Author Topic: System is popping up continously infected with Trojan Gamethief.Win32. (Read 7268 times)

faraz · « **on:** July 24, 2013, 09:38:29 AM »

My system got infected with viruses

& hijack no producing the log got the error see the attachment

and i have doubts some one had put his script in my system as he his hacking my system & email ids

******************************************************************************************************************************************************************

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 7:33:56 PM, on 24/Jul/13

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal

Running processes:

C:\\Program Files (x86)\\uTorrent\\uTorrent.exe

C:\\Program Files (x86)\\Kaspersky Lab\\Kaspersky Anti-Virus 2013\\avp.exe

C:\\Program Files (x86)\\Nitro\\Pro 8\\NitroPdfThumbnailHelper.exe

C:\\Program Files (x86)\\Comodo\\Dragon\\dragon.exe

C:\\Program Files (x86)\\Kaspersky Lab\\Kaspersky Anti-Virus 2013\\klwtblfs.exe

C:\\Program Files (x86)\\Comodo\\Dragon\\dragon.exe

C:\\Program Files (x86)\\Trend Micro\\HiJackThis\\HiJackThis.exe

R1 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896\'>http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = about:blank

R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157\'>http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896\'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896\'>http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = about:blank

R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Search,SearchAssistant =

R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Search,CustomizeSearch =

R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Local Page = C:\\Windows\\SysWOW64\\blank.htm

R1 - HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings,ProxyOverride = local

R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Toolbar,LinksFolderName =

R3 - URLSearchHook: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)

R3 - URLSearchHook: (no name) - {08d6b0b4-c132-470d-a8e2-aa2e9c3851c9} - (no file)

R3 - URLSearchHook: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\\Program Files (x86)\\Hotspot_Shield\\prxtbHot2.dll

R3 - URLSearchHook: (no name) - {c34bfb11-eff0-4123-a7a5-79051ef24cf5} - (no file)

R3 - URLSearchHook: ToolbarURLSearchHook Class - {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\\Program Files (x86)\\ChatSend Toolbar\\tbunsgE75D.tmp\\tbhelper.dll (file missing)

F2 - REG:system.ini: UserInit=userinit.exe,

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\\Users\\Faraz\\AppData\\Local\\Temp\\IDMIECC.dll (file missing)

O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\\Program Files (x86)\\ConduitEngine\\prxConduitEngin.dll (file missing)

O2 - BHO: ContentBlockerBrowserHelperObject - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\\Program Files (x86)\\Kaspersky Lab\\Kaspersky Anti-Virus 2013\\IEExt\\ContentBlocker\\ie_content_blocker_plugin.dll

O2 - BHO: VirtualKeyboardBrowserHelperObject - {73455575-E40C-433C-9784-C78DC7761455} - C:\\Program Files (x86)\\Kaspersky Lab\\Kaspersky Anti-Virus 2013\\IEExt\\VirtualKeyboard\\ie_virtual_keyboard_plugin.dll

O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\\Program Files (x86)\\Java\\jre7\\bin\\ssv.dll

O2 - BHO: HelloWorldBHO - {7825CFB6-490A-436B-9F26-4A7B5CFC01A9} - C:\\Program Files (x86)\\OApps\\SelectionLinks.dll (file missing)

O2 - BHO: DefaultTabBHO - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\\Users\\Faraz\\AppData\\Roaming\\DefaultTab\\DefaultTab\\DefaultTabBHO.dll (file missing)

O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\\Program Files (x86)\\Dell Wireless\\Bluetooth Suite\\IEPlugIn.dll

O2 - BHO: ssafEE- saVae - {98ED5451-2AA6-96DB-7012-46C7C9673C57} - C:\\ProgramData\\ssafEE- saVae\\51d19df9cfdfa.dll (file missing)

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\\Program Files (x86)\\Skype\\Toolbars\\Internet Explorer\\skypeieplugin.dll (file missing)

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\\PROGRA~2\\MICROS~3\\Office14\\URLREDIR.DLL

O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\\PROGRA~2\\TEXTware\\QUICKF~1\\PlugIns\\IEHelp.dll (file missing)

O2 - BHO: Hotspot Shield - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\\Program Files (x86)\\Hotspot_Shield\\prxtbHot2.dll

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2ssv.dll

O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\\Program Files (x86)\\Kaspersky Lab\\Kaspersky Anti-Virus 2013\\IEExt\\UrlAdvisor\\klwtbbho.dll

O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\\Program Files (x86)\\Hotspot Shield\\HssIE\\HssIE.dll

O2 - BHO: XBTBPos00 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\\Program Files (x86)\\ChatSend Toolbar\\tbunsgE75D.tmp\\tbcore3.dll (file missing)

O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\\Program Files (x86)\\ConduitEngine\\prxConduitEngin.dll (file missing)

O3 - Toolbar: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\\Program Files (x86)\\Hotspot_Shield\\prxtbHot2.dll

O3 - Toolbar: ChatSend Toolbar - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\\Program Files (x86)\\ChatSend Toolbar\\tbunsgE75D.tmp\\tbcore3.dll (file missing)

O4 - HKLM\\..\\Run: [AVP] \"C:\\Program Files (x86)\\Kaspersky Lab\\Kaspersky Anti-Virus 2013\\avp.exe\"

O4 - HKCU\\..\\Run: [uTorrent] \"C:\\Program Files (x86)\\uTorrent\\uTorrent.exe\" /MINIMIZED

O4 - HKCU\\..\\Run: [IDMan] C:\\Program Files (x86)\\Internet Download Manager\\IDMan.exe /onboot

O4 - HKCU\\..\\Run: [Sidebar] C:\\Program Files\\Windows Sidebar\\sidebar.exe /autoRun

O4 - HKUS\\S-1-5-19\\..\\Run: [Sidebar] %ProgramFiles%\\Windows Sidebar\\Sidebar.exe /autoRun (User \'LOCAL SERVICE\')

O4 - HKUS\\S-1-5-19\\..\\RunOnce: [mctadmin] C:\\Windows\\System32\\mctadmin.exe (User \'LOCAL SERVICE\')

O4 - HKUS\\S-1-5-20\\..\\Run: [Sidebar] %ProgramFiles%\\Windows Sidebar\\Sidebar.exe /autoRun (User \'NETWORK SERVICE\')

O4 - HKUS\\S-1-5-20\\..\\RunOnce: [mctadmin] C:\\Windows\\System32\\mctadmin.exe (User \'NETWORK SERVICE\')

O4 - HKUS\\S-1-5-18\\..\\Run: [Mobile Partner] C:\\Program Files (x86)\\VIVA WiFi\\VIVA WiFi (User \'SYSTEM\')

O4 - HKUS\\.DEFAULT\\..\\Run: [Mobile Partner] C:\\Program Files (x86)\\VIVA WiFi\\VIVA WiFi (User \'Default user\')

O8 - Extra context menu item: Download all links with IDM - C:\\Users\\Faraz\\AppData\\Local\\Temp\\Rar$EX37.136\\Internet Download Manager v6.05.10\\crack\\IEGetAll.htm

O8 - Extra context menu item: Download with IDM - C:\\Users\\Faraz\\AppData\\Local\\Temp\\Rar$EX37.136\\Internet Download Manager v6.05.10\\crack\\IEExt.htm

O8 - Extra context menu item: QuickDefine - C:\\Program Files (x86)\\Common Files\\Microsoft Shared\\Reference Titles\\eddefine.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll

O9 - Extra \'Tools\' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll

O9 - Extra button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\\Program Files (x86)\\Kaspersky Lab\\Kaspersky Anti-Virus 2013\\IEExt\\VirtualKeyboard\\ie_virtual_keyboard_plugin.dll

O9 - Extra button: ChatSend Toolbar - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\\Program Files (x86)\\ChatSend Toolbar\\tbunsgE75D.tmp\\tbcore3.dll (file missing)

O9 - Extra \'Tools\' menuitem: ChatSend Toolbar - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\\Program Files (x86)\\ChatSend Toolbar\\tbunsgE75D.tmp\\tbcore3.dll (file missing)

O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\\Program Files (x86)\\Dell Wireless\\Bluetooth Suite\\IEPlugIn.dll

O9 - Extra \'Tools\' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\\Program Files (x86)\\Dell Wireless\\Bluetooth Suite\\IEPlugIn.dll

O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\\Program Files (x86)\\Skype\\Toolbars\\Internet Explorer\\skypeieplugin.dll (file missing)

O9 - Extra \'Tools\' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\\Program Files (x86)\\Skype\\Toolbars\\Internet Explorer\\skypeieplugin.dll (file missing)

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\\PROGRA~2\\MICROS~3\\Office12\\REFIEBAR.DLL

O9 - Extra button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\\Program Files (x86)\\Kaspersky Lab\\Kaspersky Anti-Virus 2013\\IEExt\\UrlAdvisor\\klwtbbho.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab\'>http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O17 - HKLM\\System\\CCS\\Services\\Tcpip\\..\\{50E85FEB-E007-45E8-A588-742A30D19941}: NameServer = 46.184.252.171 46.184.252.82

O17 - HKLM\\System\\CCS\\Services\\Tcpip\\..\\{B4E1DD84-082B-4E48-95F7-B9F21F406F24}: NameServer = 8.8.8.8

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\\Program Files (x86)\\Skype\\Toolbars\\Internet Explorer\\skypeieplugin.dll (file missing)

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\\PROGRA~2\\COMMON~1\\Skype\\SKYPE4~1.DLL

