Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Possible Malware infection

Started by SSri09 , Oct 06 2010 05:24 AM

  • This topic is locked This topic is locked

#1
SSri09
Posted 06 October 2010 - 05:24 AM

SSri09

    Member

  • Member
  • PipPipPip
  • 144 posts
Hi,

I am using HP xw8600 workstation. The OS is win7 64 bit.

I had a dual operating system before. I did a full reformat the whole C drive (after removing the partition) and did a clean install of win7. This was necessary as I was having a lot of BSODs. Everything was fine. Unfortunately, the BSODs have resurfaced in the last few months. I have run online scanners, MBAM, Superantispyware, etc. I use Zonealarm Extreme Security.

Four of the 5 BSOD reports show problems with "ntoskrnl.exe", while one showed issues with "discache.sys".

Steps followed:

TFC, MBAM (no infection), GMER (showed a blank screen), OTL...I also ran zonealarm virus/spyware scan (no infection).

I am attaching all the necessary scan logs as separate posts....

Plesae help.

Thanks
SSri
  • 0

Advertisements

#2
SSri09
Posted 06 October 2010 - 05:40 AM

SSri09

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 144 posts
1: MBAM.TXT


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4752

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

06/10/2010 11:29:25
mbam-log-2010-10-06 (11-29-25).txt

Scan type: Quick scan
Objects scanned: 140767
Time elapsed: 3 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


2: OTL.TXT

OTL logfile created on: 06/10/2010 12:03:00 - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\Sundars\Downloads
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 53.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.76 Gb Total Space | 388.48 Gb Free Space | 83.41% Space Free | Partition Type: NTFS
Drive D: | 1397.27 Gb Total Space | 1352.66 Gb Free Space | 96.81% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 279.47 Gb Total Space | 133.33 Gb Free Space | 47.71% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SUNDARS-PC
Current User Name: Sundars
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/10/06 12:02:29 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Sundars\Downloads\OTL (1).com
PRC - [2010/09/06 02:19:58 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
PRC - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/07/20 21:24:38 | 002,434,568 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\SysWOW64\ZoneLabs\vsmon.exe
PRC - [2010/07/20 21:22:56 | 001,038,848 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2010/07/11 00:54:32 | 000,408,936 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
PRC - [2010/03/11 12:07:54 | 000,124,432 | ---- | M] ( Pro-Softnet) -- C:\ZoneAlarmBackup\ZABackupWebM.exe
PRC - [2010/03/11 12:02:40 | 001,869,328 | ---- | M] (Pro-Softnet Corporation, U.S.A) -- C:\ZoneAlarmBackup\ZABackupClsClient.exe
PRC - [2010/03/11 12:01:32 | 000,149,008 | ---- | M] (Pro Softnet Corporation) -- C:\ZoneAlarmBackup\ZABackup Service.exe
PRC - [2010/03/03 20:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/03/03 20:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2009/07/14 02:14:15 | 000,301,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cmd.exe
PRC - [2009/05/12 21:59:16 | 000,487,424 | ---- | M] () -- C:\Program Files (x86)\MegaRAID Storage Manager\MegaMonitor\mrmonitor.exe
PRC - [2009/04/22 17:03:14 | 000,072,760 | R--- | M] () -- C:\Program Files (x86)\MegaRAID Storage Manager\Framework\VivaldiFramework.exe
PRC - [2009/03/25 15:32:18 | 000,102,400 | ---- | M] (LSI) -- C:\Program Files (x86)\MegaRAID Storage Manager\MegaPopup\popup.exe
PRC - [2009/03/02 11:27:10 | 000,144,792 | R--- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\MegaRAID Storage Manager\JRE\bin\javaw.exe
PRC - [2009/01/14 17:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2006/10/26 13:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe


========== Modules (SafeList) ==========

MOD - [2010/10/06 12:02:29 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Sundars\Downloads\OTL (1).com
MOD - [2010/07/14 13:30:14 | 000,018,688 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\McAfee\SiteAdvisor\sahook.dll
MOD - [2010/06/15 12:09:52 | 000,640,488 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\WOW64\Plugins\ISWSHEX.dll
MOD - [2010/06/15 12:09:44 | 000,562,664 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\WOW64\AK\icsak.dll
MOD - [2009/12/29 07:55:34 | 000,172,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wintrust.dll
MOD - [2009/07/14 02:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009/07/14 02:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll
MOD - [2009/06/10 22:23:11 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\msvcr80.dll
MOD - [2009/06/10 22:23:11 | 000,554,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\msvcp80.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/06/29 18:49:27 | 000,128,752 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2010/06/15 12:10:02 | 000,823,272 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV:64bit: - [2009/08/18 12:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV:64bit: - [2009/07/14 02:41:56 | 000,195,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService)
SRV:64bit: - [2009/07/14 02:41:53 | 001,361,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\PeerDistSvc.dll -- (PeerDistSvc)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 02:40:24 | 000,689,152 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cscsvc.dll -- (CscService)
SRV:64bit: - [2009/07/14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2010/10/04 14:04:30 | 002,950,744 | ---- | M] () [Auto | Running] -- C:/Program Files (x86)/Common Files/Akamai/netsession_win_062a651.dll -- (Akamai)
SRV - [2010/09/06 02:19:58 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor9.0)
SRV - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/07/20 21:24:38 | 002,434,568 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Windows\SysWOW64\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2010/06/23 09:09:57 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2010/05/20 17:19:16 | 000,101,048 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/03/18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/11 12:07:54 | 000,124,432 | ---- | M] ( Pro-Softnet) [Auto | Running] -- C:\ZoneAlarmBackup\ZABackupWebM.exe -- (ZABackupWebM)
SRV - [2010/03/11 12:01:32 | 000,149,008 | ---- | M] (Pro Softnet Corporation) [Auto | Running] -- C:\ZoneAlarmBackup\ZABackup Service.exe -- (ZoneAlarmBackup Service)
SRV - [2010/03/03 20:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2009/05/12 21:59:16 | 000,487,424 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\MegaRAID Storage Manager\MegaMonitor\mrmonitor.exe -- (MegaMonitorSrv)
SRV - [2009/04/22 17:03:14 | 000,072,760 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\MegaRAID Storage Manager\Framework\VivaldiFramework.exe -- (MSMFramework)
SRV - [2009/01/14 17:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2006/10/26 13:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe -- (MDM)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/06/15 12:09:42 | 000,033,008 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV:64bit: - [2010/06/15 12:09:40 | 000,044,784 | ---- | M] (Check Point Software Technologies) [Kernel | On_Demand | Running] -- C:\Program Files\CheckPoint\ZAForceField\AK\icsak.sys -- (icsak)
DRV:64bit: - [2010/06/09 19:16:08 | 000,456,280 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vsdatant.sys -- (Vsdatant)
DRV:64bit: - [2010/03/19 03:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/03/03 19:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/02/17 19:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2010/02/17 19:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2009/10/12 18:15:26 | 000,351,248 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2009/10/12 18:15:26 | 000,157,712 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1)
DRV:64bit: - [2009/07/14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 02:45:55 | 000,200,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmbus.sys -- (vmbus)
DRV:64bit: - [2009/07/14 02:45:55 | 000,046,672 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmstorfl.sys -- (storflt)
DRV:64bit: - [2009/07/14 02:45:55 | 000,034,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\storvsc.sys -- (storvsc)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 01:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/07/14 01:06:43 | 000,060,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\61883.sys -- (61883)
DRV:64bit: - [2009/07/14 01:06:43 | 000,048,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avc.sys -- (Avc)
DRV:64bit: - [2009/07/14 01:06:42 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msdv.sys -- (MSDV)
DRV:64bit: - [2009/07/14 00:42:58 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vms3cap.sys -- (s3cap)
DRV:64bit: - [2009/07/14 00:42:44 | 000,021,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMBusHID.sys -- (VMBusHID)
DRV:64bit: - [2009/07/14 00:24:27 | 000,514,048 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\csc.sys -- (CSC)
DRV:64bit: - [2009/06/10 21:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/25 04:38:20 | 000,966,144 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/01/09 15:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2008/05/20 18:33:36 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV - [2010/06/09 19:16:08 | 000,456,280 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\vsdatant.sys -- (Vsdatant)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.co.uk
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D6 05 80 23 B2 3A CB 01 [binary data]
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..browser.search.order.2: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.2
FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.152.10
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100503
FF - prefs.js..extensions.enabledItems: [email protected]:1.11
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..keyword.URL: "http://www.google.co...ient&gfns=1&q="


FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2010/08/04 12:48:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\AutocompletePro\[email protected] [2010/08/04 12:14:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files (x86)\McAfee\SiteAdvisor [2010/10/01 13:38:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/10/06 08:37:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/10/06 08:37:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.4\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/10/06 08:37:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.4\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/10/06 08:37:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2010/10/06 08:37:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2010/06/29 18:47:02 | 000,000,000 | ---D | M] -- C:\Users\Sundars\AppData\Roaming\Mozilla\Extensions
[2010/06/29 18:47:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sundars\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/10/06 09:04:36 | 000,000,000 | ---D | M] -- C:\Users\Sundars\AppData\Roaming\Mozilla\Firefox\Profiles\h7xf00a3.default\extensions
[2010/06/23 09:21:17 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Sundars\AppData\Roaming\Mozilla\Firefox\Profiles\h7xf00a3.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/06/29 23:52:17 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Sundars\AppData\Roaming\Mozilla\Firefox\Profiles\h7xf00a3.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/06/23 09:10:01 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Users\Sundars\AppData\Roaming\Mozilla\Firefox\Profiles\h7xf00a3.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/10/06 09:04:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/06/23 09:20:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/18 10:37:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/06/23 00:51:37 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/09/12 08:44:43 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/09/12 08:44:43 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/09/12 08:44:43 | 000,000,769 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/09/12 08:44:43 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (ZoneAlarm Toolbar Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (AC-Pro) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files (x86)\AutocompletePro\AutocompletePro.dll (SimplyGen)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
O2 - BHO: (ZoneAlarm Toolbar Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Popup] C:\Program Files (x86)\MegaRAID Storage Manager\MegaPopup\Popup.exe (LSI)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [ZoneAlarm Backup Startup] C:\ZoneAlarmBackup\ZABackupStartup.exe (Pro Softnet Corporation)
O4 - Startup: C:\Users\Sundars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZoneAlarm Backup Tray.lnk = C:\ZoneAlarmBackup\ZABackupReg2ini.exe (Pro Softnet Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMorePrograms = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCABattery = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWinKeys = 1
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30:64bit: - LSA: Security Packages - (livessp) - C:\Windows\SysNative\livessp.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\livessp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/08/04 20:07:42 | 000,000,000 | ---- | M] () - F:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{e8cf7a3b-7e4e-11df-9acf-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{e8cf7a3b-7e4e-11df-9acf-806e6f6e6963}\Shell\AutoRun\command - "" = E:\SETUP.EXE -- File not found
O33 - MountPoints2\{e8cf7a3b-7e4e-11df-9acf-806e6f6e6963}\Shell\configure\command - "" = E:\SETUP.EXE -- File not found
O33 - MountPoints2\{e8cf7a3b-7e4e-11df-9acf-806e6f6e6963}\Shell\install\command - "" = E:\SETUP.EXE -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 90 Days ==========

