API tools faq
paste
hackopz

OTL

hackopz
Mar 17th, 2012
131
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 71.00 KB | None | 0 0
raw download clone embed print report
  1. OTL logfile created on: 3/18/2012 12:15:28 AM - Run 1
  2. OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\faisal\Downloads\Programs
  3. 64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
  4. Internet Explorer (Version = 8.0.7600.16385)
  5. Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
  6.  
  7. 1.74 Gb Total Physical Memory | 0.47 Gb Available Physical Memory | 27.15% Memory free
  8. 3.48 Gb Paging File | 1.62 Gb Available in Paging File | 46.40% Paging File free
  9. Paging file location(s): ?:\pagefile.sys [binary data]
  10.  
  11. %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
  12. Drive C: | 48.83 Gb Total Space | 10.28 Gb Free Space | 21.05% Space Free | Partition Type: NTFS
  13. Drive D: | 97.66 Gb Total Space | 85.63 Gb Free Space | 87.68% Space Free | Partition Type: NTFS
  14. Drive E: | 97.66 Gb Total Space | 82.82 Gb Free Space | 84.80% Space Free | Partition Type: NTFS
  15. Drive F: | 97.66 Gb Total Space | 94.19 Gb Free Space | 96.44% Space Free | Partition Type: NTFS
  16. Drive G: | 123.93 Gb Total Space | 104.63 Gb Free Space | 84.43% Space Free | Partition Type: NTFS
  17.  
  18. Computer Name: FAZAL-PC | User Name: faisal | Logged in as Administrator.
  19. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
  20. Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
  21.  
  22. [color=#E56717]========== Processes (SafeList) ==========[/color]
  23.  
  24. PRC - [2012/03/18 00:11:36 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\faisal\Downloads\Programs\OTL.exe
  25. PRC - [2012/03/18 00:03:34 | 001,819,482 | ---- | M] (Faronics Corporation) -- C:\Program Files (x86)\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe
  26. PRC - [2012/03/17 18:54:00 | 000,144,122 | ---- | M] (The tale ofHyboria on a quest to avenge the murder of his father and the slaughter) -- C:\Windows\WinUpdaterstd\svchost.exe
  27. PRC - [2012/01/19 17:47:20 | 003,027,840 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
  28. PRC - [2012/01/19 17:47:19 | 011,171,712 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
  29. PRC - [2012/01/19 17:26:19 | 000,116,608 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe
  30. PRC - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- D:\Malwarebytes' Anti-Malware\mbamservice.exe
  31. PRC - [2012/01/13 12:44:19 | 003,417,496 | ---- | M] (Tonec Inc.) -- D:\Internet Download Manager\IDMan.exe
  32. PRC - [2012/01/07 07:45:28 | 000,660,296 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\openvpntray.exe
  33. PRC - [2012/01/07 00:36:14 | 000,331,608 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
  34. PRC - [2012/01/05 05:02:02 | 000,329,544 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
  35. PRC - [2012/01/05 05:01:58 | 000,363,336 | ---- | M] (AnchorFree Inc.) -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
  36. PRC - [2012/01/04 12:42:50 | 000,265,928 | ---- | M] (SpeedBit Ltd.) -- C:\Program Files (x86)\SpeedBit Video Accelerator\VideoAcceleratorService.exe
  37. PRC - [2011/12/08 17:26:33 | 000,057,000 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\F-Secure\ORSP Client\fsorsp.exe
  38. PRC - [2011/12/08 17:26:31 | 000,188,072 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\F-Secure\Common\FSMA32.EXE
  39. PRC - [2011/12/08 17:26:31 | 000,089,768 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\F-Secure\Common\FSHDLL32.EXE
  40. PRC - [2011/09/01 22:38:36 | 001,075,200 | ---- | M] (Faronics Corporation) -- C:\Program Files (x86)\Faronics\Deep Freeze\Install C-0\DFServ.exe
  41. PRC - [2011/07/31 00:33:26 | 004,505,600 | ---- | M] (PostgreSQL Global Development Group) -- D:\MetaSploit\postgresql\bin\postgres.exe
  42. PRC - [2011/07/31 00:33:26 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) -- D:\MetaSploit\postgresql\bin\pg_ctl.exe
  43. PRC - [2011/07/31 00:33:20 | 000,436,267 | ---- | M] (http://www.ruby-lang.org/) -- D:\MetaSploit\ruby\bin\rubyw.exe
  44. PRC - [2011/05/20 09:16:20 | 000,269,312 | ---- | M] () -- C:\Program Files\Zoom\C+WEject.exe
  45. PRC - [2010/10/03 18:22:46 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Banglalion WiMAX CM\cm\ssax226.exe
  46. PRC - [2010/05/25 20:28:58 | 000,263,600 | ---- | M] (Tonec Inc.) -- D:\Internet Download Manager\IEMonitor.exe
  47. PRC - [2010/05/08 17:48:36 | 000,229,376 | ---- | M] () -- C:\ProgramData\DatacardService\DCService.exe
  48. PRC - [2010/05/08 17:48:26 | 000,241,664 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DatacardService\DCSHelper.exe
  49. PRC - [2009/07/14 07:14:28 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\PING.EXE
  50. PRC - [2009/05/03 12:22:28 | 000,073,392 | ---- | M] (FSPro Labs) -- C:\Windows\SysWOW64\fsproflt.exe
  51.  
  52.  
  53. [color=#E56717]========== Modules (No Company Name) ==========[/color]
  54.  
  55. MOD - [2012/03/10 15:21:42 | 000,429,040 | ---- | M] () -- C:\Users\faisal\AppData\Local\Google\Chrome\Application\17.0.963.79\ppGoogleNaClPluginChrome.dll
  56. MOD - [2012/03/10 15:21:41 | 003,772,912 | ---- | M] () -- C:\Users\faisal\AppData\Local\Google\Chrome\Application\17.0.963.79\pdf.dll
  57. MOD - [2012/03/10 15:20:17 | 000,122,880 | ---- | M] () -- C:\Users\faisal\AppData\Local\Google\Chrome\Application\17.0.963.79\avutil-51.dll
  58. MOD - [2012/03/10 15:20:16 | 000,220,672 | ---- | M] () -- C:\Users\faisal\AppData\Local\Google\Chrome\Application\17.0.963.79\avformat-53.dll
  59. MOD - [2012/03/10 15:20:15 | 001,747,456 | ---- | M] () -- C:\Users\faisal\AppData\Local\Google\Chrome\Application\17.0.963.79\avcodec-53.dll
  60. MOD - [2012/01/07 07:45:28 | 000,660,296 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\openvpntray.exe
  61. MOD - [2012/01/07 00:38:08 | 000,009,544 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\lang\gui-eng.dll
  62. MOD - [2009/07/14 07:15:51 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\syswow64\mswsock.DLL
  63. MOD - [2009/07/14 07:15:51 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll
  64.  
  65.  
  66. [color=#E56717]========== Win32 Services (SafeList) ==========[/color]
  67.  
