Print Page - System is popping up continously infected with Trojan Gamethief.Win32.

General Category => Tech Clinic => Topic started by: faraz on July 24, 2013, 09:38:29 AM

Title: System is popping up continously infected with Trojan Gamethief.Win32.
Post by: faraz on July 24, 2013, 09:38:29 AM

My system got infected with viruses

& hijack no producing the log got the error see the attachment

and i have doubts some one had put his script in my system as he his hacking my system & email ids

******************************************************************************************************************************************************************

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 7:33:56 PM, on 24/Jul/13

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal

Running processes:

C:\\Program Files (x86)\\uTorrent\\uTorrent.exe

C:\\Program Files (x86)\\Kaspersky Lab\\Kaspersky Anti-Virus 2013\\avp.exe

C:\\Program Files (x86)\\Nitro\\Pro 8\\NitroPdfThumbnailHelper.exe

C:\\Program Files (x86)\\Comodo\\Dragon\\dragon.exe

C:\\Program Files (x86)\\Kaspersky Lab\\Kaspersky Anti-Virus 2013\\klwtblfs.exe

C:\\Program Files (x86)\\Comodo\\Dragon\\dragon.exe

C:\\Program Files (x86)\\Trend Micro\\HiJackThis\\HiJackThis.exe

R1 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = about:blank

R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = about:blank

R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Search,SearchAssistant =

R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Search,CustomizeSearch =

R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Local Page = C:\\Windows\\SysWOW64\\blank.htm

R1 - HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings,ProxyOverride = local

R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Toolbar,LinksFolderName =

R3 - URLSearchHook: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)

R3 - URLSearchHook: (no name) - {08d6b0b4-c132-470d-a8e2-aa2e9c3851c9} - (no file)

R3 - URLSearchHook: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\\Program Files (x86)\\Hotspot_Shield\\prxtbHot2.dll

R3 - URLSearchHook: (no name) - {c34bfb11-eff0-4123-a7a5-79051ef24cf5} - (no file)

R3 - URLSearchHook: ToolbarURLSearchHook Class - {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\\Program Files (x86)\\ChatSend Toolbar\\tbunsgE75D.tmp\\tbhelper.dll (file missing)

F2 - REG:system.ini: UserInit=userinit.exe,

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\\Users\\Faraz\\AppData\\Local\\Temp\\IDMIECC.dll (file missing)

O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\\Program Files (x86)\\ConduitEngine\\prxConduitEngin.dll (file missing)

O2 - BHO: ContentBlockerBrowserHelperObject - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\\Program Files (x86)\\Kaspersky Lab\\Kaspersky Anti-Virus 2013\\IEExt\\ContentBlocker\\ie_content_blocker_plugin.dll

O2 - BHO: VirtualKeyboardBrowserHelperObject - {73455575-E40C-433C-9784-C78DC7761455} - C:\\Program Files (x86)\\Kaspersky Lab\\Kaspersky Anti-Virus 2013\\IEExt\\VirtualKeyboard\\ie_virtual_keyboard_plugin.dll

O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\\Program Files (x86)\\Java\\jre7\\bin\\ssv.dll

O2 - BHO: HelloWorldBHO - {7825CFB6-490A-436B-9F26-4A7B5CFC01A9} - C:\\Program Files (x86)\\OApps\\SelectionLinks.dll (file missing)

O2 - BHO: DefaultTabBHO - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\\Users\\Faraz\\AppData\\Roaming\\DefaultTab\\DefaultTab\\DefaultTabBHO.dll (file missing)

O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\\Program Files (x86)\\Dell Wireless\\Bluetooth Suite\\IEPlugIn.dll

O2 - BHO: ssafEE- saVae - {98ED5451-2AA6-96DB-7012-46C7C9673C57} - C:\\ProgramData\\ssafEE- saVae\\51d19df9cfdfa.dll (file missing)

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\\Program Files (x86)\\Skype\\Toolbars\\Internet Explorer\\skypeieplugin.dll (file missing)

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\\PROGRA~2\\MICROS~3\\Office14\\URLREDIR.DLL

O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\\PROGRA~2\\TEXTware\\QUICKF~1\\PlugIns\\IEHelp.dll (file missing)

O2 - BHO: Hotspot Shield - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\\Program Files (x86)\\Hotspot_Shield\\prxtbHot2.dll

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2ssv.dll

O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\\Program Files (x86)\\Kaspersky Lab\\Kaspersky Anti-Virus 2013\\IEExt\\UrlAdvisor\\klwtbbho.dll

O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\\Program Files (x86)\\Hotspot Shield\\HssIE\\HssIE.dll

O2 - BHO: XBTBPos00 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\\Program Files (x86)\\ChatSend Toolbar\\tbunsgE75D.tmp\\tbcore3.dll (file missing)

O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\\Program Files (x86)\\ConduitEngine\\prxConduitEngin.dll (file missing)

O3 - Toolbar: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\\Program Files (x86)\\Hotspot_Shield\\prxtbHot2.dll

O3 - Toolbar: ChatSend Toolbar - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\\Program Files (x86)\\ChatSend Toolbar\\tbunsgE75D.tmp\\tbcore3.dll (file missing)

O4 - HKLM\\..\\Run: [AVP] \"C:\\Program Files (x86)\\Kaspersky Lab\\Kaspersky Anti-Virus 2013\\avp.exe\"

O4 - HKCU\\..\\Run: [uTorrent] \"C:\\Program Files (x86)\\uTorrent\\uTorrent.exe\" /MINIMIZED

O4 - HKCU\\..\\Run: [IDMan] C:\\Program Files (x86)\\Internet Download Manager\\IDMan.exe /onboot

O4 - HKCU\\..\\Run: [Sidebar] C:\\Program Files\\Windows Sidebar\\sidebar.exe /autoRun

O4 - HKUS\\S-1-5-19\\..\\Run: [Sidebar] %ProgramFiles%\\Windows Sidebar\\Sidebar.exe /autoRun (User \'LOCAL SERVICE\')

O4 - HKUS\\S-1-5-19\\..\\RunOnce: [mctadmin] C:\\Windows\\System32\\mctadmin.exe (User \'LOCAL SERVICE\')

O4 - HKUS\\S-1-5-20\\..\\Run: [Sidebar] %ProgramFiles%\\Windows Sidebar\\Sidebar.exe /autoRun (User \'NETWORK SERVICE\')

O4 - HKUS\\S-1-5-20\\..\\RunOnce: [mctadmin] C:\\Windows\\System32\\mctadmin.exe (User \'NETWORK SERVICE\')

O4 - HKUS\\S-1-5-18\\..\\Run: [Mobile Partner] C:\\Program Files (x86)\\VIVA WiFi\\VIVA WiFi (User \'SYSTEM\')

O4 - HKUS\\.DEFAULT\\..\\Run: [Mobile Partner] C:\\Program Files (x86)\\VIVA WiFi\\VIVA WiFi (User \'Default user\')

O8 - Extra context menu item: Download all links with IDM - C:\\Users\\Faraz\\AppData\\Local\\Temp\\Rar$EX37.136\\Internet Download Manager v6.05.10\\crack\\IEGetAll.htm

O8 - Extra context menu item: Download with IDM - C:\\Users\\Faraz\\AppData\\Local\\Temp\\Rar$EX37.136\\Internet Download Manager v6.05.10\\crack\\IEExt.htm

O8 - Extra context menu item: QuickDefine - C:\\Program Files (x86)\\Common Files\\Microsoft Shared\\Reference Titles\\eddefine.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll

O9 - Extra \'Tools\' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll

O9 - Extra button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\\Program Files (x86)\\Kaspersky Lab\\Kaspersky Anti-Virus 2013\\IEExt\\VirtualKeyboard\\ie_virtual_keyboard_plugin.dll

O9 - Extra button: ChatSend Toolbar - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\\Program Files (x86)\\ChatSend Toolbar\\tbunsgE75D.tmp\\tbcore3.dll (file missing)

O9 - Extra \'Tools\' menuitem: ChatSend Toolbar - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\\Program Files (x86)\\ChatSend Toolbar\\tbunsgE75D.tmp\\tbcore3.dll (file missing)

O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\\Program Files (x86)\\Dell Wireless\\Bluetooth Suite\\IEPlugIn.dll

O9 - Extra \'Tools\' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\\Program Files (x86)\\Dell Wireless\\Bluetooth Suite\\IEPlugIn.dll

O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\\Program Files (x86)\\Skype\\Toolbars\\Internet Explorer\\skypeieplugin.dll (file missing)

O9 - Extra \'Tools\' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\\Program Files (x86)\\Skype\\Toolbars\\Internet Explorer\\skypeieplugin.dll (file missing)

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\\PROGRA~2\\MICROS~3\\Office12\\REFIEBAR.DLL

O9 - Extra button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\\Program Files (x86)\\Kaspersky Lab\\Kaspersky Anti-Virus 2013\\IEExt\\UrlAdvisor\\klwtbbho.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O17 - HKLM\\System\\CCS\\Services\\Tcpip\\..\\{50E85FEB-E007-45E8-A588-742A30D19941}: NameServer = 46.184.252.171 46.184.252.82

O17 - HKLM\\System\\CCS\\Services\\Tcpip\\..\\{B4E1DD84-082B-4E48-95F7-B9F21F406F24}: NameServer = 8.8.8.8

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\\Program Files (x86)\\Skype\\Toolbars\\Internet Explorer\\skypeieplugin.dll (file missing)

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\\PROGRA~2\\COMMON~1\\Skype\\SKYPE4~1.DLL

O20 - AppInit_DLLs: c:\\windows\\syswow64\\nvinit.dll C:\\Windows\\SysWOW64\\guard32.dll

O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\\Program Files (x86)\\Kaspersky Lab\\Kaspersky Anti-Virus 2013\\avp.exe

O23 - Service: @%systemroot%\\system32\\CISVC.EXE,-1 (CISVC) - Unknown owner - C:\\Windows\\system32\\CISVC.EXE (file missing)

O23 - Service: COMODO livePCsupport Service (CLPSLS) - COMODO - C:\\Program Files\\COMODO\\COMODO GeekBuddy\\CLPSLS.exe

O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\\Program Files\\COMODO\\COMODO Internet Security\\cmdagent.exe

O23 - Service: @%SystemRoot%\\system32\\efssvc.dll,-100 (EFS) - Unknown owner - C:\\Windows\\System32\\lsass.exe (file missing)

O23 - Service: @%systemroot%\\system32\\fxsresm.dll,-118 (Fax) - Unknown owner - C:\\Windows\\system32\\fxssvc.exe (file missing)

O23 - Service: Hotspot Shield Service (hshld) - Unknown owner - C:\\Program Files (x86)\\Hotspot Shield\\bin\\cmw_srv.exe (file missing)

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\\Windows\\system32\\lsass.exe (file missing)

O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\\Program Files (x86)\\Intel\\Intel(R) Management Engine Components\\LMS\\LMS.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\\Windows\\System32\\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\\System32\\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\\Windows\\system32\\lsass.exe (file missing)

O23 - Service: NitroPDFDriverCreatorReadSpool8 (NitroDriverReadSpool8) - Nitro PDF Software - C:\\Program Files\\Common Files\\Nitro\\Pro\\8.0\\NitroPDFDriverService8x64.exe

O23 - Service: Nalpeiron Licensing Service (nlsX86cc) - Nalpeiron Ltd. - C:\\Windows\\SysWOW64\\NLSSRV32.EXE

O23 - Service: @%systemroot%\\system32\\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\\Windows\\system32\\lsass.exe (file missing)

O23 - Service: @%systemroot%\\system32\\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\\Windows\\system32\\locator.exe (file missing)

O23 - Service: @%SystemRoot%\\system32\\samsrv.dll,-1 (SamSs) - Unknown owner - C:\\Windows\\system32\\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\\system32\\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\\Windows\\System32\\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\\system32\\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\\Windows\\System32\\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\\system32\\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\\Windows\\system32\\sppsvc.exe (file missing)

O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\\Program Files (x86)\\NVIDIA Corporation\\3D Vision\\nvSCPAPISvr.exe

O23 - Service: UDisk Monitor - Unknown owner - C:\\Program Files\\EVDO BROADBAND PTCL\\bin\\MonServiceUDisk64.exe

O23 - Service: @%SystemRoot%\\system32\\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\\Windows\\system32\\UI0Detect.exe (file missing)

O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\\Program Files (x86)\\Intel\\Intel(R) Management Engine Components\\UNS\\UNS.exe

O23 - Service: @%SystemRoot%\\system32\\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\\Windows\\system32\\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\\system32\\vds.exe,-100 (vds) - Unknown owner - C:\\Windows\\System32\\vds.exe (file missing)

O23 - Service: VIVA Broadband. OUC (VIVA Broadband. RunOuc) - Unknown owner - C:\\Program Files (x86)\\VIVA Broadband\\UpdateDog\\ouc.exe (file missing)