[2010/10/06 11:40:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Uniblue
[2010/10/06 11:40:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Uniblue
[2010/10/06 11:29:45 | 000,000,000 | ---D | C] -- C:\Users\Sundars\Desktop\GEEKSTOGO
[2010/10/06 11:19:44 | 000,000,000 | ---D | C] -- C:\IBVSSTEMP
[2010/10/06 11:04:05 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010/10/06 08:38:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2010/10/06 08:38:17 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/10/06 08:38:16 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/10/06 08:36:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2010/10/06 08:35:43 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/10/06 08:35:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2010/10/06 08:35:37 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/10/05 20:53:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adaptrade Software
[2010/10/05 12:59:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel Corporation
[2010/10/04 14:44:37 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2010/10/04 14:39:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Sonic Shared
[2010/10/04 14:39:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
[2010/10/04 14:04:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Akamai
[2010/09/23 12:05:01 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Roaming\passport_photo
[2010/09/23 12:01:27 | 000,000,000 | ---D | C] -- C:\Users\Sundars\Documents\PassportPhoto settings
[2010/09/23 12:01:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PassportPhoto
[2010/09/23 10:01:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MegaRAID Storage Manager
[2010/09/23 10:00:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2010/09/23 09:55:39 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Roaming\Intel Corporation
[2010/09/23 09:48:59 | 000,000,000 | ---D | C] -- C:\Intel
[2010/09/23 09:48:57 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2010/09/23 09:48:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2010/09/23 09:48:56 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Roaming\InstallShield
[2010/09/15 08:56:36 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Local\ProSoftnet
[2010/09/08 21:27:39 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Roaming\Blackberry Desktop
[2010/09/08 21:23:23 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Roaming\Research In Motion
[2010/09/08 21:21:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Research In Motion
[2010/09/08 21:21:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Research In Motion
[2010/09/08 21:21:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Research In Motion
[2010/09/08 21:00:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner
[2010/09/08 20:32:58 | 000,000,000 | ---D | C] -- C:\Users\Sundars\Documents\BlackBerry
[2010/09/07 13:39:05 | 000,031,744 | ---- | C] (Research in Motion Ltd) -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys
[2010/09/06 08:34:45 | 000,000,000 | ---D | C] -- C:\AmiBroker
[2010/09/06 08:29:29 | 000,000,000 | ---D | C] -- C:\MyNewData
[2010/09/03 14:28:46 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Local\Deployment
[2010/09/03 14:28:46 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Local\Apps
[2010/08/19 19:07:43 | 000,052,224 | ---- | C] (NirSoft) -- C:\Users\Sundars\Desktop\BlueScreenView.exe
[2010/08/19 12:12:48 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Roaming\SUPERAntiSpyware.com
[2010/08/19 12:12:48 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/08/19 12:12:43 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
[2010/08/19 12:12:42 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/08/18 10:37:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010/08/17 12:45:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2010/08/17 12:44:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Sync Framework
[2010/08/17 12:43:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2010/08/17 12:43:31 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2010/08/17 12:43:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live SkyDrive
[2010/08/17 12:43:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2010/08/17 12:42:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2010/08/17 12:37:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2010/08/17 12:33:12 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Local\WMTools Downloaded Files
[2010/08/17 12:32:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Movie Maker 2.6
[2010/08/16 11:54:11 | 000,000,000 | ---D | C] -- C:\RECYCLED
[2010/08/16 11:53:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Gannalyst Professional 50
[2010/08/13 21:48:29 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010/08/06 12:02:40 | 000,000,000 | ---D | C] -- C:\Users\Sundars\Desktop\Windows Tweaker
[2010/08/06 11:34:58 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Roaming\Uniblue
[2010/08/06 11:30:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows Genuine Advantage
[2010/08/05 11:01:52 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Roaming\Tracker Software
[2010/08/05 09:02:15 | 000,000,000 | ---D | C] -- C:\Program Files\Tracker Software
[2010/08/04 12:47:53 | 000,157,712 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\kl1.sys
[2010/08/04 12:47:49 | 000,351,248 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2010/08/04 12:46:57 | 000,000,000 | ---D | C] -- C:\Program Files\SonicWALL
[2010/08/04 12:46:54 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\ZoneLabs
[2010/08/04 12:14:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AutocompletePro
[2010/08/04 11:01:00 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Local\Google
[2010/07/28 12:10:55 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Roaming\WinRAR
[2010/07/28 12:10:38 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2010/07/21 12:04:53 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/07/19 09:55:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Syrius Updater
[2010/07/19 09:54:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/10/06 12:03:33 | 004,718,592 | -HS- | M] () -- C:\Users\Sundars\ntuser.dat
[2010/10/06 11:58:01 | 000,014,656 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/06 11:58:01 | 000,014,656 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/06 11:40:41 | 000,001,078 | ---- | M] () -- C:\Users\Public\Desktop\DriverScanner.lnk
[2010/10/06 11:28:45 | 000,000,000 | -H-- | M] () -- C:\Users\Sundars\Documents\Default.rdp
[2010/10/06 11:22:37 | 000,724,492 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/10/06 11:22:37 | 000,626,252 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/10/06 11:22:37 | 000,110,176 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/10/06 11:18:05 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1248678023-3426249870-1742254041-1000UA.job
[2010/10/06 11:18:05 | 000,000,862 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1248678023-3426249870-1742254041-1000Core.job
[2010/10/06 10:56:09 | 000,000,144 | ---- | M] () -- C:\Windows\SysWow64\pdfl.dat
[2010/10/06 10:54:25 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/10/06 10:54:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/06 10:52:39 | 004,307,493 | -H-- | M] () -- C:\Users\Sundars\AppData\Local\IconCache.db
[2010/10/06 08:38:28 | 000,002,429 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/10/06 08:36:59 | 000,001,845 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/10/05 20:53:47 | 000,002,661 | ---- | M] () -- C:\Users\Public\Desktop\Market System Analyzer 3.lnk
[2010/10/05 00:59:41 | 000,000,018 | ---- | M] () -- C:\UserName.ini
[2010/10/04 23:40:23 | 000,002,288 | ---- | M] () -- C:\Users\Sundars\Desktop\Google Chrome.lnk
[2010/10/04 20:17:56 | 000,426,584 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/10/04 14:45:00 | 000,115,328 | ---- | M] () -- C:\Users\Sundars\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/10/04 14:41:24 | 000,001,880 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Photoshop Elements 9.lnk
[2010/10/04 12:21:04 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010/10/03 22:02:06 | 003,245,838 | ---- | M] () -- C:\Users\Sundars\Desktop\MTPredictor Trading Course Part 1 (Dec72009).pdf
[2010/10/02 08:41:28 | 000,001,011 | ---- | M] () -- C:\Users\Sundars\Desktop\CCleaner.lnk
[2010/09/29 18:57:20 | 000,034,304 | ---- | M] () -- C:\Users\Sundars\Documents\Copy of Letter from Tony for treating him Elective Professional client.doc
[2010/09/23 21:06:10 | 000,197,416 | -H-- | M] () -- C:\Windows\SysWow64\mlfcache.dat
[2010/09/23 12:04:59 | 000,002,016 | ---- | M] () -- C:\Users\Sundars\Desktop\PassportPhoto.lnk
[2010/09/23 10:01:45 | 000,000,102 | ---- | M] () -- C:\Windows\LSI_StorSNMP.ini
[2010/09/23 10:01:44 | 000,001,982 | ---- | M] () -- C:\Users\Public\Desktop\MegaRAID Storage Manager.lnk
[2010/09/09 18:22:37 | 000,000,588 | ---- | M] () -- C:\Windows\win.ini
[2010/09/09 18:17:00 | 000,002,231 | ---- | M] () -- C:\Users\Public\Desktop\BlackBerry Desktop Software.lnk
[2010/09/08 22:32:55 | 000,000,256 | ---- | M] () -- C:\Windows\SysWow64\pool.bin
[2010/09/06 13:33:42 | 000,000,604 | ---- | M] () -- C:\Users\Sundars\Desktop\AmiBroker.lnk
[2010/09/01 23:25:00 | 000,534,950 | ---- | M] () -- C:\Users\Sundars\Desktop\guruvayurappan.docx
[2010/08/25 21:18:40 | 000,001,852 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/08/25 13:27:28 | 000,031,105 | ---- | M] () -- C:\Users\Sundars\Desktop\IMG_25082010_132719.png
[2010/08/20 08:59:16 | 000,002,014 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/08/19 07:13:28 | 000,000,036 | ---- | M] () -- C:\Users\Sundars\AppData\Local\housecall.guid.cache
[2010/08/18 11:15:40 | 000,010,240 | ---- | M] () -- C:\Users\Sundars\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/16 11:53:40 | 000,001,160 | ---- | M] () -- C:\Users\Sundars\Desktop\Gannalyst Professional 5.0.lnk
[2010/08/15 19:11:28 | 000,052,224 | ---- | M] (NirSoft) -- C:\Users\Sundars\Desktop\BlueScreenView.exe
[2010/08/11 21:59:57 | 000,001,967 | ---- | M] () -- C:\Users\Sundars\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/08/11 21:59:57 | 000,001,943 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/08/05 09:02:17 | 000,001,045 | ---- | M] () -- C:\Users\Public\Desktop\PDF-XChange Viewer.lnk
[2010/08/04 12:48:49 | 000,425,084 | ---- | M] () -- C:\Windows\SysNative\drivers\vsconfig.xml
[2010/08/04 12:47:55 | 000,001,070 | ---- | M] () -- C:\Users\Sundars\Desktop\ZoneAlarm Security.lnk
[2010/08/02 21:07:00 | 000,393,023 | ---- | M] () -- C:\Users\Sundars\Documents\Engagement_Letter_-_Free_Trial=scb (Autosaved).pdf
[2010/07/29 16:35:29 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Sundars\Desktop\TFC.exe
[2010/07/27 22:06:11 | 000,524,288 | -HS- | M] () -- C:\Users\Sundars\ntuser.dat{b1f68aaf-99a8-11df-9bd5-00215ac6f264}.TMContainer00000000000000000002.regtrans-ms
[2010/07/27 22:06:11 | 000,524,288 | -HS- | M] () -- C:\Users\Sundars\ntuser.dat{b1f68aaf-99a8-11df-9bd5-00215ac6f264}.TMContainer00000000000000000001.regtrans-ms
[2010/07/27 22:06:11 | 000,065,536 | -HS- | M] () -- C:\Users\Sundars\ntuser.dat{b1f68aaf-99a8-11df-9bd5-00215ac6f264}.TM.blf
[2010/07/26 11:50:14 | 000,480,230 | ---- | M] () -- C:\Users\Sundars\Documents\Book2.csv
[2010/07/09 15:18:25 | 000,038,229 | ---- | M] () -- C:\Users\Sundars\Desktop\EURGBP.png
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/06 11:44:42 | 000,293,376 | ---- | C] () -- C:\Users\Sundars\Desktop\gmer.exe
[2010/10/06 11:40:41 | 000,001,078 | ---- | C] () -- C:\Users\Public\Desktop\DriverScanner.lnk
[2010/10/06 11:28:45 | 000,000,000 | -H-- | C] () -- C:\Users\Sundars\Documents\Default.rdp
[2010/10/06 08:38:28 | 000,002,429 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/10/06 08:36:59 | 000,001,845 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/10/05 20:53:47 | 000,002,661 | ---- | C] () -- C:\Users\Public\Desktop\Market System Analyzer 3.lnk
[2010/10/04 23:40:23 | 000,002,288 | ---- | C] () -- C:\Users\Sundars\Desktop\Google Chrome.lnk
[2010/10/04 14:41:24 | 000,001,880 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Photoshop Elements 9.lnk
[2010/10/04 12:21:04 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010/10/03 22:02:06 | 003,245,838 | ---- | C] () -- C:\Users\Sundars\Desktop\MTPredictor Trading Course Part 1 (Dec72009).pdf
[2010/09/29 18:57:19 | 000,034,304 | ---- | C] () -- C:\Users\Sundars\Documents\Copy of Letter from Tony for treating him Elective Professional client.doc
[2010/09/23 12:01:23 | 000,002,016 | ---- | C] () -- C:\Users\Sundars\Desktop\PassportPhoto.lnk
[2010/09/23 10:01:44 | 000,001,982 | ---- | C] () -- C:\Users\Public\Desktop\MegaRAID Storage Manager.lnk
[2010/09/08 23:06:33 | 000,002,231 | ---- | C] () -- C:\Users\Public\Desktop\BlackBerry Desktop Software.lnk
[2010/09/08 21:00:43 | 000,001,011 | ---- | C] () -- C:\Users\Sundars\Desktop\CCleaner.lnk
[2010/09/08 20:32:30 | 000,000,924 | ---- | C] () -- C:\Users\Sundars\AppData\Roaming\Rim.Desktop.Exception.log
[2010/09/08 13:45:26 | 000,003,283 | ---- | C] () -- C:\Users\Sundars\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
[2010/09/07 13:40:23 | 000,000,256 | ---- | C] () -- C:\Windows\SysWow64\pool.bin
[2010/09/01 23:24:59 | 000,534,950 | ---- | C] () -- C:\Users\Sundars\Desktop\guruvayurappan.docx
[2010/08/25 13:27:27 | 000,031,105 | ---- | C] () -- C:\Users\Sundars\Desktop\IMG_25082010_132719.png
[2010/08/19 12:12:43 | 000,001,852 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/08/19 07:13:28 | 000,000,036 | ---- | C] () -- C:\Users\Sundars\AppData\Local\housecall.guid.cache
[2010/08/17 21:35:24 | 000,010,240 | ---- | C] () -- C:\Users\Sundars\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/16 11:53:40 | 000,001,160 | ---- | C] () -- C:\Users\Sundars\Desktop\Gannalyst Professional 5.0.lnk
[2010/08/11 21:59:57 | 000,001,967 | ---- | C] () -- C:\Users\Sundars\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/08/05 09:02:17 | 000,001,045 | ---- | C] () -- C:\Users\Public\Desktop\PDF-XChange Viewer.lnk
[2010/08/04 12:47:55 | 000,001,070 | ---- | C] () -- C:\Users\Sundars\Desktop\ZoneAlarm Security.lnk
[2010/08/04 11:13:42 | 000,000,914 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1248678023-3426249870-1742254041-1000UA.job
[2010/08/04 11:13:38 | 000,000,862 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1248678023-3426249870-1742254041-1000Core.job
[2010/08/02 21:06:59 | 000,393,023 | ---- | C] () -- C:\Users\Sundars\Documents\Engagement_Letter_-_Free_Trial=scb (Autosaved).pdf
[2010/08/01 20:44:00 | 000,197,416 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2010/07/27 18:59:55 | 000,524,288 | -HS- | C] () -- C:\Users\Sundars\ntuser.dat{b1f68aaf-99a8-11df-9bd5-00215ac6f264}.TMContainer00000000000000000002.regtrans-ms
[2010/07/27 18:59:55 | 000,524,288 | -HS- | C] () -- C:\Users\Sundars\ntuser.dat{b1f68aaf-99a8-11df-9bd5-00215ac6f264}.TMContainer00000000000000000001.regtrans-ms
[2010/07/27 18:59:55 | 000,065,536 | -HS- | C] () -- C:\Users\Sundars\ntuser.dat{b1f68aaf-99a8-11df-9bd5-00215ac6f264}.TM.blf
[2010/07/26 11:50:13 | 000,480,230 | ---- | C] () -- C:\Users\Sundars\Documents\Book2.csv
[2010/07/09 15:18:24 | 000,038,229 | ---- | C] () -- C:\Users\Sundars\Desktop\EURGBP.png
[2010/06/28 15:32:09 | 000,728,982 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/06/23 07:41:12 | 000,441,705 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll
[2010/06/23 07:41:12 | 000,055,808 | ---- | C] () -- C:\Windows\SysWow64\zlib1.dll
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/14 00:16:42 | 000,056,880 | ---- | C] () -- C:\Windows\SysWow64\scvideo.dll
[2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/04/07 22:08:06 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\AlertStrings.dll
[2008/11/26 10:06:36 | 000,000,102 | ---- | C] () -- C:\Windows\LSI_StorSNMP.ini
[2006/08/25 05:31:57 | 000,000,040 | ---- | C] () -- C:\Users\Sundars\AppData\Local\703911de9d20150.dat
[2000/07/01 09:14:06 | 000,000,040 | ---- | C] () -- C:\Windows\806e6f6e6963122.ini

