Infected with a virus after testing a software against viruses

[WinAndLinuxTutorials]

What I am worried about is this:

Any help would be appreciated. Thanks

 

[Valentin N]

You're saying a malware bypassed WMware?

try to see if HITMAN Pro gets something

I suggest you take a few rescue disks(kaskpesky, avg, avira, drweb and few others), burn them and run them.
Could you show your d+ logs (d+ events)

Regards,

 

[GabiCRX]

Is a little early to use Rescue CDs !

You can use Kaspersky Virus Removal Tool:

http://www.kaspersky.com/antivirus-removal-tool?form=1#

or Dr Web Cure It:

http://www.freedrweb.com/cureit/?lng=en

or Norton Power Eraser:

http://security.symantec.com/nbrt/npe.aspx?

 

[K__M]

Try Norton Power Eraser: http://security.symantec.com/nbrt/npe.aspx?lcid=1033

If all else fails try ComboFix, it is VERY powerful, so do all it asks, like turning off your real time protection/s. Not running any programs while it works etc... learn more here: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

ComboFix has got many things for me that others could not..

Direct: http://www.bleepingcomputer.com/download/anti-virus/combofix

 

[GabiCRX]

First run HijackThis:

http://free.antivirus.com/hijackthis/

And then put the log here

ComboFix it's a powerful tool and and recommend using it under the direct supervision of a more advanced person.

 

[Ramblin]

First run HijackThis:

http://free.antivirus.com/hijackthis/

And then put the log here

Thats a pretty good idea.

Bo

 

[win7holic]

i never get like this. i ever infect my VM with many viruses.
but, no problem with my real machine (host)
even my NAV disable all protection , not use any 3rd firewall (just windows firewall)

** it just "intrusion"
i always get like that ,when i use NIS. many intrusion but not get infected.

 

[Jack]

Current issues and symptoms: COMODO Firewall blocked 34+ intrusions and Defense+ blocked 139+ intrusions.

If you click on the number of Intrusions, it should open the Events List, can you show us what they are?
Everything that isnt allowed will be called "intrusion attempt" by COMODO but sometimes this type of 'Intrusions' can come even from legit applications.

Do you have the MBAM removal log?

 

[MrXidus]

WinAndLinuxTutorials, When you set up your Virtual Machine did you modify the network settings. It's recommended to have it set to NAT.

Did you so happen to Bridge your connection?

The members GabiCRX , K__M have given you good suggestions. For a second opinion you should also do a scan with Hitman Pro.

Cheers.

 

[WinAndLinuxTutorials]

@ MrXidus
It is already set to that setting.

@ win7holic
Before starting my first test, I used your settings.

HijackThis Scan Log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:56:30 PM, on 9/1/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files\eBoostr\eBoostrCP.exe
C:\Program Files (x86)\Orbitdownloader\orbitdm.exe
C:\Program Files (x86)\Orbitdownloader\orbitnet.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com.sa/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com/lionskin/{DD3226AC-F545-4ABD-9C0D-996A8DE681AF}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (file missing)
O2 - BHO: AdblockIE - {90EFF544-3981-4d46-85C9-C0361D0931D6} - mscoree.dll (file missing)
O2 - BHO: FlashGetBHO - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - (no file)
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll
O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: PrayerTimes PC Pro - Shortcut.lnk = C:\Program Files (x86)\GuidedWays\PrayerTimesPro\PrayerTimes PC Pro.exe
O4 - Startup: taskmgr.lnk = C:\Windows\System32\taskmgr.exe
O4 - Global Startup: eBoostr Control Panel.lnk = C:\Program Files\eBoostr\eBoostrCP.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\vmware\vmware workstation\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\vmware\vmware workstation\vsocklib.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{83AA4386-AC39-4DA6-9409-AA2FDE846B42}: NameServer = 156.154.70.22,156.154.71.22
O17 - HKLM\System\CCS\Services\Tcpip\..\{B3DE1204-86D3-4E4E-912B-D73E8B306A46}: NameServer = 156.154.70.22,156.154.71.22
O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs:  C:\Windows\SysWOW64\guard32.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: eBoostr Service (EBOOSTRSVC) - eBoostr.com - C:\Program Files\eBoostr\EBstrSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Hotspot Shield Service (hshld) - Unknown owner - C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Hotspot Shield Routing Service (HssSrv) - AnchorFree Inc. - C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE
O23 - Service: Hotspot Shield Monitoring Service (HssWd) - Unknown owner - C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Soluto PCGenome Core Service (SolutoService) - Soluto - C:\Program Files\Soluto\SolutoService.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
O23 - Service: Notebook Performance Tuning Service (TEMPRO) (TemproMonitoringService) - Toshiba Europe GmbH - C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9308 bytes

 

[WinAndLinuxTutorials]

Ran a scan using Hitman Pro. Found one Trojan and rootkit and some other suspicious files, 81 Tracking cookies. Some of these were infections from before I didn't know about. Now the PC is running smoothly. Thanks for the help from you all!

 

[Jack]

It's very hard to believe that you actually manage to get infected from running a VM Workstation software while running COMODO Firewall+MSE as a security solution......like you've said these were most likely previous infections.

Lets check if you system is really clean,absence of symptoms does not mean that everything is clear..Please follow this step.

Scan with OTL:

1. Please download OTL and save it to your Desktop.
   
2. Right-click on OTL.exe and select Run as Administrator to start OTL.
3. Double click on OTL.exe to run it.
4. Under Output, ensure that Minimal Output is selected.
5. Under Extra Registry section, select Use SafeList.
6. Click the Scan All Users checkbox.
7. Click on Run Scan at the top left hand corner.
8. When done, two Notepad files will open.
   • OTListIt.txt <-- Will be opened
   • Extra.txt <-- Will be minimized
9. Please post the contents of these 2 Notepad files in your next reply.

When completed the above, please post back :
Both OTL logs. <-- Post them individually please, IE: one Log per post/reply.

 

[win7holic]

@WinAndLinuxTutorials:
use my setting? then, after you test (i mean second test and etc)
what's your setting?

* i can't imagine, how you can get infected?
2 hours ago, i infect my VM with lot of malware.
with internet still connected on host. but, nothing wrong (get infected) with my host
after back to snapshot, my system VM and host clean.

 

[moonshine]

In my opinion, Those are just intrusions because your Host PC is being protected by CFW and it's also monitoring your Virtual Machine's connections as Comodo considers it as incoming connections to your Host PC too. What got me surprised is that MBAM found a trojan at the Windows folder, It could be a previous infection as VMWare can't drop files to your Host PC.

