Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
Infected with a virus after testing a software against viruses
Message
<blockquote data-quote="WinAndLinuxTutorials" data-source="post: 24554" data-attributes="member: 706"><p>@Jack </p><p>Sorry for the late reply. Here are the results of the OTL Scan:</p><p>The Extras.txt file:</p><p>[code]OTL Extras logfile created on: 9/25/2011 3:09:08 PM - Run 1</p><p>OTL by OldTimer - Version 3.2.29.1 Folder = D:\Downloads</p><p>64bit- An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation</p><p>Internet Explorer (Version = 9.0.8112.16421)</p><p>Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy</p><p> </p><p>3.80 Gb Total Physical Memory | 1.77 Gb Available Physical Memory | 46.56% Memory free</p><p>7.61 Gb Paging File | 5.03 Gb Available in Paging File | 66.15% Paging File free</p><p>Paging file location(s): ?:\pagefile.sys [binary data]</p><p> </p><p>%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)</p><p>Drive C: | 58.50 Gb Total Space | 26.63 Gb Free Space | 45.53% Space Free | Partition Type: NTFS</p><p>Drive D: | 205.32 Gb Total Space | 68.86 Gb Free Space | 33.54% Space Free | Partition Type: NTFS</p><p>Drive F: | 967.97 Mb Total Space | 5.96 Mb Free Space | 0.62% Space Free | Partition Type: FAT32</p><p> </p><p>Computer Name: WINANDLINUXTUTO | User Name: WinAndLinuxTutorials | Logged in as Administrator.</p><p>Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans</p><p>Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days</p><p> </p><p>[color=#E56717]========== Extra Registry (SafeList) ==========[/color]</p><p> </p><p> </p><p>[color=#E56717]========== File Associations ==========[/color]</p><p> </p><p>[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]</p><p>.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)</p><p> </p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]</p><p>.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)</p><p>.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found</p><p> </p><p>[HKEY_USERS\S-1-5-21-616977080-1685762771-72725601-1005\SOFTWARE\Classes\<extension>]</p><p>.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)</p><p> </p><p>[color=#E56717]========== Shell Spawning ==========[/color]</p><p> </p><p>[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]</p><p>batfile [open] -- "%1" %*</p><p>cmdfile [open] -- "%1" %*</p><p>comfile [open] -- "%1" %*</p><p>exefile [open] -- "%1" %*</p><p>helpfile [open] -- Reg Error: Key error.</p><p>http [open] -- Reg Error: Value error.</p><p>https [open] -- Reg Error: Value error.</p><p>inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)</p><p>InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)</p><p>InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)</p><p>piffile [open] -- "%1" %*</p><p>regfile [merge] -- Reg Error: Key error.</p><p>scrfile [config] -- "%1"</p><p>scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l</p><p>scrfile [open] -- "%1" /S</p><p>txtfile [edit] -- Reg Error: Key error.</p><p>Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1</p><p>Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()</p><p>Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)</p><p>Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)</p><p>Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()</p><p>Directory [takeownership] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)</p><p>Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)</p><p>Folder [explore] -- Reg Error: Value error.</p><p>Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)</p><p> </p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]</p><p>batfile [open] -- "%1" %*</p><p>cmdfile [open] -- "%1" %*</p><p>comfile [open] -- "%1" %*</p><p>cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)</p><p>exefile [open] -- "%1" %*</p><p>helpfile [open] -- Reg Error: Key error.</p><p>http [open] -- Reg Error: Value error.</p><p>https [open] -- Reg Error: Value error.</p><p>inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)</p><p>piffile [open] -- "%1" %*</p><p>regfile [merge] -- Reg Error: Key error.</p><p>scrfile [config] -- "%1"</p><p>scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l</p><p>scrfile [open] -- "%1" /S</p><p>txtfile [edit] -- Reg Error: Key error.</p><p>Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1</p><p>Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()</p><p>Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)</p><p>Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)</p><p>Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()</p><p>Directory [takeownership] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)</p><p>Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)</p><p>Folder [explore] -- Reg Error: Value error.</p><p>Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)</p><p> </p><p>[color=#E56717]========== Security Center Settings ==========[/color]</p><p> </p><p>[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]</p><p>"cval" = 1</p><p> </p><p>[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]</p><p> </p><p>[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]</p><p>"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]</p><p>"AntiVirusOverride" = 0</p><p>"AntiSpywareOverride" = 0</p><p>"FirewallOverride" = 0</p><p> </p><p>[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]</p><p> </p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]</p><p> </p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]</p><p> </p><p>[color=#E56717]========== Firewall Settings ==========[/color]</p><p> </p><p>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]</p><p>"DisableNotifications" = 0</p><p>"EnableFirewall" = 0</p><p> </p><p>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]</p><p>"DisableNotifications" = 0</p><p>"EnableFirewall" = 0</p><p> </p><p>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]</p><p>"DisableNotifications" = 0</p><p>"EnableFirewall" = 0</p><p> </p><p>[color=#E56717]========== Authorized Applications List ==========[/color]</p><p> </p><p>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]</p><p>"C:\Program Files (x86)\Orbitdownloader\orbitdm.exe" = C:\Program Files (x86)\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)</p><p>"C:\Program Files (x86)\Orbitdownloader\orbitnet.exe" = C:\Program Files (x86)\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)</p><p>"C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3</p><p>"C:\Program Files (x86)\Orbitdownloader\orbitdm.exe" = C:\Program Files (x86)\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)</p><p>"C:\Program Files (x86)\Orbitdownloader\orbitnet.exe" = C:\Program Files (x86)\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)</p><p>"C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3</p><p> </p><p> </p><p>[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]</p><p> </p><p>64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]</p><p>"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware</p><p>"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)</p><p>"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp version 0.99.8</p><p>"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)</p><p>"{26A24AE4-039D-4CA4-87B4-2F86416026FF}" = Java(TM) 6 Update 26 (64-bit)</p><p>"{26A24AE4-039D-4CA4-87B4-2F86417000FF}" = Java(TM) 7 (64-bit)</p><p>"{42738DB0-FC3E-4672-A99B-9372F5696E30}" = Microsoft Security Client</p><p>"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148</p><p>"{528E2373-AE49-4802-B4A8-326BBFDAD6A0}" = VmciSockets</p><p>"{5F4EB37F-1CA8-4A95-AD62-ED3D61A8E67E}" = Soluto</p><p>"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161</p><p>"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)</p><p>"{7688DE34-87F5-45D5-AADA-E5501C1E0814}" = Oracle VM VirtualBox 4.1.0</p><p>"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17</p><p>"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570</p><p>"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended</p><p>"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010</p><p>"{90140000-0015-0409-1000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010</p><p>"{90140000-0016-0409-1000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010</p><p>"{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010</p><p>"{90140000-0019-0409-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010</p><p>"{90140000-001A-0409-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010</p><p>"{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010</p><p>"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010</p><p>"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010</p><p>"{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010</p><p>"{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010</p><p>"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010</p><p>"{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010</p><p>"{90140000-0044-0409-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010</p><p>"{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010</p><p>"{90140000-00A1-0409-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010</p><p>"{90140000-00BA-0409-1000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010</p><p>"{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010</p><p>"{90140000-0117-0409-1000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010</p><p>"{94D70749-4281-39AC-AD90-B56A0E0A402E}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319</p><p>"{9CF4A37B-A8C4-44D7-8C53-13B9D9594BB3}" = Paint.NET v3.5.8</p><p>"{A7EEF79E-06B2-4382-9D2E-39DBA0F72D50}" = Eraser 6.0.8.2273</p><p>"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175</p><p>"{AD483998-2E9A-4405-83FF-6E503AF49CBB}" = Microsoft Virtual PC 2007 SP1</p><p>"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)</p><p>"{BCA26999-EC22-3007-BB79-638913079C9A}" = Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU</p><p>"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware</p><p>"{D237D67F-E77C-4D9E-AA66-8B7A821C215F}" = MFC RunTime files x64</p><p>"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU</p><p>"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148</p><p>"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile</p><p>"{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0</p><p>"{FD8E178D-8B4E-42DA-B434-EFF270329B1C}" = COMODO Internet Security</p><p>"CCleaner" = CCleaner</p><p>"CNXT_AUDIO_HDA" = Conexant HD Audio</p><p>"eBoostr 1" = eBoostr 4</p><p>"HitmanPro35" = Hitman Pro 3.5</p><p>"HWiNFO64_is1" = HWiNFO64 Version 3.84</p><p>"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile</p><p>"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended</p><p>"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0</p><p>"Microsoft Security Client" = Microsoft Security Essentials</p><p>"Office14.PROPLUS" = Microsoft Office Professional Plus 2010</p><p>"Recuva" = Recuva</p><p>"SynTPDeinstKey" = Synaptics Pointing Device Driver</p><p>"Windows Movie Maker" = Windows Movie Maker</p><p> </p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]</p><p>"{003BFBBD-6C67-419E-A24D-0DCAFC3A5249}" = tools-freebsd</p><p>"{073B89C3-BA88-41B5-965F-B35A88EAE838}" = TOSHIBA Supervisor Password</p><p>"{0D94F75A-0EA6-4951-B3AF-B145FA9E05C6}" = VMware Workstation</p><p>"{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU</p><p>"{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools</p><p>"{197597A7-AD33-4898-9D8E-73066818B464}" = tools-netware</p><p>"{1D10C273-3F95-42A2-8371-AB6B1F59821B}" = WOT for Internet Explorer</p><p>"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148</p><p>"{2A2F3AE8-246A-4252-BB26-1BEB45627074}" = Microsoft SQL Server System CLR Types</p><p>"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver</p><p>"{3A9B3B6D-3C08-4283-AF50-FD82C49DD71E}" = TOSHIBA TEMPRO</p><p>"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU</p><p>"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology</p><p>"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis</p><p>"{46F8CF66-AB83-38A7-99B2-A5BE507EE472}" = Microsoft Visual C++ 2010 Express - ENU</p><p>"{4E968D9C-21A7-4915-B698-F7AEB913541D}" = Microsoft SQL Server 2008 R2 Management Objects</p><p>"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3</p><p>"{5508128A-2C7B-46B5-81F9-58E8E8115F0B}" = AdblockIE</p><p>"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application</p><p>"{70C592EC-AE9B-4734-928B-676E824FB41E}" = MFC RunTime files</p><p>"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable</p><p>"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053</p><p>"{7DEF17DA-2FBD-457F-8550-68A116B7ACD9}" = WOT for Internet Explorer</p><p>"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570</p><p>"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight</p><p>"{90CD53EC-488B-4B1A-8C6B-3C36E82A84CA}" = EMET</p><p>"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting</p><p>"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader</p><p>"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161</p><p>"{AB1C87CB-1807-4CF0-B4C2-CEE14C18CDB4}" = tools-solaris</p><p>"{AE0F62A7-A1A2-407F-9F4C-48939BD9AD8D}" = tools-winPre2k</p><p>"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth</p><p>"{C0E8FE43-C35B-451D-B35F-D4BD056D70E7}" = Camtasia