========== LOP Check ==========

[2010/09/08 23:17:19 | 000,032,612 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/07/14 02:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2010/06/23 08:37:06 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2010/10/06 10:54:14 | 4294,275,072 | -HS- | M] () -- C:\pagefile.sys
[2010/10/05 00:59:41 | 000,000,018 | ---- | M] () -- C:\UserName.ini

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
< End of report >

3: EXTRA.TXT

OTL Extras logfile created on: 06/10/2010 12:03:10 - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\Sundars\Downloads
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 53.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.76 Gb Total Space | 388.48 Gb Free Space | 83.41% Space Free | Partition Type: NTFS
Drive D: | 1397.27 Gb Total Space | 1352.66 Gb Free Space | 96.81% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 279.47 Gb Total Space | 133.33 Gb Free Space | 47.71% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SUNDARS-PC
Current User Name: Sundars
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04F9B09E-CDB5-46fc-AC30-2E7E7C7A8A34}" = Canon MP800
"{104FB32A-7CE3-4C4B-B2AA-70C613FF9DFA}" = iTunes
"{21BF1592-7D07-4516-930C-2BF40CE9E59B}" = PDF-XChange Viewer
"{33EB1061-ABF1-4470-A540-32E97A610536}" = Apple Mobile Device Support
"{41BF0DE4-5BAE-4B88-AFD3-86A30B222186}" = Bonjour
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{007F778D-F15C-4EAB-AE92-071D21FAF632}" = Adobe Photoshop Elements 9
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{1BD07DF4-FB06-41BA-B896-B2DA59000C96}" = Windows Live Toolbar
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 21
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{34A350D1-64FB-36D8-9D0C-1CD8E392DBA5}" = Google Talk Plugin
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{433EACD8-4747-4A6A-826A-FFA9F39B0D40}" = Elements 9 Organizer
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{499A4A0C-20A5-421F-9BCE-AE1AAD817603}" = MegaRAID Storage Manager v3.04.0700
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_PROR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{941EF673-E12C-4652-9B22-86DA2F968A2D}" = Market System Analyzer 3
"{964A0E79-160F-4F5F-97D0-9C03CFA434FA}" = Syrius Updater
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1" = Uniblue DriverScanner
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D25F26E6-7F37-4580-9E83-2BDD9BE9E0CE}" = BlackBerry Desktop Software 6.0
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E2AE009D-37E5-4724-A6B8-0ED6A6BA4F68}" = Elements STI Installer
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F302F4F0-588D-6501-1ACF-BE3FDCC9135D}" = Adobe Community Help
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 9" = Adobe Photoshop Elements 9
"Akamai" = Akamai NetSession Interface
"AmiBroker_is1" = AmiBroker 5.30
"AutocompletePro3_is1" = AutocompletePro
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.0
"CanonMyPrinter" = Canon Utilities My Printer
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Gannalyst Professional 5.0_is1" = Gannalyst Professional 5.0
"InstallShield_{499A4A0C-20A5-421F-9BCE-AE1AAD817603}" = MegaRAID Storage Manager v3.04.0700
"IQFeed Client" = IQFeed Client 4.7.0.9
"Jagannatha Hora_is1" = Jagannatha Hora 7.4
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"Mozilla Thunderbird (3.1.2)" = Mozilla Thunderbird (3.1.2)
"MP Navigator 2.0" = Canon MP Navigator 2.0
"PROR" = Microsoft Office Professional 2007
"Revo Uninstaller" = Revo Uninstaller 1.89
"WinLiveSuite_Wave3" = Windows Live Essentials
"ZoneAlarm Backup Powered by IDrive_is1" = ZoneAlarm Backup Powered by IDrive version 1.0.5 March 11, 2010
"ZoneAlarm Extreme Security" = ZoneAlarm Extreme Security

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"PassportPhoto" = PassportPhoto (remove)

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 03/10/2010 07:16:39 | Computer Name = Sundars-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files (x86)\windows
live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

Error - 03/10/2010 07:16:54 | Computer Name = Sundars-PC | Source = SideBySide | ID = 16842811
Description = Activation context generation failed for "c:\program files (x86)\microsoft\search
enhancement pack\search helper\searchhelper.dll".Error in manifest or policy file
"c:\program files (x86)\microsoft\search enhancement pack\search helper\searchhelper.dll"
on line 2. Invalid Xml syntax.