 

[win7holic]

yep boxx as i said about it before. it just intrusion.
very rarely if get infection from VMware guest.

 

[moonshine]

There is nothing to be afraid of if you know how to clean up your PC from infections. That's the first thing an advanced user should know.

 

[WinAndLinuxTutorials]

In my opinion, Those are just intrusions because your Host PC is being protected by CFW and it's also monitoring your Virtual Machine's connections as Comodo considers it as incoming connections to your Host PC too. What got me surprised is that MBAM found a trojan at the Windows folder, It could be a previous infection as VMWare can't drop files to your Host PC.

Maybe you are right but I haven't seen the file before.

 

[WinAndLinuxTutorials]

@Jack
Sorry for the late reply. Here are the results of the OTL Scan:
The Extras.txt file:

OTL Extras logfile created on: 9/25/2011 3:09:08 PM - Run 1
OTL by OldTimer - Version 3.2.29.1     Folder = D:\Downloads
64bit- An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.80 Gb Total Physical Memory | 1.77 Gb Available Physical Memory | 46.56% Memory free
7.61 Gb Paging File | 5.03 Gb Available in Paging File | 66.15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 58.50 Gb Total Space | 26.63 Gb Free Space | 45.53% Space Free | Partition Type: NTFS
Drive D: | 205.32 Gb Total Space | 68.86 Gb Free Space | 33.54% Space Free | Partition Type: NTFS
Drive F: | 967.97 Mb Total Space | 5.96 Mb Free Space | 0.62% Space Free | Partition Type: FAT32
 
Computer Name: WINANDLINUXTUTO | User Name: WinAndLinuxTutorials | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== File Associations ==========[/color]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
 
[HKEY_USERS\S-1-5-21-616977080-1685762771-72725601-1005\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[color=#E56717]========== Shell Spawning ==========[/color]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [takeownership] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [takeownership] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[color=#E56717]========== Security Center Settings ==========[/color]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
[color=#E56717]========== Firewall Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[color=#E56717]========== Authorized Applications List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Orbitdownloader\orbitdm.exe" = C:\Program Files (x86)\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files (x86)\Orbitdownloader\orbitnet.exe" = C:\Program Files (x86)\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3
"C:\Program Files (x86)\Orbitdownloader\orbitdm.exe" = C:\Program Files (x86)\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files (x86)\Orbitdownloader\orbitnet.exe" = C:\Program Files (x86)\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3
 
 
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp version 0.99.8
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86416026FF}" = Java(TM) 6 Update 26 (64-bit)
"{26A24AE4-039D-4CA4-87B4-2F86417000FF}" = Java(TM) 7 (64-bit)
"{42738DB0-FC3E-4672-A99B-9372F5696E30}" = Microsoft Security Client
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{528E2373-AE49-4802-B4A8-326BBFDAD6A0}" = VmciSockets
"{5F4EB37F-1CA8-4A95-AD62-ED3D61A8E67E}" = Soluto
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7688DE34-87F5-45D5-AADA-E5501C1E0814}" = Oracle VM VirtualBox 4.1.0
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-1000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-1000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010
"{90140000-0044-0409-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-1000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-1000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{94D70749-4281-39AC-AD90-B56A0E0A402E}" = Microsoft Visual C++ 2010  x64 Runtime - 10.0.30319
"{9CF4A37B-A8C4-44D7-8C53-13B9D9594BB3}" = Paint.NET v3.5.8
"{A7EEF79E-06B2-4382-9D2E-39DBA0F72D50}" = Eraser 6.0.8.2273
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{AD483998-2E9A-4405-83FF-6E503AF49CBB}" = Microsoft Virtual PC 2007 SP1
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{BCA26999-EC22-3007-BB79-638913079C9A}" = Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D237D67F-E77C-4D9E-AA66-8B7A821C215F}" = MFC RunTime files x64
"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0
"{FD8E178D-8B4E-42DA-B434-EFF270329B1C}" = COMODO Internet Security
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant HD Audio
"eBoostr 1" = eBoostr 4
"HitmanPro35" = Hitman Pro 3.5
"HWiNFO64_is1" = HWiNFO64 Version 3.84
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Security Client" = Microsoft Security Essentials
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Recuva" = Recuva
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Windows Movie Maker" = Windows Movie Maker
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{003BFBBD-6C67-419E-A24D-0DCAFC3A5249}" = tools-freebsd
"{073B89C3-BA88-41B5-965F-B35A88EAE838}" = TOSHIBA Supervisor Password
"{0D94F75A-0EA6-4951-B3AF-B145FA9E05C6}" = VMware Workstation
"{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
"{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{197597A7-AD33-4898-9D8E-73066818B464}" = tools-netware
"{1D10C273-3F95-42A2-8371-AB6B1F59821B}" = WOT for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2A2F3AE8-246A-4252-BB26-1BEB45627074}" = Microsoft SQL Server System CLR Types
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3A9B3B6D-3C08-4283-AF50-FD82C49DD71E}" = TOSHIBA TEMPRO
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{46F8CF66-AB83-38A7-99B2-A5BE507EE472}" = Microsoft Visual C++ 2010 Express - ENU
"{4E968D9C-21A7-4915-B698-F7AEB913541D}" = Microsoft SQL Server 2008 R2 Management Objects
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{5508128A-2C7B-46B5-81F9-58E8E8115F0B}" = AdblockIE
"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
"{70C592EC-AE9B-4734-928B-676E824FB41E}" = MFC RunTime files
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7DEF17DA-2FBD-457F-8550-68A116B7ACD9}" = WOT for Internet Explorer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90CD53EC-488B-4B1A-8C6B-3C36E82A84CA}" = EMET
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AB1C87CB-1807-4CF0-B4C2-CEE14C18CDB4}" = tools-solaris
"{AE0F62A7-A1A2-407F-9F4C-48939BD9AD8D}" = tools-winPre2k
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{C0E8FE43-C35B-451D-B35F-D4BD056D70E7}" = Camtasia Studio 7
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C6A6036D-FBD0-4324-BEAA-C0845257160C}_is1" = BatteryCare 0.9.8.10
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{ED784556-66AA-3F17-9B58-7246ACB5C7E4}" = Microsoft Visual Basic 2010 Express - ENU
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Any Video Converter_is1" = Any Video Converter 3.2.2
"BleachBit" = BleachBit
"ESET Online Scanner" = ESET Online Scanner v3
"FileHippo.com" = FileHippo.com Update Checker
"Free Disk Analyzer" = Free Disk Analyzer
"gbrainy" = gbrainy 1.65
"HotspotShield" = Hotspot Shield 2.06
"ImgBurn" = ImgBurn
"Install Creator" = Install Creator
"Install Creator Pro" = Install Creator Pro
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft Visual Basic 2010 Express - ENU" = Microsoft Visual Basic 2010 Express - ENU
"Microsoft Visual C++ 2010 Express - ENU" = Microsoft Visual C++ 2010 Express - ENU
"Mozilla Firefox 6.0.2 (x86 en-US)" = Mozilla Firefox 6.0.2 (x86 en-US)
"Opera 11.51.1087" = Opera 11.51
"Orbit_is1" = Orbit Downloader
"Prayer Times PC Pro" = Prayer Times PC Pro
"Quranflash Tajweed" = Quranflash Tajweed
"Registry Mechanic_is1" = Registry Mechanic 10.0
"Skin Pack Installer System X64" = Skin Pack Installer System X64 1.0
"TeamViewer 6" = TeamViewer 6
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.10
"VMware_Workstation" = VMware Workstation
"WinASO Registry Optimizer_is1" = WinASO Registry Optimizer 4.7.1
 