Studio 7</p><p>"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program</p><p>"{C6A6036D-FBD0-4324-BEAA-C0845257160C}_is1" = BatteryCare 0.9.8.10</p><p>"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack</p><p>"{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux</p><p>"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag</p><p>"{ED784556-66AA-3F17-9B58-7246ACB5C7E4}" = Microsoft Visual Basic 2010 Express - ENU</p><p>"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver</p><p>"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables</p><p>"{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows</p><p>"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX</p><p>"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin</p><p>"Any Video Converter_is1" = Any Video Converter 3.2.2</p><p>"BleachBit" = BleachBit</p><p>"ESET Online Scanner" = ESET Online Scanner v3</p><p>"FileHippo.com" = FileHippo.com Update Checker</p><p>"Free Disk Analyzer" = Free Disk Analyzer</p><p>"gbrainy" = gbrainy 1.65</p><p>"HotspotShield" = Hotspot Shield 2.06</p><p>"ImgBurn" = ImgBurn</p><p>"Install Creator" = Install Creator</p><p>"Install Creator Pro" = Install Creator Pro</p><p>"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300</p><p>"Microsoft Visual Basic 2010 Express - ENU" = Microsoft Visual Basic 2010 Express - ENU</p><p>"Microsoft Visual C++ 2010 Express - ENU" = Microsoft Visual C++ 2010 Express - ENU</p><p>"Mozilla Firefox 6.0.2 (x86 en-US)" = Mozilla Firefox 6.0.2 (x86 en-US)</p><p>"Opera 11.51.1087" = Opera 11.51</p><p>"Orbit_is1" = Orbit Downloader</p><p>"Prayer Times PC Pro" = Prayer Times PC Pro</p><p>"Quranflash Tajweed" = Quranflash Tajweed</p><p>"Registry Mechanic_is1" = Registry Mechanic 10.0</p><p>"Skin Pack Installer System X64" = Skin Pack Installer System X64 1.0</p><p>"TeamViewer 6" = TeamViewer 6</p><p>"uTorrent" = µTorrent</p><p>"VLC media player" = VLC media player 1.1.10</p><p>"VMware_Workstation" = VMware Workstation</p><p>"WinASO Registry Optimizer_is1" = WinASO Registry Optimizer 4.7.1</p><p> </p><p>[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]</p><p> </p><p>[HKEY_USERS\S-1-5-21-616977080-1685762771-72725601-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]</p><p>"Pinball" = Pinball</p><p> </p><p>[color=#E56717]========== Last 10 Event Log Errors ==========[/color]</p><p> </p><p>[ Application Events ]</p><p>Error - 9/25/2011 7:13:00 AM | Computer Name = WinAndLinuxTutorials-PC | Source = ESENT | ID = 455</p><p>Description = Windows (4040) Windows: Error -1811 occurred while opening logfile</p><p> C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS0004D.log.</p><p> </p><p>Error - 9/25/2011 7:13:01 AM | Computer Name = WinAndLinuxTutorials-PC | Source = Windows Search Service | ID = 9000</p><p>Description = </p><p> </p><p>Error - 9/25/2011 7:13:01 AM | Computer Name = WinAndLinuxTutorials-PC | Source = Windows Search Service | ID = 7040</p><p>Description = </p><p> </p><p>Error - 9/25/2011 7:13:01 AM | Computer Name = WinAndLinuxTutorials-PC | Source = Windows Search Service | ID = 7042</p><p>Description = </p><p> </p><p>Error - 9/25/2011 7:13:02 AM | Computer Name = WinAndLinuxTutorials-PC | Source = Windows Search Service | ID = 9002</p><p>Description = </p><p> </p><p>Error - 9/25/2011 7:13:02 AM | Computer Name = WinAndLinuxTutorials-PC | Source = Windows Search Service | ID = 3029</p><p>Description = </p><p> </p><p>Error - 9/25/2011 7:13:03 AM | Computer Name = WinAndLinuxTutorials-PC | Source = Windows Search Service | ID = 3029</p><p>Description = </p><p> </p><p>Error - 9/25/2011 7:13:03 AM | Computer Name = WinAndLinuxTutorials-PC | Source = Windows Search Service | ID = 3028</p><p>Description = </p><p> </p><p>Error - 9/25/2011 7:13:03 AM | Computer Name = WinAndLinuxTutorials-PC | Source = Windows Search Service | ID = 3058</p><p>Description = </p><p> </p><p>Error - 9/25/2011 7:13:03 AM | Computer Name = WinAndLinuxTutorials-PC | Source = Windows Search Service | ID = 7010</p><p>Description = </p><p> </p><p>[ System Events ]</p><p>Error - 8/21/2011 4:59:57 PM | Computer Name = Najeed-PC | Source = Disk | ID = 262155</p><p>Description = The driver detected a controller error on \Device\Harddisk2\DR2.</p><p> </p><p>Error - 8/21/2011 4:59:57 PM | Computer Name = Najeed-PC | Source = Disk | ID = 262155</p><p>Description = The driver detected a controller error on \Device\Harddisk2\DR2.</p><p> </p><p>Error - 8/21/2011 4:59:57 PM | Computer Name = Najeed-PC | Source = Disk | ID = 262155</p><p>Description = The driver detected a controller error on \Device\Harddisk2\DR2.</p><p> </p><p>Error - 8/21/2011 4:59:57 PM | Computer Name = Najeed-PC | Source = Disk | ID = 262155</p><p>Description = The driver detected a controller error on \Device\Harddisk2\DR2.</p><p> </p><p>Error - 8/21/2011 4:59:57 PM | Computer Name = Najeed-PC | Source = Disk | ID = 262155</p><p>Description = The driver detected a controller error on \Device\Harddisk2\DR2.</p><p> </p><p>Error - 8/22/2011 6:05:30 AM | Computer Name = Najeed-PC | Source = Service Control Manager | ID = 7026</p><p>Description = The following boot-start or system-start driver(s) failed to load:</p><p> SASKUTIL</p><p> </p><p>Error - 8/22/2011 6:05:41 AM | Computer Name = Najeed-PC | Source = Microsoft Antimalware | ID = 3002</p><p>Description = %%860 Real-Time Protection feature has encountered an error and failed.</p><p></p><p> Feature:</p><p> %%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842</p><p> </p><p>Error - 8/22/2011 9:20:25 AM | Computer Name = Najeed-PC | Source = Disk | ID = 262155</p><p>Description = The driver detected a controller error on \Device\Harddisk2\DR2.</p><p> </p><p>Error - 8/22/2011 9:20:26 AM | Computer Name = Najeed-PC | Source = Disk | ID = 262155</p><p>Description = The driver detected a controller error on \Device\Harddisk2\DR2.</p><p> </p><p>Error - 8/22/2011 9:20:27 AM | Computer Name = Najeed-PC | Source = Disk | ID = 262155</p><p>Description = The driver detected a controller error on \Device\Harddisk2\DR2.</p><p> </p><p> </p><p>< End of report ></p><p>[/code]</p><p></p><p>The OTL.txt file:</p><p>[code]OTL logfile created on: 9/25/2011 3:09:08 PM - Run 1</p><p>OTL by OldTimer - Version 3.2.29.1 Folder = D:\Downloads</p><p>64bit- An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation</p><p>Internet Explorer (Version = 9.0.8112.16421)</p><p>Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy</p><p> </p><p>3.80 Gb Total Physical Memory | 1.77 Gb Available Physical Memory | 46.56% Memory free</p><p>7.61 Gb Paging File | 5.03 Gb Available in Paging File | 66.15% Paging File free</p><p>Paging file location(s): ?:\pagefile.sys [binary data]</p><p> </p><p>%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)</p><p>Drive C: | 58.50 Gb Total Space | 26.63 Gb Free Space | 45.53% Space Free | Partition Type: NTFS</p><p>Drive D: | 205.32 Gb Total Space | 68.86 Gb Free Space | 33.54% Space Free | Partition Type: NTFS</p><p>Drive F: | 967.97 Mb Total Space | 5.96 Mb Free Space | 0.62% Space Free | Partition Type: FAT32</p><p> </p><p>Computer Name: WINANDLINUXTUTO | User Name: WinAndLinuxTutorials | Logged in as Administrator.</p><p>Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans</p><p>Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days</p><p> </p><p>[color=#E56717]========== Processes (SafeList) ==========[/color]</p><p> </p><p>PRC - D:\Downloads\OTL.exe (OldTimer Tools)</p><p>PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)</p><p>PRC - C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)</p><p>PRC - C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.)</p><p>PRC - C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)</p><p>PRC - C:\Program Files (x86)\GuidedWays\PrayerTimesPro\PrayerTimes PC Pro.exe (Macrovision)</p><p>PRC - C:\Program Files (x86)\GuidedWays\PrayerTimesPro\jre\bin\javaw.exe (Sun Microsystems, Inc.)</p><p>PRC - C:\Program Files (x86)\Hotspot Shield\bin\openvpntray.exe ()</p><p>PRC - C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe ()</p><p>PRC - C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe ()</p><p>PRC - C:\Program Files (x86)\Auslogics\Auslogics Disk Defrag\DiskDefrag.exe (Auslogics)</p><p>PRC - C:\Program Files\eBoostr\eBoostrCP.exe (eBoostr.com)</p><p>PRC - C:\Program Files\eBoostr\EBstrSvc.exe (eBoostr.com)</p><p>PRC - C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe (PC Tools)</p><p> </p><p> </p><p>[color=#E56717]========== Modules (No Company Name) ==========[/color]</p><p> </p><p>MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()</p><p>MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()</p><p>MOD - C:\Program Files (x86)\Hotspot Shield\bin\openvpntray.exe ()</p><p>MOD - C:\Program Files (x86)\Hotspot Shield\bin\lang\gui-eng.dll ()</p><p>MOD - C:\Program Files (x86)\Auslogics\Auslogics Disk Defrag\madExcept_.bpl ()</p><p>MOD - C:\Program Files (x86)\Auslogics\Auslogics Disk Defrag\madBasic_.bpl ()</p><p>MOD - C:\Program Files (x86)\Auslogics\Auslogics Disk Defrag\madDisAsm_.bpl ()</p><p>MOD - C:\Program Files (x86)\Auslogics\Auslogics Disk Defrag\ausshellext.dll ()</p><p>MOD - C:\Program Files\eBoostr\sqlite.dll ()</p><p>MOD - C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll ()</p><p>MOD - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()</p><p> </p><p> </p><p>[color=#E56717]========== Win32 Services (SafeList) ==========[/color]</p><p> </p><p>SRV:[b]64bit:[/b] - (SolutoService) -- C:\Program Files\Soluto\SolutoService.exe (Soluto)</p><p>SRV:[b]64bit:[/b] - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)</p><p>SRV:[b]64bit:[/b] - (cmdAgent) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)</p><p>SRV:[b]64bit:[/b] - (EBOOSTRSVC) -- C:\Program Files\eBoostr\EBstrSvc.exe (eBoostr.com)</p><p>SRV:[b]64bit:[/b] - (NisSrv) -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)</p><p>SRV:[b]64bit:[/b] - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)</p><p>SRV:[b]64bit:[/b] - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)</p><p>SRV:[b]64bit:[/b] - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)</p><p>SRV - (VMnetDHCP) -- C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)</p><p>SRV - (VMware NAT Service) -- C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)</p><p>SRV - (VMwareHostd) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe ()</p><p>SRV - (VMAuthdService) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc.)</p><p>SRV - (VMUSBArbService) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe (VMware, Inc.)</p><p>SRV - (HitmanPro35CrusaderBoot) Hitman Pro 3.5 Crusader (Boot) -- D:\Downloads\Hitman Pro 3.5.9 Build -129- 32 and 64-bit (TimC0de)\Setup\x64\HitmanPro35.exe (SurfRight B.V.)</p><p>SRV - (HssTrayService) -- C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.exe ()</p><p>SRV - (hshld) -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe ()</p><p>SRV - (TeamViewer6) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)</p><p>SRV - (HssWd) -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe ()</p><p>SRV - (HssSrv) -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.)</p><p>SRV - (PCToolsSSDMonitorSvc) -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe (PC Tools)</p><p>SRV - (TemproMonitoringService) Notebook Performance Tuning Service (TEMPRO) -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe (Toshiba Europe GmbH)</p><p>SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)</p><p>SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)</p><p> </p><p> </p><p>[color=#E56717]========== Driver Services (SafeList) ==========[/color]</p><p> </p><p>DRV:[b]64bit:[/b] - (Soluto) -- C:\Windows\SysNative\drivers\Soluto.sys (Soluto LTD.)</p><p>DRV:[b]64bit:[/b] - (vmm) -- C:\Windows\SysNative\drivers\VMM.sys (Microsoft Corporation)</p><p>DRV:[b]64bit:[/b] - (vmx86) -- C:\Windows\SysNative\drivers\vmx86.sys (VMware, Inc.)</p><p>DRV:[b]64bit:[/b] - (VMnetuserif) -- C:\Windows\SysNative\drivers\vmnetuserif.sys (VMware, Inc.)</p><p>DRV:[b]64bit:[/b] - (VMnetBridge) -- C:\Windows\SysNative\drivers\vmnetbridge.sys (VMware, Inc.)</p><p>DRV:[b]64bit:[/b] - (VMnetAdapter) -- C:\Windows\SysNative\drivers\vmnetadapter.sys (VMware, Inc.)</p><p>DRV:[b]64bit:[/b] - (hcmon) -- C:\Windows\SysNative\drivers\hcmon.sys (VMware, Inc.)</p><p>DRV:[b]64bit:[/b] - (vmusb) -- C:\Windows\SysNative\drivers\vmusb.sys (VMware, Inc.)</p><p>DRV:[b]64bit:[/b] - (vmci) -- C:\Windows\SysNative\drivers\vmci.sys (VMware, Inc.)