Error - 03/10/2010 14:00:01 | Computer Name = Sundars-PC | Source = Windows Backup | ID = 4103
Description =

Error - 04/10/2010 19:12:51 | Computer Name = Sundars-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files (x86)\Research
In Motion\BlackBerry Desktop\IntelliSync\Connectors\MS Outlook Connector\X64\MsOutlookApiProxy.exe".
Dependent
Assembly Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 04/10/2010 19:13:12 | Computer Name = Sundars-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files (x86)\windows
live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

Error - 04/10/2010 19:13:28 | Computer Name = Sundars-PC | Source = SideBySide | ID = 16842811
Description = Activation context generation failed for "c:\program files (x86)\microsoft\search
enhancement pack\search helper\searchhelper.dll".Error in manifest or policy file
"c:\program files (x86)\microsoft\search enhancement pack\search helper\searchhelper.dll"
on line 2. Invalid Xml syntax.

Error - 04/10/2010 19:13:41 | Computer Name = Sundars-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files (x86)\common
files\Adobe\OOBE\PDApp\DWA\resources\libraries\ARKCmdCaps.dll". Dependent Assembly
Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 04/10/2010 19:13:41 | Computer Name = Sundars-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files (x86)\common
files\Adobe\OOBE\PDApp\DWA\resources\libraries\ARKCmdDefrag.dll". Dependent Assembly
Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 04/10/2010 19:13:41 | Computer Name = Sundars-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files (x86)\common
files\Adobe\OOBE\PDApp\DWA\resources\libraries\ARKCmdFS.dll". Dependent Assembly
Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 04/10/2010 19:13:41 | Computer Name = Sundars-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files (x86)\common
files\Adobe\OOBE\PDApp\DWA\resources\libraries\ARKEngine.dll". Dependent Assembly
Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"
could not be found. Please use sxstrace.exe for detailed diagnosis.

[ OSession Events ]
Error - 30/06/2010 11:18:40 | Computer Name = Sundars-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 924
seconds with 60 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 04/10/2010 18:36:45 | Computer Name = Sundars-PC | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 10. The internal error state
is 10.

Error - 05/10/2010 05:34:41 | Computer Name = Sundars-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 10:29:06 on ?05/?10/?2010 was unexpected.

Error - 05/10/2010 05:39:52 | Computer Name = Sundars-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 10:36:23 on ?05/?10/?2010 was unexpected.

Error - 05/10/2010 05:44:39 | Computer Name = Sundars-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 10:40:38 on ?05/?10/?2010 was unexpected.

Error - 06/10/2010 02:16:06 | Computer Name = Sundars-PC | Source = DCOM | ID = 10010
Description =

Error - 06/10/2010 03:35:51 | Computer Name = Sundars-PC | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 06/10/2010 03:36:04 | Computer Name = Sundars-PC | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 2 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 06/10/2010 03:37:04 | Computer Name = Sundars-PC | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Apple Mobile Device service,
but this action failed with the following error: %%1056

Error - 06/10/2010 05:37:29 | Computer Name = Sundars-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 10:33:26 on ?06/?10/?2010 was unexpected.

Error - 06/10/2010 05:37:30 | Computer Name = Sundars-PC | Source = BugCheck | ID = 1001
Description =


< End of report >


4: GMER (ARK.TXT)

BLANK...When it was executed, I got the following error:

c:\windows\system32\config\system: The system cannot find the file specified

Clicked OK, Scan....This gives another error:

c:\windows\system32\config\system: The process cannot access the file because it is being used by another process.

Click OK starts the scan and does not return anything......after the scan is complete.
  • 0

#3
SSri09
Posted 06 October 2010 - 05:44 AM

SSri09

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 144 posts
The following are DUMP FILES

1: DUMP4

==================================================
Dump File : 100610-48687-01.dmp
Crash Time : 06/10/2010 10:37:08
Bug Check String : IRQL_GT_ZERO_AT_SYSTEM_SERVICE
Bug Check Code : 0x0000004a
Parameter 1 : 00000000`74da2dd9
Parameter 2 : 00000000`00000002
Parameter 3 : 00000000`00000000
Parameter 4 : fffff880`03d07c60
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+70740
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7600.16617 (win7_gdr.100618-1621)
Processor : x64
Computer Name :
Full Path : C:\Windows\Minidump\100610-48687-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7600
==================================================

2: DUMP3


==================================================
Filename : srv.sys
Address In Stack :
From Address : fffff880`0845b000
To Address : fffff880`084f1000
Size : 0x00096000
Time Stamp : 0x4c202c27
Time String : 22/06/2010 04:21:11
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : srv2.sys
Address In Stack :
From Address : fffff880`06600000
To Address : 0048f8d6`06668000
Size : 0x0049005600068000
Time Stamp : 0x4c202c0f
Time String : 22/06/2010 04:20:47
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : srvnet.sys
Address In Stack :
From Address : fffff880`067a8000
To Address : fffff880`067d5000
Size : 0x0002d000
Time Stamp : 0x4c202c00
Time String : 22/06/2010 04:20:32
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : win32k.sys
Address In Stack :
From Address : fffff960`00060000
To Address : fffff3e0`0036f000
Size : 0xfffffa800030f000
Time Stamp : 0x4c1c483f
Time String : 19/06/2010 05:31:59
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : ntoskrnl.exe
Address In Stack : ntoskrnl.exe+6fca9
From Address : fffff800`02c01000
To Address : fffff800`031dd000
Size : 0x005dc000
Time Stamp : 0x4c1c44a9
Time String : 19/06/2010 05:16:41
Product Name : Microsoft® Windows® Operating System
File Description : NT Kernel & System
File Version : 6.1.7600.16617 (win7_gdr.100618-1621)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\ntoskrnl.exe
==================================================

==================================================
Filename : icsak.sys
Address In Stack :
From Address : fffff880`084f1000
To Address : fffff880`08500000
Size : 0x0000f000
Time Stamp : 0x4c1654eb
Time String : 14/06/2010 17:12:27
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : ISWKL.sys
Address In Stack :
From Address : fffff880`02ec3000
To Address : 687344cb`02ece000
Size : 0x68734c4b0000b000
Time Stamp : 0x4c1654e6
Time String : 14/06/2010 17:12:22
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : tcpip.sys
Address In Stack :
From Address : fffff880`01a02000
To Address : fffff880`01bff000
Size : 0x001fd000
Time Stamp : 0x4c15a458
Time String : 14/06/2010 04:39:04
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : cdd.dll
Address In Stack :
From Address : fffff960`00620000
To Address : fffff960`00647000
Size : 0x00027000
Time Stamp : 0x4bf4408a
Time String : 19/05/2010 20:48:26
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : vsdatant.sys
Address In Stack :
From Address : fffff880`03003000
To Address : fffff880`03096000
Size : 0x00093000
Time Stamp : 0x4bdf0b8a
Time String : 03/05/2010 18:44:42
Product Name : ZoneAlarm Firewalling Driver
File Description : ZoneAlarm Firewalling Driver
File Version : 9.1.522.000
Company : Check Point Software Technologies LTD
Full Path : C:\Windows\system32\drivers\vsdatant.sys
==================================================

==================================================
Filename : NETIO.SYS
Address In Stack :
From Address : fffff880`0191d000
To Address : fffff880`0197d000
Size : 0x00060000
Time Stamp : 0x4bbe946f
Time String : 09/04/2010 03:43:59
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : ks.sys
Address In Stack :
From Address : fffff880`04c00000
To Address : fffff300`04c43000
Size : 0xfffffa8000043000
Time Stamp : 0x4b8f37d9
Time String : 04/03/2010 05:32:25
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : iaStor.sys
Address In Stack :
From Address : fffff880`0102b000
To Address : fffff880`01235000
Size : 0x0020a000
Time Stamp : 0x4b8f2033
Time String : 04/03/2010 03:51:31
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : dump_iaStor.sys
Address In Stack :
From Address : fffff880`03e00000
To Address : fffff880`0400a000
Size : 0x0020a000
Time Stamp : 0x4b8f2033
Time String : 04/03/2010 03:51:31
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : mrxsmb10.sys
Address In Stack :
From Address : fffff880`06686000
To Address : 0000007f`066d4000
Size : 0x000007ff0004e000
Time Stamp : 0x4b88cf3c
Time String : 27/02/2010 08:52:28
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : mrxsmb20.sys
Address In Stack :
From Address : fffff880`066d4000
To Address : fffff300`066f7000
Size : 0xfffffa8000023000
Time Stamp : 0x4b88cf3a
Time String : 27/02/2010 08:52:26
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : mrxsmb.sys
Address In Stack :
From Address : fffff880`02fcc000
To Address : d07df980`02ff9000
Size : 0xd07e01000002d000
Time Stamp : 0x4b88cf33
Time String : 27/02/2010 08:52:19
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : SASKUTIL64.SYS
Address In Stack :
From Address : fffff880`03136000
To Address : fffff880`03140000
Size : 0x0000a000
Time Stamp : 0x4b71e156
Time String : 09/02/2010 23:27:34
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : SASDIFSV64.SYS
Address In Stack :
From Address : fffff880`03140000
To Address : fffff300`0314a000
Size : 0xfffffa800000a000
Time Stamp : 0x4b70a848
Time String : 09/02/2010 01:11:52
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : ksecpkg.sys
Address In Stack :
From Address : fffff880`0197d000
To Address : fffff880`019a8000
Size : 0x0002b000
Time Stamp : 0x4b21e0b4
Time String : 11/12/2009 07:03:32
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : dxgkrnl.sys
Address In Stack :
From Address : fffff880`0529e000
To Address : fffff880`05392000
Size : 0x000f4000
Time Stamp : 0x4ac5509e
Time String : 02/10/2009 02:00:14
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : fvevol.sys
Address In Stack :
From Address : fffff880`01d51000
To Address : fffff880`01d8b000
Size : 0x0003a000
Time Stamp : 0x4abd7db2
Time String : 26/09/2009 03:34:26
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : kl1.sys
Address In Stack :
From Address : fffff880`04c63000
To Address : fffff300`0518c000
Size : 0xfffffa8000529000
Time Stamp : 0x4abcccb1
Time String : 25/09/2009 14:59:13
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : klif.sys
Address In Stack :
From Address : fffff880`04074000
To Address : fffff880`040d0000
Size : 0x0005c000
Time Stamp : 0x4ab8a777
Time String : 22/09/2009 11:31:19
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : PSHED.dll
Address In Stack :
From Address : fffff880`00cf5000
To Address : fffff880`00d09000
Size : 0x00014000
Time Stamp : 0x4a5be027
Time String : 14/07/2009 02:32:23
Product Name : Microsoft® Windows® Operating System
File Description : Platform Specific Hardware Error Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\PSHED.dll
==================================================