[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]
 
[HKEY_USERS\S-1-5-21-616977080-1685762771-72725601-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Pinball" = Pinball
 
[color=#E56717]========== Last 10 Event Log Errors ==========[/color]
 
[ Application Events ]
Error - 9/25/2011 7:13:00 AM | Computer Name = WinAndLinuxTutorials-PC | Source = ESENT | ID = 455
Description = Windows (4040) Windows: Error -1811 occurred while opening logfile
 C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS0004D.log.
 
Error - 9/25/2011 7:13:01 AM | Computer Name = WinAndLinuxTutorials-PC | Source = Windows Search Service | ID = 9000
Description = 
 
Error - 9/25/2011 7:13:01 AM | Computer Name = WinAndLinuxTutorials-PC | Source = Windows Search Service | ID = 7040
Description = 
 
Error - 9/25/2011 7:13:01 AM | Computer Name = WinAndLinuxTutorials-PC | Source = Windows Search Service | ID = 7042
Description = 
 
Error - 9/25/2011 7:13:02 AM | Computer Name = WinAndLinuxTutorials-PC | Source = Windows Search Service | ID = 9002
Description = 
 
Error - 9/25/2011 7:13:02 AM | Computer Name = WinAndLinuxTutorials-PC | Source = Windows Search Service | ID = 3029
Description = 
 
Error - 9/25/2011 7:13:03 AM | Computer Name = WinAndLinuxTutorials-PC | Source = Windows Search Service | ID = 3029
Description = 
 
Error - 9/25/2011 7:13:03 AM | Computer Name = WinAndLinuxTutorials-PC | Source = Windows Search Service | ID = 3028
Description = 
 
Error - 9/25/2011 7:13:03 AM | Computer Name = WinAndLinuxTutorials-PC | Source = Windows Search Service | ID = 3058
Description = 
 
Error - 9/25/2011 7:13:03 AM | Computer Name = WinAndLinuxTutorials-PC | Source = Windows Search Service | ID = 7010
Description = 
 
[ System Events ]
Error - 8/21/2011 4:59:57 PM | Computer Name = Najeed-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR2.
 
Error - 8/21/2011 4:59:57 PM | Computer Name = Najeed-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR2.
 
Error - 8/21/2011 4:59:57 PM | Computer Name = Najeed-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR2.
 
Error - 8/21/2011 4:59:57 PM | Computer Name = Najeed-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR2.
 
Error - 8/21/2011 4:59:57 PM | Computer Name = Najeed-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR2.
 
Error - 8/22/2011 6:05:30 AM | Computer Name = Najeed-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   SASKUTIL
 
Error - 8/22/2011 6:05:41 AM | Computer Name = Najeed-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.

	Feature:
 %%835     Error Code: 0x80004005     Error description: Unspecified error      Reason: %%842
 
Error - 8/22/2011 9:20:25 AM | Computer Name = Najeed-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR2.
 
Error - 8/22/2011 9:20:26 AM | Computer Name = Najeed-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR2.
 
Error - 8/22/2011 9:20:27 AM | Computer Name = Najeed-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR2.
 
 
< End of report >

The OTL.txt file:

OTL logfile created on: 9/25/2011 3:09:08 PM - Run 1
OTL by OldTimer - Version 3.2.29.1     Folder = D:\Downloads
64bit- An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.80 Gb Total Physical Memory | 1.77 Gb Available Physical Memory | 46.56% Memory free
7.61 Gb Paging File | 5.03 Gb Available in Paging File | 66.15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 58.50 Gb Total Space | 26.63 Gb Free Space | 45.53% Space Free | Partition Type: NTFS
Drive D: | 205.32 Gb Total Space | 68.86 Gb Free Space | 33.54% Space Free | Partition Type: NTFS
Drive F: | 967.97 Mb Total Space | 5.96 Mb Free Space | 0.62% Space Free | Partition Type: FAT32
 
Computer Name: WINANDLINUXTUTO | User Name: WinAndLinuxTutorials | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - D:\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.)
PRC - C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\GuidedWays\PrayerTimesPro\PrayerTimes PC Pro.exe (Macrovision)
PRC - C:\Program Files (x86)\GuidedWays\PrayerTimesPro\jre\bin\javaw.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files (x86)\Hotspot Shield\bin\openvpntray.exe ()
PRC - C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe ()
PRC - C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe ()
PRC - C:\Program Files (x86)\Auslogics\Auslogics Disk Defrag\DiskDefrag.exe (Auslogics)
PRC - C:\Program Files\eBoostr\eBoostrCP.exe (eBoostr.com)
PRC - C:\Program Files\eBoostr\EBstrSvc.exe (eBoostr.com)
PRC - C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe (PC Tools)
 
 
[color=#E56717]========== Modules (No Company Name) ==========[/color]
 