O20 - AppInit_DLLs: c:\\windows\\syswow64\\nvinit.dll C:\\Windows\\SysWOW64\\guard32.dll

O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\\Program Files (x86)\\Kaspersky Lab\\Kaspersky Anti-Virus 2013\\avp.exe

O23 - Service: @%systemroot%\\system32\\CISVC.EXE,-1 (CISVC) - Unknown owner - C:\\Windows\\system32\\CISVC.EXE (file missing)

O23 - Service: COMODO livePCsupport Service (CLPSLS) - COMODO - C:\\Program Files\\COMODO\\COMODO GeekBuddy\\CLPSLS.exe

O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\\Program Files\\COMODO\\COMODO Internet Security\\cmdagent.exe

O23 - Service: @%SystemRoot%\\system32\\efssvc.dll,-100 (EFS) - Unknown owner - C:\\Windows\\System32\\lsass.exe (file missing)

O23 - Service: @%systemroot%\\system32\\fxsresm.dll,-118 (Fax) - Unknown owner - C:\\Windows\\system32\\fxssvc.exe (file missing)

O23 - Service: Hotspot Shield Service (hshld) - Unknown owner - C:\\Program Files (x86)\\Hotspot Shield\\bin\\cmw_srv.exe (file missing)

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\\Windows\\system32\\lsass.exe (file missing)

O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\\Program Files (x86)\\Intel\\Intel(R) Management Engine Components\\LMS\\LMS.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\\Windows\\System32\\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\\System32\\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\\Windows\\system32\\lsass.exe (file missing)

O23 - Service: NitroPDFDriverCreatorReadSpool8 (NitroDriverReadSpool8) - Nitro PDF Software - C:\\Program Files\\Common Files\\Nitro\\Pro\\8.0\\NitroPDFDriverService8x64.exe

O23 - Service: Nalpeiron Licensing Service (nlsX86cc) - Nalpeiron Ltd. - C:\\Windows\\SysWOW64\\NLSSRV32.EXE

O23 - Service: @%systemroot%\\system32\\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\\Windows\\system32\\lsass.exe (file missing)

O23 - Service: @%systemroot%\\system32\\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\\Windows\\system32\\locator.exe (file missing)

O23 - Service: @%SystemRoot%\\system32\\samsrv.dll,-1 (SamSs) - Unknown owner - C:\\Windows\\system32\\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\\system32\\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\\Windows\\System32\\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\\system32\\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\\Windows\\System32\\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\\system32\\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\\Windows\\system32\\sppsvc.exe (file missing)

O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\\Program Files (x86)\\NVIDIA Corporation\\3D Vision\\nvSCPAPISvr.exe

O23 - Service: UDisk Monitor - Unknown owner - C:\\Program Files\\EVDO BROADBAND PTCL\\bin\\MonServiceUDisk64.exe

O23 - Service: @%SystemRoot%\\system32\\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\\Windows\\system32\\UI0Detect.exe (file missing)

O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\\Program Files (x86)\\Intel\\Intel(R) Management Engine Components\\UNS\\UNS.exe

O23 - Service: @%SystemRoot%\\system32\\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\\Windows\\system32\\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\\system32\\vds.exe,-100 (vds) - Unknown owner - C:\\Windows\\System32\\vds.exe (file missing)

O23 - Service: VIVA Broadband. OUC (VIVA Broadband. RunOuc) - Unknown owner - C:\\Program Files (x86)\\VIVA Broadband\\UpdateDog\\ouc.exe (file missing)

O23 - Service: @%systemroot%\\system32\\vssvc.exe,-102 (VSS) - Unknown owner - C:\\Windows\\system32\\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\\system32\\Wat\\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\\Windows\\system32\\Wat\\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\\system32\\wbengine.exe,-104 (wbengine) - Unknown owner - C:\\Windows\\system32\\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\\system32\\wbem\\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\\Windows\\system32\\wbem\\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\\Windows Media Player\\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\\Program Files (x86)\\Windows Media Player\\wmpnetwk.exe (file missing)

--

End of file - 13996 bytes

faraz · « **Reply #1 on:** July 24, 2013, 09:59:47 AM »

OTL logfile created on: 24/Jul/13 7:40:59 PM - Run 2

OTL by OldTimer - Version 3.2.69.0 Folder = C:\\Users\\Faraz\\Desktop

64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd/MMM/yy

3.91 Gb Total Physical Memory | 1.72 Gb Available Physical Memory | 43.98% Memory free

7.82 Gb Paging File | 5.44 Gb Available in Paging File | 69.65% Paging File free

Paging file location(s): ?:\\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\\Windows | %ProgramFiles% = C:\\Program Files (x86)

Drive C: | 48.73 Gb Total Space | 5.88 Gb Free Space | 12.06% Space Free | Partition Type: NTFS

Drive D: | 48.83 Gb Total Space | 2.43 Gb Free Space | 4.97% Space Free | Partition Type: NTFS

Drive E: | 368.10 Gb Total Space | 33.39 Gb Free Space | 9.07% Space Free | Partition Type: NTFS

Computer Name: SLAIN | User Name: Faraz | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 90 Days

========== Processes (SafeList) ==========

PRC - [2013/07/24 18:58:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\\Users\\Faraz\\Desktop\\OTL.exe

PRC - [2013/04/13 12:07:26 | 000,802,136 | ---- | M] (BitTorrent Inc.) -- C:\\Program Files (x86)\\uTorrent\\uTorrent.exe

PRC - [2013/01/14 14:41:14 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) -- C:\\Program Files (x86)\\Kaspersky Lab\\Kaspersky Anti-Virus 2013\\avp.exe

PRC - [2012/09/18 14:28:32 | 000,069,640 | ---- | M] (Nalpeiron Ltd.) -- C:\\Windows\\SysWOW64\\NLSSRV32.EXE

PRC - [2012/09/18 14:28:30 | 000,081,928 | ---- | M] (Nitro PDF) -- C:\\Program Files (x86)\\Nitro\\Pro 8\\NitroPDFThumbnailHelper.exe

PRC - [2012/08/17 21:38:34 | 000,128,440 | ---- | M] (Kaspersky Lab ZAO) -- C:\\Program Files (x86)\\Kaspersky Lab\\Kaspersky Anti-Virus 2013\\klwtblfs.exe

PRC - [2011/10/28 17:19:26 | 001,700,600 | ---- | M] (Comodo) -- C:\\Program Files (x86)\\Comodo\\Dragon\\dragon.exe

PRC - [2011/04/21 19:32:26 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\\Program Files (x86)\\NVIDIA Corporation\\3D Vision\\nvSCPAPISvr.exe

PRC - [2010/10/05 21:04:12 | 002,655,768 | ---- | M] (Intel Corporation) -- C:\\Program Files (x86)\\Intel\\Intel(R) Management Engine Components\\UNS\\UNS.exe

PRC - [2010/10/05 21:04:08 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\\Program Files (x86)\\Intel\\Intel(R) Management Engine Components\\LMS\\LMS.exe

PRC - [2007/02/10 07:29:54 | 029,178,224 | ---- | M] (Microsoft Corporation) -- C:\\Program Files (x86)\\MSSQL\\Primavera\\MSSQL.1\\MSSQL\\Binn\\sqlservr.exe

PRC - [2006/08/28 04:53:48 | 000,092,952 | ---- | M] (Microsoft Corporation) -- C:\\Program Files (x86)\\MSSQL\\Primavera\\MSSQL.1\\MSSQL\\Binn\\msftesql.exe

========== Modules (No Company Name) ==========

MOD - [2013/06/12 21:24:12 | 016,033,160 | ---- | M] () -- C:\\Windows\\SysWOW64\\Macromed\\Flash\\NPSWF32_11_7_700_224.dll

MOD - [2012/08/17 21:38:56 | 000,479,160 | ---- | M] () -- C:\\Program Files (x86)\\Kaspersky Lab\\Kaspersky Anti-Virus 2013\\dblite.dll

MOD - [2011/10/28 17:19:26 | 001,097,480 | ---- | M] () -- C:\\Program Files (x86)\\Comodo\\Dragon\\avcodec-53.dll

MOD - [2011/10/28 17:19:26 | 000,189,192 | ---- | M] () -- C:\\Program Files (x86)\\Comodo\\Dragon\\avformat-53.dll

MOD - [2011/10/28 17:19:26 | 000,121,608 | ---- | M] () -- C:\\Program Files (x86)\\Comodo\\Dragon\\avutil-51.dll

MOD - [2011/04/22 08:13:00 | 000,004,096 | ---- | M] () -- C:\\Program Files (x86)\\NVIDIA Corporation\\coprocmanager\\detoured.dll

========== Services (SafeList) ==========

SRV:64bit: - [2012/11/08 04:37:39 | 002,828,408 | ---- | M] (COMODO) [Auto | Running] -- C:\\Program Files\\COMODO\\COMODO Internet Security\\cmdagent.exe -- (cmdAgent)

SRV:64bit: - [2012/09/18 14:28:28 | 000,230,920 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\\Program Files\\Common Files\\Nitro\\Pro\\8.0\\NitroPDFDriverService8x64.exe -- (NitroDriverReadSpool8)

SRV:64bit: - [2011/11/23 15:27:10 | 001,267,000 | ---- | M] (COMODO) [Auto | Running] -- C:\\Program Files\\COMODO\\COMODO GeekBuddy\\CLPSLS.exe -- (CLPSLS)

