[Skag]

Hello, I have a malware problem which started today. iexplorer.exe is constantly running, all of my antivirus/malware detection software will not start up. I downloaded Prevx 3.0 and it detected 6 malware problems, 1 of which was a high risk cloaked malware. However sometimes the figure jumps to 30 at times, randomly. Now Prevx 3.0 sometimes works and somtimes later closes like the rest of the programs.

If I stay connected to the internet, iexplorer.exe will run in the background and play some video where the browser window is not viewable - I try to stay disconnected from the internet most of the time for now.

I was unable to use system restore for the same reason I was unable to use my antivirus/spyware removal programs. This was also the same reason I could not create a system restore point with sysrestorepoint.

TFC ran fine.
ERUNT ran fine.
Malwarebytes was only able to run for about 10 seconds before not being able to start ever again.
gmer could only start after renaming the file. After this it would run for a minute or two before iexplorer.exe will be closed by DEP windows software a couple times before completly freezing/hangs. Leaving me to switch off (by holding down the power button).

One thing I should mention is that I had deleted a folder in my C drive folder which was not there before the infecting, I had deleted it completely however I believe I'm going to be told off for doing this now!

I can only provide the OTL logs below.

OTL.txt

OTL logfile created on: 03/01/2010 05:53:19 - Run 1
OTL by OldTimer - Version 3.1.20.2 Folder = C:\Users\Sunil\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16809)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 59.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 65.19 Gb Free Space | 43.74% Space Free | Partition Type: NTFS
Drive D: | 141.23 Gb Total Space | 50.47 Gb Free Space | 35.73% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SUNILS--LAPTOP
Current User Name: Sunil
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/01/03 05:49:17 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\Sunil\Desktop\OTL.exe
PRC - [2010/01/03 04:36:58 | 06,222,312 | ---- | M] (Prevx) -- C:\Program Files\Prevx\prevx.exe
PRC - [2010/01/02 22:33:08 | 00,189,392 | ---- | M] () -- C:\Windows\System32\PnkBstrB.exe
PRC - [2009/07/25 04:23:12 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/06/05 12:39:22 | 00,292,136 | ---- | M] (Apple Inc.) -- D:\ITUNES!\iTunesHelper.exe
PRC - [2009/06/05 12:39:14 | 00,541,992 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/06/05 10:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/04/03 13:33:20 | 00,075,064 | ---- | M] () -- C:\Windows\System32\PnkBstrA.exe
PRC - [2009/01/15 04:14:36 | 00,634,024 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/10/29 06:20:29 | 02,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/05/14 07:38:48 | 00,033,136 | ---- | M] () -- C:\Windows\ASScrPro.exe
PRC - [2008/01/07 08:25:13 | 04,853,760 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/12/20 14:00:23 | 00,643,072 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\Ati2evxx.exe
PRC - [2007/11/30 18:20:44 | 00,051,768 | ---- | M] () -- C:\Program Files\ASUS\ASUS Live Update\ALU.exe
PRC - [2007/09/03 05:37:18 | 00,630,784 | ---- | M] (Motorola Inc.) -- C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
PRC - [2007/08/08 07:08:40 | 00,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe
PRC - [2007/07/10 17:59:56 | 00,851,968 | ---- | M] (ATK) -- C:\Program Files\ASUS\Splendid\ACMON.exe
PRC - [2007/06/28 18:31:38 | 00,079,136 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2007/06/20 19:49:10 | 00,451,872 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
PRC - [2007/05/18 09:31:16 | 00,073,728 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
PRC - [2007/04/19 18:32:08 | 00,225,280 | ---- | M] (ATK0100) -- C:\Program Files\ATK Hotkey\HControl.exe
PRC - [2007/04/17 20:39:42 | 00,077,824 | ---- | M] () -- C:\Program Files\ATK Hotkey\KBFiltr.exe
PRC - [2007/03/01 21:24:25 | 00,857,648 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2007/02/06 01:13:14 | 00,094,208 | ---- | M] () -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe
PRC - [2007/01/18 02:26:36 | 07,708,672 | ---- | M] () -- C:\Program Files\ATKOSD2\ATKOSD2.exe
PRC - [2006/12/21 06:03:38 | 01,036,288 | ---- | M] () -- C:\Program Files\Wireless Console 2\wcourier.exe
PRC - [2006/12/19 00:26:26 | 02,420,736 | ---- | M] () -- C:\Program Files\ATK Hotkey\ATKOSD.exe
PRC - [2006/11/02 15:27:32 | 00,061,440 | ---- | M] (ASUSTeK Computer INC.) -- C:\Program Files\ASUS\ATK Media\DMedia.exe
PRC - [2006/11/02 12:34:48 | 00,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mobsync.exe
PRC - [2006/11/02 09:46:02 | 00,143,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WUDFHost.exe
PRC - [2006/11/02 09:45:50 | 00,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe
PRC - [2005/07/06 22:43:42 | 00,155,648 | ---- | M] (ASUSTeK) -- C:\Windows\System32\ACEngSvr.exe


========== Modules (SafeList) ==========

MOD - [2010/01/03 05:49:17 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\Sunil\Desktop\OTL.exe
MOD - [2008/11/11 20:00:26 | 00,079,112 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\mzvkbd3.dll
MOD - [2008/11/11 20:00:26 | 00,079,112 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\mzvkbd.dll
MOD - [2006/11/02 09:46:13 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sfc_os.dll
MOD - [2006/11/02 09:46:13 | 00,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sfc.dll
MOD - [2006/11/02 09:46:07 | 02,095,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msi.dll
MOD - [2006/11/02 09:46:07 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msiltcfg.dll
MOD - [2006/11/02 09:38:57 | 01,648,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/01/03 04:36:58 | 06,222,312 | ---- | M] (Prevx) [Auto | Running] -- C:\Program Files\Prevx\prevx.exe -- (CSIScanner)
SRV - [2010/01/02 22:33:08 | 00,189,392 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PnkBstrB.exe -- (PnkBstrB)
SRV - [2009/07/05 21:13:02 | 00,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/06/05 12:39:14 | 00,541,992 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/06/05 10:48:14 | 00,144,712 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/04/03 13:33:20 | 00,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PnkBstrA.exe -- (PnkBstrA)
SRV - [2009/02/06 08:12:10 | 00,206,088 | ---- | M] (Kaspersky Lab) [Auto | Stopped] -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe -- (AVP)
SRV - [2009/01/26 15:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Stopped] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/05/14 04:51:40 | 00,265,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/20 14:00:23 | 00,643,072 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\Windows\System32\Ati2evxx.exe -- (Ati External Event Utility)
SRV - [2007/08/08 07:08:40 | 00,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2007/06/28 18:31:38 | 00,079,136 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2007/06/01 17:21:30 | 00,271,920 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2007/05/18 09:31:16 | 00,073,728 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService)
SRV - [2007/04/14 04:09:56 | 00,792,112 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService)
SRV - [2007/02/06 01:13:14 | 00,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2006/11/02 12:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - [2006/10/26 20:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2005/04/03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.asus.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:4.0.27.0
FF - prefs.js..extensions.enabledItems: {89506680-e3f4-484c-a2c0-ed711d481eda}:0.9.5.1
FF - prefs.js..extensions.enabledItems: {7694c49c-9fbd-11dc-8314-0800200c9a66}:3.0.2

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/12/18 18:47:25 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/12/18 18:47:25 | 00,000,000 | ---D | M]

[2008/09/27 15:14:38 | 00,000,000 | ---D | M] -- C:\Users\Sunil\AppData\Roaming\Mozilla\Extensions
[2010/01/03 04:18:11 | 00,000,000 | ---D | M] -- C:\Users\Sunil\AppData\Roaming\Mozilla\Firefox\Profiles\4956bnvf.default\extensions
[2008/12/05 01:47:51 | 00,000,000 | ---D | M] (No name found) -- C:\Users\Sunil\AppData\Roaming\Mozilla\Firefox\Profiles\4956bnvf.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}(73)
[2008/10/16 22:44:26 | 00,000,000 | ---D | M] (Aquatint Black Gloss) -- C:\Users\Sunil\AppData\Roaming\Mozilla\Firefox\Profiles\4956bnvf.default\extensions\{7694c49c-9fbd-11dc-8314-0800200c9a66}
[2009/10/01 15:50:46 | 00,000,000 | ---D | M] (Firefox Showcase) -- C:\Users\Sunil\AppData\Roaming\Mozilla\Firefox\Profiles\4956bnvf.default\extensions\{89506680-e3f4-484c-a2c0-ed711d481eda}
[2009/10/23 03:49:30 | 00,000,000 | ---D | M] -- C:\Users\Sunil\AppData\Roaming\Mozilla\Firefox\Profiles\4956bnvf.default\extensions\[email protected]
[2008/12/06 02:30:43 | 00,000,000 | ---D | M] -- C:\Users\Sunil\AppData\Roaming\Mozilla\Firefox\Profiles\4956bnvf.default\extensions\nasanightlaunch@example(72).com
[2008/10/16 15:59:22 | 00,001,146 | ---- | M] () -- C:\Users\Sunil\AppData\Roaming\Mozilla\Firefox\Profiles\4956bnvf.default\searchplugins\bbc-news.xml
[2008/10/16 15:59:31 | 00,001,504 | ---- | M] () -- C:\Users\Sunil\AppData\Roaming\Mozilla\Firefox\Profiles\4956bnvf.default\searchplugins\imdb.xml
[2010/01/01 10:24:41 | 00,004,857 | ---- | M] () -- C:\Users\Sunil\AppData\Roaming\Mozilla\Firefox\Profiles\4956bnvf.default\searchplugins\isohunt---bt-search.xml
[2009/02/24 02:28:15 | 00,002,298 | ---- | M] () -- C:\Users\Sunil\AppData\Roaming\Mozilla\Firefox\Profiles\4956bnvf.default\searchplugins\lastfm.xml
[2009/03/03 00:58:09 | 00,002,006 | ---- | M] () -- C:\Users\Sunil\AppData\Roaming\Mozilla\Firefox\Profiles\4956bnvf.default\searchplugins\urban-dictionary.xml
[2009/02/07 17:44:42 | 00,001,337 | ---- | M] () -- C:\Users\Sunil\AppData\Roaming\Mozilla\Firefox\Profiles\4956bnvf.default\searchplugins\whois-lookup.xml
[2008/10/16 15:59:51 | 00,001,032 | ---- | M] () -- C:\Users\Sunil\AppData\Roaming\Mozilla\Firefox\Profiles\4956bnvf.default\searchplugins\wikipedia-eng.xml
[2008/10/16 16:00:06 | 00,002,108 | ---- | M] () -- C:\Users\Sunil\AppData\Roaming\Mozilla\Firefox\Profiles\4956bnvf.default\searchplugins\youtube-video-search.xml
[2010/01/03 04:18:11 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/01/04 15:36:50 | 00,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2008/01/04 15:36:50 | 00,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2008/11/14 19:50:55 | 00,000,759 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2008/01/04 15:36:50 | 00,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: (292165 bytes) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 10061 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe ()
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMedia.exe (ASUSTeK Computer INC.)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [iTunesHelper] D:\ITUNES!\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Google Update] C:\Users\Sunil\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O9 - Extra Button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll (Kaspersky Lab)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1242104793887 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zon...er.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\mzvkbd.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\mzvkbd3.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\Windows\system32\klogon.dll - C:\Windows\System32\klogon.dll (Kaspersky Lab)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 21:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{ea7666e3-a23f-11dd-b758-001fc6534de3}\Shell\Auto\command - "" = setup.exe
O33 - MountPoints2\{ea7666e6-a23f-11dd-b758-001fc6534de3}\Shell - "" = AutoRun
O33 - MountPoints2\{ea7666e6-a23f-11dd-b758-001fc6534de3}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O33 - MountPoints2\{eb06d7a1-d9a6-11dd-8e3d-001fc6534de3}\Shell\AutoRun\command - "" = udhpatvz.exe
O33 - MountPoints2\{eb06d7a1-d9a6-11dd-8e3d-001fc6534de3}\Shell\explore\Command - "" = udhpatvz.exe
O33 - MountPoints2\{eb06d7a1-d9a6-11dd-8e3d-001fc6534de3}\Shell\open\Command - "" = udhpatvz.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2006/11/02 11:18:47 | 00,000,000 | ---D | M]
NetSvcs: Irmon - C:\Windows\System32\irmon.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
OTL cannot create restorepoints on Vista OSs!

========== Files/Folders - Created Within 14 Days ==========

[2010/01/03 05:49:16 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Users\Sunil\Desktop\OTL.exe
[2010/01/03 05:11:24 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/01/03 05:11:21 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/01/03 05:11:21 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/01/03 05:09:35 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/01/03 05:08:38 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/01/03 05:02:16 | 05,061,512 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Sunil\Desktop\m-bam-setup.exe
[2010/01/03 05:02:06 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Sunil\Desktop\erunt_setup.exe
[2010/01/03 05:01:56 | 00,021,504 | ---- | C] (Doug Knox) -- C:\Users\Sunil\Desktop\Sys-RestorePoint.exe
[2010/01/03 04:53:19 | 00,410,624 | ---- | C] (OldTimer Tools) -- C:\Users\Sunil\Desktop\TFC.exe
[2010/01/03 04:37:00 | 00,053,136 | ---- | C] (Prevx) -- C:\Windows\System32\PxSecure.dll
[2010/01/03 04:37:00 | 00,047,408 | ---- | C] (Prevx) -- C:\Windows\System32\drivers\pxrts.sys
[2010/01/03 04:37:00 | 00,030,280 | ---- | C] (Prevx) -- C:\Windows\System32\drivers\pxscan.sys
[2010/01/03 04:36:59 | 00,024,496 | ---- | C] (Prevx) -- C:\Windows\System32\drivers\pxkbf.sys
[2010/01/03 04:36:58 | 00,000,000 | ---D | C] -- C:\Program Files\Prevx
[2010/01/03 04:36:48 | 00,000,000 | ---D | C] -- C:\ProgramData\PrevxCSI
[2010/01/03 04:20:26 | 00,910,072 | ---- | C] (Prevx) -- C:\Users\Sunil\Desktop\PREVX-CSIFREE.EXE
[2010/01/03 01:37:40 | 00,000,000 | ---D | C] -- C:\Users\Public\Desktop\TrendMicro_TIS_17.50_en-US_32-bit
[2010/01/03 01:36:32 | 45,347,568 | ---- | C] (Trend Micro Inc.) -- C:\Users\Public\Desktop\TrendMicro_TIS_17.50_en-US_32-bit.exe
[2010/01/03 01:36:27 | 00,000,000 | ---D | C] -- C:\Users\Sunil\Desktop\TrendMicro_Downloader
[2010/01/03 01:36:09 | 01,992,152 | ---- | C] (Trend Micro Inc.) -- C:\Users\Sunil\Desktop\TrendMicro_Downloader.exe
[2009/12/30 06:47:04 | 00,000,000 | ---D | C] -- C:\Users\Sunil\Downloads\Flash Forward Season 1
[2009/12/30 02:30:30 | 00,000,000 | ---D | C] -- C:\Program Files\mkv2vob
[2009/12/29 13:22:44 | 00,000,000 | ---D | C] -- C:\Users\Sunil\Downloads\Flash Forward HD s01e09
[2009/12/29 13:21:44 | 00,000,000 | ---D | C] -- C:\Users\Sunil\Downloads\Flash Forward HD s01e08
[2009/12/29 13:21:13 | 00,000,000 | ---D | C] -- C:\Users\Sunil\Downloads\Flash Forward HD s01e07
[2009/12/29 13:20:05 | 00,000,000 | ---D | C] -- C:\Users\Sunil\Downloads\Flash Forward HD s01e06
[2009/12/28 15:19:11 | 00,000,000 | ---D | C] -- C:\Users\Sunil\Desktop\originals
[2007/01/24 18:08:39 | 00,005,632 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys

========== Files - Modified Within 14 Days ==========

[2010/01/03 05:54:54 | 05,242,880 | -HS- | M] () -- C:\Users\Sunil\ntuser.dat
[2010/01/03 05:49:17 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\Sunil\Desktop\OTL.exe
[2010/01/03 05:35:04 | 00,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/01/03 05:35:04 | 00,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/01/03 05:35:02 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/01/03 05:34:51 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/01/03 05:34:48 | 32,204,63616 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/03 05:18:47 | 00,047,408 | ---- | M] (Prevx) -- C:\Windows\System32\drivers\pxrts.sys
[2010/01/03 05:18:47 | 00,030,280 | ---- | M] (Prevx) -- C:\Windows\System32\drivers\pxscan.sys
[2010/01/03 05:18:46 | 00,024,496 | ---- | M] (Prevx) -- C:\Windows\System32\drivers\pxkbf.sys
[2010/01/03 05:15:17 | 00,284,915 | ---- | M] () -- C:\Users\Sunil\Desktop\gmer.zip
[2010/01/03 05:11:45 | 00,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2299308901-2864604730-1019191112-1000UA.job
[2010/01/03 05:11:26 | 00,000,825 | ---- | M] () -- C:\Users\Public\Desktop\Mal warebytes' AntiMalware.lnk
[2010/01/03 05:08:38 | 00,000,740 | ---- | M] () -- C:\Users\Sunil\Desktop\NTREGOPT.lnk
[2010/01/03 05:08:38 | 00,000,721 | ---- | M] () -- C:\Users\Sunil\Desktop\ERUNT.lnk
[2010/01/03 05:02:20 | 05,061,512 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Sunil\Desktop\m-bam-setup.exe
[2010/01/03 05:02:07 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Sunil\Desktop\erunt_setup.exe
[2010/01/03 05:02:02 | 00,021,504 | ---- | M] (Doug Knox) -- C:\Users\Sunil\Desktop\Sys-RestorePoint.exe
[2010/01/03 04:55:30 | 05,895,712 | -HS- | M] () -- C:\Windows\System32\drivers\fidbox.dat
[2010/01/03 04:55:30 | 00,999,456 | -HS- | M] () -- C:\Windows\System32\drivers\fidbox2.dat
[2010/01/03 04:55:30 | 00,048,188 | -HS- | M] () -- C:\Windows\System32\drivers\fidbox.idx
[2010/01/03 04:55:30 | 00,005,544 | -HS- | M] () -- C:\Windows\System32\drivers\fidbox2.idx
[2010/01/03 04:55:10 | 00,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/01/03 04:53:21 | 00,410,624 | ---- | M] (OldTimer Tools) -- C:\Users\Sunil\Desktop\TFC.exe
[2010/01/03 04:43:27 | 00,000,202 | ---- | M] () -- C:\Windows\System32\srcr.dat
[2010/01/03 04:41:30 | 00,000,050 | ---- | M] () -- C:\Windows\wininit.ini
[2010/01/03 04:37:00 | 00,053,136 | ---- | M] (Prevx) -- C:\Windows\System32\PxSecure.dll
[2010/01/03 04:20:28 | 00,910,072 | ---- | M] (Prevx) -- C:\Users\Sunil\Desktop\PREVX-CSIFREE.EXE
[2010/01/03 04:10:15 | 00,000,854 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2299308901-2864604730-1019191112-1000Core.job
[2010/01/03 02:18:04 | 00,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe
[2010/01/03 01:37:32 | 45,347,568 | ---- | M] (Trend Micro Inc.) -- C:\Users\Public\Desktop\TrendMicro_TIS_17.50_en-US_32-bit.exe
[2010/01/03 01:36:11 | 01,992,152 | ---- | M] (Trend Micro Inc.) -- C:\Users\Sunil\Desktop\TrendMicro_Downloader.exe
[2010/01/03 00:35:54 | 00,000,875 | ---- | M] () -- C:\Windows\System32\krl32mainweq.dll
[2010/01/03 00:34:10 | 00,000,008 | ---- | M] () -- C:\ProgramData\sysReserve.ini
[2010/01/02 22:33:08 | 00,189,392 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[2010/01/02 22:33:08 | 00,189,392 | ---- | M] () -- C:\Windows\System32\PnkBstrB.exe
[2010/01/02 21:01:23 | 00,138,016 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010/01/02 20:36:30 | 00,243,007 | ---- | M] () -- C:\Users\Sunil\Desktop\Shot01320.png
[2010/01/01 10:35:12 | 00,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2009/12/31 08:16:41 | 00,031,232 | ---- | M] () -- C:\Users\Sunil\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/30 14:55:24 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/12/30 14:54:58 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/12/30 02:30:31 | 00,001,794 | ---- | M] () -- C:\Users\Sunil\Desktop\mkv2vob.lnk
[2009/12/30 02:28:06 | 08,192,000 | ---- | M] () -- C:\Users\Sunil\Desktop\mkv2vob.exe
[2009/12/30 02:13:15 | 00,692,118 | ---- | M] () -- C:\Windows\System32\perfh013.dat
[2009/12/30 02:13:15 | 00,623,342 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/12/30 02:13:15 | 00,126,808 | ---- | M] () -- C:\Windows\System32\perfc013.dat
[2009/12/30 02:13:15 | 00,108,526 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/12/30 02:13:13 | 01,515,942 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/12/28 15:29:17 | 00,026,478 | ---- | M] () -- C:\Users\Sunil\Desktop\server.ini
[2009/12/28 15:24:11 | 00,033,376 | ---- | M] () -- C:\Users\Sunil\Desktop\ArmyOps.ini