</p><p>DRV:[b]64bit:[/b] - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)</p><p>DRV:[b]64bit:[/b] - (VBoxNetAdp) -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys (Oracle Corporation)</p><p>DRV:[b]64bit:[/b] - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)</p><p>DRV:[b]64bit:[/b] - (taphss) -- C:\Windows\SysNative\drivers\taphss.sys (AnchorFree Inc)</p><p>DRV:[b]64bit:[/b] - (HWiNFO32) -- C:\Program Files\HWiNFO64\HWiNFO64A.SYS (REALiX(tm))</p><p>DRV:[b]64bit:[/b] - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)</p><p>DRV:[b]64bit:[/b] - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)</p><p>DRV:[b]64bit:[/b] - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)</p><p>DRV:[b]64bit:[/b] - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)</p><p>DRV:[b]64bit:[/b] - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)</p><p>DRV:[b]64bit:[/b] - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)</p><p>DRV:[b]64bit:[/b] - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)</p><p>DRV:[b]64bit:[/b] - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)</p><p>DRV:[b]64bit:[/b] - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.)</p><p>DRV:[b]64bit:[/b] - (VMLiteUSB) -- C:\Windows\SysNative\drivers\VMLiteUSB.sys (VMLite, Inc.)</p><p>DRV:[b]64bit:[/b] - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)</p><p>DRV:[b]64bit:[/b] - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)</p><p>DRV:[b]64bit:[/b] - (eBoost) -- C:\Windows\SysNative\drivers\eBoost.sys (eBoostr.com)</p><p>DRV:[b]64bit:[/b] - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)</p><p>DRV:[b]64bit:[/b] - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)</p><p>DRV:[b]64bit:[/b] - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation)</p><p>DRV:[b]64bit:[/b] - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation)</p><p>DRV:[b]64bit:[/b] - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)</p><p>DRV:[b]64bit:[/b] - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)</p><p>DRV:[b]64bit:[/b] - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)</p><p>DRV:[b]64bit:[/b] - (FwLnk) -- C:\Windows\SysNative\drivers\FwLnk.sys (TOSHIBA Corporation)</p><p>DRV:[b]64bit:[/b] - (PGEffect) -- C:\Windows\SysNative\drivers\PGEffect.sys (TOSHIBA Corporation)</p><p>DRV:[b]64bit:[/b] - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)</p><p>DRV:[b]64bit:[/b] - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)</p><p>DRV:[b]64bit:[/b] - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)</p><p>DRV:[b]64bit:[/b] - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)</p><p>DRV:[b]64bit:[/b] - (VPCNetS2) -- C:\Windows\SysNative\drivers\VMNetSrv.sys (Microsoft Corporation)</p><p>DRV:[b]64bit:[/b] - (TVALZ) -- C:\Windows\SysNative\drivers\TVALZ_O.SYS (TOSHIBA Corporation)</p><p>DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)</p><p>DRV - (WinRing0_1_2_0) -- C:\Program Files (x86)\BatteryCare\WinRing0x64.sys (OpenLibSys.org)</p><p> </p><p> </p><p>[color=#E56717]========== Standard Registry (SafeList) ==========[/color]</p><p> </p><p> </p><p>[color=#E56717]========== Internet Explorer ==========[/color]</p><p> </p><p>IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com/lionskin/{DD3226AC-F545-4ABD-9C0D-996A8DE681AF}</p><p> </p><p> </p><p>IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0</p><p> </p><p>IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0</p><p> </p><p> </p><p> </p><p>IE - HKU\S-1-5-21-616977080-1685762771-72725601-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve</p><p>IE - HKU\S-1-5-21-616977080-1685762771-72725601-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:Tabs</p><p>IE - HKU\S-1-5-21-616977080-1685762771-72725601-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ksa.msn.com/?C=SA</p><p>IE - HKU\S-1-5-21-616977080-1685762771-72725601-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US</p><p>IE - HKU\S-1-5-21-616977080-1685762771-72725601-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0</p><p> </p><p>[color=#E56717]========== FireFox ==========[/color]</p><p> </p><p>FF - prefs.js..browser.search.selectedEngine: "WOT Safe Search"</p><p>FF - prefs.js..browser.search.useDBForOrder: true</p><p> </p><p>FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)</p><p>FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found</p><p>FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)</p><p>FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()</p><p>FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)</p><p>FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found</p><p>FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)</p><p>FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)</p><p>FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)</p><p> </p><p>FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/09/08 23:49:27 | 000,000,000 | ---D | M]</p><p>FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins</p><p> </p><p>[2011/08/25 00:00:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\WinAndLinuxTutorials\AppData\Roaming\Mozilla\Extensions</p><p>[2011/09/20 16:00:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\WinAndLinuxTutorials\AppData\Roaming\Mozilla\Firefox\Profiles\dre6bz35.default\extensions</p><p>[2011/08/25 00:16:49 | 000,000,000 | ---D | M] (WOT) -- C:\Users\WinAndLinuxTutorials\AppData\Roaming\Mozilla\Firefox\Profiles\dre6bz35.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}</p><p>[2011/08/25 00:16:49 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\WinAndLinuxTutorials\AppData\Roaming\Mozilla\Firefox\Profiles\dre6bz35.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}</p><p>[2011/09/09 00:19:34 | 000,002,306 | ---- | M] () -- C:\Users\WinAndLinuxTutorials\AppData\Roaming\Mozilla\Firefox\Profiles\dre6bz35.default\searchplugins\wot-safe-search.xml</p><p>[2011/09/22 11:01:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions</p><p>[2011/09/22 11:01:25 | 000,000,000 | ---D | M] (afurladvisor) -- C:\Program Files (x86)\Mozilla Firefox\extensions\afurladvisor@anchorfree.com</p><p>() (No name found) -- C:\USERS\WINANDLINUXTUTORIALS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DRE6BZ35.DEFAULT\EXTENSIONS\{C0C9A2C7-2E5C-4447-BC53-97718BC91E1B}.XPI</p><p>() (No name found) -- C:\USERS\WINANDLINUXTUTORIALS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DRE6BZ35.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI</p><p>() (No name found) -- C:\USERS\WINANDLINUXTUTORIALS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DRE6BZ35.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI</p><p>() (No name found) -- C:\USERS\WINANDLINUXTUTORIALS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DRE6BZ35.DEFAULT\EXTENSIONS\TRACKERBLOCK@PRIVACYCHOICE.ORG.XPI</p><p>[2011/09/03 09:01:45 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll</p><p>[2011/09/03 02:25:59 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml</p><p> </p><p>O1 HOSTS File: ([2009/06/11 00:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts</p><p>O2:[b]64bit:[/b] - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - No CLSID value found.</p><p>O2:[b]64bit:[/b] - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)</p><p>O2:[b]64bit:[/b] - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll (AnchorFree Inc.)</p><p>O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)</p><p>O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - Reg Error: Value error. File not found</p><p>O2 - BHO: (af0.Adblock.BHO) - {90EFF544-3981-4d46-85C9-C0361D0931D6} - Reg Error: Value error. File not found</p><p>O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll ()</p><p>O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)</p><p>O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll ()</p><p>O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll ()</p><p>O3 - HKU\S-1-5-21-616977080-1685762771-72725601-1005\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll ()</p><p>O3 - HKU\S-1-5-21-616977080-1685762771-72725601-1005\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll ()</p><p>O4:[b]64bit:[/b] - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)</p><p>O4:[b]64bit:[/b] - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)</p><p>O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)</p><p>O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)</p><p>O4 - HKU\S-1-5-21-616977080-1685762771-72725601-1005..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)</p><p>O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)</p><p>O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found</p><p>O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found</p><p>O4 - Startup: C:\Users\WinAndLinuxTutorials\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PrayerTimes PC Pro - Shortcut.lnk = C:\Program Files (x86)\GuidedWays\PrayerTimesPro\PrayerTimes PC Pro.exe (Macrovision)</p><p>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1</p><p>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1</p><p>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95</p><p>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3</p><p>O7 - HKU\S-1-5-21-616977080-1685762771-72725601-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145</p><p>O7 - HKU\S-1-5-21-616977080-1685762771-72725601-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1</p><p>O7 - HKU\S-1-5-21-616977080-1685762771-72725601-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1</p><p>O7 - HKU\S-1-5-21-616977080-1685762771-72725601-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1</p><p>O7 - HKU\S-1-5-21-616977080-1685762771-72725601-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1</p><p>O7 - HKU\S-1-5-21-616977080-1685762771-72725601-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1</p><p>O7 - HKU\S-1-5-21-616977080-1685762771-72725601-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2</p><p>O7 - HKU\S-1-5-21-616977080-1685762771-72725601-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1</p><p>O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)</p><p>O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)</p><p>O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)</p><p>O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)</p><p>O13[b]64bit:[/b] - gopher Prefix: missing</p><p>O13 - gopher Prefix: missing</p><p>O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.0.0)</p><p>O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)</p><p>O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Reg Error: Key error.)</p><p>O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1</p><p>O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{83AA4386-AC39-4DA6-9409-AA2FDE846B42}: DhcpNameServer = 192.168.1.1</p><p>O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B8E234C3-0155-4000-8DF6-6EAFE8E4A90F}: NameServer = 10.41.0.1</p><p>O18:[b]64bit:[/b] - Protocol\Handler\wot - No CLSID value found</p><p>O18 - Protocol\Handler\ms-help - No CLSID value found</p><p>O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll ()</p><p>O20:[b]64bit:[/b] - AppInit_DLLs: (C:\Windows\system32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO)</p><p>O20 - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) -C:\Windows\SysWOW64\guard32.dll (COMODO)</p><p>O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)</p><p>O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)</p><p>O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Program Files\Soluto\soluto.exe /userinit) - C:\Program Files\Soluto\soluto.exe (Soluto)</p><p>O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)</p><p>O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) - File not found</p><p>O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)</p><p>O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)</p><p>O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found</p><p>O20:[b]64bit:[/b] - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)</p><p>O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.</p><p>O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.