SRV:64bit: - [2010/03/19 01:25:55 | 000,126,976 | ---- | M] (CrypKey (Canada) Ltd.) [Disabled | Stopped] -- C:\\Windows\\SysNative\\Crypserv.exe -- (CrypKey License)

SRV:64bit: - [2009/08/25 09:15:30 | 000,410,112 | ---- | M] () [Auto | Running] -- C:\\Program Files\\EVDO BROADBAND PTCL\\bin\\MonServiceUDisk64.exe -- (UDisk Monitor)

SRV:64bit: - [2009/07/14 06:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\\Program Files\\Windows Defender\\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2009/07/14 06:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\\Windows\\SysNative\\appmgmts.dll -- (AppMgmt)

SRV:64bit: - [2009/07/14 06:38:59 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\\Windows\\SysNative\\CISVC.EXE -- (CISVC)

SRV - [2013/06/21 06:11:32 | 000,078,512 | ---- | M] () [Disabled | Stopped] -- C:\\Program Files (x86)\\Hotspot Shield\\bin\\HssTrayService.exe -- (HssTrayService)

SRV - [2013/06/21 05:51:32 | 000,548,136 | ---- | M] () [Disabled | Stopped] -- C:\\Program Files (x86)\\Hotspot Shield\\bin\\hsswd.exe -- (HssWd)

SRV - [2013/06/12 21:24:16 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2013/02/28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\\Program Files (x86)\\Skype\\Updater\\Updater.exe -- (SkypeUpdate)

SRV - [2013/01/14 14:41:14 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\\Program Files (x86)\\Kaspersky Lab\\Kaspersky Anti-Virus 2013\\avp.exe -- (AVP)

SRV - [2012/09/18 14:28:32 | 000,069,640 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\\Windows\\SysWOW64\\NLSSRV32.EXE -- (nlsX86cc)

SRV - [2011/04/22 08:13:00 | 002,009,704 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\\Program Files (x86)\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe -- (nvUpdatusService)

SRV - [2011/04/21 19:32:26 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\\Program Files (x86)\\NVIDIA Corporation\\3D Vision\\nvSCPAPISvr.exe -- (Stereo Service)

SRV - [2011/03/14 20:27:34 | 000,346,976 | ---- | M] () [Disabled | Stopped] -- C:\\ProgramData\\DatacardService\\HWDeviceService64.exe -- (HWDeviceService64.exe)

SRV - [2010/12/17 14:46:48 | 000,053,920 | ---- | M] (Atheros Commnucations) [Disabled | Stopped] -- C:\\Program Files (x86)\\Dell Wireless\\Bluetooth Suite\\AdminService.exe -- (AtherosSvc)

SRV - [2010/11/03 12:01:34 | 000,983,104 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\\Program Files (x86)\\Intel\\Bluetooth\\obexsrv.exe -- (Bluetooth OBEX Service)

SRV - [2010/11/03 12:01:20 | 001,298,496 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\\Program Files (x86)\\Intel\\Bluetooth\\mediasrv.exe -- (Bluetooth Media Service)

SRV - [2010/11/03 11:53:28 | 000,897,088 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\\Program Files (x86)\\Intel\\Bluetooth\\devmonsrv.exe -- (Bluetooth Device Monitor)

SRV - [2010/10/05 21:04:12 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\\Program Files (x86)\\Intel\\Intel(R) Management Engine Components\\UNS\\UNS.exe -- (UNS)

SRV - [2010/10/05 21:04:08 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\\Program Files (x86)\\Intel\\Intel(R) Management Engine Components\\LMS\\LMS.exe -- (LMS)

SRV - [2010/10/01 11:49:08 | 000,151,552 | ---- | M] (Atheros) [Disabled | Stopped] -- C:\\Program Files (x86)\\Dell Wireless\\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent)

SRV - [2009/07/14 06:15:31 | 000,396,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\\Windows\\SysWOW64\\inetsrv\\iisw3adm.dll -- (WAS)

SRV - [2009/07/14 06:15:31 | 000,396,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\\Windows\\SysWOW64\\inetsrv\\iisw3adm.dll -- (W3SVC)

SRV - [2009/07/14 06:14:53 | 000,061,440 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\\Windows\\SysWOW64\\inetsrv\\apphostsvc.dll -- (AppHostSvc)

SRV - [2009/06/11 02:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2007/12/03 14:43:06 | 000,841,728 | ---- | M] () [Disabled | Stopped] -- C:\\Program Files (x86)\\Common Files\\Primavera Common\\BackgroundAgent\\PrmBackgroundAgent.exe -- (PrmBackAgent)

SRV - [2007/02/10 07:29:54 | 029,178,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\\Program Files (x86)\\MSSQL\\Primavera\\MSSQL.1\\MSSQL\\Binn\\sqlservr.exe -- (MSSQL$PRIMAVERA)

SRV - [2006/08/28 04:53:48 | 000,092,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\\Program Files (x86)\\MSSQL\\Primavera\\MSSQL.1\\MSSQL\\Binn\\msftesql.exe -- (msftesql$PRIMAVERA)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/07/14 22:10:42 | 000,178,448 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\\Windows\\SysNative\\drivers\\kneps.sys -- (kneps)

DRV:64bit: - [2013/07/14 22:10:38 | 000,054,368 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\\Windows\\SysNative\\drivers\\kltdi.sys -- (kltdi)

DRV:64bit: - [2013/07/14 22:10:03 | 000,620,128 | ---- | M] (Kaspersky Lab ZAO) [File_System | System | Running] -- C:\\Windows\\SysNative\\drivers\\klif.sys -- (KLIF)

DRV:64bit: - [2013/06/21 06:07:16 | 000,046,792 | ---- | M] (AnchorFree Inc.) [Kernel | System | Running] -- C:\\Windows\\SysNative\\drivers\\hssdrv6.sys -- (HssDRV6)

DRV:64bit: - [2013/04/25 00:28:08 | 000,042,184 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Running] -- C:\\Windows\\SysNative\\drivers\\taphss6.sys -- (taphss6)

DRV:64bit: - [2013/01/14 14:41:12 | 000,029,528 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\\Windows\\SysNative\\drivers\\klmouflt.sys -- (klmouflt)

DRV:64bit: - [2013/01/14 14:41:12 | 000,029,016 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\\Windows\\SysNative\\drivers\\klkbdflt.sys -- (klkbdflt)

DRV:64bit: - [2012/11/08 04:37:57 | 000,022,736 | ---- | M] (COMODO) [File_System | System | Running] -- C:\\Windows\\SysNative\\drivers\\cmderd.sys -- (cmderd)

DRV:64bit: - [2012/08/02 15:09:34 | 000,028,504 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\\Windows\\SysNative\\drivers\\klim6.sys -- (KLIM6)

DRV:64bit: - [2012/06/21 00:15:53 | 000,028,672 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\ew_juextctrl.sys -- (huawei_ext_ctrl)

DRV:64bit: - [2012/06/21 00:15:52 | 000,422,400 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\ewusbwwan.sys -- (ewusbmbb)

DRV:64bit: - [2012/06/21 00:15:52 | 000,223,232 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\ewusbmdm.sys -- (hwdatacard)

DRV:64bit: - [2012/06/21 00:15:52 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\ew_hwusbdev.sys -- (ew_hwusbdev)

DRV:64bit: - [2012/06/21 00:15:52 | 000,098,304 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\ew_jucdcacm.sys -- (huawei_cdcacm)

DRV:64bit: - [2012/06/21 00:15:52 | 000,087,040 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\\Windows\\SysNative\\drivers\\ew_jubusenum.sys -- (huawei_enumerator)

DRV:64bit: - [2012/06/21 00:15:52 | 000,072,192 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\ew_jucdcecm.sys -- (huawei_cdcecm)

DRV:64bit: - [2012/06/19 17:28:12 | 000,458,584 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\\Windows\\SysNative\\drivers\\kl1.sys -- (kl1)

DRV:64bit: - [2012/04/23 16:26:26 | 000,154,272 | ---- | M] (Tonec Inc.) [Kernel | Auto | Running] -- C:\\Windows\\SysNative\\drivers\\idmwfp.sys -- (IDMWFP)

DRV:64bit: - [2012/03/01 11:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\\Windows\\SysNative\\drivers\\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\\Windows\\SysNative\\drivers\\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2011/05/25 04:40:10 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\taphss.sys -- (taphss)

DRV:64bit: - [2011/05/13 00:28:46 | 000,363,856 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\\Windows\\SysNative\\drivers\\Apfiltr.sys -- (ApfiltrService)

DRV:64bit: - [2011/04/22 08:13:00 | 000,025,960 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\\Windows\\SysNative\\drivers\\nvpciflt.sys -- (nvpciflt)

DRV:64bit: - [2011/03/26 01:17:50 | 012,262,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\\Windows\\SysNative\\drivers\\igdkmd64.sys -- (igfx)

DRV:64bit: - [2011/03/11 11:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 11:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\\Windows\\SysNative\\drivers\\amdxata.sys -- (amdxata)

DRV:64bit: - [2011/03/03 21:29:20 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\nvhda64v.sys -- (NVHDA)

DRV:64bit: - [2010/12/17 14:47:10 | 000,275,616 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\btfilter.sys -- (BtFilter)

DRV:64bit: - [2010/12/17 14:47:08 | 000,201,376 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\btath_hcrp.sys -- (BTATH_HCRP)