O23 - Service: @%systemroot%\\system32\\vssvc.exe,-102 (VSS) - Unknown owner - C:\\Windows\\system32\\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\\system32\\Wat\\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\\Windows\\system32\\Wat\\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\\system32\\wbengine.exe,-104 (wbengine) - Unknown owner - C:\\Windows\\system32\\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\\system32\\wbem\\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\\Windows\\system32\\wbem\\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\\Windows Media Player\\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\\Program Files (x86)\\Windows Media Player\\wmpnetwk.exe (file missing)

End of file - 13996 bytes

Title: System is popping up continously infected with Trojan Gamethief.Win32.
Post by: faraz on July 24, 2013, 09:59:47 AM

OTL logfile created on: 24/Jul/13 7:40:59 PM - Run 2

OTL by OldTimer - Version 3.2.69.0 Folder = C:\\Users\\Faraz\\Desktop

64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd/MMM/yy

3.91 Gb Total Physical Memory | 1.72 Gb Available Physical Memory | 43.98% Memory free

7.82 Gb Paging File | 5.44 Gb Available in Paging File | 69.65% Paging File free

Paging file location(s): ?:\\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\\Windows | %ProgramFiles% = C:\\Program Files (x86)

Drive C: | 48.73 Gb Total Space | 5.88 Gb Free Space | 12.06% Space Free | Partition Type: NTFS

Drive D: | 48.83 Gb Total Space | 2.43 Gb Free Space | 4.97% Space Free | Partition Type: NTFS

Drive E: | 368.10 Gb Total Space | 33.39 Gb Free Space | 9.07% Space Free | Partition Type: NTFS

Computer Name: SLAIN | User Name: Faraz | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 90 Days

========== Processes (SafeList) ==========

PRC - [2013/07/24 18:58:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\\Users\\Faraz\\Desktop\\OTL.exe

PRC - [2013/04/13 12:07:26 | 000,802,136 | ---- | M] (BitTorrent Inc.) -- C:\\Program Files (x86)\\uTorrent\\uTorrent.exe

PRC - [2013/01/14 14:41:14 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) -- C:\\Program Files (x86)\\Kaspersky Lab\\Kaspersky Anti-Virus 2013\\avp.exe

PRC - [2012/09/18 14:28:32 | 000,069,640 | ---- | M] (Nalpeiron Ltd.) -- C:\\Windows\\SysWOW64\\NLSSRV32.EXE

PRC - [2012/09/18 14:28:30 | 000,081,928 | ---- | M] (Nitro PDF) -- C:\\Program Files (x86)\\Nitro\\Pro 8\\NitroPDFThumbnailHelper.exe

PRC - [2012/08/17 21:38:34 | 000,128,440 | ---- | M] (Kaspersky Lab ZAO) -- C:\\Program Files (x86)\\Kaspersky Lab\\Kaspersky Anti-Virus 2013\\klwtblfs.exe

PRC - [2011/10/28 17:19:26 | 001,700,600 | ---- | M] (Comodo) -- C:\\Program Files (x86)\\Comodo\\Dragon\\dragon.exe

PRC - [2011/04/21 19:32:26 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\\Program Files (x86)\\NVIDIA Corporation\\3D Vision\\nvSCPAPISvr.exe

PRC - [2010/10/05 21:04:12 | 002,655,768 | ---- | M] (Intel Corporation) -- C:\\Program Files (x86)\\Intel\\Intel(R) Management Engine Components\\UNS\\UNS.exe

PRC - [2010/10/05 21:04:08 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\\Program Files (x86)\\Intel\\Intel(R) Management Engine Components\\LMS\\LMS.exe

PRC - [2007/02/10 07:29:54 | 029,178,224 | ---- | M] (Microsoft Corporation) -- C:\\Program Files (x86)\\MSSQL\\Primavera\\MSSQL.1\\MSSQL\\Binn\\sqlservr.exe

PRC - [2006/08/28 04:53:48 | 000,092,952 | ---- | M] (Microsoft Corporation) -- C:\\Program Files (x86)\\MSSQL\\Primavera\\MSSQL.1\\MSSQL\\Binn\\msftesql.exe

========== Modules (No Company Name) ==========

MOD - [2013/06/12 21:24:12 | 016,033,160 | ---- | M] () -- C:\\Windows\\SysWOW64\\Macromed\\Flash\\NPSWF32_11_7_700_224.dll

MOD - [2012/08/17 21:38:56 | 000,479,160 | ---- | M] () -- C:\\Program Files (x86)\\Kaspersky Lab\\Kaspersky Anti-Virus 2013\\dblite.dll

MOD - [2011/10/28 17:19:26 | 001,097,480 | ---- | M] () -- C:\\Program Files (x86)\\Comodo\\Dragon\\avcodec-53.dll

MOD - [2011/10/28 17:19:26 | 000,189,192 | ---- | M] () -- C:\\Program Files (x86)\\Comodo\\Dragon\\avformat-53.dll

MOD - [2011/10/28 17:19:26 | 000,121,608 | ---- | M] () -- C:\\Program Files (x86)\\Comodo\\Dragon\\avutil-51.dll

MOD - [2011/04/22 08:13:00 | 000,004,096 | ---- | M] () -- C:\\Program Files (x86)\\NVIDIA Corporation\\coprocmanager\\detoured.dll

========== Services (SafeList) ==========

SRV:64bit: - [2012/11/08 04:37:39 | 002,828,408 | ---- | M] (COMODO) [Auto | Running] -- C:\\Program Files\\COMODO\\COMODO Internet Security\\cmdagent.exe -- (cmdAgent)

SRV:64bit: - [2012/09/18 14:28:28 | 000,230,920 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\\Program Files\\Common Files\\Nitro\\Pro\\8.0\\NitroPDFDriverService8x64.exe -- (NitroDriverReadSpool8)

SRV:64bit: - [2011/11/23 15:27:10 | 001,267,000 | ---- | M] (COMODO) [Auto | Running] -- C:\\Program Files\\COMODO\\COMODO GeekBuddy\\CLPSLS.exe -- (CLPSLS)

SRV:64bit: - [2010/03/19 01:25:55 | 000,126,976 | ---- | M] (CrypKey (Canada) Ltd.) [Disabled | Stopped] -- C:\\Windows\\SysNative\\Crypserv.exe -- (CrypKey License)

SRV:64bit: - [2009/08/25 09:15:30 | 000,410,112 | ---- | M] () [Auto | Running] -- C:\\Program Files\\EVDO BROADBAND PTCL\\bin\\MonServiceUDisk64.exe -- (UDisk Monitor)

SRV:64bit: - [2009/07/14 06:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\\Program Files\\Windows Defender\\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2009/07/14 06:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\\Windows\\SysNative\\appmgmts.dll -- (AppMgmt)

SRV:64bit: - [2009/07/14 06:38:59 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\\Windows\\SysNative\\CISVC.EXE -- (CISVC)

SRV - [2013/06/21 06:11:32 | 000,078,512 | ---- | M] () [Disabled | Stopped] -- C:\\Program Files (x86)\\Hotspot Shield\\bin\\HssTrayService.exe -- (HssTrayService)

SRV - [2013/06/21 05:51:32 | 000,548,136 | ---- | M] () [Disabled | Stopped] -- C:\\Program Files (x86)\\Hotspot Shield\\bin\\hsswd.exe -- (HssWd)

SRV - [2013/06/12 21:24:16 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2013/02/28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\\Program Files (x86)\\Skype\\Updater\\Updater.exe -- (SkypeUpdate)

SRV - [2013/01/14 14:41:14 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\\Program Files (x86)\\Kaspersky Lab\\Kaspersky Anti-Virus 2013\\avp.exe -- (AVP)

SRV - [2012/09/18 14:28:32 | 000,069,640 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\\Windows\\SysWOW64\\NLSSRV32.EXE -- (nlsX86cc)

SRV - [2011/04/22 08:13:00 | 002,009,704 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\\Program Files (x86)\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe -- (nvUpdatusService)

SRV - [2011/04/21 19:32:26 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\\Program Files (x86)\\NVIDIA Corporation\\3D Vision\\nvSCPAPISvr.exe -- (Stereo Service)

SRV - [2011/03/14 20:27:34 | 000,346,976 | ---- | M] () [Disabled | Stopped] -- C:\\ProgramData\\DatacardService\\HWDeviceService64.exe -- (HWDeviceService64.exe)

SRV - [2010/12/17 14:46:48 | 000,053,920 | ---- | M] (Atheros Commnucations) [Disabled | Stopped] -- C:\\Program Files (x86)\\Dell Wireless\\Bluetooth Suite\\AdminService.exe -- (AtherosSvc)

SRV - [2010/11/03 12:01:34 | 000,983,104 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\\Program Files (x86)\\Intel\\Bluetooth\\obexsrv.exe -- (Bluetooth OBEX Service)

SRV - [2010/11/03 12:01:20 | 001,298,496 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\\Program Files (x86)\\Intel\\Bluetooth\\mediasrv.exe -- (Bluetooth Media Service)

SRV - [2010/11/03 11:53:28 | 000,897,088 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\\Program Files (x86)\\Intel\\Bluetooth\\devmonsrv.exe -- (Bluetooth Device Monitor)

SRV - [2010/10/05 21:04:12 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\\Program Files (x86)\\Intel\\Intel(R) Management Engine Components\\UNS\\UNS.exe -- (UNS)

SRV - [2010/10/05 21:04:08 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\\Program Files (x86)\\Intel\\Intel(R) Management Engine Components\\LMS\\LMS.exe -- (LMS)

SRV - [2010/10/01 11:49:08 | 000,151,552 | ---- | M] (Atheros) [Disabled | Stopped] -- C:\\Program Files (x86)\\Dell Wireless\\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent)

SRV - [2009/07/14 06:15:31 | 000,396,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\\Windows\\SysWOW64\\inetsrv\\iisw3adm.dll -- (WAS)

SRV - [2009/07/14 06:15:31 | 000,396,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\\Windows\\SysWOW64\\inetsrv\\iisw3adm.dll -- (W3SVC)

SRV - [2009/07/14 06:14:53 | 000,061,440 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\\Windows\\SysWOW64\\inetsrv\\apphostsvc.dll -- (AppHostSvc)

SRV - [2009/06/11 02:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2007/12/03 14:43:06 | 000,841,728 | ---- | M] () [Disabled | Stopped] -- C:\\Program Files (x86)\\Common Files\\Primavera Common\\BackgroundAgent\\PrmBackgroundAgent.exe -- (PrmBackAgent)

SRV - [2007/02/10 07:29:54 | 029,178,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\\Program Files (x86)\\MSSQL\\Primavera\\MSSQL.1\\MSSQL\\Binn\\sqlservr.exe -- (MSSQL$PRIMAVERA)

SRV - [2006/08/28 04:53:48 | 000,092,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\\Program Files (x86)\\MSSQL\\Primavera\\MSSQL.1\\MSSQL\\Binn\\msftesql.exe -- (msftesql$PRIMAVERA)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/07/14 22:10:42 | 000,178,448 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\\Windows\\SysNative\\drivers\\kneps.sys -- (kneps)

DRV:64bit: - [2013/07/14 22:10:38 | 000,054,368 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\\Windows\\SysNative\\drivers\\kltdi.sys -- (kltdi)

DRV:64bit: - [2013/07/14 22:10:03 | 000,620,128 | ---- | M] (Kaspersky Lab ZAO) [File_System | System | Running] -- C:\\Windows\\SysNative\\drivers\\klif.sys -- (KLIF)

DRV:64bit: - [2013/06/21 06:07:16 | 000,046,792 | ---- | M] (AnchorFree Inc.) [Kernel | System | Running] -- C:\\Windows\\SysNative\\drivers\\hssdrv6.sys -- (HssDRV6)

DRV:64bit: - [2013/04/25 00:28:08 | 000,042,184 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Running] -- C:\\Windows\\SysNative\\drivers\\taphss6.sys -- (taphss6)

DRV:64bit: - [2013/01/14 14:41:12 | 000,029,528 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\\Windows\\SysNative\\drivers\\klmouflt.sys -- (klmouflt)

DRV:64bit: - [2013/01/14 14:41:12 | 000,029,016 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\\Windows\\SysNative\\drivers\\klkbdflt.sys -- (klkbdflt)

DRV:64bit: - [2012/11/08 04:37:57 | 000,022,736 | ---- | M] (COMODO) [File_System | System | Running] -- C:\\Windows\\SysNative\\drivers\\cmderd.sys -- (cmderd)

DRV:64bit: - [2012/08/02 15:09:34 | 000,028,504 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\\Windows\\SysNative\\drivers\\klim6.sys -- (KLIM6)

DRV:64bit: - [2012/06/21 00:15:53 | 000,028,672 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\ew_juextctrl.sys -- (huawei_ext_ctrl)

DRV:64bit: - [2012/06/21 00:15:52 | 000,422,400 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\ewusbwwan.sys -- (ewusbmbb)