==================================================
Filename : CI.dll
Address In Stack :
From Address : fffff880`00e33000
To Address : fffff880`00ef3000
Size : 0x000c0000
Time Stamp : 0x4a5be01d
Time String : 14/07/2009 02:32:13
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : kdcom.dll
Address In Stack :
From Address : fffff800`00bb7000
To Address : fffff800`00bc1000
Size : 0x0000a000
Time Stamp : 0x4a5bdfdb
Time String : 14/07/2009 02:31:07
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : mcupdate.dll
Address In Stack :
From Address : fffff880`00cb1000
To Address : fffff880`00cf5000
Size : 0x00044000
Time Stamp : 0x4a5bdf66
Time String : 14/07/2009 02:29:10
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : hal.dll
Address In Stack :
From Address : fffff800`031dd000
To Address : fffff800`03226000
Size : 0x00049000
Time Stamp : 0x4a5bdf08
Time String : 14/07/2009 02:27:36
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : drmk.sys
Address In Stack :
From Address : fffff880`051d1000
To Address : 687344cb`051f3000
Size : 0x68734c4b00022000
Time Stamp : 0x4a5bd8e5
Time String : 14/07/2009 02:01:25
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : peauth.sys
Address In Stack :
From Address : fffff880`066f7000
To Address : fffff880`0679d000
Size : 0x000a6000
Time Stamp : 0x4a5bd8df
Time String : 14/07/2009 02:01:19
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : rdpbus.sys
Address In Stack :
From Address : fffff880`04643000
To Address : fffff880`0464e000
Size : 0x0000b000
Time Stamp : 0x4a5bceaa
Time String : 14/07/2009 01:17:46
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : termdd.sys
Address In Stack :
From Address : fffff880`03122000
To Address : fffff300`03136000
Size : 0xfffffa8000014000
Time Stamp : 0x4a5bce64
Time String : 14/07/2009 01:16:36
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : rdprefmp.sys
Address In Stack :
From Address : fffff880`04135000
To Address : fffff880`0413e000
Size : 0x00009000
Time Stamp : 0x4a5bce63
Time String : 14/07/2009 01:16:35
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : RDPCDD.sys
Address In Stack :
From Address : fffff880`04123000
To Address : fffff880`0412c000
Size : 0x00009000
Time Stamp : 0x4a5bce62
Time String : 14/07/2009 01:16:34
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : rdpencdd.sys
Address In Stack :
From Address : fffff880`0412c000
To Address : fffff880`04135000
Size : 0x00009000
Time Stamp : 0x4a5bce62
Time String : 14/07/2009 01:16:34
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : TSDDD.dll
Address In Stack :
From Address : fffff960`005d0000
To Address : 0063f9d3`005da000
Size : 0x006400730000a000
Time Stamp : 0x4a5bce62
Time String : 14/07/2009 01:16:34
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : modem.sys
Address In Stack :
From Address : fffff880`04748000
To Address : 644d65f3`04757000
Size : 0x644d6d730000f000
Time Stamp : 0x4a5bcd08
Time String : 14/07/2009 01:10:48
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : RootMdm.sys
Address In Stack :
From Address : fffff880`04740000
To Address : fffff880`04748000
Size : 0x00008000
Time Stamp : 0x4a5bcd07
Time String : 14/07/2009 01:10:47
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : rassstp.sys
Address In Stack :
From Address : fffff880`04621000
To Address : 3f894088`0463b000
Size : 0x3f8948080001a000
Time Stamp : 0x4a5bccf1
Time String : 14/07/2009 01:10:25
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : AgileVpn.sys
Address In Stack :
From Address : fffff880`04757000
To Address : fffff300`0476d000
Size : 0xfffffa8000016000
Time Stamp : 0x4a5bccf0
Time String : 14/07/2009 01:10:24
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : wanarp.sys
Address In Stack :
From Address : fffff880`03107000
To Address : fffff880`03122000
Size : 0x0001b000
Time Stamp : 0x4a5bcced
Time String : 14/07/2009 01:10:21
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : raspptp.sys
Address In Stack :
From Address : fffff880`04600000
To Address : 4e8d4170`04621000
Size : 0x4e8d48f000021000
Time Stamp : 0x4a5bccea
Time String : 14/07/2009 01:10:18
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : raspppoe.sys
Address In Stack :
From Address : fffff880`047cc000
To Address : 05297200`047e7000
Size : 0x052979800001b000
Time Stamp : 0x4a5bcce9
Time String : 14/07/2009 01:10:17
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : asyncmac.sys
Address In Stack :
From Address : fffff880`08571000
To Address : fffff880`0857c000
Size : 0x0000b000
Time Stamp : 0x4a5bcce5
Time String : 14/07/2009 01:10:13
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : rasl2tp.sys
Address In Stack :
From Address : fffff880`0476d000
To Address : fffff880`04791000
Size : 0x00024000
Time Stamp : 0x4a5bcce3
Time String : 14/07/2009 01:10:11
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : ndiswan.sys
Address In Stack :
From Address : fffff880`0479d000
To Address : fffff880`047cc000
Size : 0x0002f000
Time Stamp : 0x4a5bcce3
Time String : 14/07/2009 01:10:11
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : NDProxy.SYS
Address In Stack :
From Address : fffff880`04660000
To Address : 694245d3`04675000
Size : 0x69424d5300015000
Time Stamp : 0x4a5bccdd
Time String : 14/07/2009 01:10:05
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : ndistapi.sys
Address In Stack :
From Address : fffff880`04791000
To Address : cae92109`0479d000
Size : 0xcae928890000c000
Time Stamp : 0x4a5bccd8
Time String : 14/07/2009 01:10:00
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : tcpipreg.sys
Address In Stack :
From Address : fffff880`067d5000
To Address : fffff880`067e7000
Size : 0x00012000
Time Stamp : 0x4a5bcccd
Time String : 14/07/2009 01:09:49
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : pacer.sys
Address In Stack :
From Address : fffff880`0309f000
To Address : 644d65f3`030c5000
Size : 0x644d6d7300026000
Time Stamp : 0x4a5bccc5
Time String : 14/07/2009 01:09:41
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : wfplwf.sys
Address In Stack :
From Address : fffff880`03096000
To Address : fffff880`0309f000
Size : 0x00009000
Time Stamp : 0x4a5bccb6
Time String : 14/07/2009 01:09:26
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : netbios.sys
Address In Stack :
From Address : fffff880`030db000
To Address : 203d35bc`030ea000
Size : 0x203d3d3c0000f000
Time Stamp : 0x4a5bccb6
Time String : 14/07/2009 01:09:26
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : ndisuio.sys
Address In Stack :
From Address : fffff880`02e98000
To Address : fffff300`02eab000
Size : 0xfffffa8000013000
Time Stamp : 0x4a5bccb5
Time String : 14/07/2009 01:09:25
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : lltdio.sys
Address In Stack :
From Address : fffff880`0402b000
To Address : fffff880`04040000
Size : 0x00015000
Time Stamp : 0x4a5bcc92
Time String : 14/07/2009 01:08:50
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : rspndr.sys
Address In Stack :
From Address : fffff880`02eab000
To Address : 00e85c03`02ec3000
Size : 0x00e8638300018000
Time Stamp : 0x4a5bcc92
Time String : 14/07/2009 01:08:50
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : mpsdrv.sys
Address In Stack :
From Address : fffff880`02fb4000
To Address : fffff880`02fcc000
Size : 0x00018000
Time Stamp : 0x4a5bcc79
Time String : 14/07/2009 01:08:25
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : nwifi.sys
Address In Stack :
From Address : fffff880`02e45000
To Address : fffff300`02e98000
Size : 0xfffffa8000053000
Time Stamp : 0x4a5bcc3b
Time String : 14/07/2009 01:07:23
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : vwififlt.sys
Address In Stack :
From Address : fffff880`030c5000
To Address : fffff300`030db000
Size : 0xfffffa8000016000
Time Stamp : 0x4a5bcc3a
Time String : 14/07/2009 01:07:22
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : 1394ohci.sys
Address In Stack :
From Address : fffff880`05a56000
To Address : fffff300`05a94000
Size : 0xfffffa800003e000
Time Stamp : 0x4a5bcc30
Time String : 14/07/2009 01:07:12
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : usbhub.sys
Address In Stack :
From Address : fffff880`04185000
To Address : fffff080`041df000
Size : 0xfffff8000005a000
Time Stamp : 0x4a5bcc2d
Time String : 14/07/2009 01:07:09
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : HdAudio.sys
Address In Stack :
From Address : fffff880`01c8a000
To Address : fffff880`01ce6000
Size : 0x0005c000
Time Stamp : 0x4a5bcc23
Time String : 14/07/2009 01:06:59
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : umbus.sys
Address In Stack :
From Address : fffff880`0464e000
To Address : fffff880`04660000
Size : 0x00012000
Time Stamp : 0x4a5bcc20
Time String : 14/07/2009 01:06:56
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : USBPORT.SYS
Address In Stack :
From Address : fffff880`05a00000
To Address : 00040103`05a56000
Size : 0x0004088300056000
Time Stamp : 0x4a5bcc07
Time String : 14/07/2009 01:06:31
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : usbehci.sys
Address In Stack :
From Address : fffff880`05255000
To Address : fffff87f`05266000
Size : 0xffffffff00011000
Time Stamp : 0x4a5bcc06
Time String : 14/07/2009 01:06:30
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : usbuhci.sys
Address In Stack :
From Address : fffff880`05248000
To Address : 3afff89a`05255000
Size : 0x3b00001a0000d000
Time Stamp : 0x4a5bcc03
Time String : 14/07/2009 01:06:27
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : portcls.sys
Address In Stack :
From Address : fffff880`031c1000
To Address : 687344cb`031fe000
Size : 0x68734c4b0003d000
Time Stamp : 0x4a5bcc03
Time String : 14/07/2009 01:06:27
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : USBD.SYS
Address In Stack :
From Address : fffff880`053fc000
To Address : fffff300`053fdf00
Size : 0xfffffa8000001f00
Time Stamp : 0x4a5bcbff
Time String : 14/07/2009 01:06:23
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : hidusb.sys
Address In Stack :
From Address : fffff880`047e7000
To Address : fffff300`047f5000
Size : 0xfffffa800000e000
Time Stamp : 0x4a5bcbfe
Time String : 14/07/2009 01:06:22