  68. SRV:[b]64bit:[/b] - [2011/12/19 18:59:00 | 002,779,416 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
  69. SRV:[b]64bit:[/b] - [2011/11/23 19:17:26 | 000,094,992 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
  70. SRV:[b]64bit:[/b] - [2011/11/23 16:27:10 | 001,267,000 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe -- (CLPSLS)
  71. SRV:[b]64bit:[/b] - [2011/05/20 09:16:20 | 000,269,312 | ---- | M] () [Auto | Running] -- C:\Program Files\Zoom\C+WEject.exe -- (CDROM_Detect)
  72. SRV:[b]64bit:[/b] - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
  73. SRV:[b]64bit:[/b] - [2009/07/14 07:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
  74. SRV:[b]64bit:[/b] - [2009/07/14 07:39:46 | 000,006,656 | ---- | M] (Oak Technology Inc.) [Auto | Running] -- C:\Windows\SysNative\mwspollserver.dll -- (tiumfwl)
  75. SRV - [2012/03/16 13:40:30 | 000,196,096 | ---- | M] (2q3wet Corporation) [Auto | Stopped] -- C:\Windows\SysWOW64\nluajvys.dll -- (cljrkgko)
  76. SRV - [2012/02/15 13:30:18 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
  77. SRV - [2012/01/19 17:47:20 | 003,027,840 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
  78. SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- D:\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
  79. SRV - [2012/01/07 00:39:12 | 000,077,520 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.exe -- (HssTrayService)
  80. SRV - [2012/01/07 00:36:14 | 000,331,608 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe -- (hshld)
  81. SRV - [2012/01/05 05:02:02 | 000,329,544 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -- (HssWd)
  82. SRV - [2012/01/05 05:01:58 | 000,363,336 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv)
  83. SRV - [2012/01/04 12:42:50 | 000,265,928 | ---- | M] (SpeedBit Ltd.) [Auto | Running] -- C:\Program Files (x86)\SpeedBit Video Accelerator\VideoAcceleratorService.exe -- (VideoAcceleratorService)
  84. SRV - [2011/12/08 17:26:33 | 000,057,000 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files (x86)\F-Secure\ORSP Client\fsorsp.exe -- (FSORSPClient)
  85. SRV - [2011/12/08 17:26:31 | 000,188,072 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files (x86)\F-Secure\Common\FSMA32.EXE -- (FSMA)
  86. SRV - [2011/11/08 00:57:48 | 000,077,944 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
  87. SRV - [2011/09/01 22:38:36 | 001,075,200 | ---- | M] (Faronics Corporation) [Auto | Running] -- C:\Program Files (x86)\Faronics\Deep Freeze\Install C-0\DFServ.exe -- (DFServ)
  88. SRV - [2011/07/31 00:33:26 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- D:\MetaSploit\postgresql\bin\pg_ctl.exe -- (metasploitPostgreSQL)
  89. SRV - [2011/07/31 00:33:20 | 000,436,267 | ---- | M] (http://www.ruby-lang.org/) [Auto | Running] -- D:\MetaSploit\ruby\bin\rubyw.exe -- (metasploitThin)
  90. SRV - [2011/07/31 00:33:20 | 000,436,267 | ---- | M] (http://www.ruby-lang.org/) [Auto | Running] -- D:\MetaSploit\ruby\bin\rubyw.exe -- (metasploitProSvc)
  91. SRV - [2010/10/03 18:22:46 | 000,061,440 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Banglalion WiMAX CM\cm\ssax226.exe -- (ssax226)
  92. SRV - [2010/05/08 17:48:36 | 000,229,376 | ---- | M] () [Auto | Running] -- C:\ProgramData\DatacardService\DCService.exe -- (DCService.exe)
  93. SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
  94. SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
  95. SRV - [2009/06/11 03:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
  96. SRV - [2009/05/03 12:22:28 | 000,073,392 | ---- | M] (FSPro Labs) [Auto | Running] -- C:\Windows\SysWOW64\fsproflt.exe -- (fsproflt)
  97. SRV - [2008/11/10 02:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
  98.  
  99.  
  100. [color=#E56717]========== Driver Services (SafeList) ==========[/color]
  101.  
  102. DRV:[b]64bit:[/b] - [2011/12/10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
  103. DRV:[b]64bit:[/b] - [2011/11/23 19:17:24 | 000,158,336 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
  104. DRV:[b]64bit:[/b] - [2011/11/04 12:37:00 | 000,146,736 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
  105. DRV:[b]64bit:[/b] - [2011/09/21 10:25:54 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
  106. DRV:[b]64bit:[/b] - [2011/09/01 22:47:58 | 000,234,520 | ---- | M] (Faronics Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\DeepFrz.sys -- (DeepFrz)
  107. DRV:[b]64bit:[/b] - [2011/07/06 21:14:42 | 000,145,008 | ---- | M] (Tonec Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\idmwfp.sys -- (IDMWFP)
  108. DRV:[b]64bit:[/b] - [2011/06/07 18:44:16 | 000,040,128 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
  109. DRV:[b]64bit:[/b] - [2011/06/02 11:47:22 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
  110. DRV:[b]64bit:[/b] - [2011/06/02 11:47:22 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
  111. DRV:[b]64bit:[/b] - [2011/06/02 11:47:22 | 000,146,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadserd.sys -- (ssadserd) SAMSUNG Android USB Diagnostic Serial Port (WDM)
  112. DRV:[b]64bit:[/b] - [2011/06/02 11:47:22 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
  113. DRV:[b]64bit:[/b] - [2011/05/25 05:40:12 | 000,056,832 | ---- | M] (AnchorFree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HssDrv.sys -- (HssDrv)
  114. DRV:[b]64bit:[/b] - [2011/05/25 05:40:10 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
  115. DRV:[b]64bit:[/b] - [2011/04/08 13:18:42 | 000,028,160 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\USB_MODEM_T.sys -- (UsbModemDriver)
  116. DRV:[b]64bit:[/b] - [2010/12/21 11:55:02 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
  117. DRV:[b]64bit:[/b] - [2010/12/20 12:44:42 | 000,020,552 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dgderdrv.sys -- (dgderdrv)
  118. DRV:[b]64bit:[/b] - [2010/12/20 12:42:04 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk)
  119. DRV:[b]64bit:[/b] - [2010/10/03 18:22:46 | 000,371,456 | ---- | M] (Beceem communications pvt ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\drxvi314_64.sys -- (bcm)
  120. DRV:[b]64bit:[/b] - [2010/10/03 18:22:46 | 000,059,904 | ---- | M] (Beceem communications pvt ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BcmBusCtr_64.sys -- (bcmbusctr)
  121. DRV:[b]64bit:[/b] - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
  122. DRV:[b]64bit:[/b] - [2010/07/06 09:10:10 | 000,406,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM)
  123. DRV:[b]64bit:[/b] - [2010/06/25 23:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
  124. DRV:[b]64bit:[/b] - [2010/06/15 13:16:52 | 002,313,064 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
  125. DRV:[b]64bit:[/b] - [2010/04/21 09:18:44 | 010,326,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
  126. DRV:[b]64bit:[/b] - [2010/04/09 15:24:32 | 000,076,288 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator)
  127. DRV:[b]64bit:[/b] - [2010/04/07 17:05:00 | 000,250,368 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet)
  128. DRV:[b]64bit:[/b] - [2010/03/25 10:08:46 | 000,120,704 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
  129. DRV:[b]64bit:[/b] - [2010/03/20 11:56:56 | 000,114,560 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
  130. DRV:[b]64bit:[/b] - [2009/11/05 11:50:56 | 000,044,544 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\USB_BusEnum_T.sys -- (USB_BusEnum_T)
  131. DRV:[b]64bit:[/b] - [2009/10/27 08:45:36 | 000,037,376 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\USB_WinMux_T.sys -- (USB_WinMux_T)
  132. DRV:[b]64bit:[/b] - [2009/09/17 10:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
  133. DRV:[b]64bit:[/b] - [2009/07/14 07:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
  134. DRV:[b]64bit:[/b] - [2009/07/14 07:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
  135. DRV:[b]64bit:[/b] - [2009/07/14 07:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
  136. DRV:[b]64bit:[/b] - [2009/07/14 07:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
  137. DRV:[b]64bit:[/b] - [2009/07/14 07:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
  138. DRV:[b]64bit:[/b] - [2009/07/14 07:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
  139. DRV:[b]64bit:[/b] - [2009/06/11 02:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
  140. DRV:[b]64bit:[/b] - [2009/06/11 02:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
  141. DRV:[b]64bit:[/b] - [2009/06/11 02:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
  142. DRV:[b]64bit:[/b] - [2009/06/11 02:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
  143. DRV:[b]64bit:[/b] - [2008/06/06 16:35:46 | 000,055,440 | ---- | M] (FSPro Labs) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\FSPFltd.sys -- (FSProFilter)
  144. DRV:[b]64bit:[/b] - [2008/05/30 20:25:32 | 000,021,760 | ---- | M] (Via Telecom, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\USB_ETS_T.sys -- (USB_ETS_T)
  145. DRV - [2010/12/20 12:42:04 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
  146. DRV - [2009/07/14 07:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
  147.  