DRV:64bit: - [2012/06/21 00:15:52 | 000,223,232 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\ewusbmdm.sys -- (hwdatacard)

DRV:64bit: - [2012/06/21 00:15:52 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\ew_hwusbdev.sys -- (ew_hwusbdev)

DRV:64bit: - [2012/06/21 00:15:52 | 000,098,304 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\ew_jucdcacm.sys -- (huawei_cdcacm)

DRV:64bit: - [2012/06/21 00:15:52 | 000,087,040 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\\Windows\\SysNative\\drivers\\ew_jubusenum.sys -- (huawei_enumerator)

DRV:64bit: - [2012/06/21 00:15:52 | 000,072,192 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\ew_jucdcecm.sys -- (huawei_cdcecm)

DRV:64bit: - [2012/06/19 17:28:12 | 000,458,584 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\\Windows\\SysNative\\drivers\\kl1.sys -- (kl1)

DRV:64bit: - [2012/04/23 16:26:26 | 000,154,272 | ---- | M] (Tonec Inc.) [Kernel | Auto | Running] -- C:\\Windows\\SysNative\\drivers\\idmwfp.sys -- (IDMWFP)

DRV:64bit: - [2012/03/01 11:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\\Windows\\SysNative\\drivers\\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\\Windows\\SysNative\\drivers\\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2011/05/25 04:40:10 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\taphss.sys -- (taphss)

DRV:64bit: - [2011/05/13 00:28:46 | 000,363,856 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\\Windows\\SysNative\\drivers\\Apfiltr.sys -- (ApfiltrService)

DRV:64bit: - [2011/04/22 08:13:00 | 000,025,960 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\\Windows\\SysNative\\drivers\\nvpciflt.sys -- (nvpciflt)

DRV:64bit: - [2011/03/26 01:17:50 | 012,262,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\\Windows\\SysNative\\drivers\\igdkmd64.sys -- (igfx)

DRV:64bit: - [2011/03/11 11:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 11:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\\Windows\\SysNative\\drivers\\amdxata.sys -- (amdxata)

DRV:64bit: - [2011/03/03 21:29:20 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\nvhda64v.sys -- (NVHDA)

DRV:64bit: - [2010/12/17 14:47:10 | 000,275,616 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\btfilter.sys -- (BtFilter)

DRV:64bit: - [2010/12/17 14:47:08 | 000,201,376 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\btath_hcrp.sys -- (BTATH_HCRP)

DRV:64bit: - [2010/12/17 14:47:08 | 000,154,272 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\btath_rcp.sys -- (BTATH_RCP)

DRV:64bit: - [2010/12/17 14:47:08 | 000,055,456 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\btath_lwflt.sys -- (BTATH_LWFLT)

DRV:64bit: - [2010/12/17 14:47:08 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\btath_flt.sys -- (AthBTPort)

DRV:64bit: - [2010/12/17 14:47:08 | 000,028,832 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\\Windows\\SysNative\\drivers\\btath_bus.sys -- (BTATH_BUS)

DRV:64bit: - [2010/12/17 14:47:06 | 000,298,144 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\btath_a2dp.sys -- (BTATH_A2DP)

DRV:64bit: - [2010/12/10 13:50:36 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\\Windows\\SysNative\\drivers\\nusb3xhc.sys -- (nusb3xhc)

DRV:64bit: - [2010/12/10 13:50:36 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\\Windows\\SysNative\\drivers\\nusb3hub.sys -- (nusb3hub)

DRV:64bit: - [2010/11/24 11:33:26 | 002,673,664 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\\Windows\\SysNative\\drivers\\athrx.sys -- (athr)

DRV:64bit: - [2010/11/04 05:07:06 | 000,058,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\btmaux.sys -- (btmaux)

DRV:64bit: - [2010/10/19 23:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\\Windows\\SysNative\\drivers\\HECIx64.sys -- (MEIx64)

DRV:64bit: - [2010/05/27 06:30:00 | 001,121,632 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\netr28ux.sys -- (netr28ux)

DRV:64bit: - [2010/03/19 04:11:09 | 000,030,272 | ---- | M] () [Kernel | System | Running] -- C:\\Windows\\SysNative\\Ckldrv.sys -- (NetworkX)

DRV:64bit: - [2009/12/23 19:33:48 | 000,118,360 | ---- | M] (FarStone Inc.) [Kernel | Boot | Running] -- C:\\Windows\\SysNative\\drivers\\FVXSCSI.SYS -- (FVXSCSI)

DRV:64bit: - [2009/07/21 16:04:16 | 000,119,168 | ---- | M] (ZTEMT Incorporated) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\CT_ZTEMT_U_USBSER.sys -- (ztemtusbser)

DRV:64bit: - [2009/07/14 06:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/14 06:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/14 06:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2009/07/14 06:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/07/14 05:06:32 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\usbser.sys -- (usbser)

DRV:64bit: - [2009/06/11 01:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/11 01:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/11 01:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/11 01:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/02/09 10:38:44 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\usbser_lowerfltx64j.sys -- (UsbserFilt)

DRV:64bit: - [2009/02/09 10:38:34 | 000,018,944 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\ccdcmbx64.sys -- (nmwcdx64)

DRV:64bit: - [2009/02/09 10:38:34 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\usbser_lowerfltx64.sys -- (upperdev)

DRV:64bit: - [2009/02/09 10:38:32 | 000,025,088 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\ccdcmbox64.sys -- (nmwcdcx64)

DRV:64bit: - [2008/10/29 10:47:02 | 000,024,592 | ---- | M] (FarStone Inc.) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\FCDABUS.SYS -- (fcdabus)

DRV:64bit: - [2008/05/06 18:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\wdcsam64.sys -- (WDC_SAM)

DRV - [2009/07/14 06:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\\Windows\\SysWOW64\\drivers\\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,Start Page = about:blank

IE:64bit: - HKLM\\..\\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\\..\\SearchScopes\\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: \"URL\" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,Local Page = C:\\Windows\\SysWOW64\\blank.htm

IE - HKLM\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,Start Page = about:blank

IE - HKLM\\..\\URLSearchHook: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\\Program Files (x86)\\Hotspot_Shield\\prxtbHot2.dll (Conduit Ltd.)

IE - HKLM\\..\\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}

IE - HKLM\\..\\SearchScopes\\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: \"URL\" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\\..\\SearchScopes\\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: \"URL\" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3080215

IE - HKLM\\..\\SearchScopes\\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: \"URL\" = http://websearch.searchdwebs.info/?l=1&q={searchTerms}&pid=914&r=2013/07/01&hid=3788853739&lg=EN&cc=PK&unqvl=22

IE - HKLM\\..\\SearchScopes\\{d3f22a84-2a84-49eb-91e6-5dadaaf0165d}: \"URL\" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=GRxdm487YYpk&ptnrS=GRxdm487YYpk&ptb=3441ED52-4C0A-496E-A90E-9AA1CA0EDFEB&ind=2012090111&n=77ee0eff&psa=&st=sb&searchfor={searchTerms}

IE - HKCU\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,Start Page = about:blank

IE - HKCU\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,Start Page Redirect Cache = http://pk.msn.com/?C=PK

IE - HKCU\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,Start Page Redirect Cache AcceptLangs = en-us

IE - HKCU\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,Start Page Redirect Cache_TIMESTAMP = ED 44 0A 8A 56 41 CC 01 [binary data]

IE - HKCU\\..\\URLSearchHook: {08d6b0b4-c132-470d-a8e2-aa2e9c3851c9} - No CLSID value found

IE - HKCU\\..\\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found

IE - HKCU\\..\\URLSearchHook: {c34bfb11-eff0-4123-a7a5-79051ef24cf5} - No CLSID value found

IE - HKCU\\..\\URLSearchHook: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\\Program Files (x86)\\Hotspot_Shield\\prxtbHot2.dll (Conduit Ltd.)

IE - HKCU\\..\\URLSearchHook: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - SOFTWARE\\Classes\\CLSID\\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\\InprocServer32 File not found

IE - HKCU\\..\\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}

IE - HKCU\\..\\SearchScopes\\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: \"URL\" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKCU\\..\\SearchScopes\\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: \"URL\" = http://www2.delta-search.com/?q={searchTerms}&affID=121240&tt=gc_&babsrc=SP_ss&mntrId=64A300FFB4E1DD84

IE - HKCU\\..\\SearchScopes\\{7902DE1C-DFB2-426C-A5A1-F87FD90FBEEB}: \"URL\" = http://www.mysearchresults.com/search?c=3513&t=07&q={searchTerms}

IE - HKCU\\..\\SearchScopes\\{8EEAC88A-079B-4b2c-80C1-7836F79EB40A}: \"URL\" = http://us.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo

IE - HKCU\\..\\SearchScopes\\{95B7759C-8C7F-4BF1-B163-73684A933233}: \"URL\" = http://isearch.avg.com/search?cid={A63E2781-B870-42D9-82C8-A06075A35400}&mid=c81a7d7c81e747d0925b369700e81b25-db1903c4b38bb4be805b7f9e83a77cc34f33ade3&lang=en&ds=gm011&pr=sa&d=2012-04-26 23:17:58&v=11.0.0.9&sap=dsp&q={searchTerms}

IE - HKCU\\..\\SearchScopes\\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: \"URL\" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3080215

IE - HKCU\\..\\SearchScopes\\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: \"URL\" = http://websearch.searchdwebs.info/?l=1&q={searchTerms}&pid=914&r=2013/07/01&hid=3788853739&lg=EN&cc=PK&unqvl=22

IE - HKCU\\..\\SearchScopes\\{c99fdc39-a1ae-4b24-8d71-e5274f8d7c54}: \"URL\" = http://search.hotspotshield.com/g/results.php?c=s&q={searchTerms}

IE - HKCU\\..\\SearchScopes\\{d3f22a84-2a84-49eb-91e6-5dadaaf0165d}: \"URL\" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=GRxdm487YYpk&ptnrS=GRxdm487YYpk&ptb=3441ED52-4C0A-496E-A90E-9AA1CA0EDFEB&ind=2012090111&n=77ee0eff&psa=&st=sb&searchfor={searchTerms}

IE - HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings: \"ProxyEnable\" = 0

IE - HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings: \"ProxyOverride\" = local

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}:6.0.37

FF - prefs.js..extensions.enabledAddons: [email protected]:1.0

FF - prefs.js..browser.search.order.1: \"WebSearch\"

FF - prefs.js..browser.search.defaulturl: \"http://websearch.searchdwebs.info/?pid=914&r=2013/07/01&hid=3788853739&lg=EN&cc=PK&unqvl=22&l=1&q=\"

FF - prefs.js..browser.search.order.1,S: S\", \"WebSearch\"

FF - prefs.js..browser.search.defaultenginename,S: S\", \"WebSearch\"

FF - prefs.js..browser.search.selectedEngine,S: S\", \"WebSearch\"

FF - prefs.js..browser.startup.homepage: \"http://us.yahoo.com?fr=fp-comodo\"

FF - prefs.js..browser.search.defaultenginename: \"Yahoo\"

FF - prefs.js..keyword.URL: \"http://us.search.yahoo.com/search?fr=ytff-comodo&p=\"

FF - prefs.js..browser.search.param.yahoo-fr: \"chrf-comodo\"

FF - prefs.js..browser.search.param.yahoo-fr-cjkt: \"chrf-comodo\"

FF - prefs.js..browser.search.selectedEngine: \"Yahoo\"

FF:64bit: - HKLM\\Software\\MozillaPlugins\\@adobe.com/FlashPlayer: C:\\Windows\\system32\\Macromed\\Flash\\NPSWF64_11_7_700_224.dll File not found

FF:64bit: - HKLM\\Software\\MozillaPlugins\\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\\Software\\MozillaPlugins\\@microsoft.com/OfficeAuthz,version=14.0: C:\\PROGRA~1\\MICROS~3\\Office14\\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\\Software\\MozillaPlugins\\@adobe.com/FlashPlayer: C:\\Windows\\SysWOW64\\Macromed\\Flash\\NPSWF32_11_7_700_224.dll ()

FF - HKLM\\Software\\MozillaPlugins\\@java.com/DTPlugin,version=10.21.2: C:\\Windows\\SysWOW64\\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\\Software\\MozillaPlugins\\@java.com/JavaPlugin: C:\\Program Files (x86)\\Java\\jre7\\bin\\plugin2\\npjp2.dll (Oracle Corporation)

FF - HKLM\\Software\\MozillaPlugins\\@java.com/JavaPlugin,version=10.21.2: C:\\Program Files (x86)\\Java\\jre7\\bin\\plugin2\\npjp2.dll (Oracle Corporation)

FF - HKLM\\Software\\MozillaPlugins\\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\\Program Files (x86)\\Yahoo!\\Shared\\npYState.dll (Yahoo! Inc.)