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : HIDCLASS.SYS
Address In Stack :
From Address : fffff880`04c43000
To Address : fffff300`04c5c000
Size : 0xfffffa8000019000
Time Stamp : 0x4a5bcbfd
Time String : 14/07/2009 01:06:21
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : HIDPARSE.SYS
Address In Stack :
From Address : fffff880`047f5000
To Address : fffff880`047fd080
Size : 0x00008080
Time Stamp : 0x4a5bcbf9
Time String : 14/07/2009 01:06:17
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : HDAudBus.sys
Address In Stack :
From Address : fffff880`053d8000
To Address : fffff300`053fc000
Size : 0xfffffa8000024000
Time Stamp : 0x4a5bcbf5
Time String : 14/07/2009 01:06:13
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : WudfPf.sys
Address In Stack :
From Address : fffff880`01473000
To Address : fffff880`01494000
Size : 0x00021000
Time Stamp : 0x4a5bcbd1
Time String : 14/07/2009 01:05:37
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : vdrvroot.sys
Address In Stack :
From Address : fffff880`00e13000
To Address : fffff880`00e20000
Size : 0x0000d000
Time Stamp : 0x4a5bcadb
Time String : 14/07/2009 01:01:31
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : storport.sys
Address In Stack :
From Address : fffff880`0149c000
To Address : fffff880`014fe000
Size : 0x00062000
Time Stamp : 0x4a5bcace
Time String : 14/07/2009 01:01:18
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : crashdmp.sys
Address In Stack :
From Address : fffff880`041df000
To Address : 4820e503`041ed000
Size : 0x4820ec830000e000
Time Stamp : 0x4a5bcabd
Time String : 14/07/2009 01:01:01
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : fdc.sys
Address In Stack :
From Address : fffff880`05aaf000
To Address : fffff300`05abc000
Size : 0xfffffa800000d000
Time Stamp : 0x4a5bcab6
Time String : 14/07/2009 01:00:54
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : serial.sys
Address In Stack :
From Address : fffff880`030ea000
To Address : fffff880`03107000
Size : 0x0001d000
Time Stamp : 0x4a5bcaa8
Time String : 14/07/2009 01:00:40
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : serenum.sys
Address In Stack :
From Address : fffff880`05aa3000
To Address : fffff880`05aaf000
Size : 0x0000c000
Time Stamp : 0x4a5bcaa1
Time String : 14/07/2009 01:00:33
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : CompositeBus.sys
Address In Stack :
From Address : fffff880`065ea000
To Address : fffff87f`065fa000
Size : 0xffffffff00010000
Time Stamp : 0x4a5bcaa1
Time String : 14/07/2009 01:00:33
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : mouhid.sys
Address In Stack :
From Address : fffff880`051f3000
To Address : fffff300`05200000
Size : 0xfffffa800000d000
Time Stamp : 0x4a5bca94
Time String : 14/07/2009 01:00:20
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : ksthunk.sys
Address In Stack :
From Address : fffff880`065fa000
To Address : fffff880`065ff200
Size : 0x00005200
Time Stamp : 0x4a5bca93
Time String : 14/07/2009 01:00:19
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : swenum.sys
Address In Stack :
From Address : fffff880`0529c000
To Address : fffff300`0529d480
Size : 0xfffffa8000001480
Time Stamp : 0x4a5bca92
Time String : 14/07/2009 01:00:18
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : Beep.SYS
Address In Stack :
From Address : fffff880`040d9000
To Address : fffff880`040e0000
Size : 0x00007000
Time Stamp : 0x4a5bca8d
Time String : 14/07/2009 01:00:13
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : cng.sys
Address In Stack :
From Address : fffff880`01400000
To Address : fffff880`01473000
Size : 0x00073000
Time Stamp : 0x4a5bc814
Time String : 14/07/2009 00:49:40
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : vmstorfl.sys
Address In Stack :
From Address : fffff880`01800000
To Address : fffff880`01810000
Size : 0x00010000
Time Stamp : 0x4a5bc67e
Time String : 14/07/2009 00:42:54
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : monitor.sys
Address In Stack :
From Address : fffff880`0401d000
To Address : fffff880`0402b000
Size : 0x0000e000
Time Stamp : 0x4a5bc58c
Time String : 14/07/2009 00:38:52
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : VIDEOPRT.SYS
Address In Stack :
From Address : fffff880`040ee000
To Address : fffff880`04113000
Size : 0x00025000
Time Stamp : 0x4a5bc58b
Time String : 14/07/2009 00:38:51
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : vga.sys
Address In Stack :
From Address : fffff880`040e0000
To Address : fffff300`040ee000
Size : 0xfffffa800000e000
Time Stamp : 0x4a5bc587
Time String : 14/07/2009 00:38:47
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : dxgmms1.sys
Address In Stack :
From Address : fffff880`05392000
To Address : 56ec562d`053d8000
Size : 0x56ec5dad00046000
Time Stamp : 0x4a5bc578
Time String : 14/07/2009 00:38:32
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : Dxapi.sys
Address In Stack :
From Address : fffff880`04675000
To Address : fffff880`04681000
Size : 0x0000c000
Time Stamp : 0x4a5bc574
Time String : 14/07/2009 00:38:28
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : watchdog.sys
Address In Stack :
From Address : fffff880`04113000
To Address : fffff880`04123000
Size : 0x00010000
Time Stamp : 0x4a5bc53f
Time String : 14/07/2009 00:37:35
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : discache.sys
Address In Stack :
From Address : fffff880`031b2000
To Address : fffff880`031c1000
Size : 0x0000f000
Time Stamp : 0x4a5bc52e
Time String : 14/07/2009 00:37:18
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : blbdrive.sys
Address In Stack :
From Address : fffff880`0472f000
To Address : fffff880`04740000
Size : 0x00011000
Time Stamp : 0x4a5bc4df
Time String : 14/07/2009 00:35:59
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : rdyboost.sys
Address In Stack :
From Address : fffff880`01cfc000
To Address : fffff880`01d36000
Size : 0x0003a000
Time Stamp : 0x4a5bc48a
Time String : 14/07/2009 00:34:34
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : fileinfo.sys
Address In Stack :
From Address : fffff880`01555000
To Address : fffff880`01569000
Size : 0x00014000
Time Stamp : 0x4a5bc481
Time String : 14/07/2009 00:34:25
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : mssmbios.sys
Address In Stack :
From Address : fffff880`031a7000
To Address : 9024b503`031b2000
Size : 0x9024bc830000b000
Time Stamp : 0x4a5bc3be
Time String : 14/07/2009 00:31:10
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : HidBatt.sys
Address In Stack :
From Address : fffff880`04681000
To Address : fffff300`0468c000
Size : 0xfffffa800000b000
Time Stamp : 0x4a5bc3ba
Time String : 14/07/2009 00:31:06
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : compbatt.sys
Address In Stack :
From Address : fffff880`00e20000
To Address : fffff880`00e29000
Size : 0x00009000
Time Stamp : 0x4a5bc3b6
Time String : 14/07/2009 00:31:02
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : wmiacpi.sys
Address In Stack :
From Address : fffff880`05293000
To Address : fffff87f`0529c000
Size : 0xffffffff00009000
Time Stamp : 0x4a5bc3b6
Time String : 14/07/2009 00:31:02
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : BATTC.SYS
Address In Stack :
From Address : fffff880`00daf000
To Address : fffff880`00dbb000
Size : 0x0000c000
Time Stamp : 0x4a5bc3b5
Time String : 14/07/2009 00:31:01
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : luafv.sys
Address In Stack :
From Address : fffff880`01dd1000
To Address : fffff300`01df4000
Size : 0xfffffa8000023000
Time Stamp : 0x4a5bc295
Time String : 14/07/2009 00:26:13
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : csc.sys
Address In Stack :
From Address : fffff880`0468e000
To Address : 74894088`04711000
Size : 0x7489480800083000
Time Stamp : 0x4a5bc22a
Time String : 14/07/2009 00:24:26
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : rdbss.sys
Address In Stack :
From Address : fffff880`0314a000
To Address : 644d65f3`0319b000
Size : 0x644d6d7300051000
Time Stamp : 0x4a5bc219
Time String : 14/07/2009 00:24:09
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : bowser.sys
Address In Stack :
From Address : fffff880`02f96000
To Address : fffff300`02fb4000
Size : 0xfffffa800001e000
Time Stamp : 0x4a5bc206
Time String : 14/07/2009 00:23:50
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : mup.sys
Address In Stack :
From Address : fffff880`01d36000
To Address : fffff880`01d48000
Size : 0x00012000
Time Stamp : 0x4a5bc201
Time String : 14/07/2009 00:23:45
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : dfsc.sys
Address In Stack :
From Address : fffff880`04711000
To Address : fffff300`0472f000
Size : 0xfffffa800001e000
Time Stamp : 0x4a5bc200
Time String : 14/07/2009 00:23:44
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : HTTP.sys
Address In Stack :
From Address : fffff880`02ece000
To Address : fffff880`02f96000
Size : 0x000c8000
Time Stamp : 0x4a5bc1a8
Time String : 14/07/2009 00:22:16
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : Wdf01000.sys
Address In Stack :
From Address : fffff880`00ef3000
To Address : fffff880`00f97000
Size : 0x000a4000
Time Stamp : 0x4a5bc19f
Time String : 14/07/2009 00:22:07
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : dump_dumpfve.sys
Address In Stack :
From Address : fffff880`0400a000
To Address : fffff880`0401d000
Size : 0x00013000
Time Stamp : 0x4a5bc18f
Time String : 14/07/2009 00:21:51
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : ndis.sys
Address In Stack :
From Address : fffff880`0182b000
To Address : fffff880`0191d000
Size : 0x000f2000
Time Stamp : 0x4a5bc184
Time String : 14/07/2009 00:21:40
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : afd.sys
Address In Stack :
From Address : fffff880`01c00000
To Address : fffff880`01c8a000
Size : 0x0008a000
Time Stamp : 0x4a5bc184
Time String : 14/07/2009 00:21:40
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : msrpc.sys
Address In Stack :
From Address : fffff880`01569000
To Address : fffff880`015c7000
Size : 0x0005e000
Time Stamp : 0x4a5bc17c
Time String : 14/07/2009 00:21:32
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : netbt.sys
Address In Stack :
From Address : fffff880`0518c000