DRV:64bit: - [2010/12/17 14:47:08 | 000,154,272 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\btath_rcp.sys -- (BTATH_RCP)

DRV:64bit: - [2010/12/17 14:47:08 | 000,055,456 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\btath_lwflt.sys -- (BTATH_LWFLT)

DRV:64bit: - [2010/12/17 14:47:08 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\btath_flt.sys -- (AthBTPort)

DRV:64bit: - [2010/12/17 14:47:08 | 000,028,832 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\\Windows\\SysNative\\drivers\\btath_bus.sys -- (BTATH_BUS)

DRV:64bit: - [2010/12/17 14:47:06 | 000,298,144 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\btath_a2dp.sys -- (BTATH_A2DP)

DRV:64bit: - [2010/12/10 13:50:36 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\\Windows\\SysNative\\drivers\\nusb3xhc.sys -- (nusb3xhc)

DRV:64bit: - [2010/12/10 13:50:36 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\\Windows\\SysNative\\drivers\\nusb3hub.sys -- (nusb3hub)

DRV:64bit: - [2010/11/24 11:33:26 | 002,673,664 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\\Windows\\SysNative\\drivers\\athrx.sys -- (athr)

DRV:64bit: - [2010/11/04 05:07:06 | 000,058,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\btmaux.sys -- (btmaux)

DRV:64bit: - [2010/10/19 23:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\\Windows\\SysNative\\drivers\\HECIx64.sys -- (MEIx64)

DRV:64bit: - [2010/05/27 06:30:00 | 001,121,632 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\netr28ux.sys -- (netr28ux)

DRV:64bit: - [2010/03/19 04:11:09 | 000,030,272 | ---- | M] () [Kernel | System | Running] -- C:\\Windows\\SysNative\\Ckldrv.sys -- (NetworkX)

DRV:64bit: - [2009/12/23 19:33:48 | 000,118,360 | ---- | M] (FarStone Inc.) [Kernel | Boot | Running] -- C:\\Windows\\SysNative\\drivers\\FVXSCSI.SYS -- (FVXSCSI)

DRV:64bit: - [2009/07/21 16:04:16 | 000,119,168 | ---- | M] (ZTEMT Incorporated) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\CT_ZTEMT_U_USBSER.sys -- (ztemtusbser)

DRV:64bit: - [2009/07/14 06:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/14 06:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/14 06:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2009/07/14 06:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/07/14 05:06:32 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\usbser.sys -- (usbser)

DRV:64bit: - [2009/06/11 01:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/11 01:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/11 01:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/11 01:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/02/09 10:38:44 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\usbser_lowerfltx64j.sys -- (UsbserFilt)

DRV:64bit: - [2009/02/09 10:38:34 | 000,018,944 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\ccdcmbx64.sys -- (nmwcdx64)

DRV:64bit: - [2009/02/09 10:38:34 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\usbser_lowerfltx64.sys -- (upperdev)

DRV:64bit: - [2009/02/09 10:38:32 | 000,025,088 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\ccdcmbox64.sys -- (nmwcdcx64)

DRV:64bit: - [2008/10/29 10:47:02 | 000,024,592 | ---- | M] (FarStone Inc.) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\FCDABUS.SYS -- (fcdabus)

DRV:64bit: - [2008/05/06 18:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\wdcsam64.sys -- (WDC_SAM)

DRV - [2009/07/14 06:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\\Windows\\SysWOW64\\drivers\\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,Start Page = about:blank

IE:64bit: - HKLM\\..\\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\\..\\SearchScopes\\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: \"URL\" = http://www.bing.com/search?q=\'>http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,Local Page = C:\\Windows\\SysWOW64\\blank.htm

IE - HKLM\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,Start Page = about:blank

IE - HKLM\\..\\URLSearchHook: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\\Program Files (x86)\\Hotspot_Shield\\prxtbHot2.dll (Conduit Ltd.)

IE - HKLM\\..\\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}

IE - HKLM\\..\\SearchScopes\\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: \"URL\" = http://www.bing.com/search?q=\'>http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\\..\\SearchScopes\\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: \"URL\" = http://search.conduit.com/ResultsExt.aspx?q=\'>http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3080215

IE - HKLM\\..\\SearchScopes\\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: \"URL\" = http://websearch.searchdwebs.info/?l=1&q=\'>http://websearch.searchdwebs.info/?l=1&q={searchTerms}&pid=914&r=2013/07/01&hid=3788853739&lg=EN&cc=PK&unqvl=22

IE - HKLM\\..\\SearchScopes\\{d3f22a84-2a84-49eb-91e6-5dadaaf0165d}: \"URL\" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=GRxdm487YYpk&ptnrS=GRxdm487YYpk&ptb=3441ED52-4C0A-496E-A90E-9AA1CA0EDFEB&ind=2012090111&n=77ee0eff&psa=&st=sb&searchfor=\'>http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=GRxdm487YYpk&ptnrS=GRxdm487YYpk&ptb=3441ED52-4C0A-496E-A90E-9AA1CA0EDFEB&ind=2012090111&n=77ee0eff&psa=&st=sb&searchfor={searchTerms}

IE - HKCU\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,Start Page = about:blank

IE - HKCU\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,Start Page Redirect Cache = http://pk.msn.com/?C=PK\'>http://pk.msn.com/?C=PK

IE - HKCU\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,Start Page Redirect Cache AcceptLangs = en-us

IE - HKCU\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,Start Page Redirect Cache_TIMESTAMP = ED 44 0A 8A 56 41 CC 01 [binary data]

IE - HKCU\\..\\URLSearchHook: {08d6b0b4-c132-470d-a8e2-aa2e9c3851c9} - No CLSID value found

IE - HKCU\\..\\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found

IE - HKCU\\..\\URLSearchHook: {c34bfb11-eff0-4123-a7a5-79051ef24cf5} - No CLSID value found

IE - HKCU\\..\\URLSearchHook: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\\Program Files (x86)\\Hotspot_Shield\\prxtbHot2.dll (Conduit Ltd.)

IE - HKCU\\..\\URLSearchHook: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - SOFTWARE\\Classes\\CLSID\\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\\InprocServer32 File not found

IE - HKCU\\..\\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}

IE - HKCU\\..\\SearchScopes\\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: \"URL\" = http://www.bing.com/search?q=\'>http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKCU\\..\\SearchScopes\\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: \"URL\" = http://www2.delta-search.com/?q=\'>http://www2.delta-search.com/?q={searchTerms}&affID=121240&tt=gc_&babsrc=SP_ss&mntrId=64A300FFB4E1DD84

IE - HKCU\\..\\SearchScopes\\{7902DE1C-DFB2-426C-A5A1-F87FD90FBEEB}: \"URL\" = http://www.mysearchresults.com/search?c=3513&t=07&q=\'>http://www.mysearchresults.com/search?c=3513&t=07&q={searchTerms}

IE - HKCU\\..\\SearchScopes\\{8EEAC88A-079B-4b2c-80C1-7836F79EB40A}: \"URL\" = http://us.search.yahoo.com/search?p=\'>http://us.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo

IE - HKCU\\..\\SearchScopes\\{95B7759C-8C7F-4BF1-B163-73684A933233}: \"URL\" = http://isearch.avg.com/search?cid=\'>http://isearch.avg.com/search?cid={A63E2781-B870-42D9-82C8-A06075A35400}&mid=c81a7d7c81e747d0925b369700e81b25-db1903c4b38bb4be805b7f9e83a77cc34f33ade3&lang=en&ds=gm011&pr=sa&d=2012-04-26 23:17:58&v=11.0.0.9&sap=dsp&q={searchTerms}

IE - HKCU\\..\\SearchScopes\\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: \"URL\" = http://search.conduit.com/ResultsExt.aspx?q=\'>http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3080215

IE - HKCU\\..\\SearchScopes\\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: \"URL\" = http://websearch.searchdwebs.info/?l=1&q=\'>http://websearch.searchdwebs.info/?l=1&q={searchTerms}&pid=914&r=2013/07/01&hid=3788853739&lg=EN&cc=PK&unqvl=22

IE - HKCU\\..\\SearchScopes\\{c99fdc39-a1ae-4b24-8d71-e5274f8d7c54}: \"URL\" = http://search.hotspotshield.com/g/results.php?c=s&q=\'>http://search.hotspotshield.com/g/results.php?c=s&q={searchTerms}

IE - HKCU\\..\\SearchScopes\\{d3f22a84-2a84-49eb-91e6-5dadaaf0165d}: \"URL\" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=GRxdm487YYpk&ptnrS=GRxdm487YYpk&ptb=3441ED52-4C0A-496E-A90E-9AA1CA0EDFEB&ind=2012090111&n=77ee0eff&psa=&st=sb&searchfor=\'>http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=GRxdm487YYpk&ptnrS=GRxdm487YYpk&ptb=3441ED52-4C0A-496E-A90E-9AA1CA0EDFEB&ind=2012090111&n=77ee0eff&psa=&st=sb&searchfor={searchTerms}

IE - HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings: \"ProxyEnable\" = 0

IE - HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings: \"ProxyOverride\" = local

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}:6.0.37

FF - prefs.js..extensions.enabledAddons: [email protected]:1.0

FF - prefs.js..browser.search.order.1: \"WebSearch\"

FF - prefs.js..browser.search.defaulturl: \"http://websearch.searchdwebs.info/?pid=914&r=2013/07/01&hid=3788853739&lg=EN&cc=PK&unqvl=22&l=1&q=\'>http://websearch.searchdwebs.info/?pid=914&r=2013/07/01&hid=3788853739&lg=EN&cc=PK&unqvl=22&l=1&q=\"