FF - HKLM\\Software\\MozillaPlugins\\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\\Software\\MozillaPlugins\\@microsoft.com/OfficeAuthz,version=14.0: C:\\PROGRA~2\\MICROS~3\\Office14\\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\\Software\\MozillaPlugins\\@microsoft.com/SharePoint,version=14.0: C:\\PROGRA~2\\MICROS~3\\Office14\\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\\Software\\MozillaPlugins\\@nitropdf.com/NitroPDF: C:\\Program Files (x86)\\Nitro\\Pro 8\\npnitromozilla.dll (Nitro PDF)

FF - HKLM\\Software\\MozillaPlugins\\@nvidia.com/3DVision: C:\\Program Files (x86)\\NVIDIA Corporation\\3D Vision\\npnv3dv.dll (NVIDIA Corporation)

FF - HKLM\\Software\\MozillaPlugins\\@nvidia.com/3DVisionStreaming: C:\\Program Files (x86)\\NVIDIA Corporation\\3D Vision\\npnv3dvstreaming.dll (NVIDIA Corporation)

FF - HKCU\\Software\\MozillaPlugins\\@Skype Limited.com/Facebook Video Calling Plugin: C:\\Users\\Faraz\\AppData\\Local\\Facebook\\Video\\Skype\\npFacebookVideoCalling.dll (Skype Limited)

FF - HKCU\\Software\\MozillaPlugins\\@tools.google.com/Google Update;version=3: C:\\Users\\Faraz\\AppData\\Local\\Google\\Update\\1.3.21.153\\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\\Software\\MozillaPlugins\\@tools.google.com/Google Update;version=9: C:\\Users\\Faraz\\AppData\\Local\\Google\\Update\\1.3.21.153\\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\\software\\mozilla\\Firefox\\Extensions\\\\[email protected]: C:\\Program Files (x86)\\Nokia\\Nokia PC Suite 7\\bkmrksync\\ [2011/07/29 16:13:30 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\\software\\mozilla\\Firefox\\Extensions\\\\[email protected]: C:\\Program Files (x86)\\Kaspersky Lab\\Kaspersky Anti-Virus 2013\\FFExt\\[email protected] [2013/07/14 22:10:50 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\\software\\mozilla\\Mozilla Firefox 11.0\\extensions\\\\Components: C:\\Program Files (x86)\\Mozilla Firefox\\components [2012/04/12 22:29:59 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\\software\\mozilla\\Mozilla Firefox 11.0\\extensions\\\\Plugins: C:\\Program Files (x86)\\Mozilla Firefox\\plugins

FF - HKEY_CURRENT_USER\\software\\mozilla\\Firefox\\Extensions\\\\[email protected]: C:\\Users\\Faraz\\AppData\\Roaming\\IDM\\idmmzcc5 [2013/06/26 07:05:30 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\\software\\mozilla\\SeaMonkey\\Extensions\\\\[email protected]: C:\\Users\\Faraz\\AppData\\Roaming\\IDM\\idmmzcc5 [2013/06/26 07:05:30 | 000,000,000 | ---D | M]

[2012/04/12 22:30:10 | 000,000,000 | ---D | M] (No name found) -- C:\\Users\\Faraz\\AppData\\Roaming\\mozilla\\Extensions

[2013/07/03 16:10:18 | 000,000,000 | ---D | M] (No name found) -- C:\\Users\\Faraz\\AppData\\Roaming\\mozilla\\Firefox\\Profiles\\3ajw8v5r.default\\extensions

[2013/05/07 12:34:31 | 000,000,000 | ---D | M] (SelectionLinks) -- C:\\Users\\Faraz\\AppData\\Roaming\\mozilla\\Firefox\\Profiles\\3ajw8v5r.default\\extensions\\{C92DDD27-768C-4E40-B655-740B017E698D}

[2013/07/01 22:41:30 | 000,000,000 | ---D | M] (No name found) -- C:\\Users\\Faraz\\AppData\\Roaming\\mozilla\\Firefox\\Profiles\\3ajw8v5r.default\\extensions\\staged

[2013/05/12 03:01:32 | 000,006,505 | ---- | M] () -- C:\\Users\\Faraz\\AppData\\Roaming\\mozilla\\firefox\\profiles\\3ajw8v5r.default\\searchplugins\\babylon.xml

[2013/05/12 03:02:06 | 000,001,294 | ---- | M] () -- C:\\Users\\Faraz\\AppData\\Roaming\\mozilla\\firefox\\profiles\\3ajw8v5r.default\\searchplugins\\delta.xml

[2013/07/01 21:18:32 | 000,000,637 | ---- | M] () -- C:\\Users\\Faraz\\AppData\\Roaming\\mozilla\\firefox\\profiles\\3ajw8v5r.default\\searchplugins\\WebSearch.xml

[2013/07/16 14:24:26 | 000,000,000 | ---D | M] (No name found) -- C:\\Program Files (x86)\\Mozilla Firefox\\extensions

[2012/08/03 02:47:40 | 000,000,000 | ---D | M] (Java Console) -- C:\\Program Files (x86)\\Mozilla Firefox\\extensions\\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}

[2012/09/03 20:41:54 | 000,000,000 | ---D | M] (Java Console) -- C:\\Program Files (x86)\\Mozilla Firefox\\extensions\\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}

[2012/04/26 23:00:15 | 000,000,000 | ---D | M] (Hotspot Shield Helper (Please allow this installation)) -- C:\\Program Files (x86)\\Mozilla Firefox\\extensions\\[email protected]

File not found (No name found) -- C:\\PROGRAM FILES (X86)\\MOZILLA FIREFOX\\EXTENSIONS\\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}

[2012/03/13 09:39:39 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\\Program Files (x86)\\mozilla firefox\\components\\browsercomps.dll

[2012/07/10 00:45:35 | 000,003,769 | ---- | M] () -- C:\\Program Files (x86)\\mozilla firefox\\searchplugins\\avg-secure-search.xml

[2012/03/13 09:38:32 | 000,002,252 | ---- | M] () -- C:\\Program Files (x86)\\mozilla firefox\\searchplugins\\bing.xml

[2012/03/13 09:38:32 | 000,002,040 | ---- | M] () -- C:\\Program Files (x86)\\mozilla firefox\\searchplugins\\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}

CHR - homepage: http://us.yahoo.com?fr=fpc-comodo

CHR - plugin: Shockwave Flash (Disabled) = C:\\Users\\Faraz\\AppData\\Local\\Google\\Chrome\\Application\\28.0.1500.72\\PepperFlash\\pepflashplayer.dll

CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\\Users\\Faraz\\AppData\\Local\\Google\\Chrome\\Application\\28.0.1500.72\\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\\Users\\Faraz\\AppData\\Local\\Google\\Chrome\\Application\\28.0.1500.72\\pdf.dll

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\\PROGRA~2\\MICROS~3\\Office14\\NPAUTHZ.DLL

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\\PROGRA~2\\MICROS~3\\Office14\\NPSPWRAP.DLL

CHR - plugin: Java(TM) Platform SE 7 U13 (Enabled) = C:\\Program Files (x86)\\Java\\jre7\\bin\\plugin2\\npjp2.dll

CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\\Program Files (x86)\\NVIDIA Corporation\\3D Vision\\npnv3dv.dll

CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\\Program Files (x86)\\NVIDIA Corporation\\3D Vision\\npnv3dvstreaming.dll

CHR - plugin: Nitro PDF Plug-In (Enabled) = C:\\Program Files (x86)\\Nitro PDF\\Reader 2\\npnitromozilla.dll

CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\\Program Files (x86)\\Real Alternative\\browser\\plugins\\nppl3260.dll

CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\\Program Files (x86)\\Real Alternative\\browser\\plugins\\nprpjplug.dll

CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\\Users\\Faraz\\AppData\\Local\\Facebook\\Video\\Skype\\npFacebookVideoCalling.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\\Windows\\SysWOW64\\Macromed\\Flash\\NPSWF32_11_6_602_180.dll

CHR - plugin: Java Deployment Toolkit 7.0.130.20 (Enabled) = C:\\Windows\\SysWOW64\\npDeployJava1.dll

CHR - Extension: TV = C:\\Users\\Faraz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\beobeededemalmllhkmnkinmfembdimh\\1.0.12_0\\

CHR - Extension: YouTube = C:\\Users\\Faraz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.6_0\\

CHR - Extension: Google Search = C:\\Users\\Faraz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\coobgpohoikkiipiblmjeljniedjpjpf\\0.0.0.20_0\\

CHR - Extension: Kaspersky URL Advisor = C:\\Users\\Faraz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\dchlnpcodkpfdpacogkljefecpegganj\\13.0.1.4190_0\\

CHR - Extension: ESPN Cricinfo = C:\\Users\\Faraz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\dlklinjgampohhihndkofhhaahoicoip\\1.0.0_0\\

CHR - Extension: Google+ = C:\\Users\\Faraz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\dlppkpafhbajpcmmoheippocdidnckmm\\1.2.0.418_0\\

CHR - Extension: ssafEE- saVae = C:\\Users\\Faraz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\epcacbllddpdcojcggmijaggcpambccj\\1\\

CHR - Extension: saafe saveo = C:\\Users\\Faraz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\hbhkimppigjgkknlpoohbcbfdhhbaeig\\1\\

CHR - Extension: Content Blocker = C:\\Users\\Faraz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\hghkgaeecgjhjkannahfamoehjmkjail\\13.0.1.4190_0\\

CHR - Extension: ESPN Cricinfo = C:\\Users\\Faraz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ijhlikjoigjegofbedmfmlcfkmhabldh\\1.8.4.1_0\\

CHR - Extension: Quran = C:\\Users\\Faraz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\iklmggidaneooheckcalppihpgfidbpe\\2_0\\

CHR - Extension: Virtual Keyboard = C:\\Users\\Faraz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\jagncdcchgajhfhijbbhecadmaiegcmh\\13.0.1.4292_0\\

CHR - Extension: ChatZum.com - Easy Pictures zoom = C:\\Users\\Faraz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\jbpcjmidkkgldeplajgnbpjkfpmpeepb\\1.0.9_0\\

CHR - Extension: Web Navigation = C:\\Users\\Faraz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\lkemddiljapcmhicklfpcbpfffahfbja\\1.0_0\\

CHR - Extension: Web Navigation = C:\\Users\\Faraz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\lkemddiljapcmhicklfpcbpfffahfbja\\1.0_0\\.bak

CHR - Extension: Gmail = C:\\Users\\Faraz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\7_1\\

O1 HOSTS File: ([2013/07/03 16:10:09 | 000,000,707 | ---- | M]) - C:\\Windows\\SysNative\\drivers\\etc\\hosts

O2:64bit: - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\\Users\\Faraz\\AppData\\Local\\Temp\\IDMIECC64.dll File not found

O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\\Program Files (x86)\\Kaspersky Lab\\Kaspersky Anti-Virus 2013\\x64\\IEExt\\ContentBlocker\\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)

O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\\Program Files (x86)\\Kaspersky Lab\\Kaspersky Anti-Virus 2013\\x64\\IEExt\\VirtualKeyboard\\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)

O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\\Program Files (x86)\\Kaspersky Lab\\Kaspersky Anti-Virus 2013\\x64\\IEExt\\UrlAdvisor\\klwtbbho.dll (Kaspersky Lab ZAO)

O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\\Program Files (x86)\\Hotspot Shield\\HssIE\\HssIE_64.dll (AnchorFree Inc.)

O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\\Users\\Faraz\\AppData\\Local\\Temp\\IDMIECC.dll File not found

O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\\Program Files (x86)\\ConduitEngine\\prxConduitEngin.dll File not found

O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\\Program Files (x86)\\Kaspersky Lab\\Kaspersky Anti-Virus 2013\\IEExt\\ContentBlocker\\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)

O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\\Program Files (x86)\\Kaspersky Lab\\Kaspersky Anti-Virus 2013\\IEExt\\VirtualKeyboard\\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\\Program Files (x86)\\Java\\jre7\\bin\\ssv.dll (Oracle Corporation)

O2 - BHO: (SelectionLinks) - {7825CFB6-490A-436B-9F26-4A7B5CFC01A9} - C:\\Program Files (x86)\\OApps\\SelectionLinks.dll File not found

O2 - BHO: (DefaultTab Browser Helper) - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\\Users\\Faraz\\AppData\\Roaming\\DefaultTab\\DefaultTab\\DefaultTabBHO.dll File not found

O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\\Program Files (x86)\\Dell Wireless\\Bluetooth Suite\\IEPlugIn.dll (Atheros Commnucations)

O2 - BHO: (ssafEE- saVae) - {98ED5451-2AA6-96DB-7012-46C7C9673C57} - C:\\ProgramData\\ssafEE- saVae\\51d19df9cfdfa.dll File not found

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\\Program Files (x86)\\Skype\\Toolbars\\Internet Explorer\\skypeieplugin.dll File not found

O2 - BHO: (QUICKfind BHO Object) - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\\PROGRA~2\\TEXTware\\QUICKF~1\\PlugIns\\IEHelp.dll File not found

O2 - BHO: (Hotspot Shield Toolbar) - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\\Program Files (x86)\\Hotspot_Shield\\prxtbHot2.dll (Conduit Ltd.)