  148.  
  149. [color=#E56717]========== Standard Registry (SafeList) ==========[/color]
  150.  
  151.  
  152. [color=#E56717]========== Internet Explorer ==========[/color]
  153.  
  154. IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
  155.  
  156. IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?AF=108602&tt=090212_noffx&babsrc=HP_ss&mntrId=0e83fb0400000000000000ff4c2299a3
  157. IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
  158. IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
  159. IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 12 B4 98 73 44 FB CB 01 [binary data]
  160. IE - HKCU\..\URLSearchHook: - No CLSID value found
  161. IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
  162. IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found
  163. IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
  164. IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 212.90.172.158:3128
  165.  
  166. [color=#E56717]========== FireFox ==========[/color]
  167.  
  168.  
  169.  
  170. FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
  171. FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
  172. FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
  173. FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
  174. FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
  175. FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
  176. FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
  177. FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
  178. FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
  179. FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
  180. FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
  181. FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
  182. FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
  183. FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
  184. FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
  185. FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
  186. FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
  187. FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\faisal\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
  188. FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\faisal\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
  189. FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\faisal\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
  190. FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\faisal\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
  191. FF - HKCU\Software\MozillaPlugins\@us-w1.rockmelt.com/RockMelt Update;version=8: C:\Users\faisal\AppData\Local\RockMelt\Update\1.2.189.1\npRockMeltOneClick8.dll (RockMelt Inc.)
  192.  
  193. FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/12/12 10:21:09 | 000,000,000 | ---D | M]
  194. FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: D:\New folder\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
  195. FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\F-Secure\NRS\[email protected]
  196. FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/02/21 13:46:55 | 000,000,000 | ---D | M]
  197. FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
  198. FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/01/31 00:00:39 | 000,000,000 | ---D | M]
  199. FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
  200. FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\faisal\AppData\Roaming\IDM\idmmzcc5 [2012/01/13 12:43:45 | 000,000,000 | ---D | M]
  201. FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Users\faisal\AppData\Roaming\IDM\idmmzcc5 [2012/01/13 12:43:45 | 000,000,000 | ---D | M]
  202.  
  203. [2012/02/21 13:47:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\faisal\AppData\Roaming\mozilla\Extensions
  204. [2012/03/01 19:38:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\faisal\AppData\Roaming\mozilla\Firefox\Profiles\qa60jgke.default\extensions
  205. [2012/03/01 19:38:31 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\faisal\AppData\Roaming\mozilla\Firefox\Profiles\qa60jgke.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
  206. [2012/02/21 13:46:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
  207. [2012/02/29 21:08:21 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
  208. [2011/10/05 23:58:16 | 000,000,000 | ---D | M] (Hotspot Shield Helper (Please allow this installation)) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
  209. [2012/02/16 20:40:42 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
  210. [2012/02/14 17:48:47 | 000,002,352 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
  211. [2012/02/16 16:42:53 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
  212. [2011/05/25 05:41:10 | 000,001,847 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\privatesearch.xml
  213. [2012/02/16 16:42:53 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
  214.  
  215. [color=#E56717]========== Chrome ==========[/color]
  216.  
  217. CHR - default_search_provider: Google (Enabled)
  218. CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
  219. CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
  220. CHR - plugin: Shockwave Flash (Disabled) = C:\Users\faisal\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
  221. CHR - plugin: Shockwave Flash (Enabled) = C:\Users\faisal\AppData\Local\Google\Chrome\Application\17.0.963.79\gcswf32.dll
  222. CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
  223. CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
  224. CHR - plugin: Native Client (Enabled) = C:\Users\faisal\AppData\Local\Google\Chrome\Application\17.0.963.79\ppGoogleNaClPluginChrome.dll
  225. CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\faisal\AppData\Local\Google\Chrome\Application\17.0.963.79\pdf.dll
  226. CHR - plugin: Screen Capture Plugin (Enabled) = C:\Users\faisal\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce\3.3.0_0\plugins/screen_capture.dll
  227. CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
  228. CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
  229. CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
  230. CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
  231. CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
  232. CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
  233. CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
  234. CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
  235. CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
  236. CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
  237. CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\faisal\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
  238. CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\faisal\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
  239. CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
  240. CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
  241. CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
  242. CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll
  243. CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
  244. CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
  245. CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
  246. CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll
  247. CHR - plugin: RealPlayer Version Plugin (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll
  248. CHR - plugin: Google Update (Enabled) = C:\Users\faisal\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
  249. CHR - plugin: RockMelt Update (Enabled) = C:\Users\faisal\AppData\Local\RockMelt\Update\1.2.189.1\npRockMeltOneClick8.dll
  250. CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll
  251. CHR - plugin: Default Plug-in (Enabled) = default_plugin
  252.  
  253. Hosts file not found
  254. O2:[b]64bit:[/b] - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
  255. O2:[b]64bit:[/b] - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll (AnchorFree Inc.)
  256. O2 - BHO: (no name) - {00000000-0000-0000-0000-000000000000} - c:\Windows\SysWOW64\nluajvys.dll (2q3wet Corporation)