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\Hotspot Shield\bin\openvpntray.exe ()
MOD - C:\Program Files (x86)\Hotspot Shield\bin\lang\gui-eng.dll ()
MOD - C:\Program Files (x86)\Auslogics\Auslogics Disk Defrag\madExcept_.bpl ()
MOD - C:\Program Files (x86)\Auslogics\Auslogics Disk Defrag\madBasic_.bpl ()
MOD - C:\Program Files (x86)\Auslogics\Auslogics Disk Defrag\madDisAsm_.bpl ()
MOD - C:\Program Files (x86)\Auslogics\Auslogics Disk Defrag\ausshellext.dll ()
MOD - C:\Program Files\eBoostr\sqlite.dll ()
MOD - C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll ()
MOD - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV:[b]64bit:[/b] - (SolutoService) -- C:\Program Files\Soluto\SolutoService.exe (Soluto)
SRV:[b]64bit:[/b] - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SRV:[b]64bit:[/b] - (cmdAgent) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
SRV:[b]64bit:[/b] - (EBOOSTRSVC) -- C:\Program Files\eBoostr\EBstrSvc.exe (eBoostr.com)
SRV:[b]64bit:[/b] - (NisSrv) -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
SRV:[b]64bit:[/b] - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV:[b]64bit:[/b] - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (VMnetDHCP) -- C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)
SRV - (VMware NAT Service) -- C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)
SRV - (VMwareHostd) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe ()
SRV - (VMAuthdService) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc.)
SRV - (VMUSBArbService) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe (VMware, Inc.)
SRV - (HitmanPro35CrusaderBoot) Hitman Pro 3.5 Crusader (Boot) -- D:\Downloads\Hitman Pro 3.5.9 Build -129- 32 and 64-bit (TimC0de)\Setup\x64\HitmanPro35.exe (SurfRight B.V.)
SRV - (HssTrayService) -- C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.exe ()
SRV - (hshld) -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe ()
SRV - (TeamViewer6) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (HssWd) -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe ()
SRV - (HssSrv) -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.)
SRV - (PCToolsSSDMonitorSvc) -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe (PC Tools)
SRV - (TemproMonitoringService) Notebook Performance Tuning Service (TEMPRO) -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe (Toshiba Europe GmbH)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV:[b]64bit:[/b] - (Soluto) -- C:\Windows\SysNative\drivers\Soluto.sys (Soluto LTD.)
DRV:[b]64bit:[/b] - (vmm) -- C:\Windows\SysNative\drivers\VMM.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (vmx86) -- C:\Windows\SysNative\drivers\vmx86.sys (VMware, Inc.)
DRV:[b]64bit:[/b] - (VMnetuserif) -- C:\Windows\SysNative\drivers\vmnetuserif.sys (VMware, Inc.)
DRV:[b]64bit:[/b] - (VMnetBridge) -- C:\Windows\SysNative\drivers\vmnetbridge.sys (VMware, Inc.)
DRV:[b]64bit:[/b] - (VMnetAdapter) -- C:\Windows\SysNative\drivers\vmnetadapter.sys (VMware, Inc.)
DRV:[b]64bit:[/b] - (hcmon) -- C:\Windows\SysNative\drivers\hcmon.sys (VMware, Inc.)
DRV:[b]64bit:[/b] - (vmusb) -- C:\Windows\SysNative\drivers\vmusb.sys (VMware, Inc.)
DRV:[b]64bit:[/b] - (vmci) -- C:\Windows\SysNative\drivers\vmci.sys (VMware, Inc.)
DRV:[b]64bit:[/b] - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:[b]64bit:[/b] - (VBoxNetAdp) -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys (Oracle Corporation)
DRV:[b]64bit:[/b] - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:[b]64bit:[/b] - (taphss) -- C:\Windows\SysNative\drivers\taphss.sys (AnchorFree Inc)
DRV:[b]64bit:[/b] - (HWiNFO32) -- C:\Program Files\HWiNFO64\HWiNFO64A.SYS (REALiX(tm))
DRV:[b]64bit:[/b] - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:[b]64bit:[/b] - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:[b]64bit:[/b] - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:[b]64bit:[/b] - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:[b]64bit:[/b] - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:[b]64bit:[/b] - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:[b]64bit:[/b] - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.)
DRV:[b]64bit:[/b] - (VMLiteUSB) -- C:\Windows\SysNative\drivers\VMLiteUSB.sys (VMLite, Inc.)
DRV:[b]64bit:[/b] - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:[b]64bit:[/b] - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:[b]64bit:[/b] - (eBoost) -- C:\Windows\SysNative\drivers\eBoost.sys (eBoostr.com)
DRV:[b]64bit:[/b] - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:[b]64bit:[/b] - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:[b]64bit:[/b] - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:[b]64bit:[/b] - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:[b]64bit:[/b] - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:[b]64bit:[/b] - (FwLnk) -- C:\Windows\SysNative\drivers\FwLnk.sys (TOSHIBA Corporation)
DRV:[b]64bit:[/b] - (PGEffect) -- C:\Windows\SysNative\drivers\PGEffect.sys (TOSHIBA Corporation)
DRV:[b]64bit:[/b] - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:[b]64bit:[/b] - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:[b]64bit:[/b] - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:[b]64bit:[/b] - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:[b]64bit:[/b] - (VPCNetS2) -- C:\Windows\SysNative\drivers\VMNetSrv.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (TVALZ) -- C:\Windows\SysNative\drivers\TVALZ_O.SYS (TOSHIBA Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (WinRing0_1_2_0) -- C:\Program Files (x86)\BatteryCare\WinRing0x64.sys (OpenLibSys.org)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com/lionskin/{DD3226AC-F545-4ABD-9C0D-996A8DE681AF}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-616977080-1685762771-72725601-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-616977080-1685762771-72725601-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
IE - HKU\S-1-5-21-616977080-1685762771-72725601-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ksa.msn.com/?C=SA
IE - HKU\S-1-5-21-616977080-1685762771-72725601-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-616977080-1685762771-72725601-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.search.selectedEngine: "WOT Safe Search"
FF - prefs.js..browser.search.useDBForOrder: true
 