</p><p>O22:[b]64bit:[/b] - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll (Microsoft Corporation)</p><p>O32 - HKLM CDRom: AutoRun - 1</p><p>O34 - HKLM BootExecute: (autocheck autochk *)</p><p>O34 - HKLM BootExecute: (bootdelete)</p><p>O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*</p><p>O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*</p><p>O35 - HKLM\..comfile [open] -- "%1" %*</p><p>O35 - HKLM\..exefile [open] -- "%1" %*</p><p>O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*</p><p>O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*</p><p>O37 - HKLM\...com [@ = comfile] -- "%1" %*</p><p>O37 - HKLM\...exe [@ = exefile] -- "%1" %*</p><p> </p><p>[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]</p><p> </p><p>[2011/09/25 14:50:00 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe</p><p>[2011/09/25 14:47:42 | 002,388,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer1.exe</p><p>[2011/09/25 14:36:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hitman Pro 3.5</p><p>[2011/09/25 14:36:52 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5</p><p>[2011/09/25 14:36:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro</p><p>[2011/09/24 22:15:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET</p><p>[2011/09/24 22:01:35 | 000,000,000 | ---D | C] -- C:\Users\WinAndLinuxTutorials\AppData\Roaming\SUPERAntiSpyware.com</p><p>[2011/09/24 22:01:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware</p><p>[2011/09/24 22:01:22 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware</p><p>[2011/09/24 21:57:51 | 000,000,000 | ---D | C] -- C:\Users\WinAndLinuxTutorials\AppData\Roaming\KillSwitch 2</p><p>[2011/09/22 00:39:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client</p><p>[2011/09/22 00:39:28 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client</p><p>[2011/09/22 00:32:53 | 000,000,000 | ---D | C] -- C:\Users\WinAndLinuxTutorials\AppData\Roaming\Spycar</p><p>[2011/09/20 19:00:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotspot Shield</p><p>[2011/09/20 19:00:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hotspot Shield</p><p>[2011/09/20 18:22:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE</p><p>[2011/09/18 17:43:49 | 000,054,728 | ---- | C] (Soluto LTD.) -- C:\Windows\SysNative\drivers\Soluto.sys</p><p>[2011/09/18 17:43:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Soluto</p><p>[2011/09/18 17:43:48 | 000,000,000 | ---D | C] -- C:\Program Files\Soluto</p><p>[2011/09/18 16:41:12 | 000,062,064 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmx86.sys</p><p>[2011/09/18 16:40:46 | 000,354,416 | ---- | C] (VMware, Inc.) -- C:\Windows\SysWow64\vmnetdhcp.exe</p><p>[2011/09/18 16:40:41 | 000,432,752 | ---- | C] (VMware, Inc.) -- C:\Windows\SysWow64\vmnat.exe</p><p>[2011/09/18 16:40:41 | 000,030,320 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmnetuserif.sys</p><p>[2011/09/18 16:40:38 | 000,942,192 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\vnetlib64.dll</p><p>[2011/09/18 16:40:37 | 000,039,024 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\hcmon.sys</p><p>[2011/09/18 16:40:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware</p><p>[2011/09/18 16:40:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VMware</p><p>[2011/09/18 16:40:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\VMware</p><p>[2011/09/18 16:39:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\VMware</p><p>[2011/09/17 20:59:39 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Shared Virtual Machines</p><p>[2011/09/17 15:57:05 | 000,443,040 | ---- | C] (Atheros) -- C:\Windows\SysNative\athihvs.dll</p><p>[2011/09/13 06:31:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBoostr</p><p>[2011/09/13 06:31:33 | 000,000,000 | ---D | C] -- C:\ProgramData\eboostr</p><p>[2011/09/13 06:31:33 | 000,000,000 | ---D | C] -- C:\Program Files\eBoostr</p><p>[2011/09/12 05:30:09 | 000,000,000 | ---D | C] -- C:\Windows\Standalone System Sweeper</p><p>[2011/09/11 18:37:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO</p><p>[2011/09/11 18:37:34 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO</p><p>[2011/09/11 18:35:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo</p><p>[2011/09/11 18:35:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo Downloader</p><p>[2011/09/10 20:12:22 | 000,000,000 | ---D | C] -- C:\Users\WinAndLinuxTutorials\AppData\Roaming\uTorrent</p><p>[2011/09/10 20:12:22 | 000,000,000 | ---D | C] -- C:\Users\WinAndLinuxTutorials\AppData\Local\uTorrent</p><p>[2011/09/10 16:13:02 | 000,336,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\uDWM.dll</p><p>[2011/09/10 16:12:05 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dwm.exe</p><p>[2011/09/09 21:19:29 | 000,000,000 | ---D | C] -- C:\Users\WinAndLinuxTutorials\AppData\Roaming\Soluto</p><p>[2011/09/09 21:15:46 | 000,000,000 | ---D | C] -- C:\Users\WinAndLinuxTutorials\AppData\Local\Sidebar7</p><p>[2011/09/09 21:05:04 | 000,000,000 | ---D | C] -- C:\Users\WinAndLinuxTutorials\AppData\Local\Stealth_Software</p><p>[2011/09/09 19:25:05 | 000,000,000 | ---D | C] -- C:\Users\WinAndLinuxTutorials\AppData\Local\Temporary Projects</p><p>[2011/09/09 18:27:40 | 000,000,000 | ---D | C] -- C:\Users\WinAndLinuxTutorials\Documents\OneNote Notebooks</p><p>[2011/09/09 13:24:37 | 000,000,000 | R--D | C] -- C:\Users\WinAndLinuxTutorials\Documents\Scanned Documents</p><p>[2011/09/09 13:24:36 | 000,000,000 | ---D | C] -- C:\Users\WinAndLinuxTutorials\Documents\Fax</p><p>[2011/09/09 00:24:23 | 000,000,000 | ---D | C] -- C:\Users\WinAndLinuxTutorials\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BleachBit</p><p>[2011/09/08 16:58:35 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\QuickTime</p><p>[2011/09/08 16:58:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Camtasia Studio 7</p><p>[2011/09/08 16:58:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime</p><p>[2011/09/08 16:58:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\TechSmith Shared</p><p>[2011/09/08 16:58:23 | 000,000,000 | ---D | C] -- C:\ProgramData\TechSmith</p><p>[2011/09/08 16:58:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TechSmith</p><p>[2011/09/08 16:53:18 | 000,000,000 | ---D | C] -- C:\Users\WinAndLinuxTutorials\AppData\Roaming\BleachBit</p><p>[2011/09/08 02:04:30 | 000,000,000 | R--D | C] -- C:\Users\WinAndLinuxTutorials\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recycle Bin</p><p>[2011/09/07 21:32:40 | 000,000,000 | ---D | C] -- C:\Users\WinAndLinuxTutorials\AppData\Roaming\BatteryCare</p><p>[2011/09/07 17:24:29 | 000,000,000 | ---D | C] -- C:\Users\WinAndLinuxTutorials\AppData\Local\ElevatedDiagnostics</p><p>[2011/09/07 13:55:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Hewlett-Packard</p><p>[2011/09/06 22:13:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth</p><p>[2011/09/06 22:13:17 | 000,000,000 | ---D | C] -- C:\Users\WinAndLinuxTutorials\AppData\Local\Google</p><p>[2011/09/06 22:13:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google</p><p>[2011/09/06 22:07:43 | 000,000,000 | ---D | C] -- C:\PROGRAM FILES (X86) (X86)</p><p>[2011/09/06 18:52:31 | 000,275,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DreamScene.dll</p><p>[2011/09/06 18:19:49 | 000,000,000 | ---D | C] -- C:\Users\WinAndLinuxTutorials\AppData\Local\Eraser 6</p><p>[2011/09/06 15:40:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quranflash Tajweed</p><p>[2011/09/06 15:40:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Quranflash Tajweed</p><p>[2011/09/06 14:50:11 | 001,866,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ExplorerFrame_backup_wti.dll</p><p>[2011/09/06 14:44:16 | 000,000,000 | ---D | C] -- C:\Users\WinAndLinuxTutorials\Quran</p><p>[2011/09/05 22:51:28 | 000,000,000 | ---D | C] -- C:\Users\WinAndLinuxTutorials\AppData\Roaming\Registry Mechanic</p><p>[2011/09/05 15:09:53 | 000,000,000 | ---D | C] -- C:\Users\WinAndLinuxTutorials\AppData\Local\Diagnostics</p><p>[2011/09/03 18:04:11 | 000,000,000 | -H-D | C] -- C:\$AVG</p><p>[2011/09/03 15:12:16 | 000,000,000 | ---D | C] -- C:\Users\WinAndLinuxTutorials\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Enhanced Mitigation Experience Toolkit</p><p>[2011/09/03 15:12:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EMET</p><p>[2011/09/03 14:23:29 | 000,000,000 | ---D | C] -- C:\Users\WinAndLinuxTutorials\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinASO</p><p>[2011/09/02 23:55:57 | 000,000,000 | ---D | C] -- C:\Users\WinAndLinuxTutorials\AppData\Roaming\Auslogics</p><p>[2011/09/02 23:43:44 | 000,000,000 | ---D | C] -- C:\Users\WinAndLinuxTutorials\AppData\Roaming\AVG2012</p><p>[2011/09/02 23:43:08 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files</p><p>[2011/09/02 23:42:42 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012</p><p>[2011/09/02 23:42:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG</p><p>[2011/09/02 23:38:31 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData</p><p>[2011/09/02 22:38:37 | 000,000,000 | ---D | C] -- C:\Users\WinAndLinuxTutorials\AppData\Roaming\TeamViewer</p><p>[2011/09/02 22:10:17 | 000,000,000 | ---D | C] -- C:\Users\WinAndLinuxTutorials\AppData\Roaming\Malwarebytes</p><p>[2011/09/02 22:00:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware</p><p>[2011/09/02 22:00:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes</p><p>[2011/09/02 22:00:47 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys</p><p>[2011/09/02 22:00:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware</p><p>[2011/09/02 15:07:52 | 000,000,000 | ---D | C] -- C:\Users\WinAndLinuxTutorials\AppData\Roaming\Sony Creative Software Inc</p><p>[2011/09/02 13:27:49 | 000,000,000 | ---D | C] -- C:\Program Files\Sandboxie</p><p>[2011/09/01 14:06:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\af0.net</p><p>[2011/09/01 13:54:30 | 000,000,000 | ---D | C] -- C:\Users\WinAndLinuxTutorials\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis</p><p>[2011/09/01 11:48:16 | 000,000,000 | ---D | C] -- C:\Users\WinAndLinuxTutorials\AppData\Roaming\Publish Providers</p><p>[2011/09/01 11:47:48 | 000,000,000 | ---D | C] -- C:\Users\WinAndLinuxTutorials\AppData\Roaming\Sony</p><p>[2011/09/01 11:47:48 | 000,000,000 | ---D | C] -- C:\Users\WinAndLinuxTutorials\AppData\Local\Sony</p><p>[2011/09/01 11:47:36 | 000,000,000 | ---D | C] -- C:\Users\WinAndLinuxTutorials\Documents\alex20productions Intro Tempalte #1</p><p>[2011/08/31 02:54:36 | 000,294,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\VMM.sys</p><p>[2011/08/31 02:44:15 | 000,000,000 | ---D | C] -- C:\Users\WinAndLinuxTutorials\AppData\Local\Microsoft Games</p><p>[2011/08/30 22:18:08 | 000,000,000 | ---D | C] -- C:\Users\WinAndLinuxTutorials\AppData\Local\Apps</p><p>[2011/08/30 18:36:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Install Creator Pro</p><p>[2011/08/30 18:36:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Install Creator Pro</p><p>[2011/08/30 18:03:35 | 000,000,000 | ---D | C] -- C:\Users\WinAndLinuxTutorials\AppData\Roaming\GrabPro</p><p>[2011/08/30 17:31:05 | 000,000,000 | ---D | C] -- C:\Users\WinAndLinuxTutorials\Documents\inkball</p><p>[2011/08/30 14:31:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Virtual PC</p><p>[2011/08/29 15:57:32 | 000,000,000 | ---D | C] -- C:\Users\WinAndLinuxTutorials\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pinball</p><p>[2011/08/29 15:57:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pinball</p><p>[2011/08/29 03:19:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe</p><p>[2011/08/29 03:19:46 | 000,000,000 | ---D | C] -- C:\Users\WinAndLinuxTutorials\AppData\Local\Adobe</p><p>[2011/08/29 03:19:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe</p><p>[2011/08/29 03:19:45 | 000,000,000 | ---D | C] -- C:\Users\WinAndLinuxTutorials\AppData\Roaming\Adobe</p><p>[2011/08/28 17:47:19 | 000,000,000 | ---D | C] -- C:\Users\WinAndLinuxTutorials\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games</p><p>[2011/08/28 16:40:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Merge Modules</p><p>[2011/08/28 16:14:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server</p><p>[2011/08/28 16:14:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Synchronization Services</p><p>[2011/08/28 16:14:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition</p><p>[2011/08/28 16:13:51 | 000,000,000 | ---D | C] -- C:\Users\WinAndLinuxTutorials\Documents\Visual Studio 2010</p><p>[2011/08/28 16:13:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2010 Express</p><p>[2011/08/28 16:12:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 10.0</p><p>[2011/08/28 16:11:37 | 000,000,000 | ---D | C] -- C:\Windows\symbols</p><p>[2011/08/28 16:11:37 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 10.0</p><p>[2011/08/28 16:11:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SDKs</p><p>[2011/08/28 16:11:37 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Help Viewer</p><p>[2011/08/28 01:54:54 | 000,000,000 | ---D | C] -- C:\Users\WinAndLinuxTutorials\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Quranflash Tajweed</p><p>[2011/08/27 23:52:39 | 000,000,000 | ---D | C] -- C:\Users\WinAndLinuxTutorials\AppData\Local\Paint.NET</p><p>[2011/08/27 23:50:27 | 000,000,000 | ---D | C] -- C:\Users\WinAndLinuxTutorials\Documents\Any Video Converter</p><p>[2011/08/27 23:48:39 | 000,000,000 | ---D | C] -- C:\Users\WinAndLinuxTutorials\AppData\Roaming\AnvSoft</p><p>[2011/08/27 21:24:26 | 000,000,000 | ---D | C] -- C:\Hotspot Shield</p><p>[2011/08/27 21:22:41 | 000,000,000 | ---D | C] -- C:\Users\WinAndLinuxTutorials\AppData\Roaming\Opera</p><p>[2011/08/27 21:22:41 | 000,000,000 | ---D | C] -- C:\Users\WinAndLinuxTutorials\AppData\Local\Opera</p><p>[2011/08/26 16:07:27 | 000,000,000 | ---D | C] -- C:\Users\WinAndLinuxTutorials\AppData\Roaming\BITS</p><p>[2011/08/26 16:07:26 | 000,000,000 | ---D | C] -- C:\Users\WinAndLinuxTutorials\AppData\Roaming\FlashGet</p><p>[2011/08/26 16:06:30 | 000,000,000 | ---D | C] -- C:\Users\WinAndLinuxTutorials\AppData\Roaming\ProgSense</p><p>[2011/08/26 16:06:29 | 000,000,000 | ---D | C] -- C:\Users\WinAndLinuxTutorials\AppData\Roaming\Orbit</p><p>[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]</p><p> </p><p>[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]</p><p> </p><p>[2011/09/25 14:50:00 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe</p><p>[2011/09/25 14:50:00 | 000,002,646 | ---- | M] () -- C:\Windows\SysNative\.crusader</p><p>[2011/09/25 14:50:00 | 000,002,034 | ---- | M] () -- C:\Windows\SysNative\bootdelete.lst</p><p>[2011/09/25 14:47:42 | 002,388,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer1.exe</p><p>[2011/09/25 14:36:53 | 000,025,160 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys</p><p>[2011/09/25 14:22:41 | 000,014,592 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0</p><p>[2011/09/25 14:22:41 | 000,014,592 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0</p><p>[2011/09/25 14:19:11 | 000,786,998 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI</p><p>[2011/09/25 14:19:11 | 000,667,082 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat</p><p>[2011/09/25 14:19:11 | 000,124,444 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat</p><p>[2011/09/25 14:17:47 | 000,002,404 | ---- | M] () -- C:\Windows\SysNative\.rsp</p><p>[2011/09/25 14:17:47 | 000,001,479 | ---- | M] () -- C:\Windows\SysNative\.lck</p><p>[2011/09/25 14:14:24 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl</p><p>[2011/09/25 14:12:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat</p><p>[2011/09/25 14:11:55 | 3063,033,856 | -HS- | M] () -- C:\hiberfil.sys</p><p>[2011/09/24 22:36:49 | 000,106,699 | ---- | M] () -- C:\Users\WinAndLinuxTutorials\Desktop\Capture.PNG</p><p>[2011/09/24 22:01:26 | 000,001,821 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk</p><p>[2011/09/24 21:27:29 | 029,151,167 | ---- | M] () -- C:\Users\WinAndLinuxTutorials\Desktop\[PC Restoration Test] Rollback Rx 9.1 Test.wmv</p><p>[2011/09/24 19:59:54 | 000,003,584 | ---- | M] () -- C:\Users\WinAndLinuxTutorials\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini</p><p>[2011/09/24 11:56:49 | 000,092,688 | ---- | M] () -- C:\Users\WinAndLinuxTutorials\Desktop\maltipssign2.gif</p><p>[2011/09/24 11:55:37 | 000,000,805 | ---- | M] () -- C:\Users\WinAndLinuxTutorials\Documents\Untitledwhit.png</p><p>[2011/09/22 00:39:41 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif</p><p>[2011/09/22 00:39:34 | 000,803,644 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI</p><p>[2011/09/18 16:41:18 | 000,001,041 | ---- | M] () -- C:\Users\WinAndLinuxTutorials\Application Data\Microsoft\Internet Explorer\Quick Launch\VMware Workstation.lnk</p><p>[2011/09/17 21:00:18 | 000,001,024 | ---- | M] () -- C:\.rnd</p><p>[2011/09/13 06:31:34 | 000,000,839 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\eBoostr Control Panel.lnk</p><p>[2011/09/10 20:21:54 | 000,001,905 | ---- | M] () -- C:\Windows\diagwrn.xml</p><p>[2011/09/10 20:21:54 | 000,001,905 | ---- | M] () -- C:\Windows\diagerr.xml</p><p>[2011/09/10 14:33:18 | 000,000,632 | RHS- | M] () -- C:\Users\WinAndLinuxTutorials\ntuser.pol</p><p>[2011/09/08 10:00:52 | 000,605,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\winload.exe</p><p>[2011/09/08 10:00:52 | 000,518,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.exe</p><p>[2011/09/06 18:52:32 | 000,275,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DreamScene.dll</p><p>[2011/09/06 18:52:32 | 000,008,107 | ---- | M] () -- C:\Windows\w7dsd.reg</p><p>[2011/09/06 18:52:32 | 000,008,089 | ---- | M] () -- C:\Windows\w7dse.reg</p><p>[2011/09/06 14:50:19 | 002,755,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\themeui.dll</p><p>[2011/09/06 14:49:52 | 000,101,072 | ---- | M] () -- C:\Windows\UTP.exe</p><p>[2011/09/06 13:48:37 | 000,332,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\uxtheme.dll</p><p>[2011/09/06 13:48:33 | 002,851,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\themeui.dll</p><p>[2011/09/05 19:29:02 | 000,605,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\winload~4.exe</p><p>[2011/09/05 19:29:02 | 000,518,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\winresume~4.exe</p><p>[2011/09/05 16:34:59 | 000,007,598 | ---- | M] () -- C:\Users\WinAndLinuxTutorials\AppData\Local\Resmon.ResmonCfg</p><p>[2011/09/05 15:52:39 | 000,000,000 | -H-- | M] () -- C:\Users\WinAndLinuxTutorials\Documents\Default.rdp</p><p>[2011/09/03 14:33:53 | 000,136,509 | ---- | M] () -- C:\Users\WinAndLinuxTutorials\Documents\maltipssign.gif</p><p>[2011/09/03 14:31:57 | 000,036,317 | ---- | M] () -- C:\Users\WinAndLinuxTutorials\Documents\Untitled-5.jpg</p><p>[2011/09/02 17:21:10 | 000,032,395 | ---- | M] () -- C:\Users\WinAndLinuxTutorials\Documents\maltipssign1.jpg</p><p>[2011/09/02 17:15:25 | 000,034,284 | ---- | M] () -- C:\Users\WinAndLinuxTutorials\Documents\Untitled-6.jpg</p><p>[2011/09/02 17:08:10 | 000,027,075 | ---- | M] () -- C:\Users\WinAndLinuxTutorials\Documents\Untitled-4.jpg</p><p>[2011/09/02 17:03:08 | 000,032,911 | ---- | M] () -- C:\Users\WinAndLinuxTutorials\Documents\Untitled-3.jpg</p><p>[2011/09/02 17:01:43 | 000,031,933 | ---- | M] () -- C:\Users\WinAndLinuxTutorials\Documents\Untitled-2.jpg</p><p>[2011/09/02 16:55:14 | 000,033,243 | ---- | M] () -- C:\Users\WinAndLinuxTutorials\Documents\Untitled-1.jpg</p><p>[2011/09/01 13:10:00 | 000,424,352 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT</p><p>[2011/09/01 11:47:24 | 001,790,603 | ---- | M] () -- C:\Users\WinAndLinuxTutorials\Documents\alex20productions Intro Tempalte #1.zip</p><p>[2011/09/01 11:33:18 | 000,034,308 | ---- | M] () -- C:\Windows\SysWow64\BASSMOD.dll</p><p>[2011/08/31 19:45:22 | 000,054,728 | ---- | M] (Soluto LTD.) -- C:\Windows\SysNative\drivers\Soluto.sys</p><p>[2011/08/31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys</p><p>[2011/08/31 02:54:36 | 000,294,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\VMM.sys</p><p>[2011/08/29 16:17:35 | 000,005,061 | ---- | M] () -- C:\Users\WinAndLinuxTutorials\Documents\Untitled.png</p><p>[2011/08/29 03:35:21 | 000,023,996 | ---- | M] () -- C:\Users\WinAndLinuxTutorials\Documents\Untitled-3.bmp</p><p>[2011/08/29 03:35:21 | 000,000,132 | ---- | M] () -- C:\Users\WinAndLinuxTutorials\AppData\Roaming\Adobe BMP Format CS5 Prefs</p><p>[2011/08/29 03:28:35 | 000,132,776 | ---- | M] () -- C:\Users\WinAndLinuxTutorials\Documents\Untitled-1.bmp</p><p>[2011/08/28 03:25:35 | 000,061,353 | ---- | M] () -- C:\Users\WinAndLinuxTutorials\Documents\Capture.PNG</p><p>[2011/08/27 21:24:22 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\cd.dat</p><p>[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]</p><p> </p><p>[color=#E56717]========== Files Created - No Company Name ==========[/color]</p><p> </p><p>[2011/09/25 14:50:00 | 000,002,646 | ---- | C] () -- C:\Windows\SysNative\.crusader</p><p>[2011/09/25 14:49:59 | 000,002,034 | ---- | C] () -- C:\Windows\SysNative\bootdelete.lst</p><p>[2011/09/25 14:36:53 | 000,025,160 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys</p><p>[2011/09/24 22:36:49 | 000,106,699 | ---- | C] () -- C:\Users\WinAndLinuxTutorials\Desktop\Capture.PNG</p><p>[2011/09/24 22:01:26 | 000,001,821 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk</p><p>[2011/09/24 21:14:03 | 029,151,167 | ---- | C] () -- C:\Users\WinAndLinuxTutorials\Desktop\[PC Restoration Test] Rollback Rx 9.1 Test.wmv</p><p>[2011/09/24 11:56:49 | 000,092,688 | ---- | C] () -- C:\Users\WinAndLinuxTutorials\Desktop\maltipssign2.gif</p><p>[2011/09/24 11:55:37 | 000,000,805 | ---- | C] () -- C:\Users\WinAndLinuxTutorials\Documents\Untitledwhit.png</p><p>[2011/09/22 00:39:29 | 000,001,910 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk</p><p>[2011/09/18 16:41:18 | 000,001,041 | ---- | C] ([/code]</p></blockquote><p></p>
[QUOTE="WinAndLinuxTutorials, post: 24554, member: 706"] @Jack Sorry for the late reply. Here are the results of the OTL Scan: The Extras.txt file: [code]OTL Extras logfile created on: 9/25/2011 3:09:08 PM - Run 1 OTL by OldTimer - Version 3.2.29.1 Folder = D:\Downloads 64bit- An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.80 Gb Total Physical Memory | 1.77 Gb Available Physical Memory | 46.56% Memory free 7.61 Gb Paging File | 5.03 Gb Available in Paging File | 66.15% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 58.50 Gb Total Space | 26.63 Gb Free Space | 45.53% Space Free | Partition Type: NTFS Drive D: | 205.32 Gb Total Space | 68.86 Gb Free Space | 33.54% Space Free | Partition Type: NTFS Drive F: | 967.97 Mb Total Space | 5.96 Mb Free Space | 0.62% Space Free | Partition Type: FAT32 Computer Name: WINANDLINUXTUTO | User Name: WinAndLinuxTutorials | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found [HKEY_USERS\S-1-5-21-616977080-1685762771-72725601-1005\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. http [open] -- Reg Error: Value error. https [open] -- Reg Error: Value error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [takeownership] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. http [open] -- Reg Error: Value error. https [open] -- Reg Error: Value error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [takeownership] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files (x86)\Orbitdownloader\orbitdm.exe" = C:\Program Files (x86)\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com) "C:\Program Files (x86)\Orbitdownloader\orbitnet.exe" = C:\Program Files (x86)\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com) "C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3 "C:\Program Files (x86)\Orbitdownloader\orbitdm.exe" = C:\Program Files (x86)\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com) "C:\Program Files (x86)\Orbitdownloader\orbitnet.exe" = C:\Program Files (x86)\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com) "C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3 [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp version 0.99.8 "{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition) "{26A24AE4-039D-4CA4-87B4-2F86416026FF}" = Java(TM) 6 Update 26 (64-bit) "{26A24AE4-039D-4CA4-87B4-2F86417000FF}" = Java(TM) 7 (64-bit) "{42738DB0-FC3E-4672-A99B-9372F5696E30}" = Microsoft Security Client "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{528E2373-AE49-4802-B4A8-326BBFDAD6A0}" = VmciSockets "{5F4EB37F-1CA8-4A95-AD62-ED3D61A8E67E}" = Soluto "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64) "{7688DE34-87F5-45D5-AADA-E5501C1E0814}" = Oracle VM VirtualBox 4.1.0 "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{90140000-0015-0409-1000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010 "{90140000-0016-0409-1000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010 "{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010 "{90140000-0019-0409-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010 "{90140000-001A-0409-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010 "{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010 "{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010 "{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010 "{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010 "{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010 "{90140000-0044-0409-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010 "{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010 "{90140000-00A1-0409-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010 "{90140000-00BA-0409-1000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010 "{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010 "{90140000-0117-0409-1000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010 "{94D70749-4281-39AC-AD90-B56A0E0A402E}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319 "{9CF4A37B-A8C4-44D7-8C53-13B9D9594BB3}" = Paint.NET v3.5.8 "{A7EEF79E-06B2-4382-9D2E-39DBA0F72D50}" = Eraser 6.0.8.2273 "{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 "{AD483998-2E9A-4405-83FF-6E503AF49CBB}" = Microsoft Virtual PC 2007 SP1 "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{BCA26999-EC22-3007-BB79-638913079C9A}" = Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware "{D237D67F-E77C-4D9E-AA66-8B7A821C215F}" = MFC RunTime files x64 "{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0 "{FD8E178D-8B4E-42DA-B434-EFF270329B1C}" = COMODO Internet Security "CCleaner" = CCleaner "CNXT_AUDIO_HDA" = Conexant HD Audio "eBoostr 1" = eBoostr 4 "HitmanPro35" = Hitman Pro 3.5 "HWiNFO64_is1" = HWiNFO64 Version 3.84 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0 "Microsoft Security Client" = Microsoft Security Essentials "Office14.PROPLUS" = Microsoft Office Professional Plus 2010 "Recuva" = Recuva "SynTPDeinstKey" = Synaptics Pointing Device Driver "Windows Movie Maker" = Windows Movie Maker [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{003BFBBD-6C67-419E-A24D-0DCAFC3A5249}" = tools-freebsd "{073B89C3-BA88-41B5-965F-B35A88EAE838}" = TOSHIBA Supervisor Password "{0D94F75A-0EA6-4951-B3AF-B145FA9E05C6}" = VMware Workstation "{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU "{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools "{197597A7-AD33-4898-9D8E-73066818B464}" = tools-netware "{1D10C273-3F95-42A2-8371-AB6B1F59821B}" = WOT for Internet Explorer "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{2A2F3AE8-246A-4252-BB26-1BEB45627074}" = Microsoft SQL Server System CLR Types "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver "{3A9B3B6D-3C08-4283-AF50-FD82C49DD71E}" = TOSHIBA TEMPRO "{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis "{46F8CF66-AB83-38A7-99B2-A5BE507EE472}" = Microsoft Visual C++ 2010 Express - ENU "{4E968D9C-21A7-4915-B698-F7AEB913541D}" = Microsoft SQL Server 2008 R2 Management Objects "{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3 "{5508128A-2C7B-46B5-81F9-58E8E8115F0B}" = AdblockIE "{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application "{70C592EC-AE9B-4734-928B-676E824FB41E}" = MFC RunTime files "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7DEF17DA-2FBD-457F-8550-68A116B7ACD9}" = WOT for Internet Explorer "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90CD53EC-488B-4B1A-8C6B-3C36E82A84CA}" = EMET "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{AB1C87CB-1807-4CF0-B4C2-CEE14C18CDB4}" = tools-solaris "{AE0F62A7-A1A2-407F-9F4C-48939BD9AD8D}" = tools-winPre2k "{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth "{C0E8FE43-C35B-451D-B35F-D4BD056D70E7}" = Camtasia Studio 7 "{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program "{C6A6036D-FBD0-4324-BEAA-C0845257160C}_is1" = BatteryCare 0.9.8.10 "{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack "{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux "{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag "{ED784556-66AA-3F17-9B58-7246ACB5C7E4}" = Microsoft Visual Basic 2010 Express - ENU "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver "{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables "{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Any Video Converter_is1" = Any Video Converter 3.2.2 "BleachBit" = BleachBit "ESET Online Scanner" = ESET Online Scanner v3 "FileHippo.com" = FileHippo.com Update Checker "Free Disk Analyzer" = Free Disk Analyzer "gbrainy" = gbrainy 1.65 "HotspotShield" = Hotspot Shield 2.06 "ImgBurn" = ImgBurn "Install Creator" = Install Creator "Install Creator Pro" = Install Creator Pro "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300 "Microsoft Visual Basic 2010 Express - ENU" = Microsoft Visual Basic 2010 Express - ENU "Microsoft Visual C++ 2010 Express - ENU" = Microsoft Visual C++ 2010 Express - ENU "Mozilla Firefox 6.0.2 (x86 en-US)" = Mozilla Firefox 6.0.2 (x86 en-US) "Opera 11.51.1087" = Opera 11.51 "Orbit_is1" = Orbit Downloader "Prayer Times PC Pro" = Prayer Times PC Pro "Quranflash Tajweed" = Quranflash Tajweed "Registry Mechanic_is1" = Registry Mechanic 10.0 "Skin Pack Installer System X64" = Skin Pack Installer System X64 1.0 "TeamViewer 6" = TeamViewer 6 "uTorrent" = µTorrent "VLC media player" = VLC media player 1.1.10 "VMware_Workstation" = VMware Workstation "WinASO Registry Optimizer_is1" = WinASO Registry Optimizer 4.7.1 [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-21-616977080-1685762771-72725601-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Pinball" = Pinball [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 9/25/2011 7:13:00 AM | Computer Name = WinAndLinuxTutorials-PC | Source = ESENT | ID = 455 Description = Windows (4040) Windows: Error -1811 occurred while opening logfile C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS0004D.log. Error - 9/25/2011 7:13:01 AM | Computer Name = WinAndLinuxTutorials-PC | Source = Windows Search Service | ID = 9000 Description = Error - 9/25/2011 7:13:01 AM | Computer Name = WinAndLinuxTutorials-PC | Source = Windows Search Service | ID = 7040 Description = Error - 9/25/2011 7:13:01 AM | Computer Name = WinAndLinuxTutorials-PC | Source = Windows Search Service | ID = 7042 Description = Error - 9/25/2011 7:13:02 AM | Computer Name = WinAndLinuxTutorials-PC | Source = Windows Search Service | ID = 9002 Description = Error - 9/25/2011 7:13:02 AM | Computer Name = WinAndLinuxTutorials-PC | Source = Windows Search Service | ID = 3029 Description = Error - 9/25/2011 7:13:03 AM | Computer Name = WinAndLinuxTutorials-PC | Source = Windows Search Service | ID = 3029 Description = Error - 9/25/2011 7:13:03 AM | Computer Name = WinAndLinuxTutorials-PC | Source = Windows Search Service | ID = 3028 Description = Error - 9/25/2011 7:13:03 AM | Computer Name = WinAndLinuxTutorials-PC | Source = Windows Search Service | ID = 3058 Description = Error - 9/25/2011 7:13:03 AM | Computer Name = WinAndLinuxTutorials-PC | Source = Windows Search Service | ID = 7010 Description = [ System Events ] Error - 8/21/2011 4:59:57 PM | Computer Name = Najeed-PC | Source = Disk | ID = 262155 Description = The driver detected a controller error on \Device\Harddisk2\DR2. Error - 8/21/2011 4:59:57 PM | Computer Name = Najeed-PC | Source = Disk | ID = 262155 Description = The driver detected a controller error on \Device\Harddisk2\DR2. Error - 8/21/2011 4:59:57 PM | Computer Name = Najeed-PC | Source = Disk | ID = 262155 Description = The driver detected a controller error on \Device\Harddisk2\DR2. Error - 8/21/2011 4:59:57 PM | Computer Name = Najeed-PC | Source = Disk | ID = 262155 Description = The driver detected a controller error on \Device\Harddisk2\DR2. Error - 8/21/2011 4:59:57 PM | Computer Name = Najeed-PC | Source = Disk | ID = 262155 Description = The driver detected a controller error on \Device\Harddisk2\DR2. Error - 8/22/2011 6:05:30 AM | Computer Name = Najeed-PC | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: SASKUTIL Error - 8/22/2011 6:05:41 AM | Computer Name = Najeed-PC | Source = Microsoft Antimalware | ID = 3002 Description = %%860 Real-Time Protection feature has encountered an error and failed. Feature: %%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842 Error - 8/22/2011 9:20:25 AM | Computer Name = Najeed-PC | Source = Disk | ID = 262155 Description = The driver detected a controller error on \Device\Harddisk2\DR2. Error - 8/22/2011 9:20:26 AM | Computer Name = Najeed-PC | Source = Disk | ID = 262155 Description = The driver detected a controller error on \Device\Harddisk2\DR2. Error - 8/22/2011 9:20:27 AM | Computer Name = Najeed-PC | Source = Disk | ID = 262155 Description = The driver detected a controller error on \Device\Harddisk2\DR2. < End of report > [/code] The OTL.txt file: [code]OTL logfile created on: 9/25/2011 3:09:08 PM - Run 1 OTL by OldTimer - Version 3.2.29.1 Folder = D:\Downloads 64bit- An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.80 Gb Total Physical Memory | 1.77 Gb Available Physical Memory | 46.56% Memory free 7.61 Gb Paging File | 5.03 Gb Available in Paging File | 66.15% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 58.50 Gb Total Space | 26.63 Gb Free Space | 45.53% Space Free | Partition Type: NTFS Drive D: | 205.32 Gb Total Space | 68.86 Gb Free Space | 33.54% Space Free | Partition Type: NTFS Drive F: | 967.97 Mb Total Space | 5.96 Mb Free Space | 0.62% Space Free | Partition Type: FAT32 Computer Name: WINANDLINUXTUTO | User Name: WinAndLinuxTutorials | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - D:\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.) PRC - C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.) PRC - C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.) PRC - C:\Program Files (x86)\GuidedWays\PrayerTimesPro\PrayerTimes PC Pro.exe (Macrovision) PRC - C:\Program Files (x86)\GuidedWays\PrayerTimesPro\jre\bin\javaw.exe (Sun Microsystems, Inc.) PRC - C:\Program Files (x86)\Hotspot Shield\bin\openvpntray.exe () PRC - C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe () PRC - C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe () PRC - C:\Program Files (x86)\Auslogics\Auslogics Disk Defrag\DiskDefrag.exe (Auslogics) PRC - C:\Program Files\eBoostr\eBoostrCP.exe (eBoostr.com) PRC - C:\Program Files\eBoostr\EBstrSvc.exe (eBoostr.com) PRC - C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe (PC Tools) [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Program Files (x86)\Hotspot Shield\bin\openvpntray.exe () MOD - C:\Program Files (x86)\Hotspot Shield\bin\lang\gui-eng.dll () MOD - C:\Program Files (x86)\Auslogics\Auslogics Disk Defrag\madExcept_.bpl () MOD - C:\Program Files (x86)\Auslogics\Auslogics Disk Defrag\madBasic_.bpl () MOD - C:\Program Files (x86)\Auslogics\Auslogics Disk Defrag\madDisAsm_.bpl () MOD - C:\Program Files (x86)\Auslogics\Auslogics Disk Defrag\ausshellext.dll () MOD - C:\Program Files\eBoostr\sqlite.dll () MOD - C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll () MOD - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF () [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - (SolutoService) -- C:\Program Files\Soluto\SolutoService.exe (Soluto) SRV:[b]64bit:[/b] - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com) SRV:[b]64bit:[/b] - (cmdAgent) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO) SRV:[b]64bit:[/b] - (EBOOSTRSVC) -- C:\Program Files\eBoostr\EBstrSvc.exe (eBoostr.com) SRV:[b]64bit:[/b] - (NisSrv) -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation) SRV:[b]64bit:[/b] - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation) SRV:[b]64bit:[/b] - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV:[b]64bit:[/b] - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (VMnetDHCP) -- C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.) SRV - (VMware NAT Service) -- C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.) SRV - (VMwareHostd) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe () SRV - (VMAuthdService) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc.) SRV - (VMUSBArbService) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe (VMware, Inc.) SRV - (HitmanPro35CrusaderBoot) Hitman Pro 3.5 Crusader (Boot) -- D:\Downloads\Hitman Pro 3.5.9 Build -129- 32 and 64-bit (TimC0de)\Setup\x64\HitmanPro35.exe (SurfRight B.V.) SRV - (HssTrayService) -- C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.exe () SRV - (hshld) -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe () SRV - (TeamViewer6) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (HssWd) -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe () SRV - (HssSrv) -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.) SRV - (PCToolsSSDMonitorSvc) -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe (PC Tools) SRV - (TemproMonitoringService) Notebook Performance Tuning Service (TEMPRO) -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe (Toshiba Europe GmbH) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:[b]64bit:[/b] - (Soluto) -- C:\Windows\SysNative\drivers\Soluto.sys (Soluto LTD.) DRV:[b]64bit:[/b] - (vmm) -- C:\Windows\SysNative\drivers\VMM.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (vmx86) -- C:\Windows\SysNative\drivers\vmx86.sys (VMware, Inc.) DRV:[b]64bit:[/b] - (VMnetuserif) -- C:\Windows\SysNative\drivers\vmnetuserif.sys (VMware, Inc.) DRV:[b]64bit:[/b] - (VMnetBridge) -- C:\Windows\SysNative\drivers\vmnetbridge.sys (VMware, Inc.) DRV:[b]64bit:[/b] - (VMnetAdapter) -- C:\Windows\SysNative\drivers\vmnetadapter.sys (VMware, Inc.) DRV:[b]64bit:[/b] - (hcmon) -- C:\Windows\SysNative\drivers\hcmon.sys (VMware, Inc.) DRV:[b]64bit:[/b] - (vmusb) -- C:\Windows\SysNative\drivers\vmusb.sys (VMware, Inc.) DRV:[b]64bit:[/b] - (vmci) -- C:\Windows\SysNative\drivers\vmci.sys (VMware, Inc.) DRV:[b]64bit:[/b] - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV:[b]64bit:[/b] - (VBoxNetAdp) -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys (Oracle Corporation) DRV:[b]64bit:[/b] - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV:[b]64bit:[/b] - (taphss) -- C:\Windows\SysNative\drivers\taphss.sys (AnchorFree Inc) DRV:[b]64bit:[/b] - (HWiNFO32) -- C:\Program Files\HWiNFO64\HWiNFO64A.SYS (REALiX(tm)) DRV:[b]64bit:[/b] - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:[b]64bit:[/b] - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:[b]64bit:[/b] - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:[b]64bit:[/b] - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:[b]64bit:[/b] - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV:[b]64bit:[/b] - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.) DRV:[b]64bit:[/b] - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.) DRV:[b]64bit:[/b] - (VMLiteUSB) -- C:\Windows\SysNative\drivers\VMLiteUSB.sys (VMLite, Inc.) DRV:[b]64bit:[/b] - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:[b]64bit:[/b] - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:[b]64bit:[/b] - (eBoost) -- C:\Windows\SysNative\drivers\eBoost.sys (eBoostr.com) DRV:[b]64bit:[/b] - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:[b]64bit:[/b] - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation) DRV:[b]64bit:[/b] - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:[b]64bit:[/b] - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:[b]64bit:[/b] - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:[b]64bit:[/b] - (FwLnk) -- C:\Windows\SysNative\drivers\FwLnk.sys (TOSHIBA Corporation) DRV:[b]64bit:[/b] - (PGEffect) -- C:\Windows\SysNative\drivers\PGEffect.sys (TOSHIBA Corporation) DRV:[b]64bit:[/b] - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:[b]64bit:[/b] - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:[b]64bit:[/b] - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:[b]64bit:[/b] - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:[b]64bit:[/b] - (VPCNetS2) -- C:\Windows\SysNative\drivers\VMNetSrv.