  257. O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
  258. O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
  259. O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
  260. O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
  261. O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
  262. O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
  263. O2 - BHO: (no name) - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - No CLSID value found.
  264. O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
  265. O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
  266. O3 - HKLM\..\Toolbar: (no name) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - No CLSID value found.
  267. O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
  268. O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
  269. O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
  270. O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
  271. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
  272. O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
  273. O4:[b]64bit:[/b] - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
  274. O4 - HKCU..\Run: [Avro Keyboard] C:\Program Files (x86)\Avro Keyboard\Avro Keyboard.exe (OmicronLab)
  275. O4 - HKCU..\Run: [IDMan] D:\Internet Download Manager\IDMan.exe (Tonec Inc.)
  276. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
  277. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
  278. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: WinUpdaterstd = C:\Windows\WinUpdaterstd\svchost.exe (The tale ofHyboria on a quest to avenge the murder of his father and the slaughter)
  279. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
  280. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
  281. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
  282. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
  283. O8:[b]64bit:[/b] - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
  284. O8:[b]64bit:[/b] - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
  285. O8:[b]64bit:[/b] - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
  286. O8:[b]64bit:[/b] - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
  287. O8:[b]64bit:[/b] - Extra context menu item: Download all links with IDM - D:\Internet Download Manager\IEGetAll.htm ()
  288. O8:[b]64bit:[/b] - Extra context menu item: Download with IDM - D:\Internet Download Manager\IEExt.htm ()
  289. O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
  290. O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
  291. O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
  292. O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
  293. O8 - Extra context menu item: Download all links with IDM - D:\Internet Download Manager\IEGetAll.htm ()
  294. O8 - Extra context menu item: Download with IDM - D:\Internet Download Manager\IEExt.htm ()
  295. O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
  296. O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
  297. O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
  298. O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
  299. O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
  300. O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
  301. O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
  302. O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
  303. O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
  304. O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
  305. O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
  306. O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
  307. O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000011 - mmswsock.dll File not found
  308. O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\SpeedBit Video Accelerator\SBLSP.dll (SpeedBit)
  309. O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\SpeedBit Video Accelerator\SBLSP.dll (SpeedBit)
  310. O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\SpeedBit Video Accelerator\SBLSP.dll (SpeedBit)
  311. O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\SpeedBit Video Accelerator\SBLSP.dll (SpeedBit)
  312. O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\SpeedBit Video Accelerator\SBLSP.dll (SpeedBit)
  313. O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\SpeedBit Video Accelerator\SBLSP.dll (SpeedBit)
  314. O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\SpeedBit Video Accelerator\SBLSP.dll (SpeedBit)
  315. O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\SpeedBit Video Accelerator\SBLSP.dll (SpeedBit)
  316. O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
  317. O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
  318. O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
  319. O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
  320. O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
  321. O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
  322. O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
  323. O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
  324. O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
  325. O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
  326. O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
  327. O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files (x86)\SpeedBit Video Accelerator\SBLSP.dll (SpeedBit)
  328. O13[b]64bit:[/b] - gopher Prefix: missing
  329. O13 - gopher Prefix: missing
  330. O15 - HKCU\..Trusted Ranges: Range1979 ([http] in Trusted sites)
  331. O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
  332. O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
  333. O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
  334. O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
  335. O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0641B1EA-90C5-423C-A332-535C389C8BE7}: NameServer = 8.26.56.26,156.154.70.22
  336. O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{071330E7-EACB-4233-9CB8-B773AE381351}: NameServer = 8.26.56.26,156.154.70.22
  337. O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{48BF5340-E90D-4E3C-B1A7-57E31835E774}: DhcpNameServer = 192.168.1.1
  338. O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{48BF5340-E90D-4E3C-B1A7-57E31835E774}: NameServer = 8.26.56.26,156.154.70.22
  339. O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{95245E97-6EB7-486C-947D-95F20ECBB70D}: DhcpNameServer = 192.168.61.62 180.149.11.25
  340. O18:[b]64bit:[/b] - Protocol\Handler\grooveLocalGWS - No CLSID value found
  341. O18:[b]64bit:[/b] - Protocol\Handler\livecall - No CLSID value found
  342. O18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value found
  343. O18:[b]64bit:[/b] - Protocol\Handler\msnim - No CLSID value found
  344. O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value found
  345. O18:[b]64bit:[/b] - Protocol\Handler\skype-ie-addon-data - No CLSID value found
  346. O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml - No CLSID value found
  347. O18:[b]64bit:[/b] - Protocol\Handler\wlpg - No CLSID value found
  348. O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
  349. O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
  350. O20:[b]64bit:[/b] - AppInit_DLLs: (C:\Windows\system32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO)
  351. O20 - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) -C:\Windows\SysWOW64\guard32.dll (COMODO)
  352. O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
  353. O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
  354. O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Users\faisal\Documents\MSDCSC\msdcsc.exe) - File not found
  355. O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Users\faisal\Documents\MSDCSC\msdcsc.exe) - File not found
  356. O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Users\faisal\Documents\MSDCSC\msdcsc.exe) - File not found
  357. O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Users\faisal\Documents\MSDCSC\msdcsc.exe) - File not found
  358. O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
  359. O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) - File not found
  360. O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
  361. O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
  362. O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
  363. O20:[b]64bit:[/b] - Winlogon\Notify\DfLogon: DllName - (LogonDll.dll) - File not found
  364. O20:[b]64bit:[/b] - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
  365. O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
  366. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
  367. O32 - HKLM CDRom: AutoRun - 1
  368. O32 - AutoRun File - [2011/11/08 00:58:54 | 000,000,000 | ---D | M] - D:\AutoCAD 2007 -- [ NTFS ]
  369. O33 - MountPoints2\{18e16d40-803a-11e0-8a1b-001e101f3315}\Shell - "" = AutoRun
  370. O33 - MountPoints2\{18e16d40-803a-11e0-8a1b-001e101f3315}\Shell\AutoRun\command - "" = I:\AutoRun.exe
  371. O33 - MountPoints2\{2803afe9-ede9-11e0-a7eb-806e6f6e6963}\Shell - "" = AutoRun