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/09/08 23:49:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2011/08/25 00:00:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\WinAndLinuxTutorials\AppData\Roaming\Mozilla\Extensions
[2011/09/20 16:00:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\WinAndLinuxTutorials\AppData\Roaming\Mozilla\Firefox\Profiles\dre6bz35.default\extensions
[2011/08/25 00:16:49 | 000,000,000 | ---D | M] (WOT) -- C:\Users\WinAndLinuxTutorials\AppData\Roaming\Mozilla\Firefox\Profiles\dre6bz35.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011/08/25 00:16:49 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\WinAndLinuxTutorials\AppData\Roaming\Mozilla\Firefox\Profiles\dre6bz35.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/09/09 00:19:34 | 000,002,306 | ---- | M] () -- C:\Users\WinAndLinuxTutorials\AppData\Roaming\Mozilla\Firefox\Profiles\dre6bz35.default\searchplugins\wot-safe-search.xml
[2011/09/22 11:01:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/09/22 11:01:25 | 000,000,000 | ---D | M] (afurladvisor) -- C:\Program Files (x86)\Mozilla Firefox\extensions\afurladvisor@anchorfree.com
() (No name found) -- C:\USERS\WINANDLINUXTUTORIALS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DRE6BZ35.DEFAULT\EXTENSIONS\{C0C9A2C7-2E5C-4447-BC53-97718BC91E1B}.XPI
() (No name found) -- C:\USERS\WINANDLINUXTUTORIALS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DRE6BZ35.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\WINANDLINUXTUTORIALS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DRE6BZ35.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
() (No name found) -- C:\USERS\WINANDLINUXTUTORIALS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DRE6BZ35.DEFAULT\EXTENSIONS\TRACKERBLOCK@PRIVACYCHOICE.ORG.XPI
[2011/09/03 09:01:45 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/09/03 02:25:59 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
 