========== Files Created - No Company Name ==========

[2010/01/03 05:15:24 | 00,293,376 | ---- | C] () -- C:\Users\Sunil\Desktop\g-mer.exe
[2010/01/03 05:15:16 | 00,284,915 | ---- | C] () -- C:\Users\Sunil\Desktop\gmer.zip
[2010/01/03 05:11:26 | 00,000,825 | ---- | C] () -- C:\Users\Public\Desktop\Mal warebytes' AntiMalware.lnk
[2010/01/03 05:08:38 | 00,000,740 | ---- | C] () -- C:\Users\Sunil\Desktop\NTREGOPT.lnk
[2010/01/03 05:08:38 | 00,000,721 | ---- | C] () -- C:\Users\Sunil\Desktop\ERUNT.lnk
[2010/01/03 04:40:18 | 32,204,63616 | -HS- | C] () -- C:\hiberfil.sys
[2010/01/03 04:36:48 | 00,000,050 | ---- | C] () -- C:\Windows\wininit.ini
[2010/01/03 00:35:54 | 00,000,875 | ---- | C] () -- C:\Windows\System32\krl32mainweq.dll
[2010/01/03 00:34:53 | 00,000,202 | ---- | C] () -- C:\Windows\System32\srcr.dat
[2010/01/03 00:34:10 | 00,000,008 | ---- | C] () -- C:\ProgramData\sysReserve.ini
[2010/01/02 20:36:29 | 00,243,007 | ---- | C] () -- C:\Users\Sunil\Desktop\Shot01320.png
[2009/12/30 02:30:31 | 00,001,794 | ---- | C] () -- C:\Users\Sunil\Desktop\mkv2vob.lnk
[2009/12/30 02:27:47 | 08,192,000 | ---- | C] () -- C:\Users\Sunil\Desktop\mkv2vob.exe
[2009/12/20 21:51:00 | 00,033,376 | ---- | C] () -- C:\Users\Sunil\Desktop\ArmyOps.ini
[2009/06/11 22:29:50 | 00,041,808 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2009/03/01 22:53:04 | 00,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/02/04 03:07:09 | 00,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/12/24 17:21:58 | 00,000,680 | ---- | C] () -- C:\Users\Sunil\AppData\Local\d3d9caps.dat
[2008/11/28 18:01:01 | 00,138,056 | ---- | C] () -- C:\Users\Sunil\AppData\Roaming\PnkBstrK.sys
[2008/11/10 00:25:12 | 00,000,552 | ---- | C] () -- C:\Users\Sunil\AppData\Local\d3d8caps.dat
[2008/09/30 16:04:06 | 00,138,016 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2008/09/29 14:03:28 | 00,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2008/09/28 00:19:15 | 00,031,232 | ---- | C] () -- C:\Users\Sunil\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/26 17:36:42 | 00,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/09/19 21:57:34 | 03,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/09/19 21:55:10 | 00,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest
[2008/09/19 21:55:10 | 00,000,416 | ---- | C] () -- C:\Windows\System32\dpl100.dll.manifest
[2008/09/19 21:54:18 | 00,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2008/05/14 07:38:35 | 00,012,288 | ---- | C] () -- C:\Windows\impborl.dll
[2007/12/20 14:02:19 | 00,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2007/04/18 09:06:01 | 00,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini
[2007/03/06 06:39:19 | 00,049,152 | ---- | C] () -- C:\Windows\revdevdll.dll
[2006/11/02 12:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 07:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/03/09 10:57:59 | 01,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2003/01/07 22:05:08 | 00,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI

========== LOP Check ==========

[2010/01/03 04:55:10 | 00,032,532 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/01/19 07:42:25 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\SoftwareDistribution\Download\1c436700711381f954e9ff3f0c4b052b\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/05/14 06:14:21 | 00,056,504 | ---- | M] (Microsoft Corporation) MD5=198636E76971EBC96404547EC0FD5E75 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_cb7c81c7\AGP440.sys
[2008/05/14 06:14:21 | 00,056,504 | ---- | M] (Microsoft Corporation) MD5=198636E76971EBC96404547EC0FD5E75 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20598_none_b85cfa98dae9b436\AGP440.sys
[2006/11/02 09:49:52 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006/11/02 09:49:52 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/01/19 07:41:30 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\SoftwareDistribution\Download\1c436700711381f954e9ff3f0c4b052b\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 09:49:36 | 00,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/09/26 16:09:43 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\drivers\atapi.sys
[2008/09/26 16:09:43 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008/09/26 16:09:43 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008/09/26 16:09:43 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 09:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 09:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2008/01/19 07:42:51 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\SoftwareDistribution\Download\1c436700711381f954e9ff3f0c4b052b\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 09:51:25 | 00,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006/11/02 09:51:25 | 00,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2006/11/02 09:46:11 | 00,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\System32\netlogon.dll
[2006/11/02 09:46:11 | 00,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2008/01/19 07:35:36 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\SoftwareDistribution\Download\1c436700711381f954e9ff3f0c4b052b\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 09:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006/11/02 09:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/19 07:42:09 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\SoftwareDistribution\Download\1c436700711381f954e9ff3f0c4b052b\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/19 07:36:19 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\SoftwareDistribution\Download\1c436700711381f954e9ff3f0c4b052b\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006/11/02 09:46:12 | 00,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\System32\scecli.dll
[2006/11/02 09:46:12 | 00,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2006/11/02 09:46:02 | 00,770,048 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\advapi32.dll
[2008/09/26 16:01:08 | 00,162,816 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dnsapi.dll
[2008/10/21 05:16:20 | 00,297,472 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\gdi32.dll
[2009/01/15 04:16:00 | 00,267,776 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\iertutil.dll
[2006/11/02 09:46:05 | 00,115,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\imm32.dll
[2006/11/02 09:46:05 | 00,874,496 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\kernel32.dll
[2006/11/02 09:46:05 | 00,024,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\lpk.dll
[2008/05/14 06:20:34 | 00,805,888 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\msctf.dll
[2006/11/02 09:46:10 | 00,681,472 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\msvcrt.dll
[2006/11/02 08:33:06 | 00,002,560 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\normaliz.dll
[2006/11/02 09:46:12 | 00,010,240 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\nsi.dll
[2006/11/02 09:47:26 | 01,162,656 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\ntdll.dll
[2006/11/02 09:46:12 | 01,314,816 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\ole32.dll
[2008/05/14 05:39:54 | 00,788,992 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rpcrt4.dll
[2006/11/02 09:47:18 | 00,228,968 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2006/11/02 09:46:12 | 00,072,704 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\secur32.dll
[2008/11/06 12:59:14 | 11,320,832 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\shell32.dll
[2006/11/02 09:46:13 | 00,339,968 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\shlwapi.dll
[2006/11/02 09:46:13 | 00,221,184 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll
[2008/05/14 04:50:39 | 00,633,856 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2006/11/02 09:46:13 | 00,107,008 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\userenv.dll
[2006/11/02 09:46:13 | 00,502,784 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\usp10.dll
[2009/01/15 04:16:03 | 00,826,368 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\wininet.dll
[2006/11/02 09:46:14 | 00,178,688 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\ws2_32.dll

< %systemroot%\Tasks\*.job /lockedfiles >
< End of report >



extras.txt

OTL Extras logfile created on: 03/01/2010 05:53:19 - Run 1
OTL by OldTimer - Version 3.1.20.2 Folder = C:\Users\Sunil\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16809)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 59.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 65.19 Gb Free Space | 43.74% Space Free | Partition Type: NTFS
Drive D: | 141.23 Gb Total Space | 50.47 Gb Free Space | 35.73% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SUNILS--LAPTOP
Current User Name: Sunil
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{5760BD42-5005-45F4-94D8-E30A95F5F597}" = rport=137 | protocol=17 | dir=out | app=system |
"{613B6AB6-895D-42FA-B7D2-643265E84FA5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{6D338166-CFCE-496A-BEC4-782B958B39B2}" = lport=137 | protocol=17 | dir=in | app=system |
"{7CE72F15-3F92-4502-8F0C-CCCE6C25D726}" = rport=138 | protocol=17 | dir=out | app=system |
"{A3D0EA85-286F-47F0-B4D0-F6DD5B2ED2F1}" = rport=445 | protocol=6 | dir=out | app=system |
"{A8BE2625-F4A3-4C21-A53D-69B61B7BDCF0}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B4AB4C34-4DBF-49CC-B175-CC98AF148465}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{C0FC4478-AF4C-47EF-A872-F92C7C1ABF18}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{D3FDAAB6-6D27-4427-8A38-19C63349648F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{DBB7E189-CF1D-4D5C-B8C8-0312F6EDF6A0}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{E0653FAB-C5FA-4050-8125-8E4446778146}" = lport=138 | protocol=17 | dir=in | app=system |
"{EC74977A-BA7C-47CF-8545-812221AF67B0}" = lport=139 | protocol=6 | dir=in | app=system |
"{EF2B7C3B-865C-47F6-A17D-9FD4BE6EE4A2}" = rport=139 | protocol=6 | dir=out | app=system |
"{F05ED7DA-7A31-4C50-9DEB-807902547BB9}" = lport=445 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00B17D17-734B-4B58-B21A-F7BCAD658387}" = protocol=17 | dir=in | app=d:\itunes.exe |
"{05CC44C4-91E8-4417-B21D-BC6B0EB01A95}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{07E42E8B-683A-47AE-8CB9-9A6E35403E91}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{13DFEA9B-9097-4D4F-8E5A-2CBE42471010}" = protocol=17 | dir=in | app=c:\program files\kontiki\kservice.exe |
"{1AC18BD2-2B6A-42D2-BF54-8226681B307B}" = protocol=58 | dir=out | [email protected],-28546 |
"{1D69F916-829F-44A0-B89E-846ED6EA15D2}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |
"{24482675-33C9-4137-8A96-6F1AFE0902D3}" = protocol=6 | dir=in | app=d:\itunes.exe |
"{376B7D8C-3E97-48DF-AEA0-5141E74336DF}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{42168979-97AB-4AF5-8720-5136E08BF589}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{4EE18189-6A6E-49A1-8A03-95CDF435D90E}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{51887F65-65BA-4AD7-9DE9-0A71BBE827D3}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe |
"{51E4B671-B31B-4530-879B-B5290A6068BA}" = protocol=6 | dir=in | app=c:\program files\kontiki\kservice.exe |
"{553549FA-F470-4109-AF26-57A6822C1546}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{55A26F36-642D-43BF-AA43-94366FEB7761}" = protocol=17 | dir=in | app=d:\itunes!\itunes.exe |
"{59F3E7E2-93BB-4BCD-9F61-2F3B82FB7680}" = protocol=6 | dir=in | app=d:\itunes!\itunes.exe |
"{5A296A7B-CCB3-4FE6-BF5C-08FAA1FC394F}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe |
"{5C6FE0A4-598C-4124-B43D-4896E8EE9FDA}" = protocol=6 | dir=in | app=c:\users\sunil\desktop\utorrent.exe |
"{681FFFCE-5833-49D2-B6E6-A3BCE097B656}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{6874040B-7692-46E3-8C72-796A0DF53B98}" = protocol=58 | dir=in | [email protected],-28545 |
"{69FEE916-B106-419C-B0FD-D7ED0D06A4E6}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe |
"{6D07A9B2-E688-4ADD-B8E0-70CD71929D1F}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{6D2B15FA-43E1-488D-9909-813BD373C73E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6E43470B-24EA-4F9D-8B91-43582F8286DD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{71703133-2238-4301-95DB-A7C35FF36BEB}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{777D5333-4125-4BB8-A7E9-79EF1706E577}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe |
"{77998FA4-E4CC-4D4C-925B-91EB413509C5}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\america's army 3\binaries\aa3game.exe |
"{79A39790-86BD-4948-9AD9-1E587AC258A2}" = protocol=6 | dir=in | app=c:\program files\spotify\spotify.exe |
"{7E698090-84B6-471F-968A-E6AA106159E5}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{7E842D29-3DEC-4C48-B6CE-60FD90877A37}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{80F903CC-EA7C-4353-B27B-F080B10AD9E8}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{85C0A866-6573-4613-A83B-1AB046F99BCC}" = protocol=17 | dir=in | app=c:\users\sunil\desktop\utorrent.exe |
"{893DFBC7-5FC8-4FBF-A93A-64D49E84D390}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |
"{97EA56D5-9CF9-4D3D-88D4-E401F628C00E}" = protocol=1 | dir=in | [email protected],-28543 |
"{9A8ED968-E335-4287-B3E4-55C213F84AEA}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{9F0C8CA8-433B-4A76-9AE3-047395B5B0A3}" = protocol=1 | dir=in | [email protected],-28543 |
"{A0CC141A-4D30-44E0-9ADA-9DD614813986}" = protocol=58 | dir=out | [email protected],-28546 |
"{AB5CF6DF-60EF-4C6E-BF90-1523DD292FF1}" = protocol=17 | dir=in | app=c:\program files\spotify\spotify.exe |
"{ACDFFF4C-CB9D-4D6A-B702-F55A8633F901}" = protocol=6 | dir=in | app=c:\program files\spotify\spotify.exe |
"{B05A0614-0A63-4143-AD5F-09DA338A0F3D}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\america's army 3\binaries\aa3game.exe |
"{B69530F4-9E84-4FD8-9C43-A02864B65CF1}" = protocol=17 | dir=in | app=c:\users\sunil\downloads\csa.exe |
"{B79F83C5-C224-4466-BB01-661C008204C8}" = protocol=17 | dir=in | app=c:\program files\spotify\spotify.exe |
"{BB3B0A11-4DEE-4D30-9694-B1BC70CE700B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{BFAF44D4-05E0-4788-8AA0-B9B960A2913D}" = protocol=1 | dir=out | [email protected],-28544 |
"{C02E3D39-F565-4752-BA44-C714B2D1565E}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orb.exe |
"{C10BB66D-81CF-4A6E-9F55-D0AD1F79CC35}" = protocol=1 | dir=out | [email protected],-28544 |
"{C8B9B6DF-C94A-4AA7-9A18-D5B9E538D0BB}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{CCB7155D-CC17-4C0A-B959-79F0A656F134}" = protocol=6 | dir=in | app=c:\users\sunil\downloads\csa.exe |
"{D231B49F-E339-4731-9D7C-96E81916688C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D349B08B-4B63-4830-A88A-DB2D760F853F}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{DDF7DDB4-4800-4202-B67D-AB099CBB2260}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{DE58A9F0-74C5-44ED-9170-2B9D74EF8135}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orb.exe |
"{DFDC7C57-84DA-4295-8D52-C8EC1D900FEA}" = protocol=58 | dir=in | [email protected],-28545 |
"{E60FEFE8-EF0E-4B95-9561-4DD099A2EE9D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{38908767-4E1D-45B2-8DC3-CA08867A8B6F}C:\program files\america's army\system\armyops.exe" = protocol=6 | dir=in | app=c:\program files\america's army\system\armyops.exe |
"TCP Query User{4FCDB6F6-C74F-4026-87A2-4732C4528B85}C:\program files\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files\xfire\xfire.exe |
"TCP Query User{5531FDBE-2FF3-4304-9408-6BD4094A5816}C:\program files\america's army\system\armyops.exe" = protocol=6 | dir=in | app=c:\program files\america's army\system\armyops.exe |
"TCP Query User{7FCBE7F3-F806-4073-82AA-A86F90CA536B}C:\program files\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files\xfire\xfire.exe |
"TCP Query User{84056752-56DE-41B0-8D49-430842FBEB0A}C:\users\sunil\desktop\torrents\utorrent.exe" = protocol=6 | dir=in | app=c:\users\sunil\desktop\torrents\utorrent.exe |
"TCP Query User{9305627F-B0AB-4BE1-AB4B-03EA1F0F9491}D:\itunes!\itunes.exe" = protocol=6 | dir=in | app=d:\itunes!\itunes.exe |
"TCP Query User{EB3890CE-D245-4D0F-BD96-551D2547E0FB}C:\program files\winamp remote\bin\orbtray.exe" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |
"TCP Query User{EC12E32A-4F4B-4D7E-8B2C-80D94332A1F8}C:\program files\america's army deploy client\aadeployclient.exe" = protocol=6 | dir=in | app=c:\program files\america's army deploy client\aadeployclient.exe |
"UDP Query User{38899A6A-6CC5-4F59-992E-0F219CB336BD}C:\program files\america's army\system\armyops.exe" = protocol=17 | dir=in | app=c:\program files\america's army\system\armyops.exe |
"UDP Query User{7ABCF4D3-7C4B-4493-95AE-37512DD8F5BA}C:\program files\america's army deploy client\aadeployclient.exe" = protocol=17 | dir=in | app=c:\program files\america's army deploy client\aadeployclient.exe |
"UDP Query User{99319F34-A26F-41E7-A9CC-6533AAEED057}C:\program files\winamp remote\bin\orbtray.exe" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |
"UDP Query User{A8709345-5EB2-4B49-A75A-C38212B3BDEB}C:\users\sunil\desktop\torrents\utorrent.exe" = protocol=17 | dir=in | app=c:\users\sunil\desktop\torrents\utorrent.exe |
"UDP Query User{CEA4B7A0-CAD8-4CE5-9F52-E583A9364A16}C:\program files\america's army\system\armyops.exe" = protocol=17 | dir=in | app=c:\program files\america's army\system\armyops.exe |
"UDP Query User{D66E3A0A-55A3-4AFD-99EC-DFDBE7E0A563}C:\program files\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files\xfire\xfire.exe |
"UDP Query User{ED622071-159D-495B-8330-683308CE58DC}C:\program files\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files\xfire\xfire.exe |
"UDP Query User{EF1C30DA-7FD0-4561-9040-2B3F76F49E82}D:\itunes!\itunes.exe" = protocol=17 | dir=in | app=d:\itunes!\itunes.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{025F9C8B-27B3-76B0-08E8-4EB918DE287B}" = Catalyst Control Center Localization Dutch
"{02EBDBB9-4600-41D3-B566-40CB861511D2}" = World of Warcraft FREE Trial
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0813BDD1-7E8E-4F18-A13C-037CDD7F9A48}" = Catalyst Control Center Localization Chinese Traditional
"{0A47C6E1-9BB2-023C-BBEC-2D3DBEA91A9A}" = ATI Catalyst Install Manager
"{0B3ED35F-3BDC-72FE-3477-A7CA54325F06}" = CCC Help Chinese Traditional
"{0B950F52-0FD9-C679-6FD0-C4D4F43ACA3E}" = Catalyst Control Center Localization Greek
"{0E4DC8EF-9438-AEEF-A042-851C2EA86FEA}" = Catalyst Control Center Localization Finnish
"{11D3D948-2789-2E3D-03D7-282B537D8C01}" = BBC iPlayer Desktop
"{139B0FFA-187E-4BA1-BCA6-6B56B2B6AB8C}" = ATK Media
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1A915E9E-75A0-5FD6-53C3-D2E5EDA27B52}" = Catalyst Control Center Localization Polish
"{1BDCA62C-699A-A3C2-57C6-D496414BA297}" = Catalyst Control Center Graphics Full New
"{1C8521E5-5A7B-4A4E-A9CD-AD53116EAEE0}" = ASUS Data Security Manager
"{1CE34A07-F95C-C749-B8FB-10BEFBB5D917}" = Catalyst Control Center Localization Swedish
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = LifeFrame2
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}" = mkv2vob
"{22AD2DF3-00C4-68EB-8D2A-C5AC60BDA907}" = CCC Help Greek
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24339461-1E3B-290E-613E-B0B234B64ABE}" = Catalyst Control Center Localization Japanese
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 15
"{27DB888F-A703-E898-6261-D84260EF93DA}" = Catalyst Control Center Core Implementation
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{337C0055-BE59-63E5-72AE-DAED46ED980B}" = CCC Help Korean
"{342D2010-703F-2098-441E-F96F532EBD09}" = CCC Help Chinese Standard
"{38D189B1-C43A-46DE-9518-EE67560002FC}" = America's Army
"{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey
"{3A9A74B7-DAE0-EB01-E51A-D2A6720CF135}" = CCC Help Japanese
"{3E7CE151-F6EC-8550-9B73-427F6A89AC42}" = CCC Help Polish
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45936E5D-5CEB-A100-8694-B62523FD99C6}" = Catalyst Control Center Localization German
"{4BE52CD7-9B51-F4D8-ED51-8E89324F3EBD}" = Catalyst Control Center Localization Norwegian
"{4EE9DA0A-4CED-1FB9-3231-24C85855A387}" = Catalyst Control Center Localization Spanish
"{50DD51CF-31D8-7831-D4E8-E13E0A736D93}" = Catalyst Control Center Localization Russian
"{52159193-1EA1-B129-7C03-7120CB0C502E}" = CCC Help Portuguese
"{52E43F33-7D7C-3209-0539-1B2A43010E0D}" = Catalyst Control Center Localization Turkish
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57B15AD4-8C9D-4164-82BB-E33D8644E757}" = ASUS InstantFun
"{58752780-E21C-A458-2397-BD8D5E3CB0C1}" = Catalyst Control Center Localization Portuguese
"{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}" = ATKOSD2
"{5D601655-6D54-4384-B52C-17EC5385FBBD}" = iTunes
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6580C5A3-2336-4EC5-85F1-3448C5F6208A}" = Kaspersky Anti-Virus 2009
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6602C18D-52EC-BB1F-C3B9-EFF2F1463A58}" = Catalyst Control Center Localization Thai
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D6204C8-6B1D-4FBA-ADA9-CB6DFF9BF80D}" = America's Army Deploy Client
"{6E32B134-CA8D-49DD-B94C-0DB155CE70B5}" = ccc-Branding
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{77AD4A77-F70F-84BC-B52B-91DAB868EF27}" = CCC Help Czech
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{8355F970-601D-442D-A79B-1D7DB4F24CAD}" = Apple Mobile Device Support
"{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2
"{872717DD-EE82-F142-4DF7-0308772A8DE4}" = ccc-utility
"{88D44595-9B8E-38FF-7CD9-F5A1423BA2D6}" = Catalyst Control Center Graphics Light
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D3D4041-DA1D-F814-B37E-ABF774556DAA}" = Catalyst Control Center Localization Italian
"{900F0963-B211-5692-EEEC-4DFF6F7321F6}" = CCC Help Swedish
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91AA9814-7B89-DA53-5FCA-EBDCDAC4F611}" = CCC Help Italian
"{92C98289-5C00-4A4E-03ED-6E59F7D73435}" = Catalyst Control Center Localization Chinese Standard
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97C9E93A-7DEA-37C2-50F0-E6172D91DEE6}" = CCC Help German
"{97F73E68-213C-6F88-A590-9C600186E36C}" = CCC Help Finnish
"{9BF9D522-7FA6-D442-9769-558E3B4503F0}" = Skins
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AB870B63-94EF-0B0A-340E-62CAF5D48B17}" = CCC Help French
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6512E97-FFA8-6A76-4B07-036784E56A7B}" = Catalyst Control Center Localization Czech
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B8F1FA25-D1F3-5DEB-5AE2-18E72A2955CA}" = Catalyst Control Center Localization Danish
"{B935DAF9-605C-A1F8-7A4E-BE87E82B7237}" = CCC Help Norwegian
"{BC61F51E-8AF7-46B9-AF20-B33B5EE81033}" = Nero 7 Essentials
"{C0BAF48F-940E-7AC7-63B3-BDFAF8A6CCA5}" = CCC Help Thai
"{C0FC1C14-4824-4A73-87A6-9E888C9C3102}" = ASUS Splendid Video Enhancement Technology
"{C1B22596-9F6C-6795-F374-D6843ABA8A9A}" = Catalyst Control Center Localization Korean
"{C2F0B002-52DC-470E-BB48-8D1C8C9F1795}" = XAC
"{C376495E-6F9D-2A3A-329E-960682A22B3B}" = Catalyst Control Center Localization Hungarian
"{C6FB5BC4-823A-FE8B-01CB-3A7F51B4C9C2}" = ccc-core-static
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE86A0E7-818D-43EC-A181-59BA9BD3EF2E}" = LightScribe 1.8.13.1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{D8438AE5-4BE7-CEC7-D0AA-189B34C4628F}" = CCC Help Dutch
"{D873FA4B-C374-4F8A-8D9A-130DB56FAB16}" = America's Army
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DF4EB70F-6EBF-AD9E-AF89-D1398A284C86}" = Catalyst Control Center Graphics Previews Common
"{E037311F-0715-DB85-4394-6B09A66605C0}" = CCC Help Spanish
"{E1D0A2DB-9B8D-E7B1-295B-DDAB0B9A423F}" = Catalyst Control Center Localization French
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{EAF8F949-849D-9E39-2A86-0DB83A90405B}" = Catalyst Control Center Graphics Full Existing
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EDFE36E7-B60E-BF8E-F2DF-0DD61B1E3CAE}" = CCC Help Hungarian
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F656696C-CF30-03E5-03A8-05078E02ACEB}" = CCC Help Danish
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F6CAF803-A534-705F-A673-A04FCEC5AFC9}" = CCC Help Russian
"{FCABF3BF-D716-980B-F463-32D5734A3DB4}" = CCC Help English
"{FE0C4C63-56C1-087C-3404-C547405FCEA7}" = Catalyst Control Center Graphics Previews Vista
"{FE44D8AC-80B2-A8BA-291F-59109DE96C11}" = CCC Help Turkish
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1" = BBC iPlayer Desktop
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"ERUNT_is1" = ERUNT 1.1j
"InstallWIX_{6580C5A3-2336-4EC5-85F1-3448C5F6208A}" = Kaspersky Anti-Virus 2009
"LastFM_is1" = Last.fm 1.5.4.24567
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.16)" = Mozilla Firefox (3.0.16)
"Orb" = Winamp Remote
"PCSI" = Prevx
"PunkBusterSvc" = PunkBuster Services
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"Steam App 13140" = America's Army 3
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"USB2.0 1.3M UVC WebCam" = USB2.0 1.3M UVC WebCam
"uTorrent" = µTorrent
"vis_milk.dllWinamp" = MilkDrop for Winamp 2x (remove only)
"VLC media player" = VideoLAN VLC media player 0.8.6d
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Xfire" = Xfire (remove only)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes (Sunil)
"Google Chrome" = Google Chrome
"InstallShield_{38D189B1-C43A-46DE-9518-EE67560002FC}" = America's Army