  372. O33 - MountPoints2\{2803afe9-ede9-11e0-a7eb-806e6f6e6963}\Shell\AutoRun\command - "" = I:\AutoRun.exe
  373. O33 - MountPoints2\{2d8113f3-6a40-11e0-adb5-1c659dc26634}\Shell - "" = AutoRun
  374. O33 - MountPoints2\{2d8113f3-6a40-11e0-adb5-1c659dc26634}\Shell\AutoRun\command - "" = I:\AutoRun.exe
  375. O33 - MountPoints2\{3017286e-68dd-11e0-9480-1c659dc26634}\Shell - "" = AutoRun
  376. O33 - MountPoints2\{3017286e-68dd-11e0-9480-1c659dc26634}\Shell\AutoRun\command - "" = I:\AutoRun.exe
  377. O33 - MountPoints2\{42f183ba-35cf-11e1-9036-f5072dea145b}\Shell - "" = AutoRun
  378. O33 - MountPoints2\{42f183ba-35cf-11e1-9036-f5072dea145b}\Shell\AutoRun\command - "" = I:\AutoRun.exe
  379. O33 - MountPoints2\{6bc4e19f-6734-11e0-ba61-b43f31e32734}\Shell - "" = AutoRun
  380. O33 - MountPoints2\{6bc4e19f-6734-11e0-ba61-b43f31e32734}\Shell\AutoRun\command - "" = I:\Data\setup.exe
  381. O33 - MountPoints2\{77d5907d-67a0-11e0-8296-806e6f6e6963}\Shell - "" = AutoRun
  382. O33 - MountPoints2\{77d5907d-67a0-11e0-8296-806e6f6e6963}\Shell\AutoRun\command - "" = H:\EXTREMESOFT_AUTORUN.EXE
  383. O33 - MountPoints2\{79e02119-ee51-11e0-aff1-e975728fc592}\Shell - "" = AutoRun
  384. O33 - MountPoints2\{79e02119-ee51-11e0-aff1-e975728fc592}\Shell\AutoRun\command - "" = I:\AutoRun.exe
  385. O33 - MountPoints2\{7ab6dad5-80fd-11e0-9e75-806e6f6e6963}\Shell - "" = AutoRun
  386. O33 - MountPoints2\{7ab6dad5-80fd-11e0-9e75-806e6f6e6963}\Shell\AutoRun\command - "" = I:\AutoRun.exe
  387. O33 - MountPoints2\{7d879b68-68c5-11e0-b4bf-1c659dc26634}\Shell - "" = AutoRun
  388. O33 - MountPoints2\{7d879b68-68c5-11e0-b4bf-1c659dc26634}\Shell\AutoRun\command - "" = I:\AutoRun.exe
  389. O33 - MountPoints2\{899a73f7-eeb9-11e0-a0f4-e76a7f0454d3}\Shell - "" = AutoRun
  390. O33 - MountPoints2\{899a73f7-eeb9-11e0-a0f4-e76a7f0454d3}\Shell\AutoRun\command - "" = I:\AutoRun.exe
  391. O33 - MountPoints2\{9781d367-6aa9-11e0-b17b-1c659dc26634}\Shell - "" = AutoRun
  392. O33 - MountPoints2\{9781d367-6aa9-11e0-b17b-1c659dc26634}\Shell\AutoRun\command - "" = I:\AutoRun.exe
  393. O33 - MountPoints2\{ca6a9d1b-f351-11e0-8779-001e101f8924}\Shell - "" = AutoRun
  394. O33 - MountPoints2\{ca6a9d1b-f351-11e0-8779-001e101f8924}\Shell\AutoRun\command - "" = I:\Setup.exe
  395. O33 - MountPoints2\{da248f67-68a0-11e0-abff-1c659dc26634}\Shell - "" = AutoRun
  396. O33 - MountPoints2\{da248f67-68a0-11e0-abff-1c659dc26634}\Shell\AutoRun\command - "" = I:\AutoRun.exe
  397. O33 - MountPoints2\{e21fea8a-674d-11e0-b60e-1c659dc26634}\Shell - "" = AutoRun
  398. O33 - MountPoints2\{e21fea8a-674d-11e0-b60e-1c659dc26634}\Shell\AutoRun\command - "" = I:\AutoRun.exe
  399. O33 - MountPoints2\{e21fea99-674d-11e0-b60e-1c659dc26634}\Shell - "" = AutoRun
  400. O33 - MountPoints2\{e21fea99-674d-11e0-b60e-1c659dc26634}\Shell\AutoRun\command - "" = I:\AutoRun.exe
  401. O33 - MountPoints2\{e3648d8f-81bb-11e0-92f8-60eb69b43ec5}\Shell - "" = AutoRun
  402. O33 - MountPoints2\{e3648d8f-81bb-11e0-92f8-60eb69b43ec5}\Shell\AutoRun\command - "" = I:\AutoRun.exe
  403. O33 - MountPoints2\{f5673199-ecd6-11e0-b358-f341753ebd10}\Shell - "" = AutoRun
  404. O33 - MountPoints2\{f5673199-ecd6-11e0-b358-f341753ebd10}\Shell\AutoRun\command - "" = I:\AutoRun.exe
  405. O33 - MountPoints2\{f56731e8-ecd6-11e0-b358-f341753ebd10}\Shell - "" = AutoRun
  406. O33 - MountPoints2\{f56731e8-ecd6-11e0-b358-f341753ebd10}\Shell\AutoRun\command - "" = I:\AutoRun.exe
  407. O33 - MountPoints2\{f56731f4-ecd6-11e0-b358-f341753ebd10}\Shell - "" = AutoRun
  408. O33 - MountPoints2\{f56731f4-ecd6-11e0-b358-f341753ebd10}\Shell\AutoRun\command - "" = I:\AutoRun.exe
  409. O33 - MountPoints2\H\Shell - "" = AutoRun
  410. O33 - MountPoints2\H\Shell\AutoRun\command - "" = 0,
  411. O33 - MountPoints2\I\Shell - "" = AutoRun
  412. O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\AutoRun.exe
  413. O33 - MountPoints2\J\Shell - "" = AutoRun
  414. O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\AutoRun.exe
  415. O34 - HKLM BootExecute: (autocheck autochk /k:C /k:D /k:E /k:F /k:G *)
  416. O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
  417. O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
  418. O35 - HKLM\..comfile [open] -- "%1" %*
  419. O35 - HKLM\..exefile [open] -- "%1" %*
  420. O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
  421. O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
  422. O37 - HKLM\...com [@ = comfile] -- "%1" %*
  423. O37 - HKLM\...exe [@ = exefile] -- "%1" %*
  424.  
  425. NetSvcs:[b]64bit:[/b] tiumfwl - C:\Windows\SysNative\mwspollserver.dll (Oak Technology Inc.)
  426. NetSvcs:[b]64bit:[/b] AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
  427. NetSvcs: cljrkgko - C:\Windows\SysWOW64\nluajvys.dll (2q3wet Corporation)
  428.  
  429. Drivers32:[b]64bit:[/b] msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
  430. Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
  431. Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
  432.  
  433. CREATERESTOREPOINT
  434. Restore point Set: OTL Restore Point
  435.  
  436. [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
  437.  
  438. [2012/03/17 21:20:53 | 000,000,000 | ---D | C] -- C:\Users\faisal\Documents\MSDCSC
  439. [2012/03/17 18:54:31 | 000,000,000 | ---D | C] -- C:\Windows\WinUpdaterstd
  440. [2012/03/17 10:44:42 | 000,000,000 | ---D | C] -- C:\Windows\system64
  441. [2012/03/17 10:44:29 | 000,000,000 | ---D | C] -- C:\Users\faisal\AppData\Roaming\x3pp11x1fbetpquhl2zueiym1l1u3ds12
  442. [2012/03/16 13:40:30 | 000,196,096 | ---- | C] (2q3wet Corporation) -- C:\Windows\SysWow64\nluajvys.dll
  443. [2012/03/15 21:30:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Talk
  444. [2012/03/07 22:11:01 | 000,000,000 | ---D | C] -- C:\Users\faisal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RockMelt
  445. [2012/03/07 02:36:57 | 000,000,000 | ---D | C] -- C:\Users\faisal\AppData\Roaming\ApexDC++
  446. [2012/03/07 02:36:57 | 000,000,000 | ---D | C] -- C:\Users\faisal\AppData\Local\ApexDC++
  447. [2012/03/07 02:36:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ApexDC++ - The Pinnacle of File-Sharing
  448. [2012/03/07 02:36:43 | 000,000,000 | ---D | C] -- C:\Program Files\ApexDC++
  449. [2012/03/06 21:30:35 | 000,000,000 | ---D | C] -- C:\Users\faisal\AppData\Roaming\Luxand
  450. [2012/03/06 21:30:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Luxand
  451. [2012/03/06 21:30:19 | 007,942,144 | ---- | C] (Luxand, Inc.) -- C:\Windows\SysNative\LuxandBlinkLib11.dll
  452. [2012/03/06 21:30:18 | 007,942,144 | ---- | C] (Luxand, Inc.) -- C:\Windows\SysNative\LuxandBlinkLib1.dll
  453. [2012/03/06 21:30:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Luxand
  454. [2012/03/05 13:47:45 | 000,000,000 | ---D | C] -- C:\Users\faisal\AppData\Local\RockMelt
  455. [2012/03/04 12:02:54 | 000,000,000 | ---D | C] -- C:\Users\faisal\AppData\Local\Temporary Projects
  456. [2012/03/03 14:26:27 | 000,000,000 | ---D | C] -- C:\Users\faisal\AppData\Local\ElevatedDiagnostics
  457. [2012/03/01 19:38:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
  458. [2012/03/01 19:38:09 | 000,000,000 | ---D | C] -- C:\Users\faisal\AppData\Roaming\Yahoo!
  459. [2012/03/01 19:37:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger
  460. [2012/02/29 21:07:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
  461. [2012/02/29 21:07:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
  462. [2012/02/29 18:50:26 | 000,000,000 | ---D | C] -- C:\Users\faisal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Portforward.com
  463. [2012/02/29 18:50:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PFConfig
  464. [2012/02/28 13:57:41 | 000,000,000 | ---D | C] -- C:\ProgramData\NCH Software
  465. [2012/02/26 22:59:20 | 000,240,248 | ---- | C] (CACE Technologies) -- C:\Windows\wpcap.dll
  466. [2012/02/26 22:59:20 | 000,088,704 | ---- | C] (CACE Technologies) -- C:\Windows\Packet.dll
  467. [2012/02/26 22:59:20 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\SupportWimax
  468. [2012/02/26 22:59:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Banglalion WiMAX CM
  469. [2012/02/26 22:59:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Banglalion WiMAX CM
  470. [2012/02/22 12:46:52 | 000,000,000 | ---D | C] -- C:\Users\faisal\Documents\Cropper Captures
  471. [2012/02/21 13:47:00 | 000,000,000 | ---D | C] -- C:\Users\faisal\AppData\Roaming\Mozilla
  472. [2012/02/21 02:39:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Havij
  473. [2012/02/21 02:39:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Havij
  474. [2011/12/15 12:57:36 | 000,087,040 | ---- | C] (Microsoft) -- C:\Users\faisal\AppData\Roaming\fake ban.exe
  475. [2011/12/15 12:54:09 | 000,087,552 | ---- | C] (Microsoft) -- C:\Users\faisal\AppData\Roaming\ShareCash Downloader v2.0.exe
  476. [2011/11/08 01:07:30 | 000,431,616 | ---- | C] (Fatih Kodak) -- C:\Users\faisal\AppData\Roaming\Bat_To_Exe_Converter.exe
  477. [4 C:\*.tmp files -> C:\*.tmp -> ]
  478. [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
  479. [1 C:\Users\faisal\*.tmp files -> C:\Users\faisal\*.tmp -> ]
  480.  