O1 HOSTS File: ([2009/06/11 00:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:[b]64bit:[/b] - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - No CLSID value found.
O2:[b]64bit:[/b] - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2:[b]64bit:[/b] - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll (AnchorFree Inc.)
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - Reg Error: Value error. File not found
O2 - BHO: (af0.Adblock.BHO) - {90EFF544-3981-4d46-85C9-C0361D0931D6} - Reg Error: Value error. File not found
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll ()
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll ()
O3 - HKU\S-1-5-21-616977080-1685762771-72725601-1005\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll ()
O3 - HKU\S-1-5-21-616977080-1685762771-72725601-1005\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll ()
O4:[b]64bit:[/b] - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4:[b]64bit:[/b] - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-616977080-1685762771-72725601-1005..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\WinAndLinuxTutorials\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PrayerTimes PC Pro - Shortcut.lnk = C:\Program Files (x86)\GuidedWays\PrayerTimesPro\PrayerTimes PC Pro.exe (Macrovision)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-616977080-1685762771-72725601-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-616977080-1685762771-72725601-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-616977080-1685762771-72725601-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-21-616977080-1685762771-72725601-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-21-616977080-1685762771-72725601-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-21-616977080-1685762771-72725601-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O7 - HKU\S-1-5-21-616977080-1685762771-72725601-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-616977080-1685762771-72725601-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O13[b]64bit:[/b] - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.0.0)
O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{83AA4386-AC39-4DA6-9409-AA2FDE846B42}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B8E234C3-0155-4000-8DF6-6EAFE8E4A90F}: NameServer = 10.41.0.1
O18:[b]64bit:[/b] - Protocol\Handler\wot - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll ()
O20:[b]64bit:[/b] - AppInit_DLLs: (C:\Windows\system32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) -C:\Windows\SysWOW64\guard32.dll (COMODO)
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Program Files\Soluto\soluto.exe /userinit) - C:\Program Files\Soluto\soluto.exe (Soluto)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:[b]64bit:[/b] - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22:[b]64bit:[/b] - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (bootdelete)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2011/09/25 14:50:00 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2011/09/25 14:47:42 | 002,388,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer1.exe
[2011/09/25 14:36:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hitman Pro 3.5
[2011/09/25 14:36:52 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2011/09/25 14:36:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2011/09/24 22:15:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011/09/24 22:01:35 | 000,000,000 | ---D | C] -- C:\Users\WinAndLinuxTutorials\AppData\Roaming\SUPERAntiSpyware.com
[2011/09/24 22:01:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/09/24 22:01:22 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/09/24 21:57:51 | 000,000,000 | ---D | C] -- C:\Users\WinAndLinuxTutorials\AppData\Roaming\KillSwitch 2
[2011/09/22 00:39:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2011/09/22 00:39:28 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/09/22 00:32:53 | 000,000,000 | ---D | C] -- C:\Users\WinAndLinuxTutorials\AppData\Roaming\Spycar
[2011/09/20 19:00:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotspot Shield
[2011/09/20 19:00:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hotspot Shield
[2011/09/20 18:22:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE
[2011/09/18 17:43:49 | 000,054,728 | ---- | C] (Soluto LTD.) -- C:\Windows\SysNative\drivers\Soluto.sys
[2011/09/18 17:43:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Soluto
[2011/09/18 17:43:48 | 000,000,000 | ---D | C] -- C:\Program Files\Soluto
[2011/09/18 16:41:12 | 000,062,064 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmx86.sys
[2011/09/18 16:40:46 | 000,354,416 | ---- | C] (VMware, Inc.) -- C:\Windows\SysWow64\vmnetdhcp.exe
[2011/09/18 16:40:41 | 000,432,752 | ---- | C] (VMware, Inc.) -- C:\Windows\SysWow64\vmnat.exe
[2011/09/18 16:40:41 | 000,030,320 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmnetuserif.sys
[2011/09/18 16:40:38 | 000,942,192 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\vnetlib64.dll
[2011/09/18 16:40:37 | 000,039,024 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\hcmon.sys
[2011/09/18 16:40:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware
[2011/09/18 16:40:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VMware
[2011/09/18 16:40:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\VMware
[2011/09/18 16:39:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\VMware
[2011/09/17 20:59:39 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Shared Virtual Machines
[2011/09/17 15:57:05 | 000,443,040 | ---- | C] (Atheros) -- C:\Windows\SysNative\athihvs.dll
[2011/09/13 06:31:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBoostr
[2011/09/13 06:31:33 | 000,000,000 | ---D | C] -- C:\ProgramData\eboostr
[2011/09/13 06:31:33 | 000,000,000 | ---D | C] -- C:\Program Files\eBoostr
[2011/09/12 05:30:09 | 000,000,000 | ---D | C] -- C:\Windows\Standalone System Sweeper
[2011/09/11 18:37:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO
[2011/09/11 18:37:34 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2011/09/11 18:35:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo
[2011/09/11 18:35:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo Downloader
[2011/09/10 20:12:22 | 000,000,000 | ---D | C] -- C:\Users\WinAndLinuxTutorials\AppData\Roaming\uTorrent
[2011/09/10 20:12:22 | 000,000,000 | ---D | C] -- C:\Users\WinAndLinuxTutorials\AppData\Local\uTorrent
[2011/09/10 16:13:02 | 000,336,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\uDWM.dll
[2011/09/10 16:12:05 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dwm.exe
[2011/09/09 21:19:29 | 000,000,000 | ---D | C] -- C:\Users\WinAndLinuxTutorials\AppData\Roaming\Soluto
[2011/09/09 21:15:46 | 000,000,000 | ---D | C] -- C:\Users\WinAndLinuxTutorials\AppData\Local\Sidebar7
[2011/09/09 21:05:04 | 000,000,000 | ---D | C] -- C:\Users\WinAndLinuxTutorials\AppData\Local\Stealth_Software
[2011/09/09 19:25:05 | 000,000,000 | ---D | C] -- C:\Users\WinAndLinuxTutorials\AppData\Local\Temporary Projects
[2011/09/09 18:27:40 | 000,000,000 | ---D | C] -- C:\Users\WinAndLinuxTutorials\Documents\OneNote Notebooks
[2011/09/09 13:24:37 | 000,000,000 | R--D | C] -- C:\Users\WinAndLinuxTutorials\Documents\Scanned Documents
[2011/09/09 13:24:36 | 000,000,000 | ---D | C] -- C:\Users\WinAndLinuxTutorials\Documents\Fax
[2011/09/09 00:24:23 | 000,000,000 | ---D | C] -- C:\Users\WinAndLinuxTutorials\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BleachBit
[2011/09/08 16:58:35 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\QuickTime
[2011/09/08 16:58:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Camtasia Studio 7
[2011/09/08 16:58:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2011/09/08 16:58:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\TechSmith Shared
[2011/09/08 16:58:23 | 000,000,000 | ---D | C] -- C:\ProgramData\TechSmith