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 02/10/2009 05:55:50 | Computer Name = Sunils--Laptop | Source = WerSvc | ID = 5007
Description =

Error - 02/10/2009 14:54:10 | Computer Name = Sunils--Laptop | Source = WerSvc | ID = 5007
Description =

Error - 02/10/2009 20:08:33 | Computer Name = Sunils--Laptop | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.0.3526, time stamp 0x4a96afb2,
faulting module MSVCR71.dll, version 7.10.3052.4, time stamp 0x3e561eac, exception
code 0xc0000005, fault offset 0x000128fe, process id 0xbac, application start time
0x01ca43bd9f3af3e8.

Error - 02/10/2009 21:03:09 | Computer Name = Sunils--Laptop | Source = WerSvc | ID = 5007
Description =

Error - 03/10/2009 16:33:16 | Computer Name = Sunils--Laptop | Source = WerSvc | ID = 5007
Description =

Error - 03/10/2009 17:06:12 | Computer Name = Sunils--Laptop | Source = WerSvc | ID = 5007
Description =

Error - 03/10/2009 17:26:51 | Computer Name = Sunils--Laptop | Source = WerSvc | ID = 5007
Description =

Error - 04/10/2009 17:41:53 | Computer Name = Sunils--Laptop | Source = WerSvc | ID = 5007
Description =

Error - 04/10/2009 19:51:30 | Computer Name = Sunils--Laptop | Source = WerSvc | ID = 5007
Description =

Error - 05/10/2009 15:32:08 | Computer Name = Sunils--Laptop | Source = WerSvc | ID = 5007
Description =

[ System Events ]
Error - 03/01/2010 01:53:18 | Computer Name = Sunils--Laptop | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 03/01/2010 01:53:18 | Computer Name = Sunils--Laptop | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 03/01/2010 01:53:18 | Computer Name = Sunils--Laptop | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 03/01/2010 01:53:18 | Computer Name = Sunils--Laptop | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 03/01/2010 01:53:18 | Computer Name = Sunils--Laptop | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 03/01/2010 01:53:18 | Computer Name = Sunils--Laptop | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 03/01/2010 01:53:18 | Computer Name = Sunils--Laptop | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 03/01/2010 01:53:18 | Computer Name = Sunils--Laptop | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 03/01/2010 01:53:18 | Computer Name = Sunils--Laptop | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 03/01/2010 01:53:18 | Computer Name = Sunils--Laptop | Source = Microsoft-Windows-LanguagePackSetup | ID = 1003
Description =


< End of report >

Edited by Skag, 03 January 2010 - 12:26 AM.

[Advertisements]

Hello and welcome to GeeksToGo
I'm hammerman and I'm going to help you fix your problem.

Before we begin, here are some guidelines which will help us both in fixing your problem.

• Malware removal is not instantaneous and will take a number of steps to complete. Please continue to carry out the steps requested until I let you know that your computer appears clean.
• Please do no attach logs or post them in Quote/Code boxes unless requested.
• I suggest you print or save any instructions I give you for easy reference. We may be using Safe mode and you will not always be able to access this thread. You can copy and paste these instructions into Notepad and then save the text file to your Desktop. If you need any help with this or further clarification, please let me know.
• When posting logs, please ensure Word Wrap is turned off in Notepad. Open Notepad, select Format on the menu bar and make sure that Word Wrap is unchecked.
• Please follow the steps exactly in the same order posted. If you can't perform a certain step, or you're unsure on what to do, please stop and let me know.
• If in doubt about anything, please ask.

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**

• If you are using Firefox, make sure that your download settings are as follows:
  
  • Tools->Options->Main tab
  • Set to "Always ask me where to Save the files".
• During the download, rename Combofix to Combo-Fix as follows:
  
  
  
  
  
• It is important you rename Combofix during the download, but not after.
• Please do not rename Combofix to other names, but only to the one indicated.
• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  

  -----------------------------------------------------------

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    

    -----------------------------------------------------------

  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

  -----------------------------------------------------------

• Double click on Combo-Fix.exe & follow the prompts.
• When finished, it will produce a report for you.
• Please post the "C:\Combo-Fix.txt" for further review.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

[hammerman]

Hello and welcome to GeeksToGo
I'm hammerman and I'm going to help you fix your problem.

Before we begin, here are some guidelines which will help us both in fixing your problem.

• Malware removal is not instantaneous and will take a number of steps to complete. Please continue to carry out the steps requested until I let you know that your computer appears clean.
• Please do no attach logs or post them in Quote/Code boxes unless requested.
• I suggest you print or save any instructions I give you for easy reference. We may be using Safe mode and you will not always be able to access this thread. You can copy and paste these instructions into Notepad and then save the text file to your Desktop. If you need any help with this or further clarification, please let me know.
• When posting logs, please ensure Word Wrap is turned off in Notepad. Open Notepad, select Format on the menu bar and make sure that Word Wrap is unchecked.
• Please follow the steps exactly in the same order posted. If you can't perform a certain step, or you're unsure on what to do, please stop and let me know.
• If in doubt about anything, please ask.

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**

• If you are using Firefox, make sure that your download settings are as follows:
  
  • Tools->Options->Main tab
  • Set to "Always ask me where to Save the files".
• During the download, rename Combofix to Combo-Fix as follows:
  
  
  
  
  
• It is important you rename Combofix during the download, but not after.
• Please do not rename Combofix to other names, but only to the one indicated.
• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  

  -----------------------------------------------------------

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    

    -----------------------------------------------------------

  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

  -----------------------------------------------------------

• Double click on Combo-Fix.exe & follow the prompts.
• When finished, it will produce a report for you.
• Please post the "C:\Combo-Fix.txt" for further review.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

[Skag]

Thanks for replying hammerman, I really appreciate the effort to help!

I wasn't able to run it normally, instead only in safe mode. However I got a warning message that Kaspersky Anti-Virus realtime scanners are still active even though I had uninstalled them on the last reboot. Should I continue to scan with combo-fix?

Edited by Skag, 04 January 2010 - 09:56 AM.

[hammerman]

Yes please, continue the Combofix scan.

[Skag]

I started it up in safe mode. I got a message that it had found 5 rootkits as follows:

C:\Windows\system32\drivers\H8SRToboiutqhdt.sys
C:\Windows\system32\H8SRTjboqdesqim.dll
C:\Windows\system32\H8SRTlqsivflwvp.dat
C:\Windows\system32\H8SRTxpsfdbglbg.dll
C:\Windows\system32\H8SRTwqyrgqqsvv.dll

It also said it will be rebooting. On reboot it had an error message that a combo-fix file path didn't exist (sorry I had written it down in a previous post but the browser had shut down before I clicked reply). It didn't create a .txt file for combo fix and I am currently running a second test now. So far it had not mentioned the rootkits and has just sent the laptop to reboot. I will update this post with the results hopefully.

[Skag]

I still wasn't able to get a txt file for Combo-Fix but I shall try again soon.#

I did manage to run the GMER program sucessfully on safe mode however, log follows.

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-05 10:27:44
Windows 6.0.6000
Running: gmer.exe; Driver: C:\Users\Sunil\AppData\Local\Temp\kfliykob.sys


---- System - GMER 1.0.15 ----

INT 0x51 ? 941102D0
INT 0x71 ? 94110050
INT 0x72 ? 94446A50
INT 0x81 ? 941107D0
INT 0x82 ? 94446CD0
INT 0x92 ? 944467D0
INT 0xA2 ? 94446550
INT 0xB1 ? 94110CD0
INT 0xB2 ? 94110550

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AsDsm.sys (Data Security Manager Driver/Windows ® Codename Longhorn DDK provider)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0018f337f16b
Reg HKLM\SYSTEM\ControlSet007\Services\BTHPORT\Parameters\Keys\0018f337f16b (not active ControlSet)

---- Files - GMER 1.0.15 ----

File C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86 0 bytes
File C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86\AsDsm.sys 29752 bytes executable
File C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86\_avt 512 bytes

---- EOF - GMER 1.0.15 ----

[hammerman]

Are you able to run Combofix from Normal mode?

[Skag]

No, it will not start up after the loading bar. I deleted and re-downloaded the file but it says it couldn't create some files and asks me to reboot. After the reboot it does what it did before - does not go past the loading bar

[hammerman]

Hi,

Please follow these steps.

-- Step 1 --

Run OTL and select Minimal Output. Use the Run Scan button to start a scan.
Please post the OTL report in your reply.

-- Step 2 --

Download SysProt Antirootkit from the link below (you will find it at the bottom of the page under attachments, or you can get it from one of the mirrors).

http://sites.google....rotantirootkit/

Unzip it into a folder on your desktop.

Start the Sysprot.exe program.

• Click on the Log tab.
• In the Write to log box select all items.
• Click on the Create Log button on the bottom right.
• After a few seconds a new Window should appear.
• Make sure Scan all drives is selected and click on the Start button.
• When it is complete a new Window will appear to indicate that the scan is finished.
• The log will be created and saved automatically in the same folder. Open the text file and copy/paste the log here.

[Skag]

Both the OTL log and the SysProt log were sucessful

Here is the OTL log:

OTL logfile created on: 05/01/2010 18:34:22 - Run 2
OTL by OldTimer - Version 3.1.20.2 Folder = C:\Users\Sunil\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16809)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 65.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 65.63 Gb Free Space | 44.03% Space Free | Partition Type: NTFS
Drive D: | 141.23 Gb Total Space | 50.47 Gb Free Space | 35.73% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SUNILS--LAPTOP
Current User Name: Sunil
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Sunil\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Prevx\prevx.exe (Prevx)
PRC - C:\Windows\System32\PnkBstrB.exe ()
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - D:\ITUNES!\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Windows\System32\PnkBstrA.exe ()
PRC - C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Users\Sunil\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\ASScrPro.exe ()
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Windows\System32\Ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
PRC - C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()
PRC - C:\Program Files\ASUS\Splendid\ACMON.exe (ATK)
PRC - C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe ()
PRC - C:\Program Files\ATK Hotkey\HControl.exe (ATK0100)
PRC - C:\Program Files\ATK Hotkey\KBFiltr.exe ()
PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
PRC - C:\Program Files\ATK Hotkey\ASLDRSrv.exe ()
PRC - C:\Program Files\ATKOSD2\ATKOSD2.exe ()
PRC - C:\Program Files\Wireless Console 2\wcourier.exe ()
PRC - C:\Program Files\ATK Hotkey\ATKOSD.exe ()
PRC - C:\Program Files\ASUS\ATK Media\DMedia.exe (ASUSTeK Computer INC.)
PRC - C:\Windows\System32\WUDFHost.exe (Microsoft Corporation)
PRC - \\?\C:\Windows\System32\wbem\WMIADAP.EXE ()
PRC - C:\Windows\System32\wbem\unsecapp.exe (Microsoft Corporation)
PRC - C:\Windows\System32\ACEngSvr.exe (ASUSTeK)


========== Modules (SafeList) ==========

MOD - C:\Users\Sunil\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\sfc_os.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sfc.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msiltcfg.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (CSIScanner) -- C:\Program Files\Prevx\prevx.exe (Prevx)
SRV - (PnkBstrB) -- C:\Windows\System32\PnkBstrB.exe ()
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (PnkBstrA) -- C:\Windows\System32\PnkBstrA.exe ()
SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (Ati External Event Utility) -- C:\Windows\System32\Ati2evxx.exe (ATI Technologies Inc.)
SRV - (ATKGFNEXSrv) -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()
SRV - (LightScribeService) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (NMIndexingService) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (Nero AG)
SRV - (ADSMService) -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe ()
SRV - (NBService) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe (Nero AG)
SRV - (ASLDRService) -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe ()
SRV - (ehstart) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation)
SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)


========== Driver Services (SafeList) ==========

DRV - (pxrts) -- C:\Windows\System32\drivers\pxrts.sys (Prevx)
DRV - (pxscan) -- C:\Windows\System32\drivers\pxscan.sys (Prevx)
DRV - (pxkbf) -- C:\Windows\System32\drivers\pxkbf.sys (Prevx)
DRV - (PnkBstrK) -- C:\Windows\System32\drivers\PnkBstrK.sys ()
DRV - (USBAAPL) -- C:\Windows\System32\drivers\usbaapl.sys (Apple, Inc.)
DRV - (GEARAspiWDM) -- C:\Windows\System32\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (ENTECH) -- C:\Windows\System32\drivers\Entech.sys (EnTech Taiwan)
DRV - (PxHelp20) -- C:\Windows\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (RTSTOR) -- C:\Windows\System32\drivers\RTSTOR.sys (Realtek Semiconductor Corp.)
DRV - (FiltUSBET) -- C:\Windows\System32\drivers\etFilter.sys (eMPIA Technology Inc.)
DRV - (ScanUSBET) -- C:\Windows\System32\drivers\etScan.sys (eMPIA Technology, Inc.)
DRV - (DCamUSBET) -- C:\Windows\System32\drivers\etDevice.sys (eMPIA Technology, Inc.)
DRV - (AsDsm) -- C:\Windows\System32\drivers\AsDsm.sys (Windows ® Codename Longhorn DDK provider)
DRV - (ASMMAP) -- C:\Program Files\ATKGFNEX\ASMMAP.sys ()
DRV - (SiSGbeLH) -- C:\Windows\System32\drivers\SiSGB6.sys (Silicon Integrated Systems Corp.)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (kbfiltr) -- C:\Windows\System32\drivers\kbfiltr.sys ( )
DRV - (MTsensor) -- C:\Windows\System32\drivers\ATKACPI.sys (ATK0100)
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (MODEMCSA) -- C:\Windows\System32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation)
DRV - (NETw3v32) Intel® -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation)
DRV - (E1G60) Intel® -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (secdrv) -- C:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.asus.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:4.0.27.0
FF - prefs.js..extensions.enabledItems: {89506680-e3f4-484c-a2c0-ed711d481eda}:0.9.5.1
FF - prefs.js..extensions.enabledItems: {7694c49c-9fbd-11dc-8314-0800200c9a66}:3.0.2