  481. [color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
  482.  
  483. [2012/03/18 00:19:01 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\RockMeltUpdateTaskUserS-1-5-21-1657313265-4213748117-3170661344-1000UA.job
  484. [2012/03/18 00:09:20 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
  485. [2012/03/18 00:09:20 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
  486. [2012/03/18 00:04:22 | 000,000,000 | -HS- | M] () -- C:\Windows\SysNative\dds_trash_log.cmd
  487. [2012/03/18 00:03:22 | 000,000,326 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
  488. [2012/03/18 00:03:13 | 1402,060,800 | -HS- | M] () -- C:\hiberfil.sys
  489. [2012/03/17 23:35:01 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1657313265-4213748117-3170661344-1000UA.job
  490. [2012/03/17 21:19:09 | 000,001,256 | ---- | M] () -- C:\Users\faisal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
  491. [2012/03/17 20:51:41 | 000,000,436 | ---- | M] () -- C:\Windows\tasks\At1.job
  492. [2012/03/17 12:09:27 | 000,055,040 | ---- | M] () -- C:\Windows\SysWow64\hijhrecx.dat
  493. [2012/03/17 12:09:26 | 000,365,824 | ---- | M] () -- C:\Windows\SysWow64\zrgcbggi.dat
  494. [2012/03/17 12:09:26 | 000,136,960 | ---- | M] () -- C:\Windows\SysWow64\fsipxgzh.dat
  495. [2012/03/17 12:09:26 | 000,058,112 | ---- | M] () -- C:\Windows\SysWow64\znsshnud.dat
  496. [2012/03/17 12:09:26 | 000,041,216 | ---- | M] () -- C:\Windows\SysWow64\yhwdgdci.dat
  497. [2012/03/17 12:09:26 | 000,036,608 | ---- | M] () -- C:\Windows\SysWow64\zqbfrfob.dat
  498. [2012/03/17 12:09:26 | 000,034,048 | ---- | M] () -- C:\Windows\SysWow64\abljqwjn.dat
  499. [2012/03/17 11:45:45 | 000,154,368 | ---- | M] () -- C:\Windows\SysWow64\hehvcfti.dat
  500. [2012/03/17 10:44:23 | 000,212,992 | ---- | M] () -- C:\Users\faisal\zow.exe
  501. [2012/03/17 10:43:52 | 000,188,416 | RHS- | M] () -- C:\Users\faisal\yaofis.exe
  502. [2012/03/17 10:43:23 | 000,036,864 | ---- | M] () -- C:\Users\faisal\piutej.com
  503. [2012/03/16 20:19:01 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\RockMeltUpdateTaskUserS-1-5-21-1657313265-4213748117-3170661344-1000Core.job
  504. [2012/03/16 13:40:30 | 000,196,096 | ---- | M] (2q3wet Corporation) -- C:\Windows\SysWow64\nluajvys.dll
  505. [2012/03/15 11:27:50 | 000,002,279 | ---- | M] () -- C:\Users\faisal\Desktop\RockMelt.lnk
  506. [2012/03/14 06:50:30 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1657313265-4213748117-3170661344-1000Core.job
  507. [2012/03/12 18:53:28 | 000,880,622 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
  508. [2012/03/12 18:53:28 | 000,729,284 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
  509. [2012/03/12 18:53:28 | 000,151,434 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
  510. [2012/03/11 21:17:34 | 000,001,456 | ---- | M] () -- C:\Users\faisal\AppData\Local\Adobe Save for Web 12.0 Prefs
  511. [2012/03/09 00:08:20 | 000,541,300 | ---- | M] () -- C:\Users\faisal\Desktop\rulebook_english_jan11.pdf
  512. [2012/03/04 13:12:48 | 000,048,476 | ---- | M] () -- C:\Users\faisal\Desktop\sig2.png
  513. [2012/03/04 13:06:35 | 000,164,219 | ---- | M] () -- C:\Users\faisal\Desktop\sig1.png
  514. [2012/03/02 20:15:10 | 002,229,760 | ---- | M] () -- C:\Users\faisal\Desktop\DarkCometRAT Remover.exe
  515. [2012/03/01 19:37:18 | 000,001,125 | ---- | M] () -- C:\Users\faisal\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
  516. [2012/02/28 15:37:25 | 000,337,927 | ---- | M] () -- C:\Users\faisal\Desktop\Untitled-1.png
  517. [2012/02/21 23:09:05 | 000,039,008 | ---- | M] () -- C:\Users\faisal\Documents\Motion Shaft For Brandix.dwg
  518. [2012/02/21 21:36:51 | 000,002,045 | ---- | M] () -- C:\Users\faisal\Desktop\Junk remover.bat
  519. [2012/02/21 13:46:57 | 000,001,094 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
  520. [2012/02/17 03:29:42 | 000,035,257 | ---- | M] () -- C:\PHPJackal.asp
  521. [2012/02/17 03:16:15 | 000,098,168 | ---- | M] () -- C:\PHPJackal.php
  522. [2012/02/17 02:27:37 | 000,074,290 | ---- | M] () -- C:\404.jpg.php
  523. [4 C:\*.tmp files -> C:\*.tmp -> ]
  524. [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
  525. [1 C:\Users\faisal\*.tmp files -> C:\Users\faisal\*.tmp -> ]
  526.  
  527. [color=#E56717]========== Files Created - No Company Name ==========[/color]
  528.  