O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\\Program Files (x86)\\Kaspersky Lab\\Kaspersky Anti-Virus 2013\\IEExt\\UrlAdvisor\\klwtbbho.dll (Kaspersky Lab ZAO)

O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\\Program Files (x86)\\Hotspot Shield\\HssIE\\HssIE.dll (AnchorFree Inc.)

O2 - BHO: (XBTBPos00 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\\Program Files (x86)\\ChatSend Toolbar\\tbunsgE75D.tmp\\tbcore3.dll File not found

O3 - HKLM\\..\\Toolbar: (ChatSend Toolbar) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\\Program Files (x86)\\ChatSend Toolbar\\tbunsgE75D.tmp\\tbcore3.dll File not found

O3 - HKLM\\..\\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\\Program Files (x86)\\ConduitEngine\\prxConduitEngin.dll File not found

O3 - HKLM\\..\\Toolbar: (Hotspot Shield Toolbar) - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\\Program Files (x86)\\Hotspot_Shield\\prxtbHot2.dll (Conduit Ltd.)

O3 - HKCU\\..\\Toolbar\\WebBrowser: (no name) - {08D6B0B4-C132-470D-A8E2-AA2E9C3851C9} - No CLSID value found.

O3 - HKCU\\..\\Toolbar\\WebBrowser: (ChatSend Toolbar) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\\Program Files (x86)\\ChatSend Toolbar\\tbunsgE75D.tmp\\tbcore3.dll File not found

O3 - HKCU\\..\\Toolbar\\WebBrowser: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\\Program Files (x86)\\ConduitEngine\\prxConduitEngin.dll ⠀砀㠀㘀⤀ File not found

O3 - HKCU\\..\\Toolbar\\WebBrowser: (Hotspot Shield Toolbar) - {C95A4E8E-816D-4655-8C79-D736DA1ADB6D} - C:\\Program Files (x86)\\Hotspot_Shield\\prxtbHot2.dll (Conduit Ltd.)

O4:64bit: - HKLM..\\Run: [COMODO Internet Security] C:\\Program Files\\COMODO\\COMODO Internet Security\\cfp.exe (COMODO)

O4:64bit: - HKLM..\\Run: [IgfxTray] C:\\Windows\\SysNative\\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\\Run: [NVHotkey] C:\\Windows\\SysNative\\nvHotkey.dll (NVIDIA Corporation)

O4:64bit: - HKLM..\\Run: [Persistence] C:\\Windows\\SysNative\\igfxpers.exe (Intel Corporation)

O4 - HKLM..\\Run: [AVP] C:\\Program Files (x86)\\Kaspersky Lab\\Kaspersky Anti-Virus 2013\\avp.exe (Kaspersky Lab ZAO)

O4 - HKCU..\\Run: [IDMan] C:\\Program Files (x86)\\Internet Download Manager\\IDMan.exe /onboot File not found

O4 - HKCU..\\Run: [uTorrent] C:\\Program Files (x86)\\uTorrent\\uTorrent.exe (BitTorrent Inc.)

O6 - HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\Explorer: NoActiveDesktop = 1

O6 - HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\Explorer: NoDriveTypeAutoRun = 60

O6 - HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\System: ConsentPromptBehaviorUser = 3

O7 - HKCU\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\Explorer: NoDriveTypeAutoRun = 145

O8:64bit: - Extra context menu item: Download all links with IDM - C:\\Users\\Faraz\\AppData\\Local\\Temp\\Rar$EX37.136\\Internet Download Manager v6.05.10\\crack\\IEGetAll.htm File not found

O8:64bit: - Extra context menu item: Download with IDM - C:\\Users\\Faraz\\AppData\\Local\\Temp\\Rar$EX37.136\\Internet Download Manager v6.05.10\\crack\\IEExt.htm File not found

O8:64bit: - Extra context menu item: QuickDefine - C:\\Program Files (x86)\\Common Files\\microsoft shared\\Reference Titles\\eddefine.htm ()

O8 - Extra context menu item: Download all links with IDM - C:\\Users\\Faraz\\AppData\\Local\\Temp\\Rar$EX37.136\\Internet Download Manager v6.05.10\\crack\\IEGetAll.htm File not found

O8 - Extra context menu item: Download with IDM - C:\\Users\\Faraz\\AppData\\Local\\Temp\\Rar$EX37.136\\Internet Download Manager v6.05.10\\crack\\IEExt.htm File not found

O8 - Extra context menu item: QuickDefine - C:\\Program Files (x86)\\Common Files\\microsoft shared\\Reference Titles\\eddefine.htm ()

O9:64bit: - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\\Program Files (x86)\\Kaspersky Lab\\Kaspersky Anti-Virus 2013\\x64\\IEExt\\VirtualKeyboard\\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)

O9:64bit: - Extra \'Tools\' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found

O9:64bit: - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\\Program Files (x86)\\Kaspersky Lab\\Kaspersky Anti-Virus 2013\\x64\\IEExt\\UrlAdvisor\\klwtbbho.dll (Kaspersky Lab ZAO)

O9 - Extra \'Tools\' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll ()

O9 - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\\Program Files (x86)\\Kaspersky Lab\\Kaspersky Anti-Virus 2013\\IEExt\\VirtualKeyboard\\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)

O9 - Extra Button: ChatSend Toolbar - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\\Program Files (x86)\\ChatSend Toolbar\\tbunsgE75D.tmp\\tbcore3.dll File not found

O9 - Extra \'Tools\' menuitem : ChatSend Toolbar - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\\Program Files (x86)\\ChatSend Toolbar\\tbunsgE75D.tmp\\tbcore3.dll File not found

O9 - Extra \'Tools\' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\\Program Files (x86)\\Dell Wireless\\Bluetooth Suite\\IEPlugIn.dll (Atheros Commnucations)

O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\\Program Files (x86)\\Skype\\Toolbars\\Internet Explorer\\skypeieplugin.dll File not found

O9 - Extra \'Tools\' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\\Program Files (x86)\\Skype\\Toolbars\\Internet Explorer\\skypeieplugin.dll File not found

O9 - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\\Program Files (x86)\\Kaspersky Lab\\Kaspersky Anti-Virus 2013\\IEExt\\UrlAdvisor\\klwtbbho.dll (Kaspersky Lab ZAO)

O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab (Java Plug-in 10.21.2)

O16 - DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab (Java Plug-in 1.7.0_21)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab (Java Plug-in 1.7.0_21)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\\System\\CCS\\Services\\Tcpip\\Parameters: DhcpNameServer = 192.168.100.254

O17 - HKLM\\System\\CCS\\Services\\Tcpip\\Parameters\\Interfaces\\{50E85FEB-E007-45E8-A588-742A30D19941}: NameServer = 46.184.252.171 46.184.252.82

O17 - HKLM\\System\\CCS\\Services\\Tcpip\\Parameters\\Interfaces\\{60D8391B-FB23-4063-83BA-281FECD708AE}: DhcpNameServer = 192.168.1.1 192.168.1.1

O17 - HKLM\\System\\CCS\\Services\\Tcpip\\Parameters\\Interfaces\\{8C0BDDB9-9EE1-42AC-8A70-23BE28B8C50A}: DhcpNameServer = 192.168.100.254

O17 - HKLM\\System\\CCS\\Services\\Tcpip\\Parameters\\Interfaces\\{A267094A-40C3-47D3-8DAE-302A089FA963}: DhcpNameServer = 192.168.1.1 192.168.1.1

O17 - HKLM\\System\\CCS\\Services\\Tcpip\\Parameters\\Interfaces\\{B4E1DD84-082B-4E48-95F7-B9F21F406F24}: NameServer = 8.8.8.8

O17 - HKLM\\System\\CCS\\Services\\Tcpip\\Parameters\\Interfaces\\{D6CF1441-3187-48F4-915E-017B35738A78}: NameServer = 10.0.1.1 192.168.7.2

O17 - HKLM\\System\\CCS\\Services\\Tcpip\\Parameters\\Interfaces\\{DD41DE21-F7EB-4434-9DAB-E5924B4B42FB}: DhcpNameServer = 192.168.1.1 192.168.1.1

O18:64bit: - Protocol\\Handler\\ms-help - No CLSID value found

O18:64bit: - Protocol\\Handler\\skype4com - No CLSID value found

O18:64bit: - Protocol\\Handler\\skype-ie-addon-data - No CLSID value found

O18 - Protocol\\Handler\\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\\Program Files (x86)\\Common Files\\Skype\\Skype4COM.dll (Skype Technologies)

O18 - Protocol\\Handler\\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\\Program Files (x86)\\Skype\\Toolbars\\Internet Explorer\\skypeieplugin.dll File not found

O20:64bit: - AppInit_DLLs: (C:\\Windows\\system32\\nvinitx.dll) - C:\\Windows\\SysNative\\nvinitx.dll (NVIDIA Corporation)

O20:64bit: - AppInit_DLLs: (C:\\Windows\\system32\\guard64.dll) - C:\\Windows\\SysNative\\guard64.dll (COMODO)

O20 - AppInit_DLLs: (c:\\windows\\syswow64\\nvinit.dll) - c:\\Windows\\SysWOW64\\nvinit.dll (NVIDIA Corporation)

O20 - AppInit_DLLs: (C:\\Windows\\SysWOW64\\guard32.dll) - C:\\Windows\\SysWOW64\\guard32.dll (COMODO)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\\Windows\\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\\Windows\\system32\\userinit.exe) - C:\\Windows\\SysNative\\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\\Windows\\SysWow64\\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\\Windows\\SysWow64\\userinit.exe (Microsoft Corporation)

O20:64bit: - Winlogon\\Notify\\igfxcui: DllName - (igfxdev.dll) - C:\\Windows\\SysNative\\igfxdev.dll (Intel Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 0

O33 - MountPoints2\\{02c8fcea-4ca3-11e1-bef9-b0f753bc31d4}\\Shell - \"\" = AutoRun

O33 - MountPoints2\\{02c8fcea-4ca3-11e1-bef9-b0f753bc31d4}\\Shell\\AutoRun\\command - \"\" = G:\\AutoRun.exe

O33 - MountPoints2\\{33399f99-67c2-11e1-8d4c-a98bf1d84fd7}\\Shell - \"\" = AutoRun

O33 - MountPoints2\\{33399f99-67c2-11e1-8d4c-a98bf1d84fd7}\\Shell\\AutoRun\\command - \"\" = G:\\AutoRun.exe

O33 - MountPoints2\\{3c7c41a4-2031-11e1-b52f-ee78cfe267cc}\\Shell - \"\" = AutoRun

O33 - MountPoints2\\{3c7c41a4-2031-11e1-b52f-ee78cfe267cc}\\Shell\\AutoRun\\command - \"\" = G:\\AutoRun.exe

O33 - MountPoints2\\{3c7c41cd-2031-11e1-b52f-cfa96447c4ac}\\Shell - \"\" = AutoRun

O33 - MountPoints2\\{3c7c41cd-2031-11e1-b52f-cfa96447c4ac}\\Shell\\AutoRun\\command - \"\" = G:\\AutoRun.exe

O33 - MountPoints2\\{3c7c41fc-2031-11e1-b52f-cfa96447c4ac}\\Shell - \"\" = AutoRun

O33 - MountPoints2\\{3c7c41fc-2031-11e1-b52f-cfa96447c4ac}\\Shell\\AutoRun\\command - \"\" = G:\\AutoRun.exe

O33 - MountPoints2\\{4af26f6f-30a6-11e1-9b94-910f30baeed7}\\Shell - \"\" = AutoRun

O33 - MountPoints2\\{4af26f6f-30a6-11e1-9b94-910f30baeed7}\\Shell\\AutoRun\\command - \"\" = G:\\AutoRun.exe

O33 - MountPoints2\\{4af26f77-30a6-11e1-9b94-910f30baeed7}\\Shell - \"\" = AutoRun

O33 - MountPoints2\\{4af26f77-30a6-11e1-9b94-910f30baeed7}\\Shell\\AutoRun\\command - \"\" = G:\\AutoRun.exe

O33 - MountPoints2\\{6e1e4585-2fd1-11e2-a558-c0f8da9ce4fc}\\Shell - \"\" = AutoRun

O33 - MountPoints2\\{6e1e4585-2fd1-11e2-a558-c0f8da9ce4fc}\\Shell\\AutoRun\\command - \"\" = G:\\AutoRun.exe

O33 - MountPoints2\\{6e1e459a-2fd1-11e2-a558-c0f8da9ce4fc}\\Shell - \"\" = AutoRun

O33 - MountPoints2\\{6e1e459a-2fd1-11e2-a558-c0f8da9ce4fc}\\Shell\\AutoRun\\command - \"\" = G:\\AutoRun.exe