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/12/18 18:47:25 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/12/18 18:47:25 | 00,000,000 | ---D | M]

[2008/09/27 15:14:38 | 00,000,000 | ---D | M] -- C:\Users\Sunil\AppData\Roaming\Mozilla\Extensions
[2010/01/03 04:18:11 | 00,000,000 | ---D | M] -- C:\Users\Sunil\AppData\Roaming\Mozilla\Firefox\Profiles\4956bnvf.default\extensions
[2008/12/05 01:47:51 | 00,000,000 | ---D | M] (No name found) -- C:\Users\Sunil\AppData\Roaming\Mozilla\Firefox\Profiles\4956bnvf.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}(73)
[2008/10/16 22:44:26 | 00,000,000 | ---D | M] (Aquatint Black Gloss) -- C:\Users\Sunil\AppData\Roaming\Mozilla\Firefox\Profiles\4956bnvf.default\extensions\{7694c49c-9fbd-11dc-8314-0800200c9a66}
[2009/10/01 15:50:46 | 00,000,000 | ---D | M] (Firefox Showcase) -- C:\Users\Sunil\AppData\Roaming\Mozilla\Firefox\Profiles\4956bnvf.default\extensions\{89506680-e3f4-484c-a2c0-ed711d481eda}
[2009/10/23 03:49:30 | 00,000,000 | ---D | M] -- C:\Users\Sunil\AppData\Roaming\Mozilla\Firefox\Profiles\4956bnvf.default\extensions\[email protected]
[2008/12/06 02:30:43 | 00,000,000 | ---D | M] -- C:\Users\Sunil\AppData\Roaming\Mozilla\Firefox\Profiles\4956bnvf.default\extensions\nasanightlaunch@example(72).com
[2008/10/16 15:59:22 | 00,001,146 | ---- | M] () -- C:\Users\Sunil\AppData\Roaming\Mozilla\Firefox\Profiles\4956bnvf.default\searchplugins\bbc-news.xml
[2008/10/16 15:59:31 | 00,001,504 | ---- | M] () -- C:\Users\Sunil\AppData\Roaming\Mozilla\Firefox\Profiles\4956bnvf.default\searchplugins\imdb.xml
[2010/01/01 10:24:41 | 00,004,857 | ---- | M] () -- C:\Users\Sunil\AppData\Roaming\Mozilla\Firefox\Profiles\4956bnvf.default\searchplugins\isohunt---bt-search.xml
[2009/02/24 02:28:15 | 00,002,298 | ---- | M] () -- C:\Users\Sunil\AppData\Roaming\Mozilla\Firefox\Profiles\4956bnvf.default\searchplugins\lastfm.xml
[2009/03/03 00:58:09 | 00,002,006 | ---- | M] () -- C:\Users\Sunil\AppData\Roaming\Mozilla\Firefox\Profiles\4956bnvf.default\searchplugins\urban-dictionary.xml
[2009/02/07 17:44:42 | 00,001,337 | ---- | M] () -- C:\Users\Sunil\AppData\Roaming\Mozilla\Firefox\Profiles\4956bnvf.default\searchplugins\whois-lookup.xml
[2008/10/16 15:59:51 | 00,001,032 | ---- | M] () -- C:\Users\Sunil\AppData\Roaming\Mozilla\Firefox\Profiles\4956bnvf.default\searchplugins\wikipedia-eng.xml
[2008/10/16 16:00:06 | 00,002,108 | ---- | M] () -- C:\Users\Sunil\AppData\Roaming\Mozilla\Firefox\Profiles\4956bnvf.default\searchplugins\youtube-video-search.xml
[2010/01/03 04:18:11 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/01/04 15:36:50 | 00,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2008/01/04 15:36:50 | 00,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2008/11/14 19:50:55 | 00,000,759 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2008/01/04 15:36:50 | 00,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: (27 bytes) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe ()
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMedia.exe (ASUSTeK Computer INC.)
O4 - HKLM..\Run: [iTunesHelper] D:\ITUNES!\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Google Update] C:\Users\Sunil\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1242104793887 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zon...er.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 21:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/01/05 12:41:14 | 00,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/01/05 12:40:26 | 00,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/01/05 11:04:42 | 00,000,000 | ---D | C] -- C:\Windows\temp
[2010/01/05 11:04:42 | 00,000,000 | ---D | C] -- C:\Users\Sunil\AppData\Local\temp
[2010/01/05 10:35:35 | 00,000,000 | ---D | C] -- C:\Combo-Fix
[2010/01/05 08:50:47 | 00,000,000 | ---D | C] -- C:\Users\Sunil\Desktop\New Folder (2)
[2010/01/05 07:40:25 | 00,000,000 | ---D | C] -- C:\found.000
[2010/01/05 07:29:05 | 00,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/01/05 07:29:05 | 00,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/01/05 07:29:05 | 00,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/01/05 07:29:05 | 00,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/01/04 10:44:39 | 00,000,000 | ---D | C] -- C:\Config.Msi
[2010/01/04 10:38:18 | 00,000,000 | ---D | C] -- C:\Qoobox
[2010/01/03 05:49:16 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Users\Sunil\Desktop\OTL.exe
[2010/01/03 05:11:24 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/01/03 05:11:21 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/01/03 05:11:21 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/01/03 05:09:35 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/01/03 05:08:38 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/01/03 05:02:16 | 05,061,512 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Sunil\Desktop\m-bam-setup.exe
[2010/01/03 05:02:06 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Sunil\Desktop\erunt_setup.exe
[2010/01/03 05:01:56 | 00,021,504 | ---- | C] (Doug Knox) -- C:\Users\Sunil\Desktop\Sys-RestorePoint.exe
[2010/01/03 04:53:19 | 00,410,624 | ---- | C] (OldTimer Tools) -- C:\Users\Sunil\Desktop\TFC.exe
[2010/01/03 04:37:00 | 00,053,136 | ---- | C] (Prevx) -- C:\Windows\System32\PxSecure.dll
[2010/01/03 04:37:00 | 00,047,408 | ---- | C] (Prevx) -- C:\Windows\System32\drivers\pxrts.sys
[2010/01/03 04:37:00 | 00,030,280 | ---- | C] (Prevx) -- C:\Windows\System32\drivers\pxscan.sys
[2010/01/03 04:36:59 | 00,024,496 | ---- | C] (Prevx) -- C:\Windows\System32\drivers\pxkbf.sys
[2010/01/03 04:36:58 | 00,000,000 | ---D | C] -- C:\Program Files\Prevx
[2010/01/03 04:36:48 | 00,000,000 | ---D | C] -- C:\ProgramData\PrevxCSI
[2010/01/03 04:20:26 | 00,910,072 | ---- | C] (Prevx) -- C:\Users\Sunil\Desktop\PREVX-CSIFREE.EXE
[2010/01/03 01:37:40 | 00,000,000 | ---D | C] -- C:\Users\Public\Desktop\TrendMicro_TIS_17.50_en-US_32-bit
[2010/01/03 01:36:32 | 45,347,568 | ---- | C] (Trend Micro Inc.) -- C:\Users\Public\Desktop\TrendMicro_TIS_17.50_en-US_32-bit.exe
[2010/01/03 01:36:27 | 00,000,000 | ---D | C] -- C:\Users\Sunil\Desktop\TrendMicro_Downloader
[2010/01/03 01:36:09 | 01,992,152 | ---- | C] (Trend Micro Inc.) -- C:\Users\Sunil\Desktop\TrendMicro_Downloader.exe
[2009/12/30 06:47:04 | 00,000,000 | ---D | C] -- C:\Users\Sunil\Downloads\Flash Forward Season 1
[2009/12/30 02:30:30 | 00,000,000 | ---D | C] -- C:\Program Files\mkv2vob
[2009/12/29 13:22:44 | 00,000,000 | ---D | C] -- C:\Users\Sunil\Downloads\Flash Forward HD s01e09
[2009/12/29 13:21:44 | 00,000,000 | ---D | C] -- C:\Users\Sunil\Downloads\Flash Forward HD s01e08
[2009/12/29 13:21:13 | 00,000,000 | ---D | C] -- C:\Users\Sunil\Downloads\Flash Forward HD s01e07
[2009/12/29 13:20:05 | 00,000,000 | ---D | C] -- C:\Users\Sunil\Downloads\Flash Forward HD s01e06
[2009/12/28 15:19:11 | 00,000,000 | ---D | C] -- C:\Users\Sunil\Desktop\originals
[2007/01/24 18:08:39 | 00,005,632 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys

========== Files - Modified Within 30 Days ==========

[2010/01/05 18:34:21 | 01,515,942 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/01/05 18:34:21 | 00,692,118 | ---- | M] () -- C:\Windows\System32\perfh013.dat
[2010/01/05 18:34:21 | 00,623,342 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/01/05 18:34:21 | 00,126,808 | ---- | M] () -- C:\Windows\System32\perfc013.dat
[2010/01/05 18:34:21 | 00,108,526 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/01/05 18:34:14 | 05,242,880 | -HS- | M] () -- C:\Users\Sunil\ntuser.dat
[2010/01/05 18:32:57 | 00,354,396 | ---- | M] () -- C:\Users\Sunil\Desktop\SysProt.zip
[2010/01/05 18:29:16 | 00,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/01/05 18:29:16 | 00,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/01/05 18:29:14 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/01/05 18:29:10 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/01/05 18:29:03 | 32,204,63616 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/05 12:44:41 | 00,053,136 | ---- | M] (Prevx) -- C:\Windows\System32\PxSecure.dll
[2010/01/05 12:44:40 | 00,047,408 | ---- | M] (Prevx) -- C:\Windows\System32\drivers\pxrts.sys
[2010/01/05 12:44:40 | 00,030,280 | ---- | M] (Prevx) -- C:\Windows\System32\drivers\pxscan.sys
[2010/01/05 12:44:39 | 00,024,496 | ---- | M] (Prevx) -- C:\Windows\System32\drivers\pxkbf.sys
[2010/01/05 12:44:25 | 01,667,413 | -H-- | M] () -- C:\Users\Sunil\AppData\Local\IconCache.db
[2010/01/05 12:43:40 | 03,819,182 | ---- | M] () -- C:\Users\Sunil\Desktop\Combo-Fix.exe
[2010/01/05 11:04:56 | 00,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/01/05 08:31:49 | 00,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/01/05 08:26:51 | 00,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/01/05 07:47:24 | 00,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe
[2010/01/04 15:10:59 | 00,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2299308901-2864604730-1019191112-1000UA.job
[2010/01/03 05:49:17 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\Sunil\Desktop\OTL.exe
[2010/01/03 05:15:17 | 00,284,915 | ---- | M] () -- C:\Users\Sunil\Desktop\gmer.zip
[2010/01/03 05:11:26 | 00,000,825 | ---- | M] () -- C:\Users\Public\Desktop\Mal warebytes' AntiMalware.lnk
[2010/01/03 05:08:38 | 00,000,740 | ---- | M] () -- C:\Users\Sunil\Desktop\NTREGOPT.lnk
[2010/01/03 05:08:38 | 00,000,721 | ---- | M] () -- C:\Users\Sunil\Desktop\ERUNT.lnk
[2010/01/03 05:02:20 | 05,061,512 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Sunil\Desktop\m-bam-setup.exe
[2010/01/03 05:02:07 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Sunil\Desktop\erunt_setup.exe
[2010/01/03 05:02:02 | 00,021,504 | ---- | M] (Doug Knox) -- C:\Users\Sunil\Desktop\Sys-RestorePoint.exe
[2010/01/03 04:53:21 | 00,410,624 | ---- | M] (OldTimer Tools) -- C:\Users\Sunil\Desktop\TFC.exe
[2010/01/03 04:41:30 | 00,000,050 | ---- | M] () -- C:\Windows\wininit.ini
[2010/01/03 04:20:28 | 00,910,072 | ---- | M] (Prevx) -- C:\Users\Sunil\Desktop\PREVX-CSIFREE.EXE
[2010/01/03 04:10:15 | 00,000,854 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2299308901-2864604730-1019191112-1000Core.job
[2010/01/03 01:37:32 | 45,347,568 | ---- | M] (Trend Micro Inc.) -- C:\Users\Public\Desktop\TrendMicro_TIS_17.50_en-US_32-bit.exe
[2010/01/03 01:36:11 | 01,992,152 | ---- | M] (Trend Micro Inc.) -- C:\Users\Sunil\Desktop\TrendMicro_Downloader.exe
[2010/01/03 00:35:54 | 00,000,875 | ---- | M] () -- C:\Windows\System32\krl32mainweq.dll
[2010/01/03 00:34:10 | 00,000,008 | ---- | M] () -- C:\ProgramData\sysReserve.ini
[2010/01/02 22:33:08 | 00,189,392 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[2010/01/02 22:33:08 | 00,189,392 | ---- | M] () -- C:\Windows\System32\PnkBstrB.exe
[2010/01/02 21:01:23 | 00,138,016 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010/01/02 20:36:30 | 00,243,007 | ---- | M] () -- C:\Users\Sunil\Desktop\Shot01320.png
[2010/01/01 10:35:12 | 00,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2009/12/31 08:16:41 | 00,031,232 | ---- | M] () -- C:\Users\Sunil\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/30 14:55:24 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/12/30 14:54:58 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/12/30 02:30:31 | 00,001,794 | ---- | M] () -- C:\Users\Sunil\Desktop\mkv2vob.lnk
[2009/12/30 02:28:06 | 08,192,000 | ---- | M] () -- C:\Users\Sunil\Desktop\mkv2vob.exe
[2009/12/28 15:24:11 | 00,033,376 | ---- | M] () -- C:\Users\Sunil\Desktop\ArmyOps.ini
[2009/12/15 11:24:48 | 00,293,376 | ---- | M] () -- C:\Users\Sunil\Desktop\gmer.exe
[2009/12/09 22:54:07 | 00,261,632 | ---- | M] () -- C:\Windows\PEV.exe

========== Files Created - No Company Name ==========

[2010/01/05 18:32:56 | 00,354,396 | ---- | C] () -- C:\Users\Sunil\Desktop\SysProt.zip
[2010/01/05 12:43:37 | 03,819,182 | ---- | C] () -- C:\Users\Sunil\Desktop\Combo-Fix.exe
[2010/01/05 12:36:24 | 32,204,63616 | -HS- | C] () -- C:\hiberfil.sys
[2010/01/05 07:29:05 | 00,261,632 | ---- | C] () -- C:\Windows\PEV.exe
[2010/01/05 07:29:05 | 00,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/01/05 07:29:05 | 00,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/01/05 07:29:05 | 00,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/01/05 07:29:05 | 00,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/01/03 05:15:24 | 00,293,376 | ---- | C] () -- C:\Users\Sunil\Desktop\gmer.exe
[2010/01/03 05:15:16 | 00,284,915 | ---- | C] () -- C:\Users\Sunil\Desktop\gmer.zip
[2010/01/03 05:11:26 | 00,000,825 | ---- | C] () -- C:\Users\Public\Desktop\Mal warebytes' AntiMalware.lnk
[2010/01/03 05:08:38 | 00,000,740 | ---- | C] () -- C:\Users\Sunil\Desktop\NTREGOPT.lnk
[2010/01/03 05:08:38 | 00,000,721 | ---- | C] () -- C:\Users\Sunil\Desktop\ERUNT.lnk
[2010/01/03 04:36:48 | 00,000,050 | ---- | C] () -- C:\Windows\wininit.ini
[2010/01/03 00:35:54 | 00,000,875 | ---- | C] () -- C:\Windows\System32\krl32mainweq.dll
[2010/01/03 00:34:10 | 00,000,008 | ---- | C] () -- C:\ProgramData\sysReserve.ini
[2010/01/02 20:36:29 | 00,243,007 | ---- | C] () -- C:\Users\Sunil\Desktop\Shot01320.png
[2009/12/30 02:30:31 | 00,001,794 | ---- | C] () -- C:\Users\Sunil\Desktop\mkv2vob.lnk
[2009/12/30 02:27:47 | 08,192,000 | ---- | C] () -- C:\Users\Sunil\Desktop\mkv2vob.exe
[2009/12/20 21:51:00 | 00,033,376 | ---- | C] () -- C:\Users\Sunil\Desktop\ArmyOps.ini
[2009/06/11 22:29:50 | 00,041,808 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2009/03/01 22:53:04 | 00,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/02/04 03:07:09 | 00,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/12/24 17:21:58 | 00,000,680 | ---- | C] () -- C:\Users\Sunil\AppData\Local\d3d9caps.dat
[2008/11/28 18:01:01 | 00,138,056 | ---- | C] () -- C:\Users\Sunil\AppData\Roaming\PnkBstrK.sys
[2008/11/10 00:25:12 | 00,000,552 | ---- | C] () -- C:\Users\Sunil\AppData\Local\d3d8caps.dat
[2008/09/30 16:04:06 | 00,138,016 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2008/09/29 14:03:28 | 00,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2008/09/28 00:19:15 | 00,031,232 | ---- | C] () -- C:\Users\Sunil\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/26 17:36:42 | 00,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/09/19 21:57:34 | 03,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/09/19 21:55:10 | 00,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest
[2008/09/19 21:55:10 | 00,000,416 | ---- | C] () -- C:\Windows\System32\dpl100.dll.manifest
[2008/09/19 21:54:18 | 00,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2008/05/14 07:38:35 | 00,012,288 | ---- | C] () -- C:\Windows\impborl.dll
[2007/12/20 14:02:19 | 00,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2007/04/18 09:06:01 | 00,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini
[2007/03/06 06:39:19 | 00,049,152 | ---- | C] () -- C:\Windows\revdevdll.dll
[2006/11/02 12:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 07:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/03/09 10:57:59 | 01,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2003/01/07 22:05:08 | 00,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
< End of report >

Here is the SysProt log:

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

Process:
Name: [System Idle Process]
PID: 0
Hidden: No
Window Visible: No

Name: System
PID: 4
Hidden: No
Window Visible: No

Name: C:\Windows\System32\smss.exe
PID: 392
Hidden: No
Window Visible: No

Name: C:\Windows\System32\csrss.exe
PID: 536
Hidden: No
Window Visible: No

Name: C:\Windows\System32\wininit.exe
PID: 604
Hidden: No
Window Visible: No

Name: C:\Windows\System32\csrss.exe
PID: 616
Hidden: No
Window Visible: No

Name: C:\Windows\System32\services.exe
PID: 648
Hidden: No
Window Visible: No

Name: C:\Windows\System32\winlogon.exe
PID: 676
Hidden: No
Window Visible: No

Name: C:\Windows\System32\lsass.exe
PID: 700
Hidden: No
Window Visible: No

Name: C:\Windows\System32\lsm.exe
PID: 720
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 852
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 916
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 964
Hidden: No
Window Visible: No

Name: C:\Windows\System32\Ati2evxx.exe
PID: 1052
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 1064
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 1124
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 1156
Hidden: No
Window Visible: No

Name: C:\Windows\System32\audiodg.exe
PID: 1216
Hidden: No
Window Visible: No

Name: C:\Windows\System32\SLsvc.exe
PID: 1248
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 1376
Hidden: No
Window Visible: No

Name: C:\Windows\System32\Ati2evxx.exe
PID: 1440
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 1532
Hidden: No
Window Visible: No

Name: C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
PID: 1656
Hidden: No
Window Visible: No

Name: C:\Program Files\ATK Hotkey\ASLDRSrv.exe
PID: 1668
Hidden: No
Window Visible: No

Name: C:\Program Files\ATKGFNEX\GFNEXSrv.exe
PID: 1684
Hidden: No
Window Visible: No

Name: C:\Windows\System32\spoolsv.exe
PID: 1768
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 1836
Hidden: No
Window Visible: No

Name: C:\Windows\System32\dwm.exe
PID: 480
Hidden: No
Window Visible: No

Name: C:\Windows\System32\taskeng.exe
PID: 340
Hidden: No
Window Visible: No

Name: C:\Windows\explorer.exe
PID: 844
Hidden: No
Window Visible: No

Name: C:\Program Files\ATK Hotkey\HControl.exe
PID: 512
Hidden: No
Window Visible: No

Name: C:\Program Files\ATKOSD2\ATKOSD2.exe
PID: 1324
Hidden: No
Window Visible: No

Name: C:\Program Files\Windows Defender\MSASCui.exe
PID: 2060
Hidden: No
Window Visible: No