[2011/09/08 16:58:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TechSmith
[2011/09/08 16:53:18 | 000,000,000 | ---D | C] -- C:\Users\WinAndLinuxTutorials\AppData\Roaming\BleachBit
[2011/09/08 02:04:30 | 000,000,000 | R--D | C] -- C:\Users\WinAndLinuxTutorials\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recycle Bin
[2011/09/07 21:32:40 | 000,000,000 | ---D | C] -- C:\Users\WinAndLinuxTutorials\AppData\Roaming\BatteryCare
[2011/09/07 17:24:29 | 000,000,000 | ---D | C] -- C:\Users\WinAndLinuxTutorials\AppData\Local\ElevatedDiagnostics
[2011/09/07 13:55:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Hewlett-Packard
[2011/09/06 22:13:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011/09/06 22:13:17 | 000,000,000 | ---D | C] -- C:\Users\WinAndLinuxTutorials\AppData\Local\Google
[2011/09/06 22:13:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2011/09/06 22:07:43 | 000,000,000 | ---D | C] -- C:\PROGRAM FILES (X86) (X86)
[2011/09/06 18:52:31 | 000,275,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DreamScene.dll
[2011/09/06 18:19:49 | 000,000,000 | ---D | C] -- C:\Users\WinAndLinuxTutorials\AppData\Local\Eraser 6
[2011/09/06 15:40:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quranflash Tajweed
[2011/09/06 15:40:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Quranflash Tajweed
[2011/09/06 14:50:11 | 001,866,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ExplorerFrame_backup_wti.dll
[2011/09/06 14:44:16 | 000,000,000 | ---D | C] -- C:\Users\WinAndLinuxTutorials\Quran
[2011/09/05 22:51:28 | 000,000,000 | ---D | C] -- C:\Users\WinAndLinuxTutorials\AppData\Roaming\Registry Mechanic
[2011/09/05 15:09:53 | 000,000,000 | ---D | C] -- C:\Users\WinAndLinuxTutorials\AppData\Local\Diagnostics
[2011/09/03 18:04:11 | 000,000,000 | -H-D | C] -- C:\$AVG
[2011/09/03 15:12:16 | 000,000,000 | ---D | C] -- C:\Users\WinAndLinuxTutorials\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Enhanced Mitigation Experience Toolkit
[2011/09/03 15:12:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EMET
[2011/09/03 14:23:29 | 000,000,000 | ---D | C] -- C:\Users\WinAndLinuxTutorials\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinASO
[2011/09/02 23:55:57 | 000,000,000 | ---D | C] -- C:\Users\WinAndLinuxTutorials\AppData\Roaming\Auslogics
[2011/09/02 23:43:44 | 000,000,000 | ---D | C] -- C:\Users\WinAndLinuxTutorials\AppData\Roaming\AVG2012
[2011/09/02 23:43:08 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2011/09/02 23:42:42 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2011/09/02 23:42:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2011/09/02 23:38:31 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011/09/02 22:38:37 | 000,000,000 | ---D | C] -- C:\Users\WinAndLinuxTutorials\AppData\Roaming\TeamViewer
[2011/09/02 22:10:17 | 000,000,000 | ---D | C] -- C:\Users\WinAndLinuxTutorials\AppData\Roaming\Malwarebytes
[2011/09/02 22:00:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/09/02 22:00:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/09/02 22:00:47 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/09/02 22:00:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/09/02 15:07:52 | 000,000,000 | ---D | C] -- C:\Users\WinAndLinuxTutorials\AppData\Roaming\Sony Creative Software Inc
[2011/09/02 13:27:49 | 000,000,000 | ---D | C] -- C:\Program Files\Sandboxie
[2011/09/01 14:06:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\af0.net
[2011/09/01 13:54:30 | 000,000,000 | ---D | C] -- C:\Users\WinAndLinuxTutorials\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/09/01 11:48:16 | 000,000,000 | ---D | C] -- C:\Users\WinAndLinuxTutorials\AppData\Roaming\Publish Providers
[2011/09/01 11:47:48 | 000,000,000 | ---D | C] -- C:\Users\WinAndLinuxTutorials\AppData\Roaming\Sony
[2011/09/01 11:47:48 | 000,000,000 | ---D | C] -- C:\Users\WinAndLinuxTutorials\AppData\Local\Sony
[2011/09/01 11:47:36 | 000,000,000 | ---D | C] -- C:\Users\WinAndLinuxTutorials\Documents\alex20productions Intro Tempalte #1
[2011/08/31 02:54:36 | 000,294,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\VMM.sys
[2011/08/31 02:44:15 | 000,000,000 | ---D | C] -- C:\Users\WinAndLinuxTutorials\AppData\Local\Microsoft Games
[2011/08/30 22:18:08 | 000,000,000 | ---D | C] -- C:\Users\WinAndLinuxTutorials\AppData\Local\Apps
[2011/08/30 18:36:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Install Creator Pro
[2011/08/30 18:36:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Install Creator Pro
[2011/08/30 18:03:35 | 000,000,000 | ---D | C] -- C:\Users\WinAndLinuxTutorials\AppData\Roaming\GrabPro
[2011/08/30 17:31:05 | 000,000,000 | ---D | C] -- C:\Users\WinAndLinuxTutorials\Documents\inkball
[2011/08/30 14:31:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Virtual PC
[2011/08/29 15:57:32 | 000,000,000 | ---D | C] -- C:\Users\WinAndLinuxTutorials\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pinball
[2011/08/29 15:57:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pinball
[2011/08/29 03:19:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2011/08/29 03:19:46 | 000,000,000 | ---D | C] -- C:\Users\WinAndLinuxTutorials\AppData\Local\Adobe
[2011/08/29 03:19:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2011/08/29 03:19:45 | 000,000,000 | ---D | C] -- C:\Users\WinAndLinuxTutorials\AppData\Roaming\Adobe
[2011/08/28 17:47:19 | 000,000,000 | ---D | C] -- C:\Users\WinAndLinuxTutorials\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2011/08/28 16:40:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Merge Modules
[2011/08/28 16:14:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server
[2011/08/28 16:14:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Synchronization Services
[2011/08/28 16:14:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2011/08/28 16:13:51 | 000,000,000 | ---D | C] -- C:\Users\WinAndLinuxTutorials\Documents\Visual Studio 2010
[2011/08/28 16:13:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2010 Express
[2011/08/28 16:12:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 10.0
[2011/08/28 16:11:37 | 000,000,000 | ---D | C] -- C:\Windows\symbols
[2011/08/28 16:11:37 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 10.0
[2011/08/28 16:11:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SDKs
[2011/08/28 16:11:37 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Help Viewer
[2011/08/28 01:54:54 | 000,000,000 | ---D | C] -- C:\Users\WinAndLinuxTutorials\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Quranflash Tajweed
[2011/08/27 23:52:39 | 000,000,000 | ---D | C] -- C:\Users\WinAndLinuxTutorials\AppData\Local\Paint.NET
[2011/08/27 23:50:27 | 000,000,000 | ---D | C] -- C:\Users\WinAndLinuxTutorials\Documents\Any Video Converter
[2011/08/27 23:48:39 | 000,000,000 | ---D | C] -- C:\Users\WinAndLinuxTutorials\AppData\Roaming\AnvSoft
[2011/08/27 21:24:26 | 000,000,000 | ---D | C] -- C:\Hotspot Shield
[2011/08/27 21:22:41 | 000,000,000 | ---D | C] -- C:\Users\WinAndLinuxTutorials\AppData\Roaming\Opera
[2011/08/27 21:22:41 | 000,000,000 | ---D | C] -- C:\Users\WinAndLinuxTutorials\AppData\Local\Opera
[2011/08/26 16:07:27 | 000,000,000 | ---D | C] -- C:\Users\WinAndLinuxTutorials\AppData\Roaming\BITS
[2011/08/26 16:07:26 | 000,000,000 | ---D | C] -- C:\Users\WinAndLinuxTutorials\AppData\Roaming\FlashGet
[2011/08/26 16:06:30 | 000,000,000 | ---D | C] -- C:\Users\WinAndLinuxTutorials\AppData\Roaming\ProgSense
[2011/08/26 16:06:29 | 000,000,000 | ---D | C] -- C:\Users\WinAndLinuxTutorials\AppData\Roaming\Orbit
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2011/09/25 14:50:00 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2011/09/25 14:50:00 | 000,002,646 | ---- | M] () -- C:\Windows\SysNative\.crusader
[2011/09/25 14:50:00 | 000,002,034 | ---- | M] () -- C:\Windows\SysNative\bootdelete.lst