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (TVALZ) -- C:\Windows\SysNative\drivers\TVALZ_O.SYS (TOSHIBA Corporation) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (WinRing0_1_2_0) -- C:\Program Files (x86)\BatteryCare\WinRing0x64.sys (OpenLibSys.org) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com/lionskin/{DD3226AC-F545-4ABD-9C0D-996A8DE681AF} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-616977080-1685762771-72725601-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve IE - HKU\S-1-5-21-616977080-1685762771-72725601-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:Tabs IE - HKU\S-1-5-21-616977080-1685762771-72725601-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ksa.msn.com/?C=SA IE - HKU\S-1-5-21-616977080-1685762771-72725601-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US IE - HKU\S-1-5-21-616977080-1685762771-72725601-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.selectedEngine: "WOT Safe Search" FF - prefs.js..browser.search.useDBForOrder: true FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/09/08 23:49:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/08/25 00:00:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\WinAndLinuxTutorials\AppData\Roaming\Mozilla\Extensions [2011/09/20 16:00:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\WinAndLinuxTutorials\AppData\Roaming\Mozilla\Firefox\Profiles\dre6bz35.default\extensions [2011/08/25 00:16:49 | 000,000,000 | ---D | M] (WOT) -- C:\Users\WinAndLinuxTutorials\AppData\Roaming\Mozilla\Firefox\Profiles\dre6bz35.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2011/08/25 00:16:49 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\WinAndLinuxTutorials\AppData\Roaming\Mozilla\Firefox\Profiles\dre6bz35.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011/09/09 00:19:34 | 000,002,306 | ---- | M] () -- C:\Users\WinAndLinuxTutorials\AppData\Roaming\Mozilla\Firefox\Profiles\dre6bz35.default\searchplugins\wot-safe-search.xml [2011/09/22 11:01:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2011/09/22 11:01:25 | 000,000,000 | ---D | M] (afurladvisor) -- C:\Program Files (x86)\Mozilla Firefox\extensions\afurladvisor@anchorfree.com () (No name found) -- C:\USERS\WINANDLINUXTUTORIALS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DRE6BZ35.DEFAULT\EXTENSIONS\{C0C9A2C7-2E5C-4447-BC53-97718BC91E1B}.XPI () (No name found) -- C:\USERS\WINANDLINUXTUTORIALS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DRE6BZ35.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI () (No name found) -- C:\USERS\WINANDLINUXTUTORIALS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DRE6BZ35.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI () (No name found) -- C:\USERS\WINANDLINUXTUTORIALS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DRE6BZ35.DEFAULT\EXTENSIONS\TRACKERBLOCK@PRIVACYCHOICE.ORG.XPI [2011/09/03 09:01:45 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011/09/03 02:25:59 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml O1 HOSTS File: ([2009/06/11 00:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:[b]64bit:[/b] - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - No CLSID value found. O2:[b]64bit:[/b] - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2:[b]64bit:[/b] - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll (AnchorFree Inc.) O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll (Orbitdownloader.com) O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - Reg Error: Value error. File not found O2 - BHO: (af0.Adblock.BHO) - {90EFF544-3981-4d46-85C9-C0361D0931D6} - Reg Error: Value error. File not found O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll () O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.) O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll () O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll () O3 - HKU\S-1-5-21-616977080-1685762771-72725601-1005\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll () O3 - HKU\S-1-5-21-616977080-1685762771-72725601-1005\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll () O4:[b]64bit:[/b] - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO) O4:[b]64bit:[/b] - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-616977080-1685762771-72725601-1005..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\WinAndLinuxTutorials\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PrayerTimes PC Pro - Shortcut.lnk = C:\Program Files (x86)\GuidedWays\PrayerTimesPro\PrayerTimes PC Pro.exe (Macrovision) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\S-1-5-21-616977080-1685762771-72725601-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-616977080-1685762771-72725601-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O7 - HKU\S-1-5-21-616977080-1685762771-72725601-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1 O7 - HKU\S-1-5-21-616977080-1685762771-72725601-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1 O7 - HKU\S-1-5-21-616977080-1685762771-72725601-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1 O7 - HKU\S-1-5-21-616977080-1685762771-72725601-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1 O7 - HKU\S-1-5-21-616977080-1685762771-72725601-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKU\S-1-5-21-616977080-1685762771-72725601-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.) O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.) O13[b]64bit:[/b] - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.0.0) O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{83AA4386-AC39-4DA6-9409-AA2FDE846B42}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B8E234C3-0155-4000-8DF6-6EAFE8E4A90F}: NameServer = 10.41.0.1 O18:[b]64bit:[/b] - Protocol\Handler\wot - No CLSID value found O18 - Protocol\Handler\ms-help - No CLSID value found O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll () O20:[b]64bit:[/b] - AppInit_DLLs: (C:\Windows\system32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO) O20 - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) -C:\Windows\SysWOW64\guard32.dll (COMODO) O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Program Files\Soluto\soluto.exe /userinit) - C:\Program Files\Soluto\soluto.exe (Soluto) O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:[b]64bit:[/b] - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O22:[b]64bit:[/b] - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (bootdelete) O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %* O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2011/09/25 14:50:00 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe [2011/09/25 14:47:42 | 002,388,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer1.exe [2011/09/25 14:36:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hitman Pro 3.5 [2011/09/25 14:36:52 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5 [2011/09/25 14:36:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro [2011/09/24 22:15:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2011/09/24 22:01:35 | 000,000,000 | ---D | C] -- C:\Users\WinAndLinuxTutorials\AppData\Roaming\SUPERAntiSpyware.com [2011/09/24 22:01:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware [2011/09/24 22:01:22 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware [2011/09/24 21:57:51 | 000,000,000 | ---D | C] -- C:\Users\WinAndLinuxTutorials\AppData\Roaming\KillSwitch 2 [2011/09/22 00:39:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client [2011/09/22 00:39:28 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client [2011/09/22 00:32:53 | 000,000,000 | ---D | C] -- C:\Users\WinAndLinuxTutorials\AppData\Roaming\Spycar [2011/09/20 19:00:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotspot Shield [2011/09/20 19:00:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hotspot Shield [2011/09/20 18:22:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE [2011/09/18 17:43:49 | 000,054,728 | ---- | C] (Soluto LTD.) -- C:\Windows\SysNative\drivers\Soluto.sys [2011/09/18 17:43:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Soluto [2011/09/18 17:43:48 | 000,000,000 | ---D | C] -- C:\Program Files\Soluto [2011/09/18 16:41:12 | 000,062,064 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmx86.sys [2011/09/18 16:40:46 | 000,354,416 | ---- | C] (VMware, Inc.) -- C:\Windows\SysWow64\vmnetdhcp.exe [2011/09/18 16:40:41 | 000,432,752 | ---- | C] (VMware, Inc.) -- C:\Windows\SysWow64\vmnat.exe [2011/09/18 16:40:41 | 000,030,320 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmnetuserif.sys [2011/09/18 16:40:38 | 000,942,192 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\vnetlib64.dll [2011/09/18 16:40:37 | 000,039,024 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\hcmon.sys [2011/09/18 16:40:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware [2011/09/18 16:40:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VMware [2011/09/18 16:40:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\VMware [2011/09/18 16:39:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\VMware [2011/09/17 20:59:39 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Shared Virtual Machines [2011/09/17 15:57:05 | 000,443,040 | ---- | C] (Atheros) -- C:\Windows\SysNative\athihvs.dll [2011/09/13 06:31:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBoostr [2011/09/13 06:31:33 | 000,000,000 | ---D | C] -- C:\ProgramData\eboostr [2011/09/13 06:31:33 | 000,000,000 | ---D | C] -- C:\Program Files\eBoostr [2011/09/12 05:30:09 | 000,000,000 | ---D | C] -- C:\Windows\Standalone System Sweeper [2011/09/11 18:37:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO [2011/09/11 18:37:34 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO [2011/09/11 18:35:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo [2011/09/11 18:35:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo Downloader [2011/09/10 20:12:22 | 000,000,000 | ---D | C] -- C:\Users\WinAndLinuxTutorials\AppData\Roaming\uTorrent [2011/09/10 20:12:22 | 000,000,000 | ---D | C] -- C:\Users\WinAndLinuxTutorials\AppData\Local\uTorrent [2011/09/10 16:13:02 | 000,336,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\uDWM.dll [2011/09/10 16:12:05 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dwm.exe [2011/09/09 21:19:29 | 000,000,000 | ---D | C] -- C:\Users\WinAndLinuxTutorials\AppData\Roaming\Soluto [2011/09/09 21:15:46 | 000,000,000 | ---D | C] -- C:\Users\WinAndLinuxTutorials\AppData\Local\Sidebar7 [2011/09/09 21:05:04 | 000,000,000 | ---D | C] -- C:\Users\WinAndLinuxTutorials\AppData\Local\Stealth_Software [2011/09/09 19:25:05 | 000,000,000 | ---D | C] -- C:\Users\WinAndLinuxTutorials\AppData\Local\Temporary Projects [2011/09/09 18:27:40 | 000,000,000 | ---D | C] -- C:\Users\WinAndLinuxTutorials\Documents\OneNote Notebooks [2011/09/09 13:24:37 | 000,000,000 | R--D | C] -- C:\Users\WinAndLinuxTutorials\Documents\Scanned Documents [2011/09/09 13:24:36 | 000,000,000 | ---D | C] -- C:\Users\WinAndLinuxTutorials\Documents\Fax [2011/09/09 00:24:23 | 000,000,000 | ---D | C] -- C:\Users\WinAndLinuxTutorials\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BleachBit [2011/09/08 16:58:35 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\QuickTime [2011/09/08 16:58:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Camtasia Studio 7 [2011/09/08 16:58:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime [2011/09/08 16:58:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\TechSmith Shared [2011/09/08 16:58:23 | 000,000,000 | ---D | C] -- C:\ProgramData\TechSmith [2011/09/08 16:58:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TechSmith [2011/09/08 16:53:18 | 000,000,000 | ---D | C] -- C:\Users\WinAndLinuxTutorials\AppData\Roaming\BleachBit [2011/09/08 02:04:30 | 000,000,000 | R--D | C] -- C:\Users\WinAndLinuxTutorials\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recycle Bin [2011/09/07 21:32:40 | 000,000,000 | ---D | C] -- C:\Users\WinAndLinuxTutorials\AppData\Roaming\BatteryCare [2011/09/07 17:24:29 | 000,000,000 | ---D | C] -- C:\Users\WinAndLinuxTutorials\AppData\Local\ElevatedDiagnostics [2011/09/07 13:55:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Hewlett-Packard [2011/09/06 22:13:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [2011/09/06 22:13:17 | 000,000,000 | ---D | C] -- C:\Users\WinAndLinuxTutorials\AppData\Local\Google [2011/09/06 22:13:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google [2011/09/06 22:07:43 | 000,000,000 | ---D | C] -- C:\PROGRAM FILES (X86) (X86) [2011/09/06 18:52:31 | 000,275,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DreamScene.dll [2011/09/06 18:19:49 | 000,000,000 | ---D | C] -- C:\Users\WinAndLinuxTutorials\AppData\Local\Eraser 6 [2011/09/06 15:40:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quranflash Tajweed [2011/09/06 15:40:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Quranflash Tajweed [2011/09/06 14:50:11 | 001,866,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ExplorerFrame_backup_wti.dll [2011/09/06 14:44:16 | 000,000,000 | ---D | C] -- C:\Users\WinAndLinuxTutorials\Quran [2011/09/05 22:51:28 | 000,000,000 | ---D | C] -- C:\Users\WinAndLinuxTutorials\AppData\Roaming\Registry Mechanic [2011/09/05 15:09:53 | 000,000,000 | ---D | C] -- C:\Users\WinAndLinuxTutorials\AppData\Local\Diagnostics [2011/09/03 18:04:11 | 000,000,000 | -H-D | C] -- C:\$AVG [2011/09/03 15:12:16 | 000,000,000 | ---D | C] -- C:\Users\WinAndLinuxTutorials\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Enhanced Mitigation Experience Toolkit [2011/09/03 15:12:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EMET [2011/09/03 14:23:29 | 000,000,000 | ---D | C] -- C:\Users\WinAndLinuxTutorials\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinASO [2011/09/02 23:55:57 | 000,000,000 | ---D | C] -- C:\Users\WinAndLinuxTutorials\AppData\Roaming\Auslogics [2011/09/02 23:43:44 | 000,000,000 | ---D | C] -- C:\Users\WinAndLinuxTutorials\AppData\Roaming\AVG2012 [2011/09/02 23:43:08 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2011/09/02 23:42:42 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012 [2011/09/02 23:42:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG [2011/09/02 23:38:31 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData [2011/09/02 22:38:37 | 000,000,000 | ---D | C] -- C:\Users\WinAndLinuxTutorials\AppData\Roaming\TeamViewer [2011/09/02 22:10:17 | 000,000,000 | ---D | C] -- C:\Users\WinAndLinuxTutorials\AppData\Roaming\Malwarebytes [2011/09/02 22:00:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011/09/02 22:00:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011/09/02 22:00:47 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011/09/02 22:00:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011/09/02 15:07:52 | 000,000,000 | ---D | C] -- C:\Users\WinAndLinuxTutorials\AppData\Roaming\Sony Creative Software Inc [2011/09/02 13:27:49 | 000,000,000 | ---D | C] -- C:\Program Files\Sandboxie [2011/09/01 14:06:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\af0.net [2011/09/01 13:54:30 | 000,000,000 | ---D | C] -- C:\Users\WinAndLinuxTutorials\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis [2011/09/01 11:48:16 | 000,000,000 | ---D | C] -- C:\Users\WinAndLinuxTutorials\AppData\Roaming\Publish Providers [2011/09/01 11:47:48 | 000,000,000 | ---D | C] -- C:\Users\WinAndLinuxTutorials\AppData\Roaming\Sony [2011/09/01 11:47:48 | 000,000,000 | ---D | C] -- C:\Users\WinAndLinuxTutorials\AppData\Local\Sony [2011/09/01 11:47:36 | 000,000,000 | ---D | C] -- C:\Users\WinAndLinuxTutorials\Documents\alex20productions Intro Tempalte #1 [2011/08/31 02:54:36 | 000,294,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\VMM.sys [2011/08/31 02:44:15 | 000,000,000 | ---D | C] -- C:\Users\WinAndLinuxTutorials\AppData\Local\Microsoft Games [2011/08/30 22:18:08 | 000,000,000 | ---D | C] -- C:\Users\WinAndLinuxTutorials\AppData\Local\Apps [2011/08/30 18:36:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Install Creator Pro [2011/08/30 18:36:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Install Creator Pro [2011/08/30 18:03:35 | 000,000,000 | ---D | C] -- C:\Users\WinAndLinuxTutorials\AppData\Roaming\GrabPro [2011/08/30 17:31:05 | 000,000,000 | ---D | C] -- C:\Users\WinAndLinuxTutorials\Documents\inkball [2011/08/30 14:31:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Virtual PC [2011/08/29 15:57:32 | 000,000,000 | ---D | C] -- C:\Users\WinAndLinuxTutorials\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pinball [2011/08/29 15:57:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pinball [2011/08/29 03:19:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe [2011/08/29 03:19:46 | 000,000,000 | ---D | C] -- C:\Users\WinAndLinuxTutorials\AppData\Local\Adobe [2011/08/29 03:19:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe [2011/08/29 03:19:45 | 000,000,000 | ---D | C] -- C:\Users\WinAndLinuxTutorials\AppData\Roaming\Adobe [2011/08/28 17:47:19 | 000,000,000 | ---D | C] -- C:\Users\WinAndLinuxTutorials\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games [2011/08/28 16:40:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Merge Modules [2011/08/28 16:14:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server [2011/08/28 16:14:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Synchronization Services [2011/08/28 16:14:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition [2011/08/28 16:13:51 | 000,000,000 | ---D | C] -- C:\Users\WinAndLinuxTutorials\Documents\Visual Studio 2010 [2011/08/28 16:13:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2010 Express [2011/08/28 16:12:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 10.0 [2011/08/28 16:11:37 | 000,000,000 | ---D | C] -- C:\Windows\symbols [2011/08/28 16:11:37 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 10.0 [2011/08/28 16:11:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SDKs [2011/08/28 16:11:37 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Help Viewer [2011/08/28 01:54:54 | 000,000,000 | ---D | C] -- C:\Users\WinAndLinuxTutorials\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Quranflash Tajweed [2011/08/27 23:52:39 | 000,000,000 | ---D | C] -- C:\Users\WinAndLinuxTutorials\AppData\Local\Paint.NET [2011/08/27 23:50:27 | 000,000,000 | ---D | C] -- C:\Users\WinAndLinuxTutorials\Documents\Any Video Converter [2011/08/27 23:48:39 | 000,000,000 | ---D | C] -- C:\Users\WinAndLinuxTutorials\AppData\Roaming\AnvSoft [2011/08/27 21:24:26 | 000,000,000 | ---D | C] -- C:\Hotspot Shield [2011/08/27 21:22:41 | 000,000,000 | ---D | C] -- C:\Users\WinAndLinuxTutorials\AppData\Roaming\Opera [2011/08/27 21:22:41 | 000,000,000 | ---D | C] -- C:\Users\WinAndLinuxTutorials\AppData\Local\Opera [2011/08/26 16:07:27 | 000,000,000 | ---D | C] -- C:\Users\WinAndLinuxTutorials\AppData\Roaming\BITS [2011/08/26 16:07:26 | 000,000,000 | ---D | C] -- C:\Users\WinAndLinuxTutorials\AppData\Roaming\FlashGet [2011/08/26 16:06:30 | 000,000,000 | ---D | C] -- C:\Users\WinAndLinuxTutorials\AppData\Roaming\ProgSense [2011/08/26 16:06:29 | 000,000,000 | ---D | C] -- C:\Users\WinAndLinuxTutorials\AppData\Roaming\Orbit [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2011/09/25 14:50:00 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe [2011/09/25 14:50:00 | 000,002,646 | ---- | M] () -- C:\Windows\SysNative\.crusader [2011/09/25 14:50:00 | 000,002,034 | ---- | M] () -- C:\Windows\SysNative\bootdelete.lst [2011/09/25 14:47:42 | 002,388,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer1.exe [2011/09/25 14:36:53 | 000,025,160 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys [2011/09/25 14:22:41 | 000,014,592 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011/09/25 14:22:41 | 000,014,592 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011/09/25 14:19:11 | 000,786,998 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011/09/25 14:19:11 | 000,667,082 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011/09/25 14:19:11 | 000,124,444 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011/09/25 14:17:47 | 000,002,404 | ---- | M] () -- C:\Windows\SysNative\.rsp [2011/09/25 14:17:47 | 000,001,479 | ---- | M] () -- C:\Windows\SysNative\.lck [2011/09/25 14:14:24 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2011/09/25 14:12:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011/09/25 14:11:55 | 3063,033,856 | -HS- | M] () -- C:\hiberfil.sys [2011/09/24 22:36:49 | 000,106,699 | ---- | M] () -- C:\Users\WinAndLinuxTutorials\Desktop\Capture.PNG [2011/09/24 22:01:26 | 000,001,821 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2011/09/24 21:27:29 | 029,151,167 | ---- | M] () -- C:\Users\WinAndLinuxTutorials\Desktop\[PC Restoration Test] Rollback Rx 9.1 Test.wmv [2011/09/24 19:59:54 | 000,003,584 | ---- | M] () -- C:\Users\WinAndLinuxTutorials\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/09/24 11:56:49 | 000,092,688 | ---- | M] () -- C:\Users\WinAndLinuxTutorials\Desktop\maltipssign2.gif [2011/09/24 11:55:37 | 000,000,805 | ---- | M] () -- C:\Users\WinAndLinuxTutorials\Documents\Untitledwhit.png [2011/09/22 00:39:41 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif [2011/09/22 00:39:34 | 000,803,644 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011/09/18 16:41:18 | 000,001,041 | ---- | M] () -- C:\Users\WinAndLinuxTutorials\Application Data\Microsoft\Internet Explorer\Quick Launch\VMware Workstation.lnk [2011/09/17 21:00:18 | 000,001,024 | ---- | M] () -- C:\.rnd [2011/09/13 06:31:34 | 000,000,839 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\eBoostr Control Panel.lnk [2011/09/10 20:21:54 | 000,001,905 | ---- | M] () -- C:\Windows\diagwrn.xml [2011/09/10 20:21:54 | 000,001,905 | ---- | M] () -- C:\Windows\diagerr.xml [2011/09/10 14:33:18 | 000,000,632 | RHS- | M] () -- C:\Users\WinAndLinuxTutorials\ntuser.pol [2011/09/08 10:00:52 | 000,605,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\winload.exe [2011/09/08 10:00:52 | 000,518,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.exe [2011/09/06 18:52:32 | 000,275,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DreamScene.dll [2011/09/06 18:52:32 | 000,008,107 | ---- | M] () -- C:\Windows\w7dsd.reg [2011/09/06 18:52:32 | 000,008,089 | ---- | M] () -- C:\Windows\w7dse.reg [2011/09/06 14:50:19 | 002,755,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\themeui.dll [2011/09/06 14:49:52 | 000,101,072 | ---- | M] () -- C:\Windows\UTP.exe [2011/09/06 13:48:37 | 000,332,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\uxtheme.dll [2011/09/06 13:48:33 | 002,851,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\themeui.dll [2011/09/05 19:29:02 | 000,605,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\winload~4.exe [2011/09/05 19:29:02 | 000,518,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\winresume~4.exe [2011/09/05 16:34:59 | 000,007,598 | ---- | M] () -- C:\Users\WinAndLinuxTutorials\AppData\Local\Resmon.ResmonCfg [2011/09/05 15:52:39 | 000,000,000 | -H-- | M] () -- C:\Users\WinAndLinuxTutorials\Documents\Default.rdp [2011/09/03 14:33:53 | 000,136,509 | ---- | M] () -- C:\Users\WinAndLinuxTutorials\Documents\maltipssign.gif [2011/09/03 14:31:57 | 000,036,317 | ---- | M] () -- C:\Users\WinAndLinuxTutorials\Documents\Untitled-5.jpg [2011/09/02 17:21:10 | 000,032,395 | ---- | M] () -- C:\Users\WinAndLinuxTutorials\Documents\maltipssign1.jpg [2011/09/02 17:15:25 | 000,034,284 | ---- | M] () -- C:\Users\WinAndLinuxTutorials\Documents\Untitled-6.jpg [2011/09/02 17:08:10 | 000,027,075 | ---- | M] () -- C:\Users\WinAndLinuxTutorials\Documents\Untitled-4.jpg [2011/09/02 17:03:08 | 000,032,911 | ---- | M] () -- C:\Users\WinAndLinuxTutorials\Documents\Untitled-3.jpg [2011/09/02 17:01:43 | 000,031,933 | ---- | M] () -- C:\Users\WinAndLinuxTutorials\Documents\Untitled-2.jpg [2011/09/02 16:55:14 | 000,033,243 | ---- | M] () -- C:\Users\WinAndLinuxTutorials\Documents\Untitled-1.jpg [2011/09/01 13:10:00 | 000,424,352 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011/09/01 11:47:24 | 001,790,603 | ---- | M] () -- C:\Users\WinAndLinuxTutorials\Documents\alex20productions Intro Tempalte #1.zip [2011/09/01 11:33:18 | 000,034,308 | ---- | M] () -- C:\Windows\SysWow64\BASSMOD.dll [2011/08/31 19:45:22 | 000,054,728 | ---- | M] (Soluto LTD.) -- C:\Windows\SysNative\drivers\Soluto.sys [2011/08/31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011/08/31 02:54:36 | 000,294,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\VMM.sys [2011/08/29 16:17:35 | 000,005,061 | ---- | M] () -- C:\Users\WinAndLinuxTutorials\Documents\Untitled.png [2011/08/29 03:35:21 | 000,023,996 | ---- | M] () -- C:\Users\WinAndLinuxTutorials\Documents\Untitled-3.bmp [2011/08/29 03:35:21 | 000,000,132 | ---- | M] () -- C:\Users\WinAndLinuxTutorials\AppData\Roaming\Adobe BMP Format CS5 Prefs [2011/08/29 03:28:35 | 000,132,776 | ---- | M] () -- C:\Users\WinAndLinuxTutorials\Documents\Untitled-1.bmp [2011/08/28 03:25:35 | 000,061,353 | ---- | M] () -- C:\Users\WinAndLinuxTutorials\Documents\Capture.PNG [2011/08/27 21:24:22 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\cd.dat [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2011/09/25 14:50:00 | 000,002,646 | ---- | C] () -- C:\Windows\SysNative\.crusader [2011/09/25 14:49:59 | 000,002,034 | ---- | C] () -- C:\Windows\SysNative\bootdelete.lst [2011/09/25 14:36:53 | 000,025,160 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys [2011/09/24 22:36:49 | 000,106,699 | ---- | C] () -- C:\Users\WinAndLinuxTutorials\Desktop\Capture.PNG [2011/09/24 22:01:26 | 000,001,821 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2011/09/24 21:14:03 | 029,151,167 | ---- | C] () -- C:\Users\WinAndLinuxTutorials\Desktop\[PC Restoration Test] Rollback Rx 9.1 Test.wmv [2011/09/24 11:56:49 | 000,092,688 | ---- | C] () -- C:\Users\WinAndLinuxTutorials\Desktop\maltipssign2.gif [2011/09/24 11:55:37 | 000,000,805 | ---- | C] () -- C:\Users\WinAndLinuxTutorials\Documents\Untitledwhit.png [2011/09/22 00:39:29 | 000,001,910 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk [2011/09/18 16:41:18 | 000,001,041 | ---- | C] ([/code] [/QUOTE]
Insert quotes…
Verification
Post reply
Top