To Address : fffff880`051d1000
Size : 0x00045000
Time Stamp : 0x4a5bc178
Time String : 14/07/2009 00:21:28
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : TDI.SYS
Address In Stack :
From Address : fffff880`04178000
To Address : fffff880`04185000
Size : 0x0000d000
Time Stamp : 0x4a5bc16e
Time String : 14/07/2009 00:21:18
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : tdx.sys
Address In Stack :
From Address : fffff880`0415a000
To Address : 644d65f3`04178000
Size : 0x644d6d730001e000
Time Stamp : 0x4a5bc16b
Time String : 14/07/2009 00:21:15
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : fwpkclnt.sys
Address In Stack :
From Address : fffff880`019a8000
To Address : fffff880`019f2000
Size : 0x0004a000
Time Stamp : 0x4a5bc164
Time String : 14/07/2009 00:21:08
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : nsiproxy.sys
Address In Stack :
From Address : fffff880`0319b000
To Address : fffff880`031a7000
Size : 0x0000c000
Time Stamp : 0x4a5bc15e
Time String : 14/07/2009 00:21:02
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : ksecdd.sys
Address In Stack :
From Address : fffff880`017b9000
To Address : fffff880`017d3000
Size : 0x0001a000
Time Stamp : 0x4a5bc156
Time String : 14/07/2009 00:20:54
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : Ntfs.sys
Address In Stack :
From Address : fffff880`01616000
To Address : fffff880`017b9000
Size : 0x001a3000
Time Stamp : 0x4a5bc14f
Time String : 14/07/2009 00:20:47
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : volmgrx.sys
Address In Stack :
From Address : fffff880`00c00000
To Address : fffff880`00c5c000
Size : 0x0005c000
Time Stamp : 0x4a5bc141
Time String : 14/07/2009 00:20:33
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : volsnap.sys
Address In Stack :
From Address : fffff880`013a3000
To Address : fffff880`013ef000
Size : 0x0004c000
Time Stamp : 0x4a5bc128
Time String : 14/07/2009 00:20:08
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : fltmgr.sys
Address In Stack :
From Address : fffff880`01509000
To Address : fffff880`01555000
Size : 0x0004c000
Time Stamp : 0x4a5bc11f
Time String : 14/07/2009 00:19:59
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : partmgr.sys
Address In Stack :
From Address : fffff880`00d9a000
To Address : fffff880`00daf000
Size : 0x00015000
Time Stamp : 0x4a5bc11e
Time String : 14/07/2009 00:19:58
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : CLASSPNP.SYS
Address In Stack :
From Address : fffff880`01da1000
To Address : fffff880`01dd1000
Size : 0x00030000
Time Stamp : 0x4a5bc11e
Time String : 14/07/2009 00:19:58
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : CLFS.SYS
Address In Stack :
From Address : fffff880`00d09000
To Address : fffff880`00d67000
Size : 0x0005e000
Time Stamp : 0x4a5bc11d
Time String : 14/07/2009 00:19:57
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : volmgr.sys
Address In Stack :
From Address : fffff880`00dbb000
To Address : fffff880`00dd0000
Size : 0x00015000
Time Stamp : 0x4a5bc11d
Time String : 14/07/2009 00:19:57
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : disk.sys
Address In Stack :
From Address : fffff880`01d8b000
To Address : fffff880`01da1000
Size : 0x00016000
Time Stamp : 0x4a5bc11d
Time String : 14/07/2009 00:19:57
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : i8042prt.sys
Address In Stack :
From Address : fffff880`05266000
To Address : fffff300`05284000
Size : 0xfffffa800001e000
Time Stamp : 0x4a5bc11d
Time String : 14/07/2009 00:19:57
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : WDFLDR.SYS
Address In Stack :
From Address : fffff880`00f97000
To Address : fffff880`00fa6000
Size : 0x0000f000
Time Stamp : 0x4a5bc11a
Time String : 14/07/2009 00:19:54
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : mountmgr.sys
Address In Stack :
From Address : fffff880`00c6c000
To Address : fffff880`00c86000
Size : 0x0001a000
Time Stamp : 0x4a5bc11a
Time String : 14/07/2009 00:19:54
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : cdrom.sys
Address In Stack :
From Address : fffff880`0404a000
To Address : fffff300`04074000
Size : 0xfffffa800002a000
Time Stamp : 0x4a5bc11a
Time String : 14/07/2009 00:19:54
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : ataport.SYS
Address In Stack :
From Address : fffff880`0135c000
To Address : fffff880`01386000
Size : 0x0002a000
Time Stamp : 0x4a5bc118
Time String : 14/07/2009 00:19:52
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : WMILIB.SYS
Address In Stack :
From Address : fffff880`00e00000
To Address : fffff880`00e09000
Size : 0x00009000
Time Stamp : 0x4a5bc117
Time String : 14/07/2009 00:19:51
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : pci.sys
Address In Stack :
From Address : fffff880`00d67000
To Address : fffff880`00d9a000
Size : 0x00033000
Time Stamp : 0x4a5bc117
Time String : 14/07/2009 00:19:51
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : mouclass.sys
Address In Stack :
From Address : fffff880`05284000
To Address : fffff880`05293000
Size : 0x0000f000
Time Stamp : 0x4a5bc116
Time String : 14/07/2009 00:19:50
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : kbdclass.sys
Address In Stack :
From Address : fffff880`05a94000
To Address : 245485c8`05aa3000
Size : 0x24548d480000f000
Time Stamp : 0x4a5bc116
Time String : 14/07/2009 00:19:50
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : pciide.sys
Address In Stack :
From Address : fffff880`00e29000
To Address : fffff880`00e30000
Size : 0x00007000
Time Stamp : 0x4a5bc115
Time String : 14/07/2009 00:19:49
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : PCIIDEX.SYS
Address In Stack :
From Address : fffff880`00c5c000
To Address : fffff880`00c6c000
Size : 0x00010000
Time Stamp : 0x4a5bc114
Time String : 14/07/2009 00:19:48
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : Npfs.SYS
Address In Stack :
From Address : fffff880`04149000
To Address : 687344cb`0415a000
Size : 0x68734c4b00011000
Time Stamp : 0x4a5bc114
Time String : 14/07/2009 00:19:48
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : atapi.sys
Address In Stack :
From Address : fffff880`01353000
To Address : fffff880`0135c000
Size : 0x00009000
Time Stamp : 0x4a5bc113
Time String : 14/07/2009 00:19:47
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : Msfs.SYS
Address In Stack :
From Address : fffff880`0413e000
To Address : fffff880`04149000
Size : 0x0000b000
Time Stamp : 0x4a5bc113
Time String : 14/07/2009 00:19:47
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : Fs_Rec.sys
Address In Stack :
From Address : fffff880`017e4000
To Address : fffff880`017ee000
Size : 0x0000a000
Time Stamp : 0x4a5bc111
Time String : 14/07/2009 00:19:45
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : Null.SYS
Address In Stack :
From Address : fffff880`040d0000
To Address : fffff300`040d9000
Size : 0xfffffa8000009000
Time Stamp : 0x4a5bc109
Time String : 14/07/2009 00:19:37
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : ACPI.sys
Address In Stack :
From Address : fffff880`00fa6000
To Address : fffff880`00ffd000
Size : 0x00057000
Time Stamp : 0x4a5bc106
Time String : 14/07/2009 00:19:34
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : pcw.sys
Address In Stack :
From Address : fffff880`017d3000
To Address : fffff880`017e4000
Size : 0x00011000
Time Stamp : 0x4a5bc0ff
Time String : 14/07/2009 00:19:27
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : msisadrv.sys
Address In Stack :
From Address : fffff880`00e09000
To Address : fffff880`00e13000
Size : 0x0000a000
Time Stamp : 0x4a5bc0fe
Time String : 14/07/2009 00:19:26
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : intelppm.sys
Address In Stack :
From Address : fffff880`065d4000
To Address : fffff300`065ea000
Size : 0xfffffa8000016000
Time Stamp : 0x4a5bc0fd
Time String : 14/07/2009 00:19:25
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : hwpolicy.sys
Address In Stack :
From Address : fffff880`01d48000
To Address : fffff880`01d51000
Size : 0x00009000
Time Stamp : 0x4a5bc0fa
Time String : 14/07/2009 00:19:22
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : amdxata.sys
Address In Stack :
From Address : fffff880`014fe000
To Address : fffff880`01509000
Size : 0x0000b000
Time Stamp : 0x4a12f2eb
Time String : 19/05/2009 18:56:59
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : lsi_sas.sys
Address In Stack :
From Address : fffff880`01386000
To Address : fffff880`013a3000
Size : 0x0001d000
Time Stamp : 0x4a11fb47
Time String : 19/05/2009 01:20:23
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : GEARAspiWDM.sys
Address In Stack :
From Address : fffff880`065c7000
To Address : fffff300`065d4000
Size : 0xfffffa800000d000
Time Stamp : 0x4a1151c0
Time String : 18/05/2009 13:17:04
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : nvlddmkm.sys
Address In Stack :
From Address : fffff880`05abf000
To Address : fffff880`065c6b00
Size : 0x00b07b00
Time Stamp : 0x4a0c8387
Time String : 14/05/2009 21:48:07
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : spldr.sys
Address In Stack :
From Address : fffff880`01810000
To Address : fffff880`01818000
Size : 0x00008000
Time Stamp : 0x4a0858bb
Time String : 11/05/2009 17:56:27
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : b57nd60a.sys
Address In Stack :
From Address : fffff880`05200000
To Address : fffff300`05248000
Size : 0xfffffa8000048000
Time Stamp : 0x49f4422f
Time String : 26/04/2009 12:14:55
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : iaStorV.sys
Address In Stack :
From Address : fffff880`01235000
To Address : fffff880`01353000
Size : 0x0011e000
Time Stamp : 0x49dcd76d
Time String : 08/04/2009 17:57:17
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : RimSerial_AMD64.sys
Address In Stack :
From Address : fffff880`0463b000
To Address : fffff880`04642c00
Size : 0x00007c00
Time Stamp : 0x492addcd
Time String : 24/11/2008 18:01:01
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : secdrv.SYS
Address In Stack :
From Address : fffff880`0679d000
To Address : fffff880`067a8000
Size : 0x0000b000
Time Stamp : 0x4508052e
Time String : 13/09/2006 14:18:38
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