[2011/09/25 14:47:42 | 002,388,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer1.exe
[2011/09/25 14:36:53 | 000,025,160 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2011/09/25 14:22:41 | 000,014,592 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/09/25 14:22:41 | 000,014,592 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/09/25 14:19:11 | 000,786,998 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/09/25 14:19:11 | 000,667,082 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/09/25 14:19:11 | 000,124,444 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/09/25 14:17:47 | 000,002,404 | ---- | M] () -- C:\Windows\SysNative\.rsp
[2011/09/25 14:17:47 | 000,001,479 | ---- | M] () -- C:\Windows\SysNative\.lck
[2011/09/25 14:14:24 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/09/25 14:12:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/09/25 14:11:55 | 3063,033,856 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/24 22:36:49 | 000,106,699 | ---- | M] () -- C:\Users\WinAndLinuxTutorials\Desktop\Capture.PNG
[2011/09/24 22:01:26 | 000,001,821 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/09/24 21:27:29 | 029,151,167 | ---- | M] () -- C:\Users\WinAndLinuxTutorials\Desktop\[PC Restoration Test] Rollback Rx 9.1 Test.wmv
[2011/09/24 19:59:54 | 000,003,584 | ---- | M] () -- C:\Users\WinAndLinuxTutorials\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/24 11:56:49 | 000,092,688 | ---- | M] () -- C:\Users\WinAndLinuxTutorials\Desktop\maltipssign2.gif
[2011/09/24 11:55:37 | 000,000,805 | ---- | M] () -- C:\Users\WinAndLinuxTutorials\Documents\Untitledwhit.png
[2011/09/22 00:39:41 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/09/22 00:39:34 | 000,803,644 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/09/18 16:41:18 | 000,001,041 | ---- | M] () -- C:\Users\WinAndLinuxTutorials\Application Data\Microsoft\Internet Explorer\Quick Launch\VMware Workstation.lnk
[2011/09/17 21:00:18 | 000,001,024 | ---- | M] () -- C:\.rnd
[2011/09/13 06:31:34 | 000,000,839 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\eBoostr Control Panel.lnk
[2011/09/10 20:21:54 | 000,001,905 | ---- | M] () -- C:\Windows\diagwrn.xml
[2011/09/10 20:21:54 | 000,001,905 | ---- | M] () -- C:\Windows\diagerr.xml
[2011/09/10 14:33:18 | 000,000,632 | RHS- | M] () -- C:\Users\WinAndLinuxTutorials\ntuser.pol
[2011/09/08 10:00:52 | 000,605,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\winload.exe
[2011/09/08 10:00:52 | 000,518,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.exe
[2011/09/06 18:52:32 | 000,275,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DreamScene.dll
[2011/09/06 18:52:32 | 000,008,107 | ---- | M] () -- C:\Windows\w7dsd.reg
[2011/09/06 18:52:32 | 000,008,089 | ---- | M] () -- C:\Windows\w7dse.reg
[2011/09/06 14:50:19 | 002,755,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\themeui.dll
[2011/09/06 14:49:52 | 000,101,072 | ---- | M] () -- C:\Windows\UTP.exe
[2011/09/06 13:48:37 | 000,332,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\uxtheme.dll
[2011/09/06 13:48:33 | 002,851,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\themeui.dll
[2011/09/05 19:29:02 | 000,605,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\winload~4.exe
[2011/09/05 19:29:02 | 000,518,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\winresume~4.exe
[2011/09/05 16:34:59 | 000,007,598 | ---- | M] () -- C:\Users\WinAndLinuxTutorials\AppData\Local\Resmon.ResmonCfg
[2011/09/05 15:52:39 | 000,000,000 | -H-- | M] () -- C:\Users\WinAndLinuxTutorials\Documents\Default.rdp
[2011/09/03 14:33:53 | 000,136,509 | ---- | M] () -- C:\Users\WinAndLinuxTutorials\Documents\maltipssign.gif
[2011/09/03 14:31:57 | 000,036,317 | ---- | M] () -- C:\Users\WinAndLinuxTutorials\Documents\Untitled-5.jpg
[2011/09/02 17:21:10 | 000,032,395 | ---- | M] () -- C:\Users\WinAndLinuxTutorials\Documents\maltipssign1.jpg
[2011/09/02 17:15:25 | 000,034,284 | ---- | M] () -- C:\Users\WinAndLinuxTutorials\Documents\Untitled-6.jpg
[2011/09/02 17:08:10 | 000,027,075 | ---- | M] () -- C:\Users\WinAndLinuxTutorials\Documents\Untitled-4.jpg
[2011/09/02 17:03:08 | 000,032,911 | ---- | M] () -- C:\Users\WinAndLinuxTutorials\Documents\Untitled-3.jpg
[2011/09/02 17:01:43 | 000,031,933 | ---- | M] () -- C:\Users\WinAndLinuxTutorials\Documents\Untitled-2.jpg
[2011/09/02 16:55:14 | 000,033,243 | ---- | M] () -- C:\Users\WinAndLinuxTutorials\Documents\Untitled-1.jpg
[2011/09/01 13:10:00 | 000,424,352 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/09/01 11:47:24 | 001,790,603 | ---- | M] () -- C:\Users\WinAndLinuxTutorials\Documents\alex20productions Intro Tempalte #1.zip
[2011/09/01 11:33:18 | 000,034,308 | ---- | M] () -- C:\Windows\SysWow64\BASSMOD.dll
[2011/08/31 19:45:22 | 000,054,728 | ---- | M] (Soluto LTD.) -- C:\Windows\SysNative\drivers\Soluto.sys
[2011/08/31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/08/31 02:54:36 | 000,294,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\VMM.sys
[2011/08/29 16:17:35 | 000,005,061 | ---- | M] () -- C:\Users\WinAndLinuxTutorials\Documents\Untitled.png
[2011/08/29 03:35:21 | 000,023,996 | ---- | M] () -- C:\Users\WinAndLinuxTutorials\Documents\Untitled-3.bmp
[2011/08/29 03:35:21 | 000,000,132 | ---- | M] () -- C:\Users\WinAndLinuxTutorials\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2011/08/29 03:28:35 | 000,132,776 | ---- | M] () -- C:\Users\WinAndLinuxTutorials\Documents\Untitled-1.bmp
[2011/08/28 03:25:35 | 000,061,353 | ---- | M] () -- C:\Users\WinAndLinuxTutorials\Documents\Capture.PNG
[2011/08/27 21:24:22 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\cd.dat
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2011/09/25 14:50:00 | 000,002,646 | ---- | C] () -- C:\Windows\SysNative\.crusader
[2011/09/25 14:49:59 | 000,002,034 | ---- | C] () -- C:\Windows\SysNative\bootdelete.lst
[2011/09/25 14:36:53 | 000,025,160 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2011/09/24 22:36:49 | 000,106,699 | ---- | C] () -- C:\Users\WinAndLinuxTutorials\Desktop\Capture.PNG
[2011/09/24 22:01:26 | 000,001,821 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/09/24 21:14:03 | 029,151,167 | ---- | C] () -- C:\Users\WinAndLinuxTutorials\Desktop\[PC Restoration Test] Rollback Rx 9.1 Test.wmv
[2011/09/24 11:56:49 | 000,092,688 | ---- | C] () -- C:\Users\WinAndLinuxTutorials\Desktop\maltipssign2.gif
[2011/09/24 11:55:37 | 000,000,805 | ---- | C] () -- C:\Users\WinAndLinuxTutorials\Documents\Untitledwhit.png
[2011/09/22 00:39:29 | 000,001,910 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/09/18 16:41:18 | 000,001,041 | ---- | C] (

 

[Jack]

You didn't copy/paste the entire log..........
Did you install Hotspot Shield (From AnchorFree)?If yes it would be a good idea to remove it because this program is known to come bundled with adware - see here and here - This file is detected by Symantec as "Trojan.Adclicker" and by ESET's Nod32 antivirus as a variant of Win32/HotSpotShield.

Also make sure Java is up-to-date : http://www.java.com/en/download/installed.jsp and clean your temp files/registry keys with Ccleaner.

I'll take a deeper look at your log in a few hours and provide a OTL Fix (if need it) because I've just got back from work

 

[WinAndLinuxTutorials]

You didn't copy/paste the entire log..........
Did you install Hotspot Shield (From AnchorFree)?If yes it would be a good idea to remove it because this program is known to come bundled with adware - see here and here - This file is detected by Symantec as "Trojan.Adclicker" and by ESET's Nod32 antivirus as a variant of Win32/HotSpotShield.

Also make sure Java is up-to-date : http://www.java.com/en/download/installed.jsp and clean your temp files/registry keys with Ccleaner.

I'll take a deeper look at your log in a few hours and provide a OTL Fix (if need it) because I've just got back from work

Ok thanks a lot for this info I am clicking on the uninstall button