Name: C:\Program Files\Wireless Console 2\wcourier.exe
PID: 2068
Hidden: No
Window Visible: No

Name: C:\Windows\RtHDVCpl.exe
PID: 2104
Hidden: No
Window Visible: No

Name: C:\Program Files\ASUS\Splendid\ACMON.exe
PID: 2112
Hidden: No
Window Visible: No

Name: C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
PID: 2120
Hidden: No
Window Visible: No

Name: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PID: 2132
Hidden: No
Window Visible: No

Name: C:\Program Files\ASUS\ATK Media\DMedia.exe
PID: 2144
Hidden: No
Window Visible: No

Name: C:\Windows\ASScrPro.exe
PID: 2160
Hidden: No
Window Visible: No

Name: C:\Windows\System32\ACEngSvr.exe
PID: 2212
Hidden: No
Window Visible: No

Name: D:\ITUNES!\iTunesHelper.exe
PID: 2220
Hidden: No
Window Visible: No

Name: C:\Program Files\Java\jre6\bin\jusched.exe
PID: 2248
Hidden: No
Window Visible: No

Name: C:\Windows\ehome\ehtray.exe
PID: 2264
Hidden: No
Window Visible: No

Name: C:\Users\Sunil\AppData\Local\Google\Update\GoogleUpdate.exe
PID: 2276
Hidden: No
Window Visible: No

Name: C:\Program Files\ATK Hotkey\ATKOSD.exe
PID: 2320
Hidden: No
Window Visible: No

Name: C:\Program Files\ATK Hotkey\KBFiltr.exe
PID: 2384
Hidden: No
Window Visible: No

Name: C:\Windows\ehome\ehmsas.exe
PID: 2408
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PID: 2748
Hidden: No
Window Visible: No

Name: C:\Program Files\Bonjour\mDNSResponder.exe
PID: 2780
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 2792
Hidden: No
Window Visible: No

Name: C:\Program Files\Prevx\prevx.exe
PID: 2820
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PID: 2876
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
PID: 2964
Hidden: No
Window Visible: No

Name: C:\Windows\System32\PnkBstrA.exe
PID: 3084
Hidden: No
Window Visible: No

Name: C:\Windows\System32\PnkBstrB.exe
PID: 3100
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 3112
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 3128
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 3184
Hidden: No
Window Visible: No

Name: C:\Windows\System32\SearchIndexer.exe
PID: 3224
Hidden: No
Window Visible: No

Name: C:\Windows\System32\WUDFHost.exe
PID: 3540
Hidden: No
Window Visible: No

Name: C:\Program Files\iPod\bin\iPodService.exe
PID: 3736
Hidden: No
Window Visible: No

Name: C:\Program Files\Prevx\prevx.exe
PID: 2088
Hidden: No
Window Visible: No

Name: C:\Windows\System32\wbem\unsecapp.exe
PID: 600
Hidden: No
Window Visible: No

Name: C:\Windows\System32\wbem\WmiPrvSE.exe
PID: 3624
Hidden: No
Window Visible: No

Name: C:\Windows\System32\taskeng.exe
PID: 1420
Hidden: No
Window Visible: No

Name: C:\Windows\System32\wuauclt.exe
PID: 2044
Hidden: No
Window Visible: No

Name: C:\Windows\System32\notepad.exe
PID: 824
Hidden: No
Window Visible: Yes

Name: C:\Windows\System32\SearchProtocolHost.exe
PID: 2192
Hidden: No
Window Visible: No

Name: C:\Windows\System32\SearchFilterHost.exe
PID: 2800
Hidden: No
Window Visible: No

Name: C:\Users\Sunil\Desktop\SysProt\SysProt.exe
PID: 1528
Hidden: No
Window Visible: Yes

******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \??\C:\Users\Sunil\Desktop\SysProt\SysProtDrv.sys
Service Name: SysProtDrv.sys
Module Base: 9E6B3000
Module End: 9E6BE000
Hidden: No

Module Name: C:\Windows\system32\ntkrnlpa.exe
Service Name: ---
Module Base: 91400000
Module End: 917A1000
Hidden: No

Module Name: C:\Windows\system32\hal.dll
Service Name: ---
Module Base: 917A1000
Module End: 917D5000
Hidden: No

Module Name: C:\Windows\system32\kdcom.dll
Service Name: ---
Module Base: 804C6000
Module End: 804CE000
Hidden: No

Module Name: C:\Windows\system32\mcupdate_GenuineIntel.dll
Service Name: ---
Module Base: 80466000
Module End: 804C6000
Hidden: No

Module Name: C:\Windows\system32\PSHED.dll
Service Name: ---
Module Base: 8045D000
Module End: 80466000
Hidden: No

Module Name: C:\Windows\system32\BOOTVID.dll
Service Name: ---
Module Base: 80455000
Module End: 8045D000
Hidden: No

Module Name: C:\Windows\system32\CLFS.SYS
Service Name: CLFS
Module Base: 8041A000
Module End: 80455000
Hidden: No

Module Name: C:\Windows\system32\CI.dll
Service Name: ---
Module Base: 8071F000
Module End: 80800000
Hidden: No

Module Name: C:\Windows\system32\drivers\Wdf01000.sys
Service Name: Wdf01000
Module Base: 806A4000
Module End: 8071F000
Hidden: No

Module Name: C:\Windows\system32\drivers\WDFLDR.SYS
Service Name: ---
Module Base: 8040D000
Module End: 8041A000
Hidden: No

Module Name: C:\Windows\system32\drivers\acpi.sys
Service Name: ACPI
Module Base: 80661000
Module End: 806A4000
Hidden: No

Module Name: C:\Windows\system32\drivers\WMILIB.SYS
Service Name: ---
Module Base: 80404000
Module End: 8040D000
Hidden: No

Module Name: C:\Windows\system32\drivers\msisadrv.sys
Service Name: msisadrv
Module Base: 80659000
Module End: 80661000
Hidden: No

Module Name: C:\Windows\system32\drivers\pci.sys
Service Name: pci
Module Base: 80634000
Module End: 80659000
Hidden: No

Module Name: C:\Windows\system32\drivers\volmgr.sys
Service Name: volmgr
Module Base: 80625000
Module End: 80634000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\compbatt.sys
Service Name: Compbatt
Module Base: 80401000
Module End: 80404000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\BATTC.SYS
Service Name: BattC
Module Base: 8061B000
Module End: 80625000
Hidden: No

Module Name: C:\Windows\System32\drivers\mountmgr.sys
Service Name: MountMgr
Module Base: 8060B000
Module End: 8061B000
Hidden: No

Module Name: C:\Windows\system32\drivers\pciide.sys
Service Name: pciide
Module Base: 80604000
Module End: 8060B000
Hidden: No

Module Name: C:\Windows\system32\drivers\PCIIDEX.SYS
Service Name: ---
Module Base: 98DF2000
Module End: 98E00000
Hidden: No

Module Name: C:\Windows\System32\drivers\pxscan.sys
Service Name: pxscan
Module Base: 98DEC000
Module End: 98DF2000
Hidden: No

Module Name: C:\Windows\System32\drivers\volmgrx.sys
Service Name: volmgrx
Module Base: 98DA2000
Module End: 98DEC000
Hidden: No

Module Name: C:\Windows\system32\drivers\atapi.sys
Service Name: atapi
Module Base: 98D9A000
Module End: 98DA2000
Hidden: No

Module Name: C:\Windows\system32\drivers\ataport.SYS
Service Name: ---
Module Base: 98D7C000
Module End: 98D9A000
Hidden: No

Module Name: C:\Windows\system32\drivers\fltmgr.sys
Service Name: FltMgr
Module Base: 98D4B000
Module End: 98D7C000
Hidden: No

Module Name: C:\Windows\system32\drivers\fileinfo.sys
Service Name: FileInfo
Module Base: 98D3B000
Module End: 98D4B000
Hidden: No

Module Name: C:\Windows\System32\Drivers\AsDsm.sys
Service Name: AsDsm
Module Base: 98D31000
Module End: 98D3B000
Hidden: No

Module Name: C:\Windows\System32\Drivers\PxHelp20.sys
Service Name: PxHelp20
Module Base: 98D28000
Module End: 98D31000
Hidden: No

Module Name: C:\Windows\system32\drivers\ndis.sys
Service Name: NDIS
Module Base: 98C24000
Module End: 98D28000
Hidden: No

Module Name: C:\Windows\system32\drivers\msrpc.sys
Service Name: MsRPC
Module Base: 98FD5000
Module End: 99000000
Hidden: No

Module Name: C:\Windows\system32\drivers\NETIO.SYS
Service Name: ---
Module Base: 98F9C000
Module End: 98FD5000
Hidden: No

Module Name: C:\Windows\System32\Drivers\Ntfs.sys
Service Name: Ntfs
Module Base: 98E94000
Module End: 98F9C000
Hidden: No

Module Name: C:\Windows\System32\Drivers\ksecdd.sys
Service Name: KSecDD
Module Base: 98E2A000
Module End: 98E94000
Hidden: No

Module Name: C:\Windows\system32\drivers\wd.sys
Service Name: Wd
Module Base: 98C1C000
Module End: 98C24000
Hidden: No

Module Name: C:\Windows\system32\drivers\volsnap.sys
Service Name: volsnap
Module Base: 991CA000
Module End: 99200000
Hidden: No

Module Name: C:\Windows\System32\Drivers\spldr.sys
Service Name: spldr
Module Base: 98C14000
Module End: 98C1C000
Hidden: No

Module Name: C:\Windows\System32\drivers\partmgr.sys
Service Name: partmgr
Module Base: 98C05000
Module End: 98C14000
Hidden: No

Module Name: C:\Windows\System32\Drivers\mup.sys
Service Name: Mup
Module Base: 98E1B000
Module End: 98E2A000
Hidden: No

Module Name: C:\Windows\System32\drivers\ecache.sys
Service Name: Ecache
Module Base: 991A5000
Module End: 991CA000
Hidden: No

Module Name: C:\Windows\system32\drivers\disk.sys
Service Name: disk
Module Base: 98E0A000
Module End: 98E1B000
Hidden: No

Module Name: C:\Windows\system32\drivers\CLASSPNP.SYS
Service Name: ---
Module Base: 99184000
Module End: 991A5000
Hidden: No

Module Name: C:\Windows\system32\drivers\crcdisk.sys
Service Name: crcdisk
Module Base: 98E01000
Module End: 98E0A000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\tunnel.sys
Service Name: tunnel
Module Base: 99E06000
Module End: 99E11000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\tunmp.sys
Service Name: tunmp
Module Base: 99EC1000
Module End: 99ECA000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\ATKACPI.sys
Service Name: MTsensor
Module Base: 9B9A0000
Module End: 9B9A8000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\intelppm.sys
Service Name: intelppm
Module Base: 99E39000
Module End: 99E47000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\atikmdag.sys
Service Name: atikmdag
Module Base: 9D85E000
Module End: 9DC00000
Hidden: No

Module Name: C:\Windows\System32\drivers\dxgkrnl.sys
Service Name: DXGKrnl
Module Base: 9D7BF000
Module End: 9D85E000
Hidden: No

Module Name: C:\Windows\System32\drivers\watchdog.sys
Service Name: ---
Module Base: 9B873000
Module End: 9B880000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\i8042prt.sys
Service Name: i8042prt
Module Base: 9B860000
Module End: 9B873000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\kbfiltr.sys
Service Name: kbfiltr
Module Base: 99F58000
Module End: 99F5A000
Hidden: No

Module Name: C:\Windows\System32\drivers\pxkbf.sys
Service Name: pxkbf
Module Base: 99FEC000
Module End: 99FF1000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\kbdclass.sys
Service Name: kbdclass
Module Base: 9B855000
Module End: 9B860000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\SynTP.sys
Service Name: SynTP
Module Base: 9B82A000
Module End: 9B855000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\USBD.SYS
Service Name: ---
Module Base: 99F4C000
Module End: 99F4E000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\mouclass.sys
Service Name: mouclass
Module Base: 9B81F000
Module End: 9B82A000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\cdrom.sys
Service Name: cdrom
Module Base: 9B807000
Module End: 9B81F000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
Service Name: GEARAspiWDM
Module Base: 99E11000
Module End: 99E1B000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\usbohci.sys
Service Name: usbohci
Module Base: 9D71F000
Module End: 9D729000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\USBPORT.SYS
Service Name: ---
Module Base: 9D6E2000
Module End: 9D71F000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\usbehci.sys
Service Name: usbehci
Module Base: 9B902000
Module End: 9B910000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\SiSGB6.sys
Service Name: SiSGbeLH
Module Base: 99AF4000
Module End: 99B04000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\athr.sys
Service Name: athr
Module Base: 9DF10000
Module End: 9E000000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\HDAudBus.sys
Service Name: HDAudBus
Module Base: 9B8F0000
Module End: 9B902000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\CmBatt.sys
Service Name: CmBatt
Module Base: 99E58000
Module End: 99E5C000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\msiscsi.sys
Service Name: iScsiPrt
Module Base: 9D6B7000
Module End: 9D6E2000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\storport.sys
Service Name: ---
Module Base: 9D677000
Module End: 9D6B7000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\TDI.SYS
Service Name: ---
Module Base: 9B8E5000
Module End: 9B8F0000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\rasl2tp.sys
Service Name: Rasl2tp
Module Base: 9D660000
Module End: 9D677000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\ndistapi.sys
Service Name: NdisTapi
Module Base: 9D655000
Module End: 9D660000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\ndiswan.sys
Service Name: NdisWan
Module Base: 9D632000
Module End: 9D655000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\raspppoe.sys
Service Name: RasPppoe
Module Base: 99BD8000
Module End: 99BE7000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\raspptp.sys
Service Name: PptpMiniport
Module Base: 9D61F000
Module End: 9D632000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\termdd.sys
Service Name: TermDD
Module Base: 9DF01000
Module End: 9DF10000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\swenum.sys
Service Name: swenum
Module Base: 99F4A000
Module End: 99F4C000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\ks.sys
Service Name: ---
Module Base: 9DED7000
Module End: 9DF01000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\mssmbios.sys
Service Name: mssmbios
Module Base: 9D729000
Module End: 9D733000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\umbus.sys
Service Name: umbus
Module Base: 9DECA000
Module End: 9DED7000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\usbhub.sys
Service Name: usbhub
Module Base: 9DE96000
Module End: 9DECA000
Hidden: No

Module Name: C:\Windows\System32\Drivers\NDProxy.SYS
Service Name: NDProxy
Module Base: 99B34000
Module End: 99B44000
Hidden: No

Module Name: C:\Windows\system32\drivers\RTKVHDA.sys
Service Name: IntcAzAudAddService
Module Base: 9E00E000
Module End: 9E200000
Hidden: No

Module Name: C:\Windows\system32\drivers\portcls.sys
Service Name: ---
Module Base: 9DE69000
Module End: 9DE96000
Hidden: No

Module Name: C:\Windows\system32\drivers\drmk.sys
Service Name: ---
Module Base: 9DE44000
Module End: 9DE69000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\smserial.sys
Service Name: Serial
Module Base: 9E310000
Module End: 9E400000
Hidden: No

Module Name: C:\Windows\system32\drivers\modem.sys
Service Name: Modem
Module Base: 9DE37000
Module End: 9DE44000
Hidden: No

Module Name: C:\Windows\system32\drivers\MODEMCSA.sys
Service Name: MODEMCSA
Module Base: 9D733000
Module End: 9D73D000
Hidden: No

Module Name: C:\Windows\System32\Drivers\Fs_Rec.SYS
Service Name: Fs_Rec
Module Base: 99EE5000
Module End: 99EEE000
Hidden: No

Module Name: C:\Windows\System32\Drivers\Null.SYS
Service Name: Null
Module Base: 9B925000
Module End: 9B92C000
Hidden: No

Module Name: C:\Windows\System32\Drivers\Beep.SYS
Service Name: Beep
Module Base: 9B92C000
Module End: 9B933000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\HIDPARSE.SYS
Service Name: ---
Module Base: 9B933000
Module End: 9B93A000
Hidden: No

Module Name: C:\Windows\System32\drivers\vga.sys
Service Name: vga
Module Base: 9DE1B000
Module End: 9DE27000
Hidden: No

Module Name: C:\Windows\System32\drivers\VIDEOPRT.SYS
Service Name: ---
Module Base: 9E2AF000
Module End: 9E2D0000
Hidden: No

Module Name: C:\Windows\System32\DRIVERS\RDPCDD.sys
Service Name: RDPCDD
Module Base: 9B9B8000
Module End: 9B9C0000
Hidden: No

Module Name: C:\Windows\system32\drivers\rdpencdd.sys
Service Name: RDPENCDD
Module Base: 9B9C0000
Module End: 9B9C8000
Hidden: No

Module Name: C:\Windows\System32\Drivers\Msfs.SYS
Service Name: Msfs
Module Base: 9D614000
Module End: 9D61F000
Hidden: No

Module Name: C:\Windows\System32\Drivers\Npfs.SYS
Service Name: Npfs
Module Base: 9D606000
Module End: 9D614000
Hidden: No

Module Name: C:\Windows\System32\DRIVERS\rasacd.sys
Service Name: RasAcd
Module Base: 99EF7000
Module End: 99F00000
Hidden: No

Module Name: C:\Windows\System32\drivers\tcpip.sys
Service Name: Tcpip
Module Base: 9E44F000
Module End: 9E520000
Hidden: No

Module Name: C:\Windows\System32\drivers\fwpkclnt.sys
Service Name: ---
Module Base: 9DE02000
Module End: 9DE1B000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\tdx.sys
Service Name: tdx
Module Base: 9E27A000
Module End: 9E28F000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\smb.sys
Service Name: Smb
Module Base: 9E266000
Module End: 9E27A000
Hidden: No

Module Name: C:\Windows\system32\drivers\afd.sys
Service Name: AFD
Module Base: 9E21F000
Module End: 9E266000
Hidden: No

Module Name: C:\Windows\System32\DRIVERS\netbt.sys
Service Name: netbt
Module Base: 9E41D000
Module End: 9E44F000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\pacer.sys
Service Name: PSched
Module Base: 9E209000
Module End: 9E21F000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\netbios.sys
Service Name: NetBIOS
Module Base: 9E520000
Module End: 9E52E000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\wanarp.sys
Service Name: Wanarp
Module Base: 9E40A000
Module End: 9E41D000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\rdbss.sys
Service Name: rdbss
Module Base: 9E7C5000
Module End: 9E800000
Hidden: No

Module Name: C:\Windows\system32\drivers\nsiproxy.sys
Service Name: nsiproxy
Module Base: 9D73D000
Module End: 9D747000
Hidden: No

Module Name: C:\Windows\System32\Drivers\dfsc.sys
Service Name: DfsC
Module Base: 9E76E000
Module End: 9E785000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\hidusb.sys
Service Name: HidUsb
Module Base: 99F00000
Module End: 99F09000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\HIDCLASS.SYS
Service Name: ---
Module Base: 99A94000
Module End: 99AA4000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\usbccgp.sys
Service Name: usbccgp
Module Base: 9E707000
Module End: 9E71E000
Hidden: No

Module Name: C:\Windows\system32\drivers\RTSTOR.SYS
Service Name: RTSTOR
Module Base: 9E6F5000
Module End: 9E707000
Hidden: No

Module Name: C:\Windows\System32\Drivers\crashdmp.sys
Service Name: ---
Module Base: 99E26000
Module End: 99E33000
Hidden: No

Module Name: \SystemRoot\System32\Drivers\dump_dumpata.sys
Service Name: ---
Module Base: 99E1B000
Module End: 99E26000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys
Service Name: ---
Module Base: 9B9C8000
Module End: 9B9D0000
Hidden: Yes

Module Name: C:\Windows\system32\DRIVERS\mouhid.sys
Service Name: mouhid
Module Base: 9B9A8000
Module End: 9B9B0000
Hidden: No

Module Name: C:\Windows\System32\Drivers\fastfat.SYS
Service Name: fastfat
Module Base: 9E61D000
Module End: 9E645000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\etFilter.sys
Service Name: FiltUSBET
Module Base: 9F38D000
Module End: 9F3C0000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\etDevice.sys
Service Name: DCamUSBET
Module Base: 9F319000
Module End: 9F38D000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\STREAM.SYS
Service Name: ---
Module Base: 9E001000
Module End: 9E00E000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\etScan.sys
Service Name: ScanUSBET
Module Base: 99F50000
Module End: 99F52000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\kbdhid.sys
Service Name: kbdhid
Module Base: 99BE7000
Module End: 99BF0000
Hidden: No