FF - prefs.js..browser.search.order.1,S: S\", \"WebSearch\"

FF - prefs.js..browser.search.defaultenginename,S: S\", \"WebSearch\"

FF - prefs.js..browser.search.selectedEngine,S: S\", \"WebSearch\"

FF - prefs.js..browser.startup.homepage: \"http://us.yahoo.com?fr=fp-comodo\'>http://us.yahoo.com?fr=fp-comodo\"

FF - prefs.js..browser.search.defaultenginename: \"Yahoo\"

FF - prefs.js..keyword.URL: \"http://us.search.yahoo.com/search?fr=ytff-comodo&p=\'>http://us.search.yahoo.com/search?fr=ytff-comodo&p=\"

FF - prefs.js..browser.search.param.yahoo-fr: \"chrf-comodo\"

FF - prefs.js..browser.search.param.yahoo-fr-cjkt: \"chrf-comodo\"

FF - prefs.js..browser.search.selectedEngine: \"Yahoo\"

FF:64bit: - HKLM\\Software\\MozillaPlugins\\@adobe.com/FlashPlayer: C:\\Windows\\system32\\Macromed\\Flash\\NPSWF64_11_7_700_224.dll File not found

FF:64bit: - HKLM\\Software\\MozillaPlugins\\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\\Software\\MozillaPlugins\\@microsoft.com/OfficeAuthz,version=14.0: C:\\PROGRA~1\\MICROS~3\\Office14\\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\\Software\\MozillaPlugins\\@adobe.com/FlashPlayer: C:\\Windows\\SysWOW64\\Macromed\\Flash\\NPSWF32_11_7_700_224.dll ()

FF - HKLM\\Software\\MozillaPlugins\\@java.com/DTPlugin,version=10.21.2: C:\\Windows\\SysWOW64\\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\\Software\\MozillaPlugins\\@java.com/JavaPlugin: C:\\Program Files (x86)\\Java\\jre7\\bin\\plugin2\\npjp2.dll (Oracle Corporation)

FF - HKLM\\Software\\MozillaPlugins\\@java.com/JavaPlugin,version=10.21.2: C:\\Program Files (x86)\\Java\\jre7\\bin\\plugin2\\npjp2.dll (Oracle Corporation)

FF - HKLM\\Software\\MozillaPlugins\\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\\Program Files (x86)\\Yahoo!\\Shared\\npYState.dll (Yahoo! Inc.)

FF - HKLM\\Software\\MozillaPlugins\\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\\Software\\MozillaPlugins\\@microsoft.com/OfficeAuthz,version=14.0: C:\\PROGRA~2\\MICROS~3\\Office14\\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\\Software\\MozillaPlugins\\@microsoft.com/SharePoint,version=14.0: C:\\PROGRA~2\\MICROS~3\\Office14\\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\\Software\\MozillaPlugins\\@nitropdf.com/NitroPDF: C:\\Program Files (x86)\\Nitro\\Pro 8\\npnitromozilla.dll (Nitro PDF)

FF - HKLM\\Software\\MozillaPlugins\\@nvidia.com/3DVision: C:\\Program Files (x86)\\NVIDIA Corporation\\3D Vision\\npnv3dv.dll (NVIDIA Corporation)

FF - HKLM\\Software\\MozillaPlugins\\@nvidia.com/3DVisionStreaming: C:\\Program Files (x86)\\NVIDIA Corporation\\3D Vision\\npnv3dvstreaming.dll (NVIDIA Corporation)

FF - HKCU\\Software\\MozillaPlugins\\@Skype Limited.com/Facebook Video Calling Plugin: C:\\Users\\Faraz\\AppData\\Local\\Facebook\\Video\\Skype\\npFacebookVideoCalling.dll (Skype Limited)

FF - HKCU\\Software\\MozillaPlugins\\@tools.google.com/Google Update;version=3: C:\\Users\\Faraz\\AppData\\Local\\Google\\Update\\1.3.21.153\\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\\Software\\MozillaPlugins\\@tools.google.com/Google Update;version=9: C:\\Users\\Faraz\\AppData\\Local\\Google\\Update\\1.3.21.153\\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\\software\\mozilla\\Firefox\\Extensions\\\\[email protected]: C:\\Program Files (x86)\\Nokia\\Nokia PC Suite 7\\bkmrksync\\ [2011/07/29 16:13:30 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\\software\\mozilla\\Firefox\\Extensions\\\\[email protected]: C:\\Program Files (x86)\\Kaspersky Lab\\Kaspersky Anti-Virus 2013\\FFExt\\[email protected] [2013/07/14 22:10:50 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\\software\\mozilla\\Firefox\\Extensions\\\\[email protected]: C:\\Program Files (x86)\\Kaspersky Lab\\Kaspersky Anti-Virus 2013\\FFExt\\[email protected] [2013/07/14 22:10:49 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\\software\\mozilla\\Mozilla Firefox 11.0\\extensions\\\\Components: C:\\Program Files (x86)\\Mozilla Firefox\\components [2012/04/12 22:29:59 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\\software\\mozilla\\Mozilla Firefox 11.0\\extensions\\\\Plugins: C:\\Program Files (x86)\\Mozilla Firefox\\plugins

FF - HKEY_CURRENT_USER\\software\\mozilla\\Firefox\\Extensions\\\\[email protected]: C:\\Users\\Faraz\\AppData\\Roaming\\IDM\\idmmzcc5 [2013/06/26 07:05:30 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\\software\\mozilla\\SeaMonkey\\Extensions\\\\[email protected]: C:\\Users\\Faraz\\AppData\\Roaming\\IDM\\idmmzcc5 [2013/06/26 07:05:30 | 000,000,000 | ---D | M]

[2012/04/12 22:30:10 | 000,000,000 | ---D | M] (No name found) -- C:\\Users\\Faraz\\AppData\\Roaming\\mozilla\\Extensions

[2013/07/03 16:10:18 | 000,000,000 | ---D | M] (No name found) -- C:\\Users\\Faraz\\AppData\\Roaming\\mozilla\\Firefox\\Profiles\\3ajw8v5r.default\\extensions

[2013/05/07 12:34:31 | 000,000,000 | ---D | M] (SelectionLinks) -- C:\\Users\\Faraz\\AppData\\Roaming\\mozilla\\Firefox\\Profiles\\3ajw8v5r.default\\extensions\\{C92DDD27-768C-4E40-B655-740B017E698D}

[2013/07/01 22:41:30 | 000,000,000 | ---D | M] (No name found) -- C:\\Users\\Faraz\\AppData\\Roaming\\mozilla\\Firefox\\Profiles\\3ajw8v5r.default\\extensions\\staged

[2013/05/12 03:01:32 | 000,006,505 | ---- | M] () -- C:\\Users\\Faraz\\AppData\\Roaming\\mozilla\\firefox\\profiles\\3ajw8v5r.default\\searchplugins\\babylon.xml

[2013/05/12 03:02:06 | 000,001,294 | ---- | M] () -- C:\\Users\\Faraz\\AppData\\Roaming\\mozilla\\firefox\\profiles\\3ajw8v5r.default\\searchplugins\\delta.xml

[2013/07/01 21:18:32 | 000,000,637 | ---- | M] () -- C:\\Users\\Faraz\\AppData\\Roaming\\mozilla\\firefox\\profiles\\3ajw8v5r.default\\searchplugins\\WebSearch.xml

[2013/07/16 14:24:26 | 000,000,000 | ---D | M] (No name found) -- C:\\Program Files (x86)\\Mozilla Firefox\\extensions

[2012/08/03 02:47:40 | 000,000,000 | ---D | M] (Java Console) -- C:\\Program Files (x86)\\Mozilla Firefox\\extensions\\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}

[2012/09/03 20:41:54 | 000,000,000 | ---D | M] (Java Console) -- C:\\Program Files (x86)\\Mozilla Firefox\\extensions\\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}

[2012/04/26 23:00:15 | 000,000,000 | ---D | M] (Hotspot Shield Helper (Please allow this installation)) -- C:\\Program Files (x86)\\Mozilla Firefox\\extensions\\[email protected]

File not found (No name found) -- C:\\PROGRAM FILES (X86)\\MOZILLA FIREFOX\\EXTENSIONS\\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}

[2012/03/13 09:39:39 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\\Program Files (x86)\\mozilla firefox\\components\\browsercomps.dll

[2012/07/10 00:45:35 | 000,003,769 | ---- | M] () -- C:\\Program Files (x86)\\mozilla firefox\\searchplugins\\avg-secure-search.xml

[2012/03/13 09:38:32 | 000,002,252 | ---- | M] () -- C:\\Program Files (x86)\\mozilla firefox\\searchplugins\\bing.xml

[2012/03/13 09:38:32 | 000,002,040 | ---- | M] () -- C:\\Program Files (x86)\\mozilla firefox\\searchplugins\\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}

CHR - homepage: http://us.yahoo.com?fr=fpc-comodo\'>http://us.yahoo.com?fr=fpc-comodo

CHR - plugin: Shockwave Flash (Disabled) = C:\\Users\\Faraz\\AppData\\Local\\Google\\Chrome\\Application\\28.0.1500.72\\PepperFlash\\pepflashplayer.dll

CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\\Users\\Faraz\\AppData\\Local\\Google\\Chrome\\Application\\28.0.1500.72\\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\\Users\\Faraz\\AppData\\Local\\Google\\Chrome\\Application\\28.0.1500.72\\pdf.dll

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\\PROGRA~2\\MICROS~3\\Office14\\NPAUTHZ.DLL

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\\PROGRA~2\\MICROS~3\\Office14\\NPSPWRAP.DLL

CHR - plugin: Java(TM) Platform SE 7 U13 (Enabled) = C:\\Program Files (x86)\\Java\\jre7\\bin\\plugin2\\npjp2.dll

CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\\Program Files (x86)\\NVIDIA Corporation\\3D Vision\\npnv3dv.dll

CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\\Program Files (x86)\\NVIDIA Corporation\\3D Vision\\npnv3dvstreaming.dll

CHR - plugin: Nitro PDF Plug-In (Enabled) = C:\\Program Files (x86)\\Nitro PDF\\Reader 2\\npnitromozilla.dll

CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\\Program Files (x86)\\Real Alternative\\browser\\plugins\\nppl3260.dll

CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\\Program Files (x86)\\Real Alternative\\browser\\plugins\\nprpjplug.dll

CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\\Users\\Faraz\\AppData\\Local\\Facebook\\Video\\Skype\\npFacebookVideoCalling.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\\Windows\\SysWOW64\\Macromed\\Flash\\NPSWF32_11_6_602_180.dll

CHR - plugin: Java Deployment Toolkit 7.0.130.20 (Enabled) = C:\\Windows\\SysWOW64\\npDeployJava1.dll

CHR - Extension: TV = C:\\Users\\Faraz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\beobeededemalmllhkmnkinmfembdimh\\1.0.12_0\\

CHR - Extension: YouTube = C:\\Users\\Faraz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.6_0\\

CHR - Extension: Google Search = C:\\Users\\Faraz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\coobgpohoikkiipiblmjeljniedjpjpf\\0.0.0.20_0\\

CHR - Extension: Kaspersky URL Advisor = C:\\Users\\Faraz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\dchlnpcodkpfdpacogkljefecpegganj\\13.0.1.4190_0\\

CHR - Extension: ESPN Cricinfo = C:\\Users\\Faraz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\dlklinjgampohhihndkofhhaahoicoip\\1.0.0_0\\

CHR - Extension: Google+ = C:\\Users\\Faraz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\dlppkpafhbajpcmmoheippocdidnckmm\\1.2.0.418_0\\

CHR - Extension: ssafEE- saVae = C:\\Users\\Faraz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\epcacbllddpdcojcggmijaggcpambccj\\1\\

CHR - Extension: saafe saveo = C:\\Users\\Faraz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\hbhkimppigjgkknlpoohbcbfdhhbaeig\\1\\

CHR - Extension: Content Blocker = C:\\Users\\Faraz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\hghkgaeecgjhjkannahfamoehjmkjail\\13.0.1.4190_0\\

CHR - Extension: ESPN Cricinfo = C:\\Users\\Faraz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ijhlikjoigjegofbedmfmlcfkmhabldh\\1.8.4.1_0\\

CHR - Extension: Quran = C:\\Users\\Faraz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\iklmggidaneooheckcalppihpgfidbpe\\2_0\\

CHR - Extension: Virtual Keyboard = C:\\Users\\Faraz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\jagncdcchgajhfhijbbhecadmaiegcmh\\13.0.1.4292_0\\

CHR - Extension: ChatZum.com - Easy Pictures zoom = C:\\Users\\Faraz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\jbpcjmidkkgldeplajgnbpjkfpmpeepb\\1.0.9_0\\

CHR - Extension: Web Navigation = C:\\Users\\Faraz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\lkemddiljapcmhicklfpcbpfffahfbja\\1.0_0\\

CHR - Extension: Web Navigation = C:\\Users\\Faraz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\lkemddiljapcmhicklfpcbpfffahfbja\\1.0_0\\.bak

CHR - Extension: Gmail = C:\\Users\\Faraz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\7_1\\

O1 HOSTS File: ([2013/07/03 16:10:09 | 000,000,707 | ---- | M]) - C:\\Windows\\SysNative\\drivers\\etc\\hosts

O2:64bit: - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\\Users\\Faraz\\AppData\\Local\\Temp\\IDMIECC64.dll File not found

O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\\Program Files (x86)\\Kaspersky Lab\\Kaspersky Anti-Virus 2013\\x64\\IEExt\\ContentBlocker\\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)

O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\\Program Files (x86)\\Kaspersky Lab\\Kaspersky Anti-Virus 2013\\x64\\IEExt\\VirtualKeyboard\\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)

O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\\Program Files (x86)\\Kaspersky Lab\\Kaspersky Anti-Virus 2013\\x64\\IEExt\\UrlAdvisor\\klwtbbho.dll (Kaspersky Lab ZAO)

O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\\Program Files (x86)\\Hotspot Shield\\HssIE\\HssIE_64.dll (AnchorFree Inc.)

O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\\Users\\Faraz\\AppData\\Local\\Temp\\IDMIECC.dll File not found

O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\\Program Files (x86)\\ConduitEngine\\prxConduitEngin.dll File not found

O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\\Program Files (x86)\\Kaspersky Lab\\Kaspersky Anti-Virus 2013\\IEExt\\ContentBlocker\\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)

O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\\Program Files (x86)\\Kaspersky Lab\\Kaspersky Anti-Virus 2013\\IEExt\\VirtualKeyboard\\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\\Program Files (x86)\\Java\\jre7\\bin\\ssv.dll (Oracle Corporation)

O2 - BHO: (SelectionLinks) - {7825CFB6-490A-436B-9F26-4A7B5CFC01A9} - C:\\Program Files (x86)\\OApps\\SelectionLinks.dll File not found

O2 - BHO: (DefaultTab Browser Helper) - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\\Users\\Faraz\\AppData\\Roaming\\DefaultTab\\DefaultTab\\DefaultTabBHO.dll File not found

O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\\Program Files (x86)\\Dell Wireless\\Bluetooth Suite\\IEPlugIn.dll (Atheros Commnucations)

O2 - BHO: (ssafEE- saVae) - {98ED5451-2AA6-96DB-7012-46C7C9673C57} - C:\\ProgramData\\ssafEE- saVae\\51d19df9cfdfa.dll File not found

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\\Program Files (x86)\\Skype\\Toolbars\\Internet Explorer\\skypeieplugin.dll File not found

O2 - BHO: (QUICKfind BHO Object) - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\\PROGRA~2\\TEXTware\\QUICKF~1\\PlugIns\\IEHelp.dll File not found

O2 - BHO: (Hotspot Shield Toolbar) - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\\Program Files (x86)\\Hotspot_Shield\\prxtbHot2.dll (Conduit Ltd.)

O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\\Program Files (x86)\\Kaspersky Lab\\Kaspersky Anti-Virus 2013\\IEExt\\UrlAdvisor\\klwtbbho.dll (Kaspersky Lab ZAO)

O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\\Program Files (x86)\\Hotspot Shield\\HssIE\\HssIE.dll (AnchorFree Inc.)

O2 - BHO: (XBTBPos00 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\\Program Files (x86)\\ChatSend Toolbar\\tbunsgE75D.tmp\\tbcore3.dll File not found

O3 - HKLM\\..\\Toolbar: (ChatSend Toolbar) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\\Program Files (x86)\\ChatSend Toolbar\\tbunsgE75D.tmp\\tbcore3.dll File not found

O3 - HKLM\\..\\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\\Program Files (x86)\\ConduitEngine\\prxConduitEngin.dll File not found

O3 - HKLM\\..\\Toolbar: (Hotspot Shield Toolbar) - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\\Program Files (x86)\\Hotspot_Shield\\prxtbHot2.dll (Conduit Ltd.)

O3 - HKCU\\..\\Toolbar\\WebBrowser: (no name) - {08D6B0B4-C132-470D-A8E2-AA2E9C3851C9} - No CLSID value found.

O3 - HKCU\\..\\Toolbar\\WebBrowser: (ChatSend Toolbar) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\\Program Files (x86)\\ChatSend Toolbar\\tbunsgE75D.tmp\\tbcore3.dll File not found

O3 - HKCU\\..\\Toolbar\\WebBrowser: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\\Program Files (x86)\\ConduitEngine\\prxConduitEngin.dll ⠀砀㠀㘀⤀ File not found

O3 - HKCU\\..\\Toolbar\\WebBrowser: (Hotspot Shield Toolbar) - {C95A4E8E-816D-4655-8C79-D736DA1ADB6D} - C:\\Program Files (x86)\\Hotspot_Shield\\prxtbHot2.dll (Conduit Ltd.)

O4:64bit: - HKLM..\\Run: [COMODO Internet Security] C:\\Program Files\\COMODO\\COMODO Internet Security\\cfp.exe (COMODO)

O4:64bit: - HKLM..\\Run: [IgfxTray] C:\\Windows\\SysNative\\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\\Run: [NVHotkey] C:\\Windows\\SysNative\\nvHotkey.dll (NVIDIA Corporation)

O4:64bit: - HKLM..\\Run: [Persistence] C:\\Windows\\SysNative\\igfxpers.exe (Intel Corporation)

O4 - HKLM..\\Run: [AVP] C:\\Program Files (x86)\\Kaspersky Lab\\Kaspersky Anti-Virus 2013\\avp.exe (Kaspersky Lab ZAO)

O4 - HKCU..\\Run: [IDMan] C:\\Program Files (x86)\\Internet Download Manager\\IDMan.exe /onboot File not found

O4 - HKCU..\\Run: [uTorrent] C:\\Program Files (x86)\\uTorrent\\uTorrent.exe (BitTorrent Inc.)

