0-8134-c0f8da9ce4fc}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e5e543b7-b458-11e0-8134-c0f8da9ce4fc}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e5e543b7-b458-11e0-8134-c0f8da9ce4fc}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e5e543b7-b458-11e0-8134-c0f8da9ce4fc}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e5e543d4-b458-11e0-8134-c0f8da9ce4fc}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e5e543d4-b458-11e0-8134-c0f8da9ce4fc}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e5e543d4-b458-11e0-8134-c0f8da9ce4fc}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e5e543d4-b458-11e0-8134-c0f8da9ce4fc}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e98d437d-d555-11e0-8ea9-001e101f8ed0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e98d437d-d555-11e0-8ea9-001e101f8ed0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e98d437d-d555-11e0-8ea9-001e101f8ed0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e98d437d-d555-11e0-8ea9-001e101f8ed0}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e98d47ad-d555-11e0-8ea9-001e101f8ed0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e98d47ad-d555-11e0-8ea9-001e101f8ed0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e98d47ad-d555-11e0-8ea9-001e101f8ed0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e98d47ad-d555-11e0-8ea9-001e101f8ed0}\ not found.
File I:\AutoRun.exe not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: AppData
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56466 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Faraz
->Temp folder emptied: 13298084 bytes
->Temporary Internet Files folder emptied: 1482353368 bytes
->Java cache emptied: 23858 bytes
->FireFox cache emptied: 66979817 bytes
->Google Chrome cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 14912678 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 63117321 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 100669 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 1,565.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 08042013_174319
 
Files\Folders moved on Reboot...
C:\Users\Faraz\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
 
PendingFileRenameOperations files...
 
Registry entries deleted on Reboot...


#17 faraz

faraz

    Member

  • Members
  • PipPipPip
  • 78 posts

Posted 04 August 2013 - 07:49 AM

system seems to be running good now........ but 

 

  1. i have doubts of some keylogger or hacking backdoor file presence on my system,as my system got hacked recently & he stole all my personal files and after that he hacked all my working email ids 


    have you found any such traces on my system after these logs.....  

     

  2. and i am also seeing some hidden desktop.ini files in almost each folder & dektop ....what is this ? 


#18 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 04 August 2013 - 08:51 AM

and i am also seeing some hidden desktop.ini files in almost each folder & dektop ....

 You probably have windows set to show hidden files/folders
Not a big worry, we'll deal with that in a bit
 
You can open Adwcleaner and click the Uninstall button
 
Can you temporarily disable your Spyware/Virus protections
Let's run a couple more tools
Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then double click on it to run it

Click the START SCAN, when done
If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.
 
In addition:
Download ComboFix from the following location

Link 1
Save it ONLY to your Desktop

Double click on ComboFix to run it, follow the prompts
Click on Yes, to continue scanning for malware if prompted

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply

NOTE: Do not mouseclick inside ComboFix window as it's running, it may cause it to stall
ComboFix will/may run again on startup, it will prompt that it's creating a log
This process could take up to 10 minutes, let it run uninterrupted please

Do you want to post your own logs from FRST?
Follow the instructions posted Click Here


#19 faraz

faraz

    Member

  • Members
  • PipPipPip
  • 78 posts

Posted 07 August 2013 - 07:15 AM

sorry Guestolo m late on response 

 

but i had changed my laptop password & forget it unfortunately

 

can you please first guide me how to remove the password  i have checked & done some tutorials form internet but failed to do so ...

 

 

please its off the topic but guide me to remove the pasword so i could perform your asked steps from last post

 

Thanks



#20 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 07 August 2013 - 05:27 PM

Do you have another Admin account on the computer you can login to and remove the password on your account?

We may have to enable the hidden Admin account and use it to remove the password

This is your computer right?


Do you want to post your own logs from FRST?
Follow the instructions posted Click Here