Module Name: C:\Windows\System32\drivers\Dxapi.sys
Service Name: ---
Module Base: 9D751000
Module End: 9D75B000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\monitor.sys
Service Name: monitor
Module Base: 81E6C000
Module End: 81E7B000
Hidden: No

Module Name: C:\Windows\System32\drivers\pxrts.sys
Service Name: pxrts
Module Base: 9D75B000
Module End: 9D765000
Hidden: No

Module Name: C:\Windows\system32\drivers\spsys.sys
Service Name: ---
Module Base: 9F24B000
Module End: 9F2D9000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\lltdio.sys
Service Name: lltdio
Module Base: 99AB4000
Module End: 99AC4000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\nwifi.sys
Service Name: NativeWifiP
Module Base: 867D5000
Module End: 86800000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\ndisuio.sys
Service Name: Ndisuio
Module Base: 9D747000
Module End: 9D751000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\rspndr.sys
Service Name: rspndr
Module Base: 867C2000
Module End: 867D5000
Hidden: No

Module Name: \??\C:\Program Files\ATKGFNEX\ASMMAP.sys
Service Name: ASMMAP
Module Base: 9B948000
Module End: 9B94F000
Hidden: No

Module Name: C:\Windows\system32\drivers\HTTP.sys
Service Name: HTTP
Module Base: 8665C000
Module End: 866C2000
Hidden: No

Module Name: C:\Windows\System32\DRIVERS\srvnet.sys
Service Name: srvnet
Module Base: 86541000
Module End: 8655C000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\bowser.sys
Service Name: bowser
Module Base: 864E8000
Module End: 86501000
Hidden: No

Module Name: C:\Windows\System32\drivers\mpsdrv.sys
Service Name: mpsdrv
Module Base: 864D4000
Module End: 864E8000
Hidden: No

Module Name: C:\Windows\system32\drivers\mrxdav.sys
Service Name: MRxDAV
Module Base: 864B4000
Module End: 864D4000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\mrxsmb.sys
Service Name: mrxsmb
Module Base: 86496000
Module End: 864B4000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\mrxsmb10.sys
Service Name: mrxsmb10
Module Base: 8645D000
Module End: 86496000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\mrxsmb20.sys
Service Name: mrxsmb20
Module Base: 8644B000
Module End: 8645D000
Hidden: No

Module Name: C:\Windows\System32\DRIVERS\srv2.sys
Service Name: srv2
Module Base: 86427000
Module End: 8644B000
Hidden: No

Module Name: C:\Windows\System32\DRIVERS\srv.sys
Service Name: srv
Module Base: 873B4000
Module End: 87400000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\ipfltdrv.sys
Service Name: IpFilterDriver
Module Base: 8391A000
Module End: 8392C000
Hidden: No

Module Name: C:\Windows\system32\drivers\peauth.sys
Service Name: PEAUTH
Module Base: 8D6E2000
Module End: 8D7C0000
Hidden: No

Module Name: C:\Windows\System32\Drivers\secdrv.SYS
Service Name: secdrv
Module Base: 9D765000
Module End: 9D76F000
Hidden: No

Module Name: C:\Windows\System32\drivers\tcpipreg.sys
Service Name: tcpipreg
Module Base: 9E6BE000
Module End: 9E6C9000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\WUDFRd.sys
Service Name: WUDFRd
Module Base: 83905000
Module End: 8391A000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\WUDFPf.sys
Service Name: ---
Module Base: 8883A000
Module End: 8884C000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\cdfs.sys
Service Name: cdfs
Module Base: 88824000
Module End: 8883A000
Hidden: No

******************************************************************************************
******************************************************************************************
SSDT:
Function Name: ZwAssignProcessToJobObject
Address: 9D75C1CC
Driver Base: 9D75B000
Driver End: 9D765000
Driver Name: \SystemRoot\System32\drivers\pxrts.sys

Function Name: ZwCreateThread
Address: 9D75C206
Driver Base: 9D75B000
Driver End: 9D765000
Driver Name: \SystemRoot\System32\drivers\pxrts.sys

Function Name: ZwOpenProcess
Address: 9D75C51A
Driver Base: 9D75B000
Driver End: 9D765000
Driver Name: \SystemRoot\System32\drivers\pxrts.sys

Function Name: ZwOpenThread
Address: 9D75C3F6
Driver Base: 9D75B000
Driver End: 9D765000
Driver Name: \SystemRoot\System32\drivers\pxrts.sys

Function Name: ZwProtectVirtualMemory
Address: 9D75C292
Driver Base: 9D75B000
Driver End: 9D765000
Driver Name: \SystemRoot\System32\drivers\pxrts.sys

Function Name: ZwSetContextThread
Address: 9D75C18E
Driver Base: 9D75B000
Driver End: 9D765000
Driver Name: \SystemRoot\System32\drivers\pxrts.sys

Function Name: ZwTerminateProcess
Address: 9D75C64E
Driver Base: 9D75B000
Driver End: 9D765000
Driver Name: \SystemRoot\System32\drivers\pxrts.sys

Function Name: ZwTerminateThread
Address: 9D75C316
Driver Base: 9D75B000
Driver End: 9D765000
Driver Name: \SystemRoot\System32\drivers\pxrts.sys

Function Name: ZwWriteVirtualMemory
Address: 9D75C34E
Driver Base: 9D75B000
Driver End: 9D765000
Driver Name: \SystemRoot\System32\drivers\pxrts.sys

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
No IRP Hooks found

******************************************************************************************
******************************************************************************************
Ports:
Local Address: SUNILS--LAPTOP:49161
Remote Address: LOCALHOST:27015
Type: TCP
Process: D:\ITUNES!\iTunesHelper.exe
State: ESTABLISHED

Local Address: SUNILS--LAPTOP:27015
Remote Address: LOCALHOST:49161
Type: TCP
Process: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
State: ESTABLISHED

Local Address: SUNILS--LAPTOP:27015
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
State: LISTENING

Local Address: SUNILS--LAPTOP:5354
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: LISTENING

Local Address: SUNILS--LAPTOP:49162
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\services.exe
State: LISTENING

Local Address: SUNILS--LAPTOP:49156
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\lsass.exe
State: LISTENING

Local Address: SUNILS--LAPTOP:49155
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\svchost.exe
State: LISTENING

Local Address: SUNILS--LAPTOP:49154
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\svchost.exe
State: LISTENING

Local Address: SUNILS--LAPTOP:49153
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\svchost.exe
State: LISTENING

Local Address: SUNILS--LAPTOP:49152
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\wininit.exe
State: LISTENING

Local Address: SUNILS--LAPTOP:EPMAP
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\svchost.exe
State: LISTENING

Local Address: 192.168.1.101:52776
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: 192.168.1.101:SSDP
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: SUNILS--LAPTOP:52777
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: SUNILS--LAPTOP:45301
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\PnkBstrB.exe
State: NA

Local Address: SUNILS--LAPTOP:44301
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\PnkBstrA.exe
State: NA

Local Address: SUNILS--LAPTOP:SSDP
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: SUNILS--LAPTOP:59750
Remote Address: NA
Type: UDP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: NA

Local Address: SUNILS--LAPTOP:55518
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: SUNILS--LAPTOP:49152
Remote Address: NA
Type: UDP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: NA

Local Address: SUNILS--LAPTOP:IPSEC-MSFT
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: SUNILS--LAPTOP:UPNP-DISCOVERY
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: SUNILS--LAPTOP:UPNP-DISCOVERY
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: SUNILS--LAPTOP:500
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: SUNILS--LAPTOP:123
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

******************************************************************************************
******************************************************************************************
Hidden files/folders:
Object: D:\System Volume Information\MountPointManagerRemoteDatabase
Status: Access denied

Object: D:\System Volume Information\tracking.log
Status: Access denied

Object: C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86\AsDsm.sys
Status: Hidden

Object: C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86\_avt
Status: Hidden

Object: C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86
Status: Hidden

Object: C:\System Volume Information\MountPointManagerRemoteDatabase
Status: Access denied

Object: C:\System Volume Information\SPP
Status: Access denied

Object: C:\System Volume Information\SystemRestore
Status: Access denied

Object: C:\System Volume Information\tracking.log
Status: Access denied

Object: C:\System Volume Information\{0228bf47-f7dd-11de-b045-001fc6534de3}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: C:\System Volume Information\{26a80b47-fa28-11de-9cd4-001fc6534de3}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: C:\System Volume Information\{fa95ca48-f5d2-11de-85b8-001fc6534de3}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: C:\System Volume Information\{fa95ca4f-f5d2-11de-85b8-001fc6534de3}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{963FE952-B30E-E96B-1177-68796D192958}\00\300-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v300-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v300
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{963FE952-B30E-E96B-1177-68796D192958}\01\193-{963FE952-B30E-E96B-1177-68796D192958}-v1-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v193-D
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{963FE952-B30E-E96B-1177-68796D192958}\01\201-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v201-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v201
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{963FE952-B30E-E96B-1177-68796D192958}\01\601-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v601-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v601
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{963FE952-B30E-E96B-1177-68796D192958}\02\202-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v202-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v202
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{963FE952-B30E-E96B-1177-68796D192958}\02\602-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v602-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v602
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{963FE952-B30E-E96B-1177-68796D192958}\03\603-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v603-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v603
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{963FE952-B30E-E96B-1177-68796D192958}\03\703-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v703-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v703
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{963FE952-B30E-E96B-1177-68796D192958}\04\204-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v204-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v204
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{963FE952-B30E-E96B-1177-68796D192958}\04\604-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v604-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v604
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{963FE952-B30E-E96B-1177-68796D192958}\05\705-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v705-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v705
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{963FE952-B30E-E96B-1177-68796D192958}\06\706-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v706-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v706
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{963FE952-B30E-E96B-1177-68796D192958}\07\607-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v607-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v607
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{963FE952-B30E-E96B-1177-68796D192958}\07\707-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v707-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v707
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{963FE952-B30E-E96B-1177-68796D192958}\09\709-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v709-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v709
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{963FE952-B30E-E96B-1177-68796D192958}\11\711-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v711-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v711
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{963FE952-B30E-E96B-1177-68796D192958}\12\712-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v712-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v712
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{963FE952-B30E-E96B-1177-68796D192958}\13\213-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v213-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v213
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{963FE952-B30E-E96B-1177-68796D192958}\13\613-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v613-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v613
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{963FE952-B30E-E96B-1177-68796D192958}\16\616-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v616-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v616
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{963FE952-B30E-E96B-1177-68796D192958}\18\218-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v218-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v218
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{963FE952-B30E-E96B-1177-68796D192958}\18\718-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v718-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v718
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{963FE952-B30E-E96B-1177-68796D192958}\19\719-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v719-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v719
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{963FE952-B30E-E96B-1177-68796D192958}\20\720-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v720-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v720
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{963FE952-B30E-E96B-1177-68796D192958}\21\621-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v621-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v621
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{963FE952-B30E-E96B-1177-68796D192958}\21\721-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v721-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v721
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{963FE952-B30E-E96B-1177-68796D192958}\22\422-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v422-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v422
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{963FE952-B30E-E96B-1177-68796D192958}\22\722-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v722-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v722
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{963FE952-B30E-E96B-1177-68796D192958}\23\423-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v423-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v423
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{963FE952-B30E-E96B-1177-68796D192958}\23\523-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v523-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v523
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{963FE952-B30E-E96B-1177-68796D192958}\23\623-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v623-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v623
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{963FE952-B30E-E96B-1177-68796D192958}\23\723-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v723-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v723
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{963FE952-B30E-E96B-1177-68796D192958}\24\724-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v724-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v724
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{963FE952-B30E-E96B-1177-68796D192958}\26\426-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v426-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v426
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{963FE952-B30E-E96B-1177-68796D192958}\27\427-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v427-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v427
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{963FE952-B30E-E96B-1177-68796D192958}\27\527-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v527-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v527
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{963FE952-B30E-E96B-1177-68796D192958}\27\627-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v627-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v627
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{963FE952-B30E-E96B-1177-68796D192958}\28\428-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v428-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v428
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{963FE952-B30E-E96B-1177-68796D192958}\29\429-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v429-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v429
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{963FE952-B30E-E96B-1177-68796D192958}\29\629-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v629-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v629
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{963FE952-B30E-E96B-1177-68796D192958}\30\430-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v430-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v430
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{963FE952-B30E-E96B-1177-68796D192958}\30\530-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v530-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v530
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{963FE952-B30E-E96B-1177-68796D192958}\31\231-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v231-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v231
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{963FE952-B30E-E96B-1177-68796D192958}\31\431-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v431-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v431
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{963FE952-B30E-E96B-1177-68796D192958}\31\631-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v631-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v631
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{963FE952-B30E-E96B-1177-68796D192958}\32\232-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v232-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v232
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{963FE952-B30E-E96B-1177-68796D192958}\32\432-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v432-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v432
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{963FE952-B30E-E96B-1177-68796D192958}\33\433-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v433-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v433
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{963FE952-B30E-E96B-1177-68796D192958}\33\633-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v633-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v633
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{963FE952-B30E-E96B-1177-68796D192958}\35\235-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v235-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v235
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{963FE952-B30E-E96B-1177-68796D192958}\35\635-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v635-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v635
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{963FE952-B30E-E96B-1177-68796D192958}\36\636-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v636-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v636
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{963FE952-B30E-E96B-1177-68796D192958}\37\437-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v437-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v437
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{963FE952-B30E-E96B-1177-68796D192958}\38\438-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v438-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v438
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{963FE952-B30E-E96B-1177-68796D192958}\38\638-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v638-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v638
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{963FE952-B30E-E96B-1177-68796D192958}\39\439-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v439-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v439
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{963FE952-B30E-E96B-1177-68796D192958}\40\440-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v440-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v440
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{963FE952-B30E-E96B-1177-68796D192958}\40\640-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v640-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v640
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{963FE952-B30E-E96B-1177-68796D192958}\41\441-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v441-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v441
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{963FE952-B30E-E96B-1177-68796D192958}\42\442-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v442-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v442
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{963FE952-B30E-E96B-1177-68796D192958}\43\443-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v443-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v443
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{963FE952-B30E-E96B-1177-68796D192958}\44\444-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v444-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v444
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{963FE952-B30E-E96B-1177-68796D192958}\44\644-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v644-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v644
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{963FE952-B30E-E96B-1177-68796D192958}\45\445-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v445-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v445
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{963FE952-B30E-E96B-1177-68796D192958}\46\446-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v446-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v446
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{963FE952-B30E-E96B-1177-68796D192958}\47\447-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v447-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v447
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{963FE952-B30E-E96B-1177-68796D192958}\48\348-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v348-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v348
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{963FE952-B30E-E96B-1177-68796D192958}\48\448-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v448-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v448
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{963FE952-B30E-E96B-1177-68796D192958}\48\648-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v648-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v648
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{963FE952-B30E-E96B-1177-68796D192958}\48\748-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v748-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v748
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{963FE952-B30E-E96B-1177-68796D192958}\49\449-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v449-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v449
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{963FE952-B30E-E96B-1177-68796D192958}\50\350-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v350-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v350
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{963FE952-B30E-E96B-1177-68796D192958}\51\451-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v451-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v451
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{963FE952-B30E-E96B-1177-68796D192958}\51\651-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v651-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v651
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{963FE952-B30E-E96B-1177-68796D192958}\52\452-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v452-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v452
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{963FE952-B30E-E96B-1177-68796D192958}\53\653-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v653-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v653
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{963FE952-B30E-E96B-1177-68796D192958}\54\454-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v454-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v454
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{963FE952-B30E-E96B-1177-68796D192958}\54\554-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v554-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v554
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{963FE952-B30E-E96B-1177-68796D192958}\54\654-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v654-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v654
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{963FE952-B30E-E96B-1177-68796D192958}\55\655-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v655-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v655
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{963FE952-B30E-E96B-1177-68796D192958}\56\456-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v456-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v456
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{963FE952-B30E-E96B-1177-68796D192958}\60\460-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v460-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v460
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{963FE952-B30E-E96B-1177-68796D192958}\60\660-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v660-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v660
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{963FE952-B30E-E96B-1177-68796D192958}\61\461-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v461-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v461
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{963FE952-B30E-E96B-1177-68796D192958}\63\463-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v463-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v463
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{963FE952-B30E-E96B-1177-68796D192958}\64\464-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v464-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v464
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{963FE952-B30E-E96B-1177-68796D192958}\64\664-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v664-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v664
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{963FE952-B30E-E96B-1177-68796D192958}\65\465-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v465-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v465
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{963FE952-B30E-E96B-1177-68796D192958}\66\466-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v466-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v466
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{963FE952-B30E-E96B-1177-68796D192958}\66\666-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v666-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v666
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{963FE952-B30E-E96B-1177-68796D192958}\67\467-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v467-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v467
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{963FE952-B30E-E96B-1177-68796D192958}\68\268-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v268-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v268
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{963FE952-B30E-E96B-1177-68796D192958}\68\468-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v468-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v468
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{963FE952-B30E-E96B-1177-68796D192958}\69\369-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v369-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v369
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{963FE952-B30E-E96B-1177-68796D192958}\69\469-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v469-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v469
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{963FE952-B30E-E96B-1177-68796D192958}\70\470-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v470-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v470
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{963FE952-B30E-E96B-1177-68796D192958}\71\471-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v471-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v471
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{963FE952-B30E-E96B-1177-68796D192958}\72\672-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v672-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v672
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{963FE952-B30E-E96B-1177-68796D192958}\73\673-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v673-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v673
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{963FE952-B30E-E96B-1177-68796D192958}\74\274-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v274-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v274
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{963FE952-B30E-E96B-1177-68796D192958}\75\675-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v675-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v675
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{963FE952-B30E-E96B-1177-68796D192958}\76\676-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v676-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v676
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{963FE952-B30E-E96B-1177-68796D192958}\77\677-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v677-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v677
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{963FE952-B30E-E96B-1177-68796D192958}\80\480-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v480-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v480
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{963FE952-B30E-E96B-1177-68796D192958}\81\681-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v681-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v681
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{963FE952-B30E-E96B-1177-68796D192958}\82\282-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v282-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v282
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{963FE952-B30E-E96B-1177-68796D192958}\82\582-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v582-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v582
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{963FE952-B30E-E96B-1177-68796D192958}\83\683-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v683-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v683
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{963FE952-B30E-E96B-1177-68796D192958}\85\685-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v685-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v685
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{963FE952-B30E-E96B-1177-68796D192958}\86\586-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v586-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v586
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{963FE952-B30E-E96B-1177-68796D192958}\87\287-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v287-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v287
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{963FE952-B30E-E96B-1177-68796D192958}\87\687-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v687-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v687
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{963FE952-B30E-E96B-1177-68796D192958}\88\588-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v588-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v588
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{963FE952-B30E-E96B-1177-68796D192958}\88\688-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v688-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v688
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{963FE952-B30E-E96B-1177-68796D192958}\89\589-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v589-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v589
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{963FE952-B30E-E96B-1177-68796D192958}\90\590-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v590-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v590
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{963FE952-B30E-E96B-1177-68796D192958}\90\690-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v690-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v690
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{963FE952-B30E-E96B-1177-68796D192958}\91\591-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v591-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v591
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{963FE952-B30E-E96B-1177-68796D192958}\92\592-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v592-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v592
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{963FE952-B30E-E96B-1177-68796D192958}\92\692-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v692-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v692
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{963FE952-B30E-E96B-1177-68796D192958}\93\593-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v593-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v593
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{963FE952-B30E-E96B-1177-68796D192958}\94\294-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v294-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v294
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{963FE952-B30E-E96B-1177-68796D192958}\95\195-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v195-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v195
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{963FE952-B30E-E96B-1177-68796D192958}\95\595-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v595-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v595
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{963FE952-B30E-E96B-1177-68796D192958}\95\695-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v695-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v695
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{963FE952-B30E-E96B-1177-68796D192958}\96\296-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v296-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v296
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{963FE952-B30E-E96B-1177-68796D192958}\96\596-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v596-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v596
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{963FE952-B30E-E96B-1177-68796D192958}\97\197-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v197-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v197
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{963FE952-B30E-E96B-1177-68796D192958}\98\298-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v298-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v298
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{963FE952-B30E-E96B-1177-68796D192958}\98\598-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v598-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v598
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{963FE952-B30E-E96B-1177-68796D192958}\98\698-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v698-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v698
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{963FE952-B30E-E96B-1177-68796D192958}\99\199-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v199-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v199
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{963FE952-B30E-E96B-1177-68796D192958}\99\599-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v599-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v599
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{95A1EB38-399B-958F-EC43-1BC50A2AB04C}\01\188-{95A1EB38-399B-958F-EC43-1BC50A2AB04C}-v1-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v188
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{95A1EB38-399B-958F-EC43-1BC50A2AB04C}\05\167-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v105-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v1
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{95A1EB38-399B-958F-EC43-1BC50A2AB04C}\06\170-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v106-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v1
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{95A1EB38-399B-958F-EC43-1BC50A2AB04C}\07\166-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v107-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v1
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{95A1EB38-399B-958F-EC43-1BC50A2AB04C}\08\177-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v108-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v1
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{95A1EB38-399B-958F-EC43-1BC50A2AB04C}\09\180-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v109-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v1
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{95A1EB38-399B-958F-EC43-1BC50A2AB04C}\10\182-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v110-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v1
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{95A1EB38-399B-958F-EC43-1BC50A2AB04C}\11\163-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v111-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v1
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{95A1EB38-399B-958F-EC43-1BC50A2AB04C}\11\187-{0B0E7804-4FEE-4415-95CC-A1F737F75372}-v11-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v18
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{95A1EB38-399B-958F-EC43-1BC50A2AB04C}\12\121-{C9727C0B-E0B1-4D78-BB2B-BDF6D44DAB09}-v12-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v12
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{95A1EB38-399B-958F-EC43-1BC50A2AB04C}\14\175-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v114-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v1
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{95A1EB38-399B-958F-EC43-1BC50A2AB04C}\15\178-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v115-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v1
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{95A1EB38-399B-958F-EC43-1BC50A2AB04C}\16\181-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v116-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v1
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{95A1EB38-399B-958F-EC43-1BC50A2AB04C}\17\184-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v117-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v1
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{95A1EB38-399B-958F-EC43-1BC50A2AB04C}\18\165-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v118-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v1
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{95A1EB38-399B-958F-EC43-1BC50A2AB04C}\19\183-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v119-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v1
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{95A1EB38-399B-958F-EC43-1BC50A2AB04C}\20\185-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v120-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v1
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{95A1EB38-399B-958F-EC43-1BC50A2AB04C}\27\149-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v27-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v14
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{95A1EB38-399B-958F-EC43-1BC50A2AB04C}\28\122-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v28-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v12
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{95A1EB38-399B-958F-EC43-1BC50A2AB04C}\29\123-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v29-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v12
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{95A1EB38-399B-958F-EC43-1BC50A2AB04C}\30\124-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v30-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v12
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{95A1EB38-399B-958F-EC43-1BC50A2AB04C}\31\125-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v31-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v12
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{95A1EB38-399B-958F-EC43-1BC50A2AB04C}\31\174-{A634AB02-1D64-4D89-B4FC-3F62B246C699}-v31-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v17
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{95A1EB38-399B-958F-EC43-1BC50A2AB04C}\32\126-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v32-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v12
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{95A1EB38-399B-958F-EC43-1BC50A2AB04C}\33\127-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v33-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v12
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{95A1EB38-399B-958F-EC43-1BC50A2AB04C}\34\128-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v34-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v12
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{95A1EB38-399B-958F-EC43-1BC50A2AB04C}\34\161-{A634AB02-1D64-4D89-B4FC-3F62B246C699}-v34-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v16
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{95A1EB38-399B-958F-EC43-1BC50A2AB04C}\35\129-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v35-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v12
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{95A1EB38-399B-958F-EC43-1BC50A2AB04C}\35\150-{A634AB02-1D64-4D89-B4FC-3F62B246C699}-v35-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v15
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{95A1EB38-399B-958F-EC43-1BC50A2AB04C}\36\130-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v36-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v13
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{95A1EB38-399B-958F-EC43-1BC50A2AB04C}\36\151-{A634AB02-1D64-4D89-B4FC-3F62B246C699}-v36-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v15
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{95A1EB38-399B-958F-EC43-1BC50A2AB04C}\37\131-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v37-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v13
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{95A1EB38-399B-958F-EC43-1BC50A2AB04C}\37\152-{A634AB02-1D64-4D89-B4FC-3F62B246C699}-v37-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v15
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{95A1EB38-399B-958F-EC43-1BC50A2AB04C}\38\132-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v38-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v13
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{95A1EB38-399B-958F-EC43-1BC50A2AB04C}\38\153-{A634AB02-1D64-4D89-B4FC-3F62B246C699}-v38-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v15
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{95A1EB38-399B-958F-EC43-1BC50A2AB04C}\39\133-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v39-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v13
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{95A1EB38-399B-958F-EC43-1BC50A2AB04C}\39\154-{A634AB02-1D64-4D89-B4FC-3F62B246C699}-v39-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v15
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{95A1EB38-399B-958F-EC43-1BC50A2AB04C}\40\134-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v40-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v13
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{95A1EB38-399B-958F-EC43-1BC50A2AB04C}\40\155-{A634AB02-1D64-4D89-B4FC-3F62B246C699}-v40-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v15
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{95A1EB38-399B-958F-EC43-1BC50A2AB04C}\41\135-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v41-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v13
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{95A1EB38-399B-958F-EC43-1BC50A2AB04C}\41\156-{A634AB02-1D64-4D89-B4FC-3F62B246C699}-v41-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v15
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{95A1EB38-399B-958F-EC43-1BC50A2AB04C}\42\136-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v42-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v13
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{95A1EB38-399B-958F-EC43-1BC50A2AB04C}\42\157-{A634AB02-1D64-4D89-B4FC-3F62B246C699}-v42-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v15
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{95A1EB38-399B-958F-EC43-1BC50A2AB04C}\43\137-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v43-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v13
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{95A1EB38-399B-958F-EC43-1BC50A2AB04C}\43\158-{A634AB02-1D64-4D89-B4FC-3F62B246C699}-v43-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v15
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{95A1EB38-399B-958F-EC43-1BC50A2AB04C}\44\138-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v44-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v13
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{95A1EB38-399B-958F-EC43-1BC50A2AB04C}\44\159-{A634AB02-1D64-4D89-B4FC-3F62B246C699}-v44-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v15
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{95A1EB38-399B-958F-EC43-1BC50A2AB04C}\45\139-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v45-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v13
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{95A1EB38-399B-958F-EC43-1BC50A2AB04C}\45\160-{A634AB02-1D64-4D89-B4FC-3F62B246C699}-v45-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v16
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{95A1EB38-399B-958F-EC43-1BC50A2AB04C}\46\140-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v46-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v14
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{95A1EB38-399B-958F-EC43-1BC50A2AB04C}\47\141-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v47-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v14
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{95A1EB38-399B-958F-EC43-1BC50A2AB04C}\48\142-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v48-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v14
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{95A1EB38-399B-958F-EC43-1BC50A2AB04C}\49\143-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v49-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v14
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{95A1EB38-399B-958F-EC43-1BC50A2AB04C}\50\144-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v50-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v14
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{95A1EB38-399B-958F-EC43-1BC50A2AB04C}\51\145-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v51-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v14
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{95A1EB38-399B-958F-EC43-1BC50A2AB04C}\52\146-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v52-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v14
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{95A1EB38-399B-958F-EC43-1BC50A2AB04C}\53\147-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v53-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v14
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{95A1EB38-399B-958F-EC43-1BC50A2AB04C}\54\148-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v54-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v14
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{95A1EB38-399B-958F-EC43-1BC50A2AB04C}\74\179-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v74-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v17
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{95A1EB38-399B-958F-EC43-1BC50A2AB04C}\75\169-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v75-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v16
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{95A1EB38-399B-958F-EC43-1BC50A2AB04C}\76\173-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v76-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v17
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{95A1EB38-399B-958F-EC43-1BC50A2AB04C}\77\168-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v77-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v16
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{95A1EB38-399B-958F-EC43-1BC50A2AB04C}\78\162-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v78-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v16
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{95A1EB38-399B-958F-EC43-1BC50A2AB04C}\79\164-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v79-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v16
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{95A1EB38-399B-958F-EC43-1BC50A2AB04C}\80\171-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v80-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v17
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{95A1EB38-399B-958F-EC43-1BC50A2AB04C}\81\172-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v81-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v17
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{95A1EB38-399B-958F-EC43-1BC50A2AB04C}\82\176-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v82-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v17
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{95A1EB38-399B-958F-EC43-1BC50A2AB04C}\83\186-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v83-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v18
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{FBB57825-81F5-AFCA-0005-830EA4E9AC82}\01\192-{FBB57825-81F5-AFCA-0005-830EA4E9AC82}-v1-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v192-Downlo
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{FBB57825-81F5-AFCA-0005-830EA4E9AC82}\12\189-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v112-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v189-Down
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{FBB57825-81F5-AFCA-0005-830EA4E9AC82}\13\190-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v113-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v190-Down
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{FBB57825-81F5-AFCA-0005-830EA4E9AC82}\25\12-{A156B2E4-A7BA-42A4-B1E4-9C197A5987D2}-v25-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v12-Downloa
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{FBB57825-81F5-AFCA-0005-830EA4E9AC82}\26\13-{A156B2E4-A7BA-42A4-B1E4-9C197A5987D2}-v26-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v13-Downloa
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{FBB57825-81F5-AFCA-0005-830EA4E9AC82}\27\14-{A156B2E4-A7BA-42A4-B1E4-9C197A5987D2}-v27-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v14-Downloa
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{FBB57825-81F5-AFCA-0005-830EA4E9AC82}\28\15-{A156B2E4-A7BA-42A4-B1E4-9C197A5987D2}-v28-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v15-Downloa
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{FBB57825-81F5-AFCA-0005-830EA4E9AC82}\29\17-{A156B2E4-A7BA-42A4-B1E4-9C197A5987D2}-v29-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v17-Downloa
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{FBB57825-81F5-AFCA-0005-830EA4E9AC82}\30\19-{A156B2E4-A7BA-42A4-B1E4-9C197A5987D2}-v30-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v19-Downloa
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{FBB57825-81F5-AFCA-0005-830EA4E9AC82}\31\20-{A156B2E4-A7BA-42A4-B1E4-9C197A5987D2}-v31-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v20-Downloa
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{FBB57825-81F5-AFCA-0005-830EA4E9AC82}\32\21-{A156B2E4-A7BA-42A4-B1E4-9C197A5987D2}-v32-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v21-Downloa
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{FBB57825-81F5-AFCA-0005-830EA4E9AC82}\33\22-{A156B2E4-A7BA-42A4-B1E4-9C197A5987D2}-v33-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v22-Downloa
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{FBB57825-81F5-AFCA-0005-830EA4E9AC82}\34\23-{A156B2E4-A7BA-42A4-B1E4-9C197A5987D2}-v34-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v23-Downloa
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{FBB57825-81F5-AFCA-0005-830EA4E9AC82}\35\24-{A156B2E4-A7BA-42A4-B1E4-9C197A5987D2}-v35-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v24-Downloa
Status: Hidden