  529. [2012/03/17 21:28:21 | 002,229,760 | ---- | C] () -- C:\Users\faisal\Desktop\DarkCometRAT Remover.exe
  530. [2012/03/17 21:19:09 | 000,001,256 | ---- | C] () -- C:\Users\faisal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
  531. [2012/03/17 12:09:27 | 000,055,040 | ---- | C] () -- C:\Windows\SysWow64\hijhrecx.dat
  532. [2012/03/17 12:09:26 | 000,365,824 | ---- | C] () -- C:\Windows\SysWow64\zrgcbggi.dat
  533. [2012/03/17 12:09:26 | 000,136,960 | ---- | C] () -- C:\Windows\SysWow64\fsipxgzh.dat
  534. [2012/03/17 12:09:26 | 000,058,112 | ---- | C] () -- C:\Windows\SysWow64\znsshnud.dat
  535. [2012/03/17 12:09:26 | 000,041,216 | ---- | C] () -- C:\Windows\SysWow64\yhwdgdci.dat
  536. [2012/03/17 12:09:26 | 000,036,608 | ---- | C] () -- C:\Windows\SysWow64\zqbfrfob.dat
  537. [2012/03/17 12:09:26 | 000,034,048 | ---- | C] () -- C:\Windows\SysWow64\abljqwjn.dat
  538. [2012/03/17 11:45:45 | 000,154,368 | ---- | C] () -- C:\Windows\SysWow64\hehvcfti.dat
  539. [2012/03/17 10:56:38 | 000,000,436 | ---- | C] () -- C:\Windows\tasks\At1.job
  540. [2012/03/17 10:46:11 | 000,000,000 | -HS- | C] () -- C:\Windows\SysNative\dds_trash_log.cmd
  541. [2012/03/17 10:44:23 | 000,212,992 | ---- | C] () -- C:\Users\faisal\zow.exe
  542. [2012/03/17 10:43:52 | 000,188,416 | RHS- | C] () -- C:\Users\faisal\yaofis.exe
  543. [2012/03/17 10:43:23 | 000,036,864 | ---- | C] () -- C:\Users\faisal\piutej.com
  544. [2012/03/09 01:36:59 | 000,541,300 | ---- | C] () -- C:\Users\faisal\Desktop\rulebook_english_jan11.pdf
  545. [2012/03/07 22:20:03 | 000,002,279 | ---- | C] () -- C:\Users\faisal\Desktop\RockMelt.lnk
  546. [2012/03/07 20:14:33 | 000,000,932 | ---- | C] () -- C:\Windows\tasks\RockMeltUpdateTaskUserS-1-5-21-1657313265-4213748117-3170661344-1000UA.job
  547. [2012/03/07 20:14:30 | 000,000,880 | ---- | C] () -- C:\Windows\tasks\RockMeltUpdateTaskUserS-1-5-21-1657313265-4213748117-3170661344-1000Core.job
  548. [2012/03/06 21:30:19 | 001,042,944 | ---- | C] () -- C:\Windows\SysNative\LuxandCredentialProvider.dll
  549. [2012/03/06 21:30:16 | 000,883,712 | ---- | C] () -- C:\Windows\SysNative\LuxandBlink.dll
  550. [2012/03/04 13:12:47 | 000,048,476 | ---- | C] () -- C:\Users\faisal\Desktop\sig2.png
  551. [2012/03/04 13:06:34 | 000,164,219 | ---- | C] () -- C:\Users\faisal\Desktop\sig1.png
  552. [2012/03/01 19:37:18 | 000,001,125 | ---- | C] () -- C:\Users\faisal\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
  553. [2012/02/28 15:37:15 | 000,337,927 | ---- | C] () -- C:\Users\faisal\Desktop\Untitled-1.png
  554. [2012/02/26 22:59:23 | 001,880,104 | ---- | C] () -- C:\Windows\SysNative\drivers\macxvi200.bin
  555. [2012/02/26 22:59:23 | 000,000,144 | ---- | C] () -- C:\Windows\SysNative\drivers\macxvi.cfg
  556. [2012/02/21 23:03:56 | 000,039,008 | ---- | C] () -- C:\Users\faisal\Documents\Motion Shaft For Brandix.dwg
  557. [2012/02/21 13:46:57 | 000,001,106 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
  558. [2012/02/21 13:46:57 | 000,001,094 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
  559. [2012/02/17 03:29:42 | 000,035,257 | ---- | C] () -- C:\PHPJackal.asp
  560. [2012/02/17 03:16:15 | 000,098,168 | ---- | C] () -- C:\PHPJackal.php
  561. [2012/02/17 02:27:36 | 000,074,290 | ---- | C] () -- C:\404.jpg.php
  562. [2012/02/17 02:14:34 | 000,087,075 | ---- | C] () -- C:\Ani-Shell.php
  563. [2012/01/23 16:58:42 | 000,901,120 | ---- | C] () -- C:\Windows\SysWow64\ctocr32.dll
  564. [2012/01/23 16:58:42 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\ctocrc32.dll
  565. [2011/12/15 12:57:36 | 000,313,856 | ---- | C] () -- C:\ProgramData\original.exe
  566. [2011/12/15 12:54:10 | 000,313,856 | ---- | C] () -- C:\ProgramData\Update 9-16-11.exe
  567. [2011/12/09 21:06:37 | 000,001,834 | ---- | C] () -- C:\Windows\Sandboxie.ini
  568. [2011/11/26 23:00:56 | 000,001,456 | ---- | C] () -- C:\Users\faisal\AppData\Local\Adobe Save for Web 12.0 Prefs
  569. [2011/11/25 20:24:08 | 000,000,017 | ---- | C] () -- C:\Users\faisal\AppData\Local\resmon.resmoncfg
  570. [2011/11/23 01:28:59 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
  571. [2011/10/25 13:32:37 | 000,033,134 | ---- | C] () -- C:\Users\faisal\AppData\Roaming\UserTile.png
  572. [2011/07/08 11:51:13 | 000,002,147 | ---- | C] () -- C:\Windows\STHDVD.INI
  573. [2011/07/08 11:50:14 | 000,001,532 | ---- | C] () -- C:\Windows\MENUTHEME.INI
  574. [2011/07/08 11:50:14 | 000,001,266 | ---- | C] () -- C:\Windows\DVDAMP.INI
  575. [2011/06/18 00:38:09 | 000,016,384 | ---- | C] () -- C:\Windows\SysWow64\FileOps.exe
  576. [2011/06/07 11:13:38 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
  577. [2011/06/07 11:13:38 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
  578. [2011/06/07 11:13:38 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
  579. [2011/06/07 11:13:38 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
  580. [2011/06/07 11:13:38 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
  581. [2011/05/26 01:30:17 | 000,038,413 | ---- | C] () -- C:\Users\faisal\AppData\Roaming\Comma Separated Values (Windows).ADR
  582. [2011/05/26 00:49:50 | 000,038,409 | ---- | C] () -- C:\Users\faisal\AppData\Roaming\Comma Separated Values (DOS).ADR
  583. [2011/05/20 00:20:49 | 000,780,838 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
  584. [2011/05/05 21:29:59 | 000,006,656 | ---- | C] () -- C:\Users\faisal\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
  585. [2011/04/15 21:48:11 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
  586. [2011/04/15 13:57:32 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
  587. [2011/04/15 13:57:31 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
  588. [2011/04/15 13:57:31 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
  589. [2011/04/15 13:57:31 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
  590. [2011/04/15 13:57:31 | 000,104,636 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
  591. [2010/06/25 23:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
  592. [2009/10/06 13:16:00 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
  593. [2009/07/14 11:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstet.dat
  594. [2009/07/14 08:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
  595. [2009/07/14 08:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
  596. [2009/07/14 06:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
  597. [2009/07/14 05:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
  598. [2009/07/14 03:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
  599. [2009/06/11 03:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
  600.  
  601. [color=#E56717]========== LOP Check ==========[/color]
  602.  