O6 - HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\Explorer: NoActiveDesktop = 1

O6 - HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\Explorer: NoDriveTypeAutoRun = 60

O6 - HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\System: ConsentPromptBehaviorUser = 3

O7 - HKCU\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\Explorer: NoDriveTypeAutoRun = 145

O8:64bit: - Extra context menu item: Download all links with IDM - C:\\Users\\Faraz\\AppData\\Local\\Temp\\Rar$EX37.136\\Internet Download Manager v6.05.10\\crack\\IEGetAll.htm File not found

O8:64bit: - Extra context menu item: Download with IDM - C:\\Users\\Faraz\\AppData\\Local\\Temp\\Rar$EX37.136\\Internet Download Manager v6.05.10\\crack\\IEExt.htm File not found

O8:64bit: - Extra context menu item: QuickDefine - C:\\Program Files (x86)\\Common Files\\microsoft shared\\Reference Titles\\eddefine.htm ()

O8 - Extra context menu item: Download all links with IDM - C:\\Users\\Faraz\\AppData\\Local\\Temp\\Rar$EX37.136\\Internet Download Manager v6.05.10\\crack\\IEGetAll.htm File not found

O8 - Extra context menu item: Download with IDM - C:\\Users\\Faraz\\AppData\\Local\\Temp\\Rar$EX37.136\\Internet Download Manager v6.05.10\\crack\\IEExt.htm File not found

O8 - Extra context menu item: QuickDefine - C:\\Program Files (x86)\\Common Files\\microsoft shared\\Reference Titles\\eddefine.htm ()

O9:64bit: - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\\Program Files (x86)\\Kaspersky Lab\\Kaspersky Anti-Virus 2013\\x64\\IEExt\\VirtualKeyboard\\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)

O9:64bit: - Extra \'Tools\' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found

O9:64bit: - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\\Program Files (x86)\\Kaspersky Lab\\Kaspersky Anti-Virus 2013\\x64\\IEExt\\UrlAdvisor\\klwtbbho.dll (Kaspersky Lab ZAO)

O9 - Extra \'Tools\' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2iexp.dll ()

O9 - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\\Program Files (x86)\\Kaspersky Lab\\Kaspersky Anti-Virus 2013\\IEExt\\VirtualKeyboard\\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)

O9 - Extra Button: ChatSend Toolbar - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\\Program Files (x86)\\ChatSend Toolbar\\tbunsgE75D.tmp\\tbcore3.dll File not found

O9 - Extra \'Tools\' menuitem : ChatSend Toolbar - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\\Program Files (x86)\\ChatSend Toolbar\\tbunsgE75D.tmp\\tbcore3.dll File not found

O9 - Extra \'Tools\' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\\Program Files (x86)\\Dell Wireless\\Bluetooth Suite\\IEPlugIn.dll (Atheros Commnucations)

O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\\Program Files (x86)\\Skype\\Toolbars\\Internet Explorer\\skypeieplugin.dll File not found

O9 - Extra \'Tools\' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\\Program Files (x86)\\Skype\\Toolbars\\Internet Explorer\\skypeieplugin.dll File not found

O9 - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\\Program Files (x86)\\Kaspersky Lab\\Kaspersky Anti-Virus 2013\\IEExt\\UrlAdvisor\\klwtbbho.dll (Kaspersky Lab ZAO)

O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab\'>http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab\'>http://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab (Java Plug-in 10.21.2)

O16 - DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab\'>http://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab (Java Plug-in 1.7.0_21)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab\'>http://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab (Java Plug-in 1.7.0_21)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab\'>http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\\System\\CCS\\Services\\Tcpip\\Parameters: DhcpNameServer = 192.168.100.254

O17 - HKLM\\System\\CCS\\Services\\Tcpip\\Parameters\\Interfaces\\{50E85FEB-E007-45E8-A588-742A30D19941}: NameServer = 46.184.252.171 46.184.252.82

O17 - HKLM\\System\\CCS\\Services\\Tcpip\\Parameters\\Interfaces\\{60D8391B-FB23-4063-83BA-281FECD708AE}: DhcpNameServer = 192.168.1.1 192.168.1.1

O17 - HKLM\\System\\CCS\\Services\\Tcpip\\Parameters\\Interfaces\\{8C0BDDB9-9EE1-42AC-8A70-23BE28B8C50A}: DhcpNameServer = 192.168.100.254

O17 - HKLM\\System\\CCS\\Services\\Tcpip\\Parameters\\Interfaces\\{A267094A-40C3-47D3-8DAE-302A089FA963}: DhcpNameServer = 192.168.1.1 192.168.1.1

O17 - HKLM\\System\\CCS\\Services\\Tcpip\\Parameters\\Interfaces\\{B4E1DD84-082B-4E48-95F7-B9F21F406F24}: NameServer = 8.8.8.8

O17 - HKLM\\System\\CCS\\Services\\Tcpip\\Parameters\\Interfaces\\{D6CF1441-3187-48F4-915E-017B35738A78}: NameServer = 10.0.1.1 192.168.7.2

O17 - HKLM\\System\\CCS\\Services\\Tcpip\\Parameters\\Interfaces\\{DD41DE21-F7EB-4434-9DAB-E5924B4B42FB}: DhcpNameServer = 192.168.1.1 192.168.1.1

O18:64bit: - Protocol\\Handler\\ms-help - No CLSID value found

O18:64bit: - Protocol\\Handler\\skype4com - No CLSID value found

O18:64bit: - Protocol\\Handler\\skype-ie-addon-data - No CLSID value found

O18 - Protocol\\Handler\\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\\Program Files (x86)\\Common Files\\Skype\\Skype4COM.dll (Skype Technologies)

O18 - Protocol\\Handler\\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\\Program Files (x86)\\Skype\\Toolbars\\Internet Explorer\\skypeieplugin.dll File not found

O20:64bit: - AppInit_DLLs: (C:\\Windows\\system32\\nvinitx.dll) - C:\\Windows\\SysNative\\nvinitx.dll (NVIDIA Corporation)

O20:64bit: - AppInit_DLLs: (C:\\Windows\\system32\\guard64.dll) - C:\\Windows\\SysNative\\guard64.dll (COMODO)

O20 - AppInit_DLLs: (c:\\windows\\syswow64\\nvinit.dll) - c:\\Windows\\SysWOW64\\nvinit.dll (NVIDIA Corporation)

O20 - AppInit_DLLs: (C:\\Windows\\SysWOW64\\guard32.dll) - C:\\Windows\\SysWOW64\\guard32.dll (COMODO)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\\Windows\\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\\Windows\\system32\\userinit.exe) - C:\\Windows\\SysNative\\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\\Windows\\SysWow64\\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\\Windows\\SysWow64\\userinit.exe (Microsoft Corporation)

O20:64bit: - Winlogon\\Notify\\igfxcui: DllName - (igfxdev.dll) - C:\\Windows\\SysNative\\igfxdev.dll (Intel Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 0

O33 - MountPoints2\\{02c8fcea-4ca3-11e1-bef9-b0f753bc31d4}\\Shell - \"\" = AutoRun

O33 - MountPoints2\\{02c8fcea-4ca3-11e1-bef9-b0f753bc31d4}\\Shell\\AutoRun\\command - \"\" = G:\\AutoRun.exe

O33 - MountPoints2\\{33399f99-67c2-11e1-8d4c-a98bf1d84fd7}\\Shell - \"\" = AutoRun

O33 - MountPoints2\\{33399f99-67c2-11e1-8d4c-a98bf1d84fd7}\\Shell\\AutoRun\\command - \"\" = G:\\AutoRun.exe

O33 - MountPoints2\\{3c7c41a4-2031-11e1-b52f-ee78cfe267cc}\\Shell - \"\" = AutoRun

O33 - MountPoints2\\{3c7c41a4-2031-11e1-b52f-ee78cfe267cc}\\Shell\\AutoRun\\command - \"\" = G:\\AutoRun.exe

O33 - MountPoints2\\{3c7c41cd-2031-11e1-b52f-cfa96447c4ac}\\Shell - \"\" = AutoRun

O33 - MountPoints2\\{3c7c41cd-2031-11e1-b52f-cfa96447c4ac}\\Shell\\AutoRun\\command - \"\" = G:\\AutoRun.exe

O33 - MountPoints2\\{3c7c41fc-2031-11e1-b52f-cfa96447c4ac}\\Shell - \"\" = AutoRun

O33 - MountPoints2\\{3c7c41fc-2031-11e1-b52f-cfa96447c4ac}\\Shell\\AutoRun\\command - \"\" = G:\\AutoRun.exe

O33 - MountPoints2\\{4af26f6f-30a6-11e1-9b94-910f30baeed7}\\Shell - \"\" = AutoRun

O33 - MountPoints2\\{4af26f6f-30a6-11e1-9b94-910f30baeed7}\\Shell\\AutoRun\\command - \"\" = G:\\AutoRun.exe

O33 - MountPoints2\\{4af26f77-30a6-11e1-9b94-910f30baeed7}\\Shell - \"\" = AutoRun

O33 - MountPoints2\\{4af26f77-30a6-11e1-9b94-910f30baeed7}\\Shell\\AutoRun\\command - \"\" = G:\\AutoRun.exe