O33 - MountPoints2\\{6e1e45b1-2fd1-11e2-a558-c0f8da9ce4fc}\\Shell - \"\" = AutoRun

O33 - MountPoints2\\{6e1e45b1-2fd1-11e2-a558-c0f8da9ce4fc}\\Shell\\AutoRun\\command - \"\" = G:\\AutoRun.exe

O33 - MountPoints2\\{6e1e45c3-2fd1-11e2-a558-c0f8da9ce4fc}\\Shell - \"\" = AutoRun

O33 - MountPoints2\\{6e1e45c3-2fd1-11e2-a558-c0f8da9ce4fc}\\Shell\\AutoRun\\command - \"\" = G:\\AutoRun.exe

O33 - MountPoints2\\{73f29098-acba-11e1-b04f-bb72616340ba}\\Shell - \"\" = AutoRun

O33 - MountPoints2\\{73f29098-acba-11e1-b04f-bb72616340ba}\\Shell\\AutoRun\\command - \"\" = G:\\AutoRun.exe

O33 - MountPoints2\\{73f290a8-acba-11e1-b04f-bb72616340ba}\\Shell - \"\" = AutoRun

O33 - MountPoints2\\{73f290a8-acba-11e1-b04f-bb72616340ba}\\Shell\\AutoRun\\command - \"\" = G:\\AutoRun.exe

O33 - MountPoints2\\{73f290b2-acba-11e1-b04f-bb72616340ba}\\Shell - \"\" = AutoRun

O33 - MountPoints2\\{73f290b2-acba-11e1-b04f-bb72616340ba}\\Shell\\AutoRun\\command - \"\" = I:\\AutoRun.exe

O33 - MountPoints2\\{792b117a-79e6-11e2-8803-c0f8da9ce4fc}\\Shell - \"\" = AutoRun

O33 - MountPoints2\\{792b117a-79e6-11e2-8803-c0f8da9ce4fc}\\Shell\\AutoRun\\command - \"\" = G:\\AutoRun.exe

O33 - MountPoints2\\{7b2ec2e4-ccc5-11e0-a18e-001e101f50a4}\\Shell - \"\" = AutoRun

O33 - MountPoints2\\{7b2ec2e4-ccc5-11e0-a18e-001e101f50a4}\\Shell\\AutoRun\\command - \"\" = G:\\AutoRun.exe

O33 - MountPoints2\\{85dd8db7-99f3-11e2-9cf8-c0f8da9ce4fc}\\Shell - \"\" = AutoRun

O33 - MountPoints2\\{85dd8db7-99f3-11e2-9cf8-c0f8da9ce4fc}\\Shell\\AutoRun\\command - \"\" = G:\\Setup.exe /Auto

O33 - MountPoints2\\{86568119-c4b4-11e0-b905-001e101f24f1}\\Shell - \"\" = AutoRun

O33 - MountPoints2\\{86568119-c4b4-11e0-b905-001e101f24f1}\\Shell\\AutoRun\\command - \"\" = G:\\AutoRun.exe

O33 - MountPoints2\\{86568127-c4b4-11e0-b905-001e101f24f1}\\Shell - \"\" = AutoRun

O33 - MountPoints2\\{86568127-c4b4-11e0-b905-001e101f24f1}\\Shell\\AutoRun\\command - \"\" = G:\\AutoRun.exe

O33 - MountPoints2\\{b37abe37-0cab-11e1-8e39-f1be9be713a1}\\Shell - \"\" = AutoRun

O33 - MountPoints2\\{b37abe37-0cab-11e1-8e39-f1be9be713a1}\\Shell\\AutoRun\\command - \"\" = G:\\AutoRun.exe

O33 - MountPoints2\\{b37abe3e-0cab-11e1-8e39-f1be9be713a1}\\Shell - \"\" = AutoRun

O33 - MountPoints2\\{b37abe3e-0cab-11e1-8e39-f1be9be713a1}\\Shell\\AutoRun\\command - \"\" = G:\\AutoRun.exe

O33 - MountPoints2\\{b3999c83-9c5f-11e1-b456-e3fa1a8666c4}\\Shell - \"\" = AutoRun

O33 - MountPoints2\\{b3999c83-9c5f-11e1-b456-e3fa1a8666c4}\\Shell\\AutoRun\\command - \"\" = G:\\AutoRun.exe

O33 - MountPoints2\\{b78e385c-0a03-11e1-916b-95476b19059a}\\Shell - \"\" = AutoRun

O33 - MountPoints2\\{b78e385c-0a03-11e1-916b-95476b19059a}\\Shell\\AutoRun\\command - \"\" = G:\\AutoRun.exe

O33 - MountPoints2\\{b78e3869-0a03-11e1-916b-95476b19059a}\\Shell - \"\" = AutoRun

O33 - MountPoints2\\{b78e3869-0a03-11e1-916b-95476b19059a}\\Shell\\AutoRun\\command - \"\" = G:\\AutoRun.exe

O33 - MountPoints2\\{b78e3877-0a03-11e1-916b-95476b19059a}\\Shell - \"\" = AutoRun

O33 - MountPoints2\\{b78e3877-0a03-11e1-916b-95476b19059a}\\Shell\\AutoRun\\command - \"\" = G:\\AutoRun.exe

O33 - MountPoints2\\{c60b1d03-948a-11e1-b452-a9fb93de33a9}\\Shell - \"\" = AutoRun

O33 - MountPoints2\\{c60b1d03-948a-11e1-b452-a9fb93de33a9}\\Shell\\AutoRun\\command - \"\" = G:\\AutoRun.exe

O33 - MountPoints2\\{e453e644-42ec-11e1-ba57-dbe944af10d1}\\Shell - \"\" = AutoRun

O33 - MountPoints2\\{e453e644-42ec-11e1-ba57-dbe944af10d1}\\Shell\\AutoRun\\command - \"\" = G:\\AutoRun.exe

O33 - MountPoints2\\{e5e543a2-b458-11e0-8134-c0f8da9ce4fc}\\Shell - \"\" = AutoRun

O33 - MountPoints2\\{e5e543a2-b458-11e0-8134-c0f8da9ce4fc}\\Shell\\AutoRun\\command - \"\" = H:\\AutoRun.exe

O33 - MountPoints2\\{e5e543b7-b458-11e0-8134-c0f8da9ce4fc}\\Shell - \"\" = AutoRun

O33 - MountPoints2\\{e5e543b7-b458-11e0-8134-c0f8da9ce4fc}\\Shell\\AutoRun\\command - \"\" = G:\\AutoRun.exe

O33 - MountPoints2\\{e5e543d4-b458-11e0-8134-c0f8da9ce4fc}\\Shell - \"\" = AutoRun

O33 - MountPoints2\\{e5e543d4-b458-11e0-8134-c0f8da9ce4fc}\\Shell\\AutoRun\\command - \"\" = G:\\AutoRun.exe

O33 - MountPoints2\\{e98d437d-d555-11e0-8ea9-001e101f8ed0}\\Shell - \"\" = AutoRun

O33 - MountPoints2\\{e98d437d-d555-11e0-8ea9-001e101f8ed0}\\Shell\\AutoRun\\command - \"\" = G:\\AutoRun.exe

O33 - MountPoints2\\{e98d47ad-d555-11e0-8ea9-001e101f8ed0}\\Shell - \"\" = AutoRun

O33 - MountPoints2\\{e98d47ad-d555-11e0-8ea9-001e101f8ed0}\\Shell\\AutoRun\\command - \"\" = I:\\AutoRun.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\\..comfile [open] -- \"%1\" %*

O35:64bit: - HKLM\\..exefile [open] -- \"%1\" %*

O35 - HKLM\\..comfile [open] -- \"%1\" %*

O35 - HKLM\\..exefile [open] -- \"%1\" %*

O37:64bit: - HKLM\\...com [@ = comfile] -- \"%1\" %*

O37:64bit: - HKLM\\...exe [@ = exefile] -- \"%1\" %*

O37 - HKLM\\...com [@ = comfile] -- \"%1\" %*

O37 - HKLM\\...exe [@ = exefile] -- \"%1\" %*

O38 - SubSystems\\\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 90 Days ==========

[2013/07/24 19:03:10 | 000,000,000 | ---D | C] -- C:\\Program Files (x86)\\Trend Micro

[2013/07/24 19:03:10 | 000,000,000 | ---D | C] -- C:\\Users\\Faraz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\HiJackThis

[2013/07/24 18:58:10 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\\Users\\Faraz\\Desktop\\OTL.exe

[2013/07/21 00:18:49 | 000,000,000 | ---D | C] -- C:\\Pr

Title: System is popping up continously infected with Trojan Gamethief.Win32.
Post by: faraz on July 24, 2013, 10:01:55 AM

couldn\'t locate the extras.log of otl scan & it also didn\'t popped up

Title: System is popping up continously infected with Trojan Gamethief.Win32.
Post by: guestolo on July 24, 2013, 11:17:11 AM

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.

Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Delete.
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next answer.
You can find the logfile at C:\\AdwCleaner[S1].txt as well.

-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select \"Run as Administrator\".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system\'s specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

Reopen OTL.exe Select \'Use Safelist\' under Extra Registry then choose to Run a Scan, when done, post the log that opens>> OTL.txt and also Extras.txt

Title: System is popping up continously infected with Trojan Gamethief.Win32.
Post by: faraz on July 24, 2013, 08:24:30 PM

# AdwCleaner v2.306 - Logfile created 07/25/2013 at 04:36:30

# Updated 19/07/2013 by Xplode

# Operating system : Windows 7 Ultimate (64 bits)

# User : Faraz - SLAIN

# Boot Mode : Normal

# Running from : C:\\Users\\Faraz\\Desktop\\AdwCleaner.exe

# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

Deleted on reboot : C:\\Program Files (x86)\\Hotspot Shield

File Deleted : C:\\Program Files (x86)\\Mozilla Firefox\\searchplugins\\avg-secure-search.xml

File Deleted : C:\\Users\\Faraz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Storage\\chrome-extension_jbpcjmidkkgldeplajgnbpjkfpmpeepb_0.localstorage

File Deleted : C:\\Users\\Faraz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Storage\\chrome-extension_jbpcjmidkkgldeplajgnbpjkfpmpeepb_0.localstorage-journal

File Deleted : C:\\Users\\Faraz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\3ajw8v5r.default\\searchplugins\\Babylon.xml

File Deleted : C:\\Users\\Faraz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\3ajw8v5r.default\\searchplugins\\delta.xml

File Deleted : C:\\Users\\Faraz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\3ajw8v5r.default\\searchplugins\\WebSearch.xml

File Deleted : C:\\Windows\\SysWOW64\\conduitEngine.tmp

Folder Deleted : C:\\Program Files (x86)\\Hotspot_Shield

Folder Deleted : C:\\Program Files (x86)\\Mozilla Firefox\\Extensions\\[email protected]

Folder Deleted : C:\\ProgramData\\Hotspot Shield

Folder Deleted : C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Hotspot Shield

Folder Deleted : C:\\Users\\Faraz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\jbpcjmidkkgldeplajgnbpjkfpmpeepb

Folder Deleted : C:\\Users\\Faraz\\AppData\\LocalLow\\Conduit

Folder Deleted : C:\\Users\\Faraz\\AppData\\LocalLow\\ConduitEngine

Folder Deleted : C:\\Users\\Faraz\\AppData\\LocalLow\\delta

Folder Deleted : C:\\Users\\Faraz\\AppData\\LocalLow\\Hotspot_Shield

Folder Deleted : C:\\Users\\Faraz\\AppData\\LocalLow\\PriceGong

Folder Deleted : C:\\Users\\Faraz\\AppData\\LocalLow\\Toolbar4

Folder Deleted : C:\\Users\\Faraz\\AppData\\Roaming\\Babylon

Folder Deleted : C:\\Users\\Faraz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\3ajw8v5r.default\\extensions\\staged

Folder Deleted : C:\\Users\\Faraz\\AppData\\Roaming\\OpenCandy

Folder Deleted : C:\\Windows\\SysWOW64\\Hotspot Shield

***** [Registry] *****

Key Deleted : HKCU\\Software\\1ClickDownload

Key Deleted : HKCU\\Software\\AppDataLow\\Software\\conduitEngine

Key Deleted : HKCU\\Software\\AppDataLow\\Software\\ConduitSearchScopes

Key Deleted : HKCU\\Software\\AppDataLow\\Software\\Crossrider

Key Deleted : HKCU\\Software\\AppDataLow\\Software\\Hotspot_Shield

Key Deleted : HKCU\\Software\\AppDataLow\\Software\\PriceGong

Key Deleted : HKCU\\Software\\AppDataLow\\SProtector

Key Deleted : HKCU\\Software\\AppDataLow\\Toolbar

Key Deleted : HKCU\\Software\\BI

Key Deleted : HKCU\\Software\\Conduit

Key Deleted : HKCU\\Software\\Headlight

Key Deleted : HKCU\\Software\\IGearSettings

Key Deleted : HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{7F6AFBF1-E065-4627-A2FD-810366367D01}