  603. [2011/12/15 13:04:22 | 000,000,000 | ---D | M] -- C:\Users\faisal\AppData\Roaming\.minecraft
  604. [2012/02/16 11:22:42 | 000,000,000 | ---D | M] -- C:\Users\faisal\AppData\Roaming\0E83F
  605. [2012/03/07 02:38:10 | 000,000,000 | ---D | M] -- C:\Users\faisal\AppData\Roaming\ApexDC++
  606. [2011/11/08 00:50:57 | 000,000,000 | ---D | M] -- C:\Users\faisal\AppData\Roaming\Autodesk
  607. [2012/02/14 17:48:43 | 000,000,000 | ---D | M] -- C:\Users\faisal\AppData\Roaming\Babylon
  608. [2011/10/02 16:36:24 | 000,000,000 | ---D | M] -- C:\Users\faisal\AppData\Roaming\Canon
  609. [2011/12/05 01:52:27 | 000,000,000 | ---D | M] -- C:\Users\faisal\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
  610. [2012/01/31 23:42:43 | 000,000,000 | ---D | M] -- C:\Users\faisal\AppData\Roaming\Cropper
  611. [2012/03/18 00:22:34 | 000,000,000 | ---D | M] -- C:\Users\faisal\AppData\Roaming\DMCache
  612. [2011/10/19 16:33:46 | 000,000,000 | ---D | M] -- C:\Users\faisal\AppData\Roaming\Downloaded Installations
  613. [2011/10/11 12:04:27 | 000,000,000 | ---D | M] -- C:\Users\faisal\AppData\Roaming\EVDO_ZTE
  614. [2011/04/25 11:16:27 | 000,000,000 | ---D | M] -- C:\Users\faisal\AppData\Roaming\Foxit
  615. [2011/12/06 20:45:19 | 000,000,000 | ---D | M] -- C:\Users\faisal\AppData\Roaming\Foxit Software
  616. [2011/12/22 16:22:44 | 000,000,000 | ---D | M] -- C:\Users\faisal\AppData\Roaming\GetRightToGo
  617. [2011/12/03 14:23:39 | 000,000,000 | ---D | M] -- C:\Users\faisal\AppData\Roaming\Gyazo
  618. [2012/03/17 21:12:46 | 000,000,000 | ---D | M] -- C:\Users\faisal\AppData\Roaming\IDM
  619. [2011/10/19 16:38:14 | 000,000,000 | ---D | M] -- C:\Users\faisal\AppData\Roaming\IndigoRose
  620. [2012/03/06 21:30:35 | 000,000,000 | ---D | M] -- C:\Users\faisal\AppData\Roaming\Luxand
  621. [2011/12/19 04:55:03 | 000,000,000 | ---D | M] -- C:\Users\faisal\AppData\Roaming\Metasploit
  622. [2011/07/19 17:06:11 | 000,000,000 | ---D | M] -- C:\Users\faisal\AppData\Roaming\Notepad++
  623. [2012/01/22 23:56:14 | 000,000,000 | ---D | M] -- C:\Users\faisal\AppData\Roaming\Pamela
  624. [2011/10/25 13:32:37 | 000,000,000 | ---D | M] -- C:\Users\faisal\AppData\Roaming\PeerNetworking
  625. [2012/02/05 13:53:04 | 000,000,000 | ---D | M] -- C:\Users\faisal\AppData\Roaming\Rainmeter
  626. [2011/07/05 13:20:29 | 000,000,000 | ---D | M] -- C:\Users\faisal\AppData\Roaming\Samsung
  627. [2011/11/26 20:58:08 | 000,000,000 | ---D | M] -- C:\Users\faisal\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
  628. [2012/03/13 22:58:04 | 000,000,000 | ---D | M] -- C:\Users\faisal\AppData\Roaming\TeamViewer
  629. [2011/11/19 14:13:26 | 000,000,000 | ---D | M] -- C:\Users\faisal\AppData\Roaming\Temp
  630. [2012/01/16 14:42:29 | 000,000,000 | ---D | M] -- C:\Users\faisal\AppData\Roaming\Thinstall
  631. [2012/01/31 00:00:54 | 000,000,000 | ---D | M] -- C:\Users\faisal\AppData\Roaming\Thunderbird
  632. [2011/09/16 13:51:46 | 000,000,000 | ---D | M] -- C:\Users\faisal\AppData\Roaming\TickTack
  633. [2011/12/19 23:04:41 | 000,000,000 | ---D | M] -- C:\Users\faisal\AppData\Roaming\TS3Client
  634. [2012/03/01 01:09:51 | 000,000,000 | ---D | M] -- C:\Users\faisal\AppData\Roaming\uTorrent
  635. [2011/08/01 19:13:12 | 000,000,000 | ---D | M] -- C:\Users\faisal\AppData\Roaming\Windows Live Writer
  636. [2011/12/24 22:11:02 | 000,000,000 | ---D | M] -- C:\Users\faisal\AppData\Roaming\Wireshark
  637. [2012/03/17 12:38:16 | 000,000,000 | ---D | M] -- C:\Users\faisal\AppData\Roaming\x3pp11x1fbetpquhl2zueiym1l1u3ds12
  638. [2012/03/17 20:51:41 | 000,000,436 | ---- | M] () -- C:\Windows\Tasks\At1.job
  639. [2012/03/18 00:03:22 | 000,000,326 | ---- | M] () -- C:\Windows\Tasks\GlaryInitialize.job
  640. [2012/03/16 20:19:01 | 000,000,880 | ---- | M] () -- C:\Windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-1657313265-4213748117-3170661344-1000Core.job
  641. [2012/03/18 00:19:01 | 000,000,932 | ---- | M] () -- C:\Windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-1657313265-4213748117-3170661344-1000UA.job
  642. [2012/02/26 21:02:10 | 000,032,560 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
  643.  
  644. [color=#E56717]========== Purity Check ==========[/color]
  645.  
  646.  
  647.  
  648. [color=#E56717]========== Custom Scans ==========[/color]
  649.  
  650.  
  651. [color=#A23BEC]< %SYSTEMDRIVE%\*.* >[/color]
  652. [2012/02/17 02:27:37 | 000,074,290 | ---- | M] () -- C:\404.jpg.php
  653. [2012/01/29 12:18:32 | 000,087,075 | ---- | M] () -- C:\Ani-Shell.php
  654. [2011/06/05 01:49:09 | 000,002,006 | ---- | M] () -- C:\aqua_bitmap.cpp
  655. [2009/07/14 07:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
  656. [2011/04/16 03:39:01 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
  657. [2012/02/01 12:01:21 | 000,000,000 | ---- | M] () -- C:\dfinstall.log
  658. [2012/03/18 00:03:13 | 1402,060,800 | -HS- | M] () -- C:\hiberfil.sys
  659. [2012/03/18 00:03:12 | 1869,414,400 | -HS- | M] () -- C:\pagefile.sys
  660. [2012/02/01 12:03:12 | 016,336,548 | ---- | M] () -- C:\Persi0.sys
  661. [2012/02/17 03:29:42 | 000,035,257 | ---- | M] () -- C:\PHPJackal.asp
  662. [2012/02/17 03:16:15 | 000,098,168 | ---- | M] () -- C:\PHPJackal.php
  663. [2010/12/05 07:53:32 | 009,418,240 | ---- | M] (SmtpInfo.com) -- C:\SmtpMail.exe
  664. [2012/02/14 17:50:20 | 000,000,240 | ---- | M] () -- C:\user.js
  665. [2011/04/15 13:44:41 | 000,171,136 | RHS- | M] () -- C:\w7ldr
  666. [4 C:\*.tmp files -> C:\*.tmp -> ]
  667.  
  668. [color=#A23BEC]< %systemroot%\*. /mp /s >[/color]
  669.  
  670. [color=#A23BEC]< %systemroot%\System32\config\*.sav >[/color]
  671.  
  672. [color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >[/color]
  673.  
  674. [color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >[/color]
  675.  
  676. [color=#E56717]========== Files - Unicode (All) ==========[/color]
  677. [2011/12/18 10:56:34 | 000,019,873 | ---- | M] ()(C:\Users\faisal\Documents\?????? ??????????.docx) -- C:\Users\faisal\Documents\চাকুরি চুক্তিপত্র.docx
  678. [2011/12/10 17:53:55 | 000,019,873 | ---- | C] ()(C:\Users\faisal\Documents\?????? ??????????.docx) -- C:\Users\faisal\Documents\চাকুরি চুক্তিপত্র.docx
  679.  
  680. [color=#E56717]========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========[/color]
  681. [C:\Windows\system64] -> \systemroot\system32 -> Mount Point
  682.  
  683. [color=#E56717]========== Alternate Data Streams ==========[/color]
  684.  
  685. @Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:2B11E0DF
  686.  
  687. < End of report >
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!