O33 - MountPoints2\\{6e1e4585-2fd1-11e2-a558-c0f8da9ce4fc}\\Shell - \"\" = AutoRun

O33 - MountPoints2\\{6e1e4585-2fd1-11e2-a558-c0f8da9ce4fc}\\Shell\\AutoRun\\command - \"\" = G:\\AutoRun.exe

O33 - MountPoints2\\{6e1e459a-2fd1-11e2-a558-c0f8da9ce4fc}\\Shell - \"\" = AutoRun

O33 - MountPoints2\\{6e1e459a-2fd1-11e2-a558-c0f8da9ce4fc}\\Shell\\AutoRun\\command - \"\" = G:\\AutoRun.exe

O33 - MountPoints2\\{6e1e45b1-2fd1-11e2-a558-c0f8da9ce4fc}\\Shell - \"\" = AutoRun

O33 - MountPoints2\\{6e1e45b1-2fd1-11e2-a558-c0f8da9ce4fc}\\Shell\\AutoRun\\command - \"\" = G:\\AutoRun.exe

O33 - MountPoints2\\{6e1e45c3-2fd1-11e2-a558-c0f8da9ce4fc}\\Shell - \"\" = AutoRun

O33 - MountPoints2\\{6e1e45c3-2fd1-11e2-a558-c0f8da9ce4fc}\\Shell\\AutoRun\\command - \"\" = G:\\AutoRun.exe

O33 - MountPoints2\\{73f29098-acba-11e1-b04f-bb72616340ba}\\Shell - \"\" = AutoRun

O33 - MountPoints2\\{73f29098-acba-11e1-b04f-bb72616340ba}\\Shell\\AutoRun\\command - \"\" = G:\\AutoRun.exe

O33 - MountPoints2\\{73f290a8-acba-11e1-b04f-bb72616340ba}\\Shell - \"\" = AutoRun

O33 - MountPoints2\\{73f290a8-acba-11e1-b04f-bb72616340ba}\\Shell\\AutoRun\\command - \"\" = G:\\AutoRun.exe

O33 - MountPoints2\\{73f290b2-acba-11e1-b04f-bb72616340ba}\\Shell - \"\" = AutoRun

O33 - MountPoints2\\{73f290b2-acba-11e1-b04f-bb72616340ba}\\Shell\\AutoRun\\command - \"\" = I:\\AutoRun.exe

O33 - MountPoints2\\{792b117a-79e6-11e2-8803-c0f8da9ce4fc}\\Shell - \"\" = AutoRun

O33 - MountPoints2\\{792b117a-79e6-11e2-8803-c0f8da9ce4fc}\\Shell\\AutoRun\\command - \"\" = G:\\AutoRun.exe

O33 - MountPoints2\\{7b2ec2e4-ccc5-11e0-a18e-001e101f50a4}\\Shell - \"\" = AutoRun

O33 - MountPoints2\\{7b2ec2e4-ccc5-11e0-a18e-001e101f50a4}\\Shell\\AutoRun\\command - \"\" = G:\\AutoRun.exe

O33 - MountPoints2\\{85dd8db7-99f3-11e2-9cf8-c0f8da9ce4fc}\\Shell - \"\" = AutoRun

O33 - MountPoints2\\{85dd8db7-99f3-11e2-9cf8-c0f8da9ce4fc}\\Shell\\AutoRun\\command - \"\" = G:\\Setup.exe /Auto

O33 - MountPoints2\\{86568119-c4b4-11e0-b905-001e101f24f1}\\Shell - \"\" = AutoRun

O33 - MountPoints2\\{86568119-c4b4-11e0-b905-001e101f24f1}\\Shell\\AutoRun\\command - \"\" = G:\\AutoRun.exe

O33 - MountPoints2\\{86568127-c4b4-11e0-b905-001e101f24f1}\\Shell - \"\" = AutoRun

O33 - MountPoints2\\{86568127-c4b4-11e0-b905-001e101f24f1}\\Shell\\AutoRun\\command - \"\" = G:\\AutoRun.exe

O33 - MountPoints2\\{b37abe37-0cab-11e1-8e39-f1be9be713a1}\\Shell - \"\" = AutoRun

O33 - MountPoints2\\{b37abe37-0cab-11e1-8e39-f1be9be713a1}\\Shell\\AutoRun\\command - \"\" = G:\\AutoRun.exe

O33 - MountPoints2\\{b37abe3e-0cab-11e1-8e39-f1be9be713a1}\\Shell - \"\" = AutoRun

O33 - MountPoints2\\{b37abe3e-0cab-11e1-8e39-f1be9be713a1}\\Shell\\AutoRun\\command - \"\" = G:\\AutoRun.exe

O33 - MountPoints2\\{b3999c83-9c5f-11e1-b456-e3fa1a8666c4}\\Shell - \"\" = AutoRun

O33 - MountPoints2\\{b3999c83-9c5f-11e1-b456-e3fa1a8666c4}\\Shell\\AutoRun\\command - \"\" = G:\\AutoRun.exe

O33 - MountPoints2\\{b78e385c-0a03-11e1-916b-95476b19059a}\\Shell - \"\" = AutoRun

O33 - MountPoints2\\{b78e385c-0a03-11e1-916b-95476b19059a}\\Shell\\AutoRun\\command - \"\" = G:\\AutoRun.exe

O33 - MountPoints2\\{b78e3869-0a03-11e1-916b-95476b19059a}\\Shell - \"\" = AutoRun

O33 - MountPoints2\\{b78e3869-0a03-11e1-916b-95476b19059a}\\Shell\\AutoRun\\command - \"\" = G:\\AutoRun.exe

O33 - MountPoints2\\{b78e3877-0a03-11e1-916b-95476b19059a}\\Shell - \"\" = AutoRun

O33 - MountPoints2\\{b78e3877-0a03-11e1-916b-95476b19059a}\\Shell\\AutoRun\\command - \"\" = G:\\AutoRun.exe

O33 - MountPoints2\\{c60b1d03-948a-11e1-b452-a9fb93de33a9}\\Shell - \"\" = AutoRun

O33 - MountPoints2\\{c60b1d03-948a-11e1-b452-a9fb93de33a9}\\Shell\\AutoRun\\command - \"\" = G:\\AutoRun.exe

O33 - MountPoints2\\{e453e644-42ec-11e1-ba57-dbe944af10d1}\\Shell - \"\" = AutoRun

O33 - MountPoints2\\{e453e644-42ec-11e1-ba57-dbe944af10d1}\\Shell\\AutoRun\\command - \"\" = G:\\AutoRun.exe

O33 - MountPoints2\\{e5e543a2-b458-11e0-8134-c0f8da9ce4fc}\\Shell - \"\" = AutoRun

O33 - MountPoints2\\{e5e543a2-b458-11e0-8134-c0f8da9ce4fc}\\Shell\\AutoRun\\command - \"\" = H:\\AutoRun.exe

O33 - MountPoints2\\{e5e543b7-b458-11e0-8134-c0f8da9ce4fc}\\Shell - \"\" = AutoRun

O33 - MountPoints2\\{e5e543b7-b458-11e0-8134-c0f8da9ce4fc}\\Shell\\AutoRun\\command - \"\" = G:\\AutoRun.exe

O33 - MountPoints2\\{e5e543d4-b458-11e0-8134-c0f8da9ce4fc}\\Shell - \"\" = AutoRun

O33 - MountPoints2\\{e5e543d4-b458-11e0-8134-c0f8da9ce4fc}\\Shell\\AutoRun\\command - \"\" = G:\\AutoRun.exe

O33 - MountPoints2\\{e98d437d-d555-11e0-8ea9-001e101f8ed0}\\Shell - \"\" = AutoRun

O33 - MountPoints2\\{e98d437d-d555-11e0-8ea9-001e101f8ed0}\\Shell\\AutoRun\\command - \"\" = G:\\AutoRun.exe

O33 - MountPoints2\\{e98d47ad-d555-11e0-8ea9-001e101f8ed0}\\Shell - \"\" = AutoRun

O33 - MountPoints2\\{e98d47ad-d555-11e0-8ea9-001e101f8ed0}\\Shell\\AutoRun\\command - \"\" = I:\\AutoRun.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\\..comfile [open] -- \"%1\" %*

O35:64bit: - HKLM\\..exefile [open] -- \"%1\" %*

O35 - HKLM\\..comfile [open] -- \"%1\" %*

O35 - HKLM\\..exefile [open] -- \"%1\" %*

O37:64bit: - HKLM\\...com [@ = comfile] -- \"%1\" %*

O37:64bit: - HKLM\\...exe [@ = exefile] -- \"%1\" %*

O37 - HKLM\\...com [@ = comfile] -- \"%1\" %*

O37 - HKLM\\...exe [@ = exefile] -- \"%1\" %*

O38 - SubSystems\\\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 90 Days ==========

[2013/07/24 19:03:10 | 000,000,000 | ---D | C] -- C:\\Program Files (x86)\\Trend Micro

[2013/07/24 19:03:10 | 000,000,000 | ---D | C] -- C:\\Users\\Faraz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\HiJackThis

[2013/07/24 18:58:10 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\\Users\\Faraz\\Desktop\\OTL.exe

[2013/07/21 00:18:49 | 000,000,000 | ---D | C] -- C:\\Pr

News:

Author Topic: System is popping up continously infected with Trojan Gamethief.Win32. (Read 7268 times)