Object: C:\Users\Sunil\AppData\Local\Microsoft\Messenger\[email removed]\SharingMetadata\[email removed]\DFSR\Staging\CS{FBB57825-81F5-AFCA-0005-830EA4E9AC82}\36\25-{A156B2E4-A7BA-42A4-B1E4-9C197A5987D2}-v36-{C206057E-4DEA-4306-86F9-DFDC8BA9AEE0}-v25-Downloa
Status: Hidden

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl
Status: Access denied

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl
Status: Access denied

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl
Status: Access denied

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl
Status: Access denied

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMsMpPsSession.etl
Status: Access denied

Edited by dsenette, 05 January 2010 - 03:12 PM.

[hammerman]

Hi,

Please follow these steps.

-- Step 1 --

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - No CLSID value found.
  O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
  [2010/01/05 07:40:25 | 00,000,000 | ---D | C] -- C:\found.000
  [2010/01/03 00:35:54 | 00,000,875 | ---- | C] () -- C:\Windows\System32\krl32mainweq.dll
  
  :Services
  
  :Reg
  
  :Files
  
  :Commands
  [purity]
  [emptytemp]
  [start explorer]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot when it is done
• This fix will produce a report. Please add this to your reply.

-- Step 2 --

Run Malwarebytes' Anti-Malware.

• Select the Update tab and then click Check for Updates. If an update is found, it will download and install the latest version.
• Select the Scanner tab, select "Perform Quick Scan", then click Scan
• The scan may take some time to finish, so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

-- Step 3 --

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

• Double-click SystemLook.exe to run it.
• Copy the content of the following codebox into the main textfield:
  

  :dir
  c:\qoobox

• Click the Look button to start the scan.
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

-- Step 4 --

I notice that you do not have an antivirus program running on your computer. Without this protection, you are extremely vulnerable to the ever-increasing number of viruses and malware present today. This is so important that I ask you to install an antivirus program before we proceed.

There are many free programs available for you to use. Two such programs are Avast from here or Avira from here. Please install ONE of these programs now and ensure you carry out a full update.

-- Step 5 --

Run OTL and select Minimal Output. Use the Quick Scan button to start a scan.
Please post the OTL report in your reply.

[Skag]

Here is the first OTL report:

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4F11ACBB-393F-4C86-A214-FF3D0D155CC3} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4F11ACBB-393F-4C86-A214-FF3D0D155CC3}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
C:\found.000\dir0000.chk folder moved successfully.
C:\found.000 folder moved successfully.
C:\Windows\System32\krl32mainweq.dll moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User

User: Public

User: Sunil
->Temp folder emptied: 32923 bytes
->Temporary Internet Files folder emptied: 111826 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 14353554 bytes
->Google Chrome cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 61516 bytes
RecycleBin emptied: 3818900 bytes

Total Files Cleaned = 18.00 mb


OTL by OldTimer - Version 3.1.20.2 log created on 01062010_120710

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...





Here is the MBAM report:

Malwarebytes' Anti-Malware 1.43
Database version: 3499
Windows 6.0.6000
Internet Explorer 7.0.6000.16809

06/01/2010 12:29:02
mbam-log-2010-01-06 (12-29-02).txt

Scan type: Quick Scan
Objects scanned: 97684
Time elapsed: 4 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Here is the SystemLook report:

SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 12:30 on 06/01/2010 by Sunil (Administrator - Elevation successful)

========== dir ==========

c:\qoobox - Parameters: "(none)"

---Files---
None found.

---Folders---
BackEnv d----- [07:29 05/01/2010]
LastRun d----- [07:29 05/01/2010]
Quarantine d----- [10:38 04/01/2010]
Test d----- [07:29 05/01/2010]
TestC d----- [07:29 05/01/2010]

-=End Of File=-



And here is the final OTL report:

OTL logfile created on: 06/01/2010 12:35:44 - Run 3
OTL by OldTimer - Version 3.1.20.2 Folder = C:\Users\Sunil\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16809)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 56.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 68.15 Gb Free Space | 45.72% Space Free | Partition Type: NTFS
Drive D: | 141.23 Gb Total Space | 50.47 Gb Free Space | 35.73% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SUNILS--LAPTOP
Current User Name: Sunil
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Sunil\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Prevx\prevx.exe (Prevx)
PRC - C:\Windows\System32\PnkBstrB.exe ()
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - D:\ITUNES!\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Windows\System32\PnkBstrA.exe ()
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Users\Sunil\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\ASScrPro.exe ()
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Windows\System32\Ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
PRC - C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()
PRC - C:\Program Files\ASUS\Splendid\ACMON.exe (ATK)
PRC - C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
PRC - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe ()
PRC - C:\Program Files\ATK Hotkey\HControl.exe (ATK0100)
PRC - C:\Program Files\ATK Hotkey\KBFiltr.exe ()
PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
PRC - C:\Program Files\ATK Hotkey\ASLDRSrv.exe ()
PRC - C:\Program Files\ATKOSD2\ATKOSD2.exe ()
PRC - C:\Program Files\Wireless Console 2\wcourier.exe ()
PRC - C:\Program Files\ATK Hotkey\ATKOSD.exe ()
PRC - C:\Program Files\ASUS\ATK Media\DMedia.exe (ASUSTeK Computer INC.)
PRC - C:\Windows\System32\WUDFHost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\wbem\unsecapp.exe (Microsoft Corporation)
PRC - C:\Windows\System32\ACEngSvr.exe (ASUSTeK)


========== Modules (SafeList) ==========

MOD - C:\Users\Sunil\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\sfc_os.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sfc.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msiltcfg.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (CSIScanner) -- C:\Program Files\Prevx\prevx.exe (Prevx)
SRV - (PnkBstrB) -- C:\Windows\System32\PnkBstrB.exe ()
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (aswUpdSv) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (PnkBstrA) -- C:\Windows\System32\PnkBstrA.exe ()
SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (Ati External Event Utility) -- C:\Windows\System32\Ati2evxx.exe (ATI Technologies Inc.)
SRV - (ATKGFNEXSrv) -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()
SRV - (LightScribeService) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (NMIndexingService) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (Nero AG)
SRV - (ADSMService) -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe ()
SRV - (NBService) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe (Nero AG)
SRV - (ASLDRService) -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe ()
SRV - (ehstart) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation)
SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)


========== Driver Services (SafeList) ==========

DRV - (pxrts) -- C:\Windows\System32\drivers\pxrts.sys (Prevx)
DRV - (pxscan) -- C:\Windows\System32\drivers\pxscan.sys (Prevx)
DRV - (pxkbf) -- C:\Windows\System32\drivers\pxkbf.sys (Prevx)
DRV - (PnkBstrK) -- C:\Windows\System32\drivers\PnkBstrK.sys ()
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (ALWIL Software)
DRV - (USBAAPL) -- C:\Windows\System32\drivers\usbaapl.sys (Apple, Inc.)
DRV - (GEARAspiWDM) -- C:\Windows\System32\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (ENTECH) -- C:\Windows\System32\drivers\Entech.sys (EnTech Taiwan)
DRV - (PxHelp20) -- C:\Windows\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (RTSTOR) -- C:\Windows\System32\drivers\RTSTOR.sys (Realtek Semiconductor Corp.)
DRV - (FiltUSBET) -- C:\Windows\System32\drivers\etFilter.sys (eMPIA Technology Inc.)
DRV - (ScanUSBET) -- C:\Windows\System32\drivers\etScan.sys (eMPIA Technology, Inc.)
DRV - (DCamUSBET) -- C:\Windows\System32\drivers\etDevice.sys (eMPIA Technology, Inc.)
DRV - (AsDsm) -- C:\Windows\System32\drivers\AsDsm.sys (Windows ® Codename Longhorn DDK provider)
DRV - (ASMMAP) -- C:\Program Files\ATKGFNEX\ASMMAP.sys ()
DRV - (SiSGbeLH) -- C:\Windows\System32\drivers\SiSGB6.sys (Silicon Integrated Systems Corp.)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (kbfiltr) -- C:\Windows\System32\drivers\kbfiltr.sys ( )
DRV - (MTsensor) -- C:\Windows\System32\drivers\ATKACPI.sys (ATK0100)
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (MODEMCSA) -- C:\Windows\System32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation)
DRV - (NETw3v32) Intel® -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation)
DRV - (E1G60) Intel® -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (secdrv) -- C:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.asus.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:4.0.27.0
FF - prefs.js..extensions.enabledItems: {89506680-e3f4-484c-a2c0-ed711d481eda}:0.9.5.1
FF - prefs.js..extensions.enabledItems: {7694c49c-9fbd-11dc-8314-0800200c9a66}:3.0.2

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/12/18 18:47:25 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/12/18 18:47:25 | 00,000,000 | ---D | M]