Key Deleted : HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Settings\\{1BB22D38-A411-4B13-A746-C2A4F4EC7344}

Key Deleted : HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Settings\\{30F9B915-B755-4826-820B-08FBA6BD249D}

Key Deleted : HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Settings\\{7F6AFBF1-E065-4627-A2FD-810366367D01}

Key Deleted : HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Settings\\{A42F6A7C-B5FA-4565-AC08-ECB439C4342D}

Key Deleted : HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Settings\\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Settings\\{C95A4E8E-816D-4655-8C79-D736DA1ADB6D}

Key Deleted : HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Settings\\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}

Key Deleted : HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Settings\\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}

Key Deleted : HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\{07FCE05F-98B6-4017-8DCE-DCC5823B7678}

Key Deleted : HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\{1BB22D38-A411-4B13-A746-C2A4F4EC7344}

Key Deleted : HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\{30F9B915-B755-4826-820B-08FBA6BD249D}

Key Deleted : HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\{7F6AFBF1-E065-4627-A2FD-810366367D01}

Key Deleted : HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}

Key Deleted : HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\{C522512A-9C2C-4DE5-9F63-976B560FEF14}

Key Deleted : HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\{C95A4E8E-816D-4655-8C79-D736DA1ADB6D}

Key Deleted : HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}

Key Deleted : HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}

Key Deleted : HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{79A765E1-C399-405B-85AF-466F52E918B0}

Key Deleted : HKCU\\Software\\Optimizer Pro

Key Deleted : HKCU\\Software\\Softonic

Key Deleted : HKCU\\Software\\Microsoft\\Internet Explorer\\SearchScopes\\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Key Deleted : HKCU\\Software\\Microsoft\\Internet Explorer\\SearchScopes\\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKCU\\Software\\Microsoft\\Internet Explorer\\SearchScopes\\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Key Deleted : HKCU\\Software\\Microsoft\\Internet Explorer\\SearchScopes\\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}

Key Deleted : HKCU\\Software\\Microsoft\\Internet Explorer\\SearchScopes\\{C99FDC39-A1AE-4B24-8D71-E5274F8D7C54}

Key Deleted : HKCU\\Software\\Microsoft\\Internet Explorer\\SearchScopes\\{D3F22A84-2A84-49EB-91E6-5DADAAF0165D}

Key Deleted : HKLM\\Software\\Babylon

Key Deleted : HKLM\\SOFTWARE\\Classes\\AppID\\{4CE516A7-F7AC-4628-B411-8F886DC5733E}

Key Deleted : HKLM\\SOFTWARE\\Classes\\AppID\\{628F3201-34D0-49C0-BB9A-82A26AEFB291}

Key Deleted : HKLM\\SOFTWARE\\Classes\\AppID\\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}

Key Deleted : HKLM\\SOFTWARE\\Classes\\AppID\\DefaultTabBHO.DLL

Key Deleted : HKLM\\SOFTWARE\\Classes\\AppID\\TbCommonUtils.DLL

Key Deleted : HKLM\\SOFTWARE\\Classes\\AppID\\TbHelper.EXE

Key Deleted : HKLM\\SOFTWARE\\Classes\\bhoclass.bho.bhoclass.bho

Key Deleted : HKLM\\SOFTWARE\\Classes\\bhoclass.bho.bhoclass.bho.1.0

Key Deleted : HKLM\\SOFTWARE\\Classes\\ComObject.DeskbarEnabler

Key Deleted : HKLM\\SOFTWARE\\Classes\\ComObject.DeskbarEnabler.1

Key Deleted : HKLM\\SOFTWARE\\Classes\\Conduit.Engine

Key Deleted : HKLM\\SOFTWARE\\Classes\\DefaultTabBHO.DefaultTabBrowser

Key Deleted : HKLM\\SOFTWARE\\Classes\\DefaultTabBHO.DefaultTabBrowser.1

Key Deleted : HKLM\\SOFTWARE\\Classes\\DefaultTabBHO.DefaultTabBrowserActiveX

Key Deleted : HKLM\\SOFTWARE\\Classes\\DefaultTabBHO.DefaultTabBrowserActiveX.1

Key Deleted : HKLM\\SOFTWARE\\Classes\\Prod.cap

Key Deleted : HKLM\\SOFTWARE\\Classes\\TbCommonUtils.CommonUtils

Key Deleted : HKLM\\SOFTWARE\\Classes\\TbCommonUtils.CommonUtils.1

Key Deleted : HKLM\\SOFTWARE\\Classes\\TbHelper.TbDownloadManager

Key Deleted : HKLM\\SOFTWARE\\Classes\\TbHelper.TbDownloadManager.1

Key Deleted : HKLM\\SOFTWARE\\Classes\\TbHelper.TbPropertyManager

Key Deleted : HKLM\\SOFTWARE\\Classes\\TbHelper.TbPropertyManager.1

Key Deleted : HKLM\\SOFTWARE\\Classes\\TbHelper.TbRequest

Key Deleted : HKLM\\SOFTWARE\\Classes\\TbHelper.TbRequest.1

Key Deleted : HKLM\\SOFTWARE\\Classes\\TbHelper.TbTask

Key Deleted : HKLM\\SOFTWARE\\Classes\\TbHelper.TbTask.1

Key Deleted : HKLM\\SOFTWARE\\Classes\\TbHelper.ToolbarHelper

Key Deleted : HKLM\\SOFTWARE\\Classes\\TbHelper.ToolbarHelper.1

Key Deleted : HKLM\\SOFTWARE\\Classes\\TBSB00001.IEToolbar

Key Deleted : HKLM\\SOFTWARE\\Classes\\TBSB00001.IEToolbar.1

Key Deleted : HKLM\\SOFTWARE\\Classes\\TBSB00001.TBSB00001

Key Deleted : HKLM\\SOFTWARE\\Classes\\TBSB00001.TBSB00001.3

Key Deleted : HKLM\\SOFTWARE\\Classes\\Toolbar.CT1561552

Key Deleted : HKLM\\SOFTWARE\\Classes\\Toolbar.CT2786678

Key Deleted : HKLM\\SOFTWARE\\Classes\\Toolbar.CT3031607

Key Deleted : HKLM\\SOFTWARE\\Classes\\Toolbar.CT3080215

Key Deleted : HKLM\\SOFTWARE\\Classes\\Toolbar3.ContextMenuNotifier

Key Deleted : HKLM\\SOFTWARE\\Classes\\Toolbar3.ContextMenuNotifier.1

Key Deleted : HKLM\\SOFTWARE\\Classes\\Toolbar3.CustomInternetSecurityImpl

Key Deleted : HKLM\\SOFTWARE\\Classes\\Toolbar3.CustomInternetSecurityImpl.1

Key Deleted : HKLM\\SOFTWARE\\Classes\\Toolbar3.SearchProviderManager

Key Deleted : HKLM\\SOFTWARE\\Classes\\Toolbar3.SearchProviderManager.1

Key Deleted : HKLM\\SOFTWARE\\Classes\\Toolbar3.XBTBPos00

Key Deleted : HKLM\\SOFTWARE\\Classes\\Toolbar3.XBTBPos00.1

Key Deleted : HKLM\\SOFTWARE\\Classes\\TypeLib\\{4509D3CC-B642-4745-B030-645B79522C6D}

Key Deleted : HKLM\\SOFTWARE\\Classes\\TypeLib\\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Key Deleted : HKLM\\SOFTWARE\\Classes\\TypeLib\\{B87F8B63-7274-43FD-87FA-09D3B7496148}

Key Deleted : HKLM\\SOFTWARE\\Classes\\TypeLib\\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}

Key Deleted : HKLM\\SOFTWARE\\Classes\\TypeLib\\{E2343056-CC08-46AC-B898-BFC7ACF4E755}

Key Deleted : HKLM\\SOFTWARE\\Classes\\TypeLib\\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}

Key Deleted : HKLM\\SOFTWARE\\Classes\\URLSearchHook.ToolbarURLSearchHook

Key Deleted : HKLM\\SOFTWARE\\Classes\\URLSearchHook.ToolbarURLSearchHook.1

Key Deleted : HKLM\\Software\\Conduit

Key Deleted : HKLM\\Software\\conduitEngine

Key Deleted : HKLM\\Software\\Hotspot_Shield

Key Deleted : HKLM\\SOFTWARE\\Microsoft\\Internet Explorer\\Extensions\\{1BB22D38-A411-4B13-A746-C2A4F4EC7344}

Key Deleted : HKLM\\SOFTWARE\\Microsoft\\Internet Explorer\\Extensions\\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}

Key Deleted : HKLM\\SOFTWARE\\Microsoft\\Tracing\\MyBabylontb_RASAPI32

Key Deleted : HKLM\\SOFTWARE\\Microsoft\\Tracing\\MyBabylontb_RASMANCS

Key Deleted : HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Ext\\PreApproved\\{07FCE05F-98B6-4017-8DCE-DCC5823B7678}

Key Deleted : HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Ext\\PreApproved\\{7F6AFBF1-E065-4627-A2FD-810366367D01}

Key Deleted : HKLM\\Software\\SP Global

Key Deleted : HKLM\\Software\\SProtector

Key Deleted : HKLM\\SOFTWARE\\Wow6432Node\\Classes\\CLSID\\{07FCE05F-98B6-4017-8DCE-DCC5823B7678}

Key Deleted : HKLM\\SOFTWARE\\Wow6432Node\\Classes\\CLSID\\{1BB22D38-A411-4B13-A746-C2A4F4EC7344}

Key Deleted : HKLM\\SOFTWARE\\Wow6432Node\\Classes\\CLSID\\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}

Key Deleted : HKLM\\SOFTWARE\\Wow6432Node\\Classes\\CLSID\\{30F9B915-B755-4826-820B-08FBA6BD249D}

Key Deleted : HKLM\\SOFTWARE\\Wow6432Node\\Classes\\CLSID\\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}

Key Deleted : HKLM\\SOFTWARE\\Wow6432Node\\Classes\\CLSID\\{57CADC46-58FF-4105-B733-5A9F3FC9783C}

Key Deleted : HKLM\\SOFTWARE\\Wow6432Node\\Classes\\CLSID\\{7F6AFBF1-E065-4627-A2FD-810366367D01}

Key Deleted : HKLM\\SOFTWARE\\Wow6432Node\\Classes\\CLSID\\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}

Key Deleted : HKLM\\SOFTWARE\\Wow6432Node\\Classes\\CLSID\\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}

Key Deleted : HKLM\\SOFTWARE\\Wow6432Node\\Classes\\CLSID\\{A42F6A7C-B5FA-4565-AC08-ECB439C4342D}

Key Deleted : HKLM\\SOFTWARE\\Wow6432Node\\Classes\\CLSID\\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}

Key Deleted : HKLM\\SOFTWARE\\Wow6432Node\\Classes\\CLSID\\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}

Key Deleted : HKLM\\SOFTWARE\\Wow6432Node\\Classes\\CLSID\\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKLM\\SOFTWARE\\Wow6432Node\\Classes\\CLSID\\{C339D489-FABC-41DD-B39D-276101667C70}

Key Deleted : HKLM\\SOFTWARE\\Wow6432Node\\Classes\\CLSID\\{C95A4E8E-816D-4655-8C79-D736DA1ADB6D}

Key Deleted : HKLM\\SOFTWARE\\Wow6432Node\\Classes\\CLSID\\{CA3EB689-8F09-4026-AA10-B9534C691CE0}

Key Deleted : HKLM\\SOFTWARE\\Wow6432Node\\Classes\\CLSID\\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}

Key Deleted : HKLM\\SOFTWARE\\Wow6432Node\\Classes\\CLSID\\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}

Key Deleted : HKLM\\SOFTWARE\\Wow6432Node\\Classes\\CLSID\\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}

Key Deleted : HKLM\\SOFTWARE\\Wow6432Node\\Classes\\CLSID\\{D89031C2-10DA-4C90-9A62-FCED012BC46B}

Key Deleted : HKLM\\SOFTWARE\\Wow6432Node\\Classes\\CLSID\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Deleted : HKLM\\SOFTWARE\\Wow6432Node\\Classes\\CLSID\\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}

Key Deleted : HKLM\\SOFTWARE\\Wow6432Node\\Classes\\CLSID\\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}

Key Deleted : HKLM\\SOFTWARE\\Wow6432Node\\Classes\\Interface\\{01221FCC-4BFB-461C-B08C-F6D2DF309921}

Key Deleted : HKLM\\SOFTWARE\\Wow6432Node\\Classes\\Interface\\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : HKLM\\SOFTWARE\\Wow6432Node\\Classes\\Interface\\{0FA32667-9A8A-4E9C-902F-CA3323180003}

Key Deleted : HKLM\\SOFTWARE\\Wow6432Node\\Classes\\Interface\\{2A42D13C-D427-4787-821B-CF6973855778}

Key Deleted : HKLM\\SOFTWARE\\Wow6432Node\\Classes\\Interface\\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}

Key Deleted : HKLM\\SOFTWARE\\Wow6432Node\\Classes\\Interface\\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}

Key Deleted : HKLM\\SOFTWARE\\Wow6432Node\\Classes\\Interface\\{452AE416-9A97-44CA-93DA-D0F15C36254F}

Key Deleted : HKLM\\SOFTWARE\\Wow6432Node\\Classes\\Interface\\{45CDA4F7-594C-49A0-AAD1-8224517FE979}

Key Deleted : HKLM\\SOFTWARE\\Wow6432Node\\Classes\\Interface\\{4897BBA6-48D9-468C-8EFA-846275D7701B}

Key Deleted : HKLM\\SOFTWARE\\Wow6432Node\\Classes\\Interface\\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}

Key Deleted : HKLM\\SOFTWARE\\Wow6432Node\\Classes\\Interface\\{6B458F62-592F-4B25-8967-E6A350A59328}

Key Deleted : HKLM\\SOFTWARE\\Wow6432Node\\Classes\\Interface\\{81E852CC-1FD5-4004-8761-79A48B975E29}

Key Deleted : HKLM\\SOFTWARE\\Wow6432Node\\Classes\\Interface\\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}

Key Deleted : HKLM\\SOFTWARE\\Wow6432Node\\Classes\\Interface\\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : HKLM\\SOFTWARE\\Wow6432Node\\Classes\\Interface\\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}

Key Deleted : HKLM\\SOFTWARE\\Wow6432Node\\Classes\\Interface\\{B9F43021-60D4-42A6-A065-9BA37F38AC47}

Key Deleted : HKLM\\SOFTWARE\\Wow6432Node\\Classes\\Interface\\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}

Key Deleted : HKLM\\SOFTWARE\\Wow6432Node\\Classes\\Interface\\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}

Key Deleted : HKLM\\SOFTWARE\\Wow6432Node\\Classes\\Interface\\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}

Key Deleted : HKLM\\SOFTWARE\\Wow6432Node\\Classes\\Interface\\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}

Key Deleted : HKLM\\SOFTWARE\\Wow6432Node\\Classes\\Interface\\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}

Key Deleted : HKLM\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\Low Rights\\ElevationPolicy\\{1ADA9BAD-CD7C-46EE-8DED-2DC3A6D8949D}

Key Deleted : HKLM\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\Low Rights\\ElevationPolicy\\{219168C6-531A-4FD7-87DD-ABB6C223EE27}

Key Deleted : HKLM\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\Low Rights\\ElevationPolicy\\{45188CF8-B603-48DF-A71A-F55D3C918753}

Key Deleted : HKLM\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\Low Rights\\ElevationPolicy\\{628F3201-34D0-49C0-BB9A-82A26AEFB291}

Key Deleted : HKLM\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\SearchScopes\\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Key Deleted : HKLM\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\SearchScopes\\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}

Key Deleted : HKLM\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\SearchScopes\\{D3F22A84-2A84-49EB-91E6-5DADAAF0165D}

Key Deleted : HKLM\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{30F9B915-B755-4826-820B-08FBA6BD249D}

Key Deleted : HKLM\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{7F6AFBF1-E065-4627-A2FD-810366367D01}

Key Deleted : HKLM\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKLM\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{C95A4E8E-816D-4655-8C79-D736DA1ADB6D}

Key Deleted : HKLM\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}

Key Deleted : HKLM\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}

Key Deleted : HKLM\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{2EF17083-57D4-4D64-AE4F-55F32A2C4571}

Key Deleted : HKLM\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Conduit Engine

Key Deleted : HKLM\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Hotspot_Shield Toolbar

Key Deleted : HKLM\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Optimizer Pro_is1

Key Deleted : HKLM\\SOFTWARE\\Classes\\CLSID\\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}

Key Deleted : HKLM\\SOFTWARE\\Classes\\Interface\\{01221FCC-4BFB-461C-B08C-F6D2DF309921}

Key Deleted : HKLM\\SOFTWARE\\Classes\\Interface\\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : HKLM\\SOFTWARE\\Classes\\Interface\\{0FA32667-9A8A-4E9C-902F-CA3323180003}

Key Deleted : HKLM\\SOFTWARE\\Classes\\Interface\\{2263BE11-ACB7-49D9-8313-6B1D5CC42FAA}

Key Deleted : HKLM\\SOFTWARE\\Classes\\Interface\\{23119123-0854-469D-807A-171568457991}

Key Deleted : HKLM\\SOFTWARE\\Classes\\Interface\\{2A42D13C-D427-4787-821B-CF6973855778}

Key Deleted : HKLM\\SOFTWARE\\Classes\\Interface\\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}

Key Deleted : HKLM\\SOFTWARE\\Classes\\Interface\\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}

Key Deleted : HKLM\\SOFTWARE\\Classes\\Interface\\{452AE416-9A97-44CA-93DA-D0F15C36254F}

Key Deleted : HKLM\\SOFTWARE\\Classes\\Interface\\{45CDA4F7-594C-49A0-AAD1-8224517FE979}

Key Deleted : HKLM\\SOFTWARE\\Classes\\Interface\\{4897BBA6-48D9-468C-8EFA-846275D7701B}

Key Deleted : HKLM\\SOFTWARE\\Classes\\Interface\\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}

Key Deleted : HKLM\\SOFTWARE\\Classes\\Interface\\{6B458F62-592F-4B25-8967-E6A350A59328}

Key Deleted : HKLM\\SOFTWARE\\Classes\\Interface\\{81E852CC-1FD5-4004-8761-79A48B975E29}

Key Deleted : HKLM\\SOFTWARE\\Classes\\Interface\\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}

Key Deleted : HKLM\\SOFTWARE\\Classes\\Interface\\{97FC5555-8BDC-40EA-8DE2-B1E46B9EA629}

Key Deleted : HKLM\\SOFTWARE\\Classes\\Interface\\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : HKLM\\SOFTWARE\\Classes\\Interface\\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}

Key Deleted : HKLM\\SOFTWARE\\Classes\\Interface\\{B9F43021-60D4-42A6-A065-9BA37F38AC47}

Key Deleted : HKLM\\SOFTWARE\\Classes\\Interface\\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}

Key Deleted : HKLM\\SOFTWARE\\Classes\\Interface\\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}

Key Deleted : HKLM\\SOFTWARE\\Classes\\Interface\\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}

Key Deleted : HKLM\\SOFTWARE\\Classes\\Interface\\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}

Key Deleted : HKLM\\SOFTWARE\\Classes\\Interface\\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}

Key Deleted : HKLM\\SOFTWARE\\Classes\\Interface\\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}

Key Deleted : HKLM\\SOFTWARE\\Microsoft\\Shared Tools\\MSConfig\\startupreg\\ApnUpdater

Key Deleted : HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}

Key Deleted : HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Optimizer Pro_is1

Value Deleted : HKCU\\Software\\Microsoft\\Internet Explorer\\Toolbar\\WebBrowser [{1BB22D38-A411-4B13-A746-C2A4F4EC7344}]

Value Deleted : HKCU\\Software\\Microsoft\\Internet Explorer\\Toolbar\\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}]

Value Deleted : HKCU\\Software\\Microsoft\\Internet Explorer\\Toolbar\\WebBrowser [{C95A4E8E-816D-4655-8C79-D736DA1ADB6D}]

Value Deleted : HKCU\\Software\\Microsoft\\Internet Explorer\\URLSearchHooks [{C95A4E8E-816D-4655-8C79-D736DA1ADB6D}]

Value Deleted : HKCU\\Software\\Microsoft\\Internet Explorer\\URLSearchHooks [{CA3EB689-8F09-4026-AA10-B9534C691CE0}]

Value Deleted : HKLM\\SOFTWARE\\Microsoft\\Internet Explorer\\URLSearchHooks [{C95A4E8E-816D-4655-8C79-D736DA1ADB6D}]

Value Deleted : HKLM\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\Toolbar [{1BB22D38-A411-4B13-A746-C2A4F4EC7344}]

Value Deleted : HKLM\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]

Value Deleted : HKLM\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\Toolbar [{C95A4E8E-816D-4655-8C79-D736DA1ADB6D}]

***** [Internet Browsers] *****

-\\\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\\\ Mozilla Firefox v11.0 (en-US)

File : C:\\Users\\Faraz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\3ajw8v5r.default\\prefs.js

C:\\Users\\Faraz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\3ajw8v5r.default\\user.js ... Deleted !

Deleted : user_pref(\"extensions.delta.admin\", false);

Deleted : user_pref(\"extensions.delta.aflt\", \"babsst\");

Deleted : user_pref(\"extensions.delta.appId\", \"{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}\");

Deleted : user_pref(\"extensions.delta.autoRvrt\", \"false\");

Deleted : user_pref(\"extensions.delta.dfltLng\", \"en\");

Deleted : user_pref(\"extensions.delta.excTlbr\", false);

Deleted : user_pref(\"extensions.delta.ffxUnstlRst\", true);

Deleted : user_pref(\"extensions.delta.id\", \"64a3dba0000000000000000000000000\");

Deleted : user_pref(\"extensions.delta.instlDay\", \"15836\");

Deleted : user_pref(\"extensions.delta.instlRef\", \"sst\");

Deleted : user_pref(\"extensions.delta.newTab\", false);

Deleted : user_pref(\"extensions.delta.prdct\", \"delta\");

Deleted : user_pref(\"extensions.delta.prtnrId\", \"delta\");

Deleted : user_pref(\"extensions.delta.rvrt\", \"false\");

Deleted : user_pref(\"extensions.delta.smplGrp\", \"none\");

Deleted : user_pref(\"extensions.delta.tlbrId\", \"base\");

Deleted : user_pref(\"extensions.delta.tlbrSrchUrl\", \"\");

Deleted : user_pref(\"extensions.delta.vrsn\", \"1.8.16.16\");

Deleted : user_pref(\"extensions.delta.vrsnTs\", \"1.8.16.163:02:05\");

Deleted : user_pref(\"extensions.delta.vrsni\", \"1.8.16.16\");

Deleted : user_pref(\"browser.search.order.1\", \"WebSearch\");

Deleted : user_pref(\"browser.search.order.1,S\", \"WebSearch\");

Deleted : user_pref(\"browser.search.defaultenginename,S\", \"WebSearch\");

Deleted : user_pref(\"browser.search.selectedEngine,S\", \"WebSearch\");

-\\\\ Google Chrome v28.0.1500.72

File : C:\\Users\\Faraz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Preferences

-\\\\ Opera v11.50.1074.0

File : C:\\Users\\Faraz\\AppData\\Roaming\\Opera\\Opera\\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [22687 octets] - [25/07/2013 04:36:30]

########## EOF - C:\\AdwCleaner[S1].txt - [22748 octets] ##########

Title: System is popping up continously infected with Trojan Gamethief.Win32.
Post by: faraz on July 24, 2013, 08:26:03 PM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 5.2.2 (07.22.2013:2)

OS: Windows 7 Ultimate x64

Ran by Faraz on 25/Jul/13 at 4:49:55.16

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

Successfully stopped: [Service] hshld

Successfully deleted: [Service] hshld

Successfully stopped: [Service] hsstrayservice

Successfully deleted: [Service] hsstrayservice

Successfully stopped: [Service] hsswd

Successfully deleted: [Service] hsswd

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\\Software\\anchorfree

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\\Software\\hotspotshield

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\\Software\\hotspotshield

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\\Software\\Microsoft\\tracing\\apnstub_rasapi32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\\Software\\Microsoft\\tracing\\apnstub_rasmancs

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\\Software\\Microsoft\\tracing\\askpartnercobrandingtool_rasapi32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\\Software\\Microsoft\\tracing\\askpartnercobrandingtool_rasmancs

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\SearchScopes\\{7902DE1C-DFB2-426C-A5A1-F87FD90FBEEB}

~~~ Files

~~~ Folders

Successfully deleted: [Folder] \"C:\\ProgramData\\codecc\"

Successfully deleted: [Folder] \"C:\\Users\\Faraz\\appdata\\locallow\\codecc\"

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 25/Jul/13 at 5:42:55.18

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Title: System is popping up continously infected with Trojan Gamethief.Win32.
Post by: faraz on July 24, 2013, 08:27:14 PM

OTL logfile created on: 25/Jul/13 5:45:48 AM - Run 3

OTL by OldTimer - Version 3.2.69.0 Folder = C:\\Users\\Faraz\\Desktop

64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd/MMM/yy

3.91 Gb Total Physical Memory | 2.66 Gb Available Physical Memory | 67.97% Memory free

7.82 Gb Paging File | 6.41 Gb Available in Paging File | 81.99% Paging File free

Paging file location(s): ?:\\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\\Windows | %ProgramFiles% = C:\\Program Files (x86)

Drive C: | 48.73 Gb Total Space | 5.85 Gb Free Space | 12.01% Space Free | Partition Type: NTFS