[2008/09/27 15:14:38 | 00,000,000 | ---D | M] -- C:\Users\Sunil\AppData\Roaming\Mozilla\Extensions
[2010/01/06 12:25:31 | 00,000,000 | ---D | M] -- C:\Users\Sunil\AppData\Roaming\Mozilla\Firefox\Profiles\4956bnvf.default\extensions
[2008/12/05 01:47:51 | 00,000,000 | ---D | M] (No name found) -- C:\Users\Sunil\AppData\Roaming\Mozilla\Firefox\Profiles\4956bnvf.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}(73)
[2008/10/16 22:44:26 | 00,000,000 | ---D | M] (Aquatint Black Gloss) -- C:\Users\Sunil\AppData\Roaming\Mozilla\Firefox\Profiles\4956bnvf.default\extensions\{7694c49c-9fbd-11dc-8314-0800200c9a66}
[2009/10/01 15:50:46 | 00,000,000 | ---D | M] (Firefox Showcase) -- C:\Users\Sunil\AppData\Roaming\Mozilla\Firefox\Profiles\4956bnvf.default\extensions\{89506680-e3f4-484c-a2c0-ed711d481eda}
[2009/10/23 03:49:30 | 00,000,000 | ---D | M] -- C:\Users\Sunil\AppData\Roaming\Mozilla\Firefox\Profiles\4956bnvf.default\extensions\[email protected]
[2008/12/06 02:30:43 | 00,000,000 | ---D | M] -- C:\Users\Sunil\AppData\Roaming\Mozilla\Firefox\Profiles\4956bnvf.default\extensions\nasanightlaunch@example(72).com
[2008/10/16 15:59:22 | 00,001,146 | ---- | M] () -- C:\Users\Sunil\AppData\Roaming\Mozilla\Firefox\Profiles\4956bnvf.default\searchplugins\bbc-news.xml
[2008/10/16 15:59:31 | 00,001,504 | ---- | M] () -- C:\Users\Sunil\AppData\Roaming\Mozilla\Firefox\Profiles\4956bnvf.default\searchplugins\imdb.xml
[2010/01/01 10:24:41 | 00,004,857 | ---- | M] () -- C:\Users\Sunil\AppData\Roaming\Mozilla\Firefox\Profiles\4956bnvf.default\searchplugins\isohunt---bt-search.xml
[2009/02/24 02:28:15 | 00,002,298 | ---- | M] () -- C:\Users\Sunil\AppData\Roaming\Mozilla\Firefox\Profiles\4956bnvf.default\searchplugins\lastfm.xml
[2009/03/03 00:58:09 | 00,002,006 | ---- | M] () -- C:\Users\Sunil\AppData\Roaming\Mozilla\Firefox\Profiles\4956bnvf.default\searchplugins\urban-dictionary.xml
[2009/02/07 17:44:42 | 00,001,337 | ---- | M] () -- C:\Users\Sunil\AppData\Roaming\Mozilla\Firefox\Profiles\4956bnvf.default\searchplugins\whois-lookup.xml
[2008/10/16 15:59:51 | 00,001,032 | ---- | M] () -- C:\Users\Sunil\AppData\Roaming\Mozilla\Firefox\Profiles\4956bnvf.default\searchplugins\wikipedia-eng.xml
[2008/10/16 16:00:06 | 00,002,108 | ---- | M] () -- C:\Users\Sunil\AppData\Roaming\Mozilla\Firefox\Profiles\4956bnvf.default\searchplugins\youtube-video-search.xml
[2010/01/06 12:25:31 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/01/04 15:36:50 | 00,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2008/01/04 15:36:50 | 00,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2008/11/14 19:50:55 | 00,000,759 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2008/01/04 15:36:50 | 00,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: (27 bytes) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe ()
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMedia.exe (ASUSTeK Computer INC.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [iTunesHelper] D:\ITUNES!\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Google Update] C:\Users\Sunil\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1242104793887 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zon...er.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 21:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (aswBoot.exe /A:"*" /L:"English" /KBD:3) - C:\Windows\System32\aswBoot.exe (ALWIL Software)
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/01/06 12:34:59 | 00,023,120 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010/01/06 12:34:58 | 00,048,560 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010/01/06 12:34:56 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\Windows\System32\AvastSS.scr
[2010/01/06 12:34:55 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010/01/06 12:34:55 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2010/01/06 12:34:33 | 01,280,480 | ---- | C] (ALWIL Software) -- C:\Windows\System32\aswBoot.exe
[2010/01/06 12:34:33 | 00,053,328 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010/01/06 12:34:28 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/01/06 12:33:03 | 00,308,160 | ---- | C] (ALWIL Software) -- C:\Users\Sunil\Desktop\avast_home_setup.exe
[2010/01/06 12:17:06 | 05,061,512 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Sunil\Desktop\mbam-setup.exe
[2010/01/06 12:07:10 | 00,000,000 | ---D | C] -- C:\_OTL
[2010/01/05 20:28:35 | 00,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/01/05 19:40:57 | 00,000,000 | ---D | C] -- C:\Users\Sunil\Desktop\SysProt
[2010/01/05 12:40:26 | 00,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/01/05 11:04:42 | 00,000,000 | ---D | C] -- C:\Windows\temp
[2010/01/05 11:04:42 | 00,000,000 | ---D | C] -- C:\Users\Sunil\AppData\Local\temp
[2010/01/05 10:35:35 | 00,000,000 | ---D | C] -- C:\Combo-Fix
[2010/01/05 08:50:47 | 00,000,000 | ---D | C] -- C:\Users\Sunil\Desktop\New Folder (2)
[2010/01/05 07:29:05 | 00,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/01/05 07:29:05 | 00,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/01/05 07:29:05 | 00,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/01/05 07:29:05 | 00,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/01/04 10:44:39 | 00,000,000 | ---D | C] -- C:\Config.Msi
[2010/01/04 10:38:18 | 00,000,000 | ---D | C] -- C:\Qoobox
[2010/01/03 05:49:16 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Users\Sunil\Desktop\OTL.exe
[2010/01/03 05:11:24 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/01/03 05:11:21 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/01/03 05:11:21 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/01/03 05:09:35 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/01/03 05:08:38 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/01/03 05:02:06 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Sunil\Desktop\erunt_setup.exe
[2010/01/03 05:01:56 | 00,021,504 | ---- | C] (Doug Knox) -- C:\Users\Sunil\Desktop\Sys-RestorePoint.exe
[2010/01/03 04:53:19 | 00,410,624 | ---- | C] (OldTimer Tools) -- C:\Users\Sunil\Desktop\TFC.exe
[2010/01/03 04:37:00 | 00,053,136 | ---- | C] (Prevx) -- C:\Windows\System32\PxSecure.dll
[2010/01/03 04:37:00 | 00,047,408 | ---- | C] (Prevx) -- C:\Windows\System32\drivers\pxrts.sys
[2010/01/03 04:37:00 | 00,030,280 | ---- | C] (Prevx) -- C:\Windows\System32\drivers\pxscan.sys
[2010/01/03 04:36:59 | 00,024,496 | ---- | C] (Prevx) -- C:\Windows\System32\drivers\pxkbf.sys
[2010/01/03 04:36:58 | 00,000,000 | ---D | C] -- C:\Program Files\Prevx
[2010/01/03 04:36:48 | 00,000,000 | ---D | C] -- C:\ProgramData\PrevxCSI
[2010/01/03 04:20:26 | 00,910,072 | ---- | C] (Prevx) -- C:\Users\Sunil\Desktop\PREVX-CSIFREE.EXE
[2010/01/03 01:37:40 | 00,000,000 | ---D | C] -- C:\Users\Public\Desktop\TrendMicro_TIS_17.50_en-US_32-bit
[2010/01/03 01:36:32 | 45,347,568 | ---- | C] (Trend Micro Inc.) -- C:\Users\Public\Desktop\TrendMicro_TIS_17.50_en-US_32-bit.exe
[2010/01/03 01:36:27 | 00,000,000 | ---D | C] -- C:\Users\Sunil\Desktop\TrendMicro_Downloader
[2010/01/03 01:36:09 | 01,992,152 | ---- | C] (Trend Micro Inc.) -- C:\Users\Sunil\Desktop\TrendMicro_Downloader.exe
[2009/12/30 06:47:04 | 00,000,000 | ---D | C] -- C:\Users\Sunil\Downloads\Flash Forward Season 1
[2009/12/30 02:30:30 | 00,000,000 | ---D | C] -- C:\Program Files\mkv2vob
[2009/12/29 13:22:44 | 00,000,000 | ---D | C] -- C:\Users\Sunil\Downloads\Flash Forward HD s01e09
[2009/12/29 13:21:44 | 00,000,000 | ---D | C] -- C:\Users\Sunil\Downloads\Flash Forward HD s01e08
[2009/12/29 13:21:13 | 00,000,000 | ---D | C] -- C:\Users\Sunil\Downloads\Flash Forward HD s01e07
[2009/12/29 13:20:05 | 00,000,000 | ---D | C] -- C:\Users\Sunil\Downloads\Flash Forward HD s01e06
[2009/12/28 15:19:11 | 00,000,000 | ---D | C] -- C:\Users\Sunil\Desktop\originals
[2007/01/24 18:08:39 | 00,005,632 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys

========== Files - Modified Within 30 Days ==========

[2010/01/06 12:35:43 | 05,242,880 | -HS- | M] () -- C:\Users\Sunil\ntuser.dat
[2010/01/06 12:34:59 | 00,001,856 | ---- | M] () -- C:\Users\Public\Desktop\avast! Antivirus.lnk
[2010/01/06 12:34:54 | 00,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2010/01/06 12:33:03 | 00,308,160 | ---- | M] (ALWIL Software) -- C:\Users\Sunil\Desktop\avast_home_setup.exe
[2010/01/06 12:17:54 | 00,000,825 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/06 12:17:18 | 05,061,512 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Sunil\Desktop\mbam-setup.exe
[2010/01/06 12:17:14 | 01,515,942 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/01/06 12:17:14 | 00,692,118 | ---- | M] () -- C:\Windows\System32\perfh013.dat
[2010/01/06 12:17:14 | 00,623,342 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/01/06 12:17:14 | 00,126,808 | ---- | M] () -- C:\Windows\System32\perfc013.dat
[2010/01/06 12:17:14 | 00,108,526 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/01/06 12:12:12 | 00,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe
[2010/01/06 12:11:56 | 00,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/01/06 12:11:55 | 00,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/01/06 12:11:52 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/01/06 12:11:48 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/01/06 12:11:20 | 32,204,63616 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/06 12:07:21 | 00,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/01/06 12:04:27 | 00,102,660 | ---- | M] () -- C:\Users\Sunil\Desktop\SystemLook.exe
[2010/01/06 11:48:13 | 00,000,759 | ---- | M] () -- C:\Users\Public\Desktop\Prevx 3.0.lnk
[2010/01/06 11:11:00 | 00,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2299308901-2864604730-1019191112-1000UA.job
[2010/01/05 20:29:13 | 01,672,637 | -H-- | M] () -- C:\Users\Sunil\AppData\Local\IconCache.db
[2010/01/05 18:32:57 | 00,354,396 | ---- | M] () -- C:\Users\Sunil\Desktop\SysProt.zip
[2010/01/05 12:44:41 | 00,053,136 | ---- | M] (Prevx) -- C:\Windows\System32\PxSecure.dll
[2010/01/05 12:44:40 | 00,047,408 | ---- | M] (Prevx) -- C:\Windows\System32\drivers\pxrts.sys
[2010/01/05 12:44:40 | 00,030,280 | ---- | M] (Prevx) -- C:\Windows\System32\drivers\pxscan.sys
[2010/01/05 12:44:39 | 00,024,496 | ---- | M] (Prevx) -- C:\Windows\System32\drivers\pxkbf.sys
[2010/01/05 12:43:40 | 03,819,182 | ---- | M] () -- C:\Users\Sunil\Desktop\Combo-Fix.exe
[2010/01/05 11:04:56 | 00,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/01/05 08:31:49 | 00,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/01/03 05:49:17 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\Sunil\Desktop\OTL.exe
[2010/01/03 05:15:17 | 00,284,915 | ---- | M] () -- C:\Users\Sunil\Desktop\gmer.zip
[2010/01/03 05:11:26 | 00,000,825 | ---- | M] () -- C:\Users\Public\Desktop\Mal warebytes' AntiMalware.lnk
[2010/01/03 05:08:38 | 00,000,740 | ---- | M] () -- C:\Users\Sunil\Desktop\NTREGOPT.lnk
[2010/01/03 05:08:38 | 00,000,721 | ---- | M] () -- C:\Users\Sunil\Desktop\ERUNT.lnk
[2010/01/03 05:02:07 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Sunil\Desktop\erunt_setup.exe
[2010/01/03 05:02:02 | 00,021,504 | ---- | M] (Doug Knox) -- C:\Users\Sunil\Desktop\Sys-RestorePoint.exe
[2010/01/03 04:53:21 | 00,410,624 | ---- | M] (OldTimer Tools) -- C:\Users\Sunil\Desktop\TFC.exe
[2010/01/03 04:41:30 | 00,000,050 | ---- | M] () -- C:\Windows\wininit.ini
[2010/01/03 04:20:28 | 00,910,072 | ---- | M] (Prevx) -- C:\Users\Sunil\Desktop\PREVX-CSIFREE.EXE
[2010/01/03 04:10:15 | 00,000,854 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2299308901-2864604730-1019191112-1000Core.job
[2010/01/03 01:37:32 | 45,347,568 | ---- | M] (Trend Micro Inc.) -- C:\Users\Public\Desktop\TrendMicro_TIS_17.50_en-US_32-bit.exe
[2010/01/03 01:36:11 | 01,992,152 | ---- | M] (Trend Micro Inc.) -- C:\Users\Sunil\Desktop\TrendMicro_Downloader.exe
[2010/01/03 00:34:10 | 00,000,008 | ---- | M] () -- C:\ProgramData\sysReserve.ini
[2010/01/02 22:33:08 | 00,189,392 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[2010/01/02 22:33:08 | 00,189,392 | ---- | M] () -- C:\Windows\System32\PnkBstrB.exe
[2010/01/02 21:01:23 | 00,138,016 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010/01/02 20:36:30 | 00,243,007 | ---- | M] () -- C:\Users\Sunil\Desktop\Shot01320.png
[2010/01/01 10:35:12 | 00,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2009/12/31 08:16:41 | 00,031,232 | ---- | M] () -- C:\Users\Sunil\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/30 14:55:24 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/12/30 14:54:58 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/12/30 02:30:31 | 00,001,794 | ---- | M] () -- C:\Users\Sunil\Desktop\mkv2vob.lnk
[2009/12/30 02:28:06 | 08,192,000 | ---- | M] () -- C:\Users\Sunil\Desktop\mkv2vob.exe
[2009/12/28 15:24:11 | 00,033,376 | ---- | M] () -- C:\Users\Sunil\Desktop\ArmyOps.ini
[2009/12/15 11:24:48 | 00,293,376 | ---- | M] () -- C:\Users\Sunil\Desktop\gmer.exe
[2009/12/09 22:54:07 | 00,261,632 | ---- | M] () -- C:\Windows\PEV.exe

========== Files Created - No Company Name ==========

[2010/01/06 12:34:59 | 00,001,856 | ---- | C] () -- C:\Users\Public\Desktop\avast! Antivirus.lnk
[2010/01/06 12:34:33 | 00,380,928 | ---- | C] () -- C:\Windows\System32\actskin4.ocx
[2010/01/06 12:17:54 | 00,000,825 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/06 12:04:21 | 00,102,660 | ---- | C] () -- C:\Users\Sunil\Desktop\SystemLook.exe
[2010/01/06 11:48:13 | 00,000,759 | ---- | C] () -- C:\Users\Public\Desktop\Prevx 3.0.lnk
[2010/01/05 18:32:56 | 00,354,396 | ---- | C] () -- C:\Users\Sunil\Desktop\SysProt.zip
[2010/01/05 12:43:37 | 03,819,182 | ---- | C] () -- C:\Users\Sunil\Desktop\Combo-Fix.exe
[2010/01/05 12:36:24 | 32,204,63616 | -HS- | C] () -- C:\hiberfil.sys
[2010/01/05 07:29:05 | 00,261,632 | ---- | C] () -- C:\Windows\PEV.exe
[2010/01/05 07:29:05 | 00,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/01/05 07:29:05 | 00,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/01/05 07:29:05 | 00,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/01/05 07:29:05 | 00,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/01/03 05:15:24 | 00,293,376 | ---- | C] () -- C:\Users\Sunil\Desktop\gmer.exe
[2010/01/03 05:15:16 | 00,284,915 | ---- | C] () -- C:\Users\Sunil\Desktop\gmer.zip
[2010/01/03 05:11:26 | 00,000,825 | ---- | C] () -- C:\Users\Public\Desktop\Mal warebytes' AntiMalware.lnk
[2010/01/03 05:08:38 | 00,000,740 | ---- | C] () -- C:\Users\Sunil\Desktop\NTREGOPT.lnk
[2010/01/03 05:08:38 | 00,000,721 | ---- | C] () -- C:\Users\Sunil\Desktop\ERUNT.lnk
[2010/01/03 04:36:48 | 00,000,050 | ---- | C] () -- C:\Windows\wininit.ini
[2010/01/03 00:34:10 | 00,000,008 | ---- | C] () -- C:\ProgramData\sysReserve.ini
[2010/01/02 20:36:29 | 00,243,007 | ---- | C] () -- C:\Users\Sunil\Desktop\Shot01320.png
[2009/12/30 02:30:31 | 00,001,794 | ---- | C] () -- C:\Users\Sunil\Desktop\mkv2vob.lnk
[2009/12/30 02:27:47 | 08,192,000 | ---- | C] () -- C:\Users\Sunil\Desktop\mkv2vob.exe
[2009/12/20 21:51:00 | 00,033,376 | ---- | C] () -- C:\Users\Sunil\Desktop\ArmyOps.ini
[2009/06/11 22:29:50 | 00,041,808 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2009/03/01 22:53:04 | 00,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/02/04 03:07:09 | 00,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/12/24 17:21:58 | 00,000,680 | ---- | C] () -- C:\Users\Sunil\AppData\Local\d3d9caps.dat
[2008/11/28 18:01:01 | 00,138,056 | ---- | C] () -- C:\Users\Sunil\AppData\Roaming\PnkBstrK.sys
[2008/11/10 00:25:12 | 00,000,552 | ---- | C] () -- C:\Users\Sunil\AppData\Local\d3d8caps.dat
[2008/09/30 16:04:06 | 00,138,016 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2008/09/29 14:03:28 | 00,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2008/09/28 00:19:15 | 00,031,232 | ---- | C] () -- C:\Users\Sunil\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/26 17:36:42 | 00,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/09/19 21:57:34 | 03,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/09/19 21:55:10 | 00,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest
[2008/09/19 21:55:10 | 00,000,416 | ---- | C] () -- C:\Windows\System32\dpl100.dll.manifest
[2008/09/19 21:54:18 | 00,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2008/05/14 07:38:35 | 00,012,288 | ---- | C] () -- C:\Windows\impborl.dll
[2007/12/20 14:02:19 | 00,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2007/04/18 09:06:01 | 00,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini
[2007/03/06 06:39:19 | 00,049,152 | ---- | C] () -- C:\Windows\revdevdll.dll
[2006/11/02 12:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 07:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/03/09 10:57:59 | 01,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2003/01/07 22:05:08 | 00,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
< End of report >



I originally had Kaspersky Antivirus but my license had ran out a couple weeks ago. I uninstalled it yesterday so it could stop interferring with the other programs on the laptop. I now have Avast installed on my laptop.

Is my laptop clean up? It does seem so!
It does take a long time for my laptop to load up windows when I turn it on. It will have the loading screen for around 5-6minutes until I can finally log on, after logging on my laptop does not perform that slow. Is this due to the malware or a different cause?

Thank you for the help so far!

[hammerman]

Hi,

Logs are looking better. We'll run a thorough scan first and then look into this start-up issue.

Please follow these steps.

-- Step 1 --

Please download JavaRa to your desktop and unzip it to its own folder

• Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
• Accept any prompts.
• Open JavaRa.exe again and select Search For Updates.
• Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

-- Step 2 --

Please do an online scan with Kaspersky WebScanner

Click on Accept

You may be promted to install an ActiveX component from Kaspersky, Click Yes.

• The program will launch and then begin downloading the latest definition files:
• Once the files have been downloaded click on Settings
• In the scan settings, select the following:
  • Scan using the following Anti-Virus database:
  Extended (if available otherwise Standard)
  
  • Scan Options:
  Scan spyware, adware, diallers and other riskware
  Scan Archives
  Scan E-mail databases
• Click Save
• Now under ScanSelect My Computer
• This will start the scanning of your system.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.
  
  • Now click on View Report and then Save Report
• Save the file to your desktop as a text file.
• Copy and paste that information in your next post.

[Skag]

I ran JavaRa fine and installed the update.

I now have bitdefender internet security 2010 with license, is it possible to use this to scan through my PC instead of kaspersky online scanner? Kaspersky scanner is taking far longer than I thought - estimating around 10 hours or so!

If not, this isn't a problem, regardless I will run the scanner overnight tonight and post the log tomorrow morning.

[hammerman]

Hi,

Scan times for Kaspersky can be long but it's very thorough. I'd prefer to stick with Kaspersky if possible. An overnight scan is ideal.