3: DUMP2:

==================================================
Dump File : 090110-33212-01.dmp
Crash Time : 01/09/2010 15:01:03
Bug Check String : IRQL_GT_ZERO_AT_SYSTEM_SERVICE
Bug Check Code : 0x0000004a
Parameter 1 : 00000000`75802dd9
Parameter 2 : 00000000`00000002
Parameter 3 : 00000000`00000000
Parameter 4 : fffff880`0487bc60
Caused By Driver : discache.sys
Caused By Address : discache.sys+183a48
File Description :
Product Name :
Company :
File Version :
Processor : x64
Computer Name :
Full Path : C:\Windows\Minidump\090110-33212-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7600
==================================================

==================================================
Dump File : 082510-33103-01.dmp
Crash Time : 25/08/2010 15:06:38
Bug Check String : IRQL_GT_ZERO_AT_SYSTEM_SERVICE
Bug Check Code : 0x0000004a
Parameter 1 : 00000000`74b52dd9
Parameter 2 : 00000000`00000002
Parameter 3 : 00000000`00000000
Parameter 4 : fffff880`02c9cc60
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+70740
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7600.16617 (win7_gdr.100618-1621)
Processor : x64
Computer Name :
Full Path : C:\Windows\Minidump\082510-33103-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7600
==================================================

==================================================
Dump File : 081910-34476-01.dmp
Crash Time : 19/08/2010 18:56:02
Bug Check String : IRQL_GT_ZERO_AT_SYSTEM_SERVICE
Bug Check Code : 0x0000004a
Parameter 1 : 00000000`75072dd9
Parameter 2 : 00000000`00000002
Parameter 3 : 00000000`00000000
Parameter 4 : fffff880`04812c60
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+70740
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7600.16617 (win7_gdr.100618-1621)
Processor : x64
Computer Name :
Full Path : C:\Windows\Minidump\081910-34476-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7600
==================================================

==================================================
Dump File : 072710-34507-01.dmp
Crash Time : 27/07/2010 18:59:39
Bug Check String : DRIVER_POWER_STATE_FAILURE
Bug Check Code : 0x0000009f
Parameter 1 : 00000000`00000003
Parameter 2 : fffffa80`0478ca20
Parameter 3 : fffff800`00b9c4d8
Parameter 4 : fffffa80`07b714b0
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+70600
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7600.16617 (win7_gdr.100618-1621)
Processor : x64
Computer Name :
Full Path : C:\Windows\Minidump\072710-34507-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7600
==================================================

==================================================
Dump File : 072110-34133-01.dmp
Crash Time : 21/07/2010 12:04:46
Bug Check String : CRITICAL_OBJECT_TERMINATION
Bug Check Code : 0x000000f4
Parameter 1 : 00000000`00000003
Parameter 2 : fffffa80`06ddbb30
Parameter 3 : fffffa80`06ddbe10
Parameter 4 : fffff800`02f8b540
Caused By Driver : dump_dumpfve.sys
Caused By Address : dump_dumpfve.sys+6f6b8644
File Description :
Product Name :
Company :
File Version :
Processor : x64
Computer Name :
Full Path : C:\Windows\Minidump\072110-34133-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7600
==================================================

4: DUMP1:

==================================================
Dump File : 082510-33103-01.dmp
Crash Time : 25/08/2010 15:06:38
Bug Check String : IRQL_GT_ZERO_AT_SYSTEM_SERVICE
Bug Check Code : 0x0000004a
Parameter 1 : 00000000`74b52dd9
Parameter 2 : 00000000`00000002
Parameter 3 : 00000000`00000000
Parameter 4 : fffff880`02c9cc60
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+70740
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7600.16617 (win7_gdr.100618-1621)
Processor : x64
Computer Name :
Full Path : C:\Windows\Minidump\082510-33103-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7600
==================================================

==================================================
Dump File : 081910-34476-01.dmp
Crash Time : 19/08/2010 18:56:02
Bug Check String : IRQL_GT_ZERO_AT_SYSTEM_SERVICE
Bug Check Code : 0x0000004a
Parameter 1 : 00000000`75072dd9
Parameter 2 : 00000000`00000002
Parameter 3 : 00000000`00000000
Parameter 4 : fffff880`04812c60
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+70740
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7600.16617 (win7_gdr.100618-1621)
Processor : x64
Computer Name :
Full Path : C:\Windows\Minidump\081910-34476-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7600
==================================================

==================================================
Dump File : 072710-34507-01.dmp
Crash Time : 27/07/2010 18:59:39
Bug Check String : DRIVER_POWER_STATE_FAILURE
Bug Check Code : 0x0000009f
Parameter 1 : 00000000`00000003
Parameter 2 : fffffa80`0478ca20
Parameter 3 : fffff800`00b9c4d8
Parameter 4 : fffffa80`07b714b0
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+70600
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7600.16617 (win7_gdr.100618-1621)
Processor : x64
Computer Name :
Full Path : C:\Windows\Minidump\072710-34507-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7600
==================================================

==================================================
Dump File : 072110-34133-01.dmp
Crash Time : 21/07/2010 12:04:46
Bug Check String : CRITICAL_OBJECT_TERMINATION
Bug Check Code : 0x000000f4
Parameter 1 : 00000000`00000003
Parameter 2 : fffffa80`06ddbb30
Parameter 3 : fffffa80`06ddbe10
Parameter 4 : fffff800`02f8b540
Caused By Driver : dump_dumpfve.sys
Caused By Address : dump_dumpfve.sys+6f6b8644
File Description :
Product Name :
Company :
File Version :
Processor : x64
Computer Name :
Full Path : C:\Windows\Minidump\072110-34133-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7600
==================================================

5: DUMP

==================================================
Dump File : 081910-34476-01.dmp
Crash Time : 19/08/2010 18:56:02
Bug Check String : IRQL_GT_ZERO_AT_SYSTEM_SERVICE
Bug Check Code : 0x0000004a
Parameter 1 : 00000000`75072dd9
Parameter 2 : 00000000`00000002
Parameter 3 : 00000000`00000000
Parameter 4 : fffff880`04812c60
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+70740
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7600.16617 (win7_gdr.100618-1621)
Processor : x64
Computer Name :
Full Path : C:\Windows\Minidump\081910-34476-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7600
==================================================

==================================================
Dump File : 072710-34507-01.dmp
Crash Time : 27/07/2010 18:59:39
Bug Check String : DRIVER_POWER_STATE_FAILURE
Bug Check Code : 0x0000009f
Parameter 1 : 00000000`00000003
Parameter 2 : fffffa80`0478ca20
Parameter 3 : fffff800`00b9c4d8
Parameter 4 : fffffa80`07b714b0
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+70600
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7600.16617 (win7_gdr.100618-1621)
Processor : x64
Computer Name :
Full Path : C:\Windows\Minidump\072710-34507-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7600
==================================================

==================================================
Dump File : 072110-34133-01.dmp
Crash Time : 21/07/2010 12:04:46
Bug Check String : CRITICAL_OBJECT_TERMINATION
Bug Check Code : 0x000000f4
Parameter 1 : 00000000`00000003
Parameter 2 : fffffa80`06ddbb30
Parameter 3 : fffffa80`06ddbe10
Parameter 4 : fffff800`02f8b540
Caused By Driver : dump_dumpfve.sys
Caused By Address : dump_dumpfve.sys+6f6b8644
File Description :
Product Name :
Company :
File Version :
Processor : x64
Computer Name :
Full Path : C:\Windows\Minidump\072110-34133-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7600
==================================================
  • 0

#4
SSri09
Posted 08 October 2010 - 01:55 AM

SSri09

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 144 posts
I had another crash this morning......

The error is caused by "csc.sys". Previous BSODs were caused by "ntoskrnl.exe" and "discache.sys".

I referred it at the win7 forum of this site. I was advised to post it here as possible malware suspect.

Couple some one help please!


==================================================
Dump File : 100810-35817-01.dmp
Crash Time : 08/10/2010 08:34:46
Bug Check String : IRQL_GT_ZERO_AT_SYSTEM_SERVICE
Bug Check Code : 0x0000004a
Parameter 1 : 00000000`74b12dd9
Parameter 2 : 00000000`00000002
Parameter 3 : 00000000`00000000
Parameter 4 : fffff880`04abbc60
Caused By Driver : csc.sys
Caused By Address : csc.sys+1a3aa48
File Description :
Product Name :
Company :
File Version :
Processor : x64
Computer Name :
Full Path : C:\Windows\Minidump\100810-35817-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7600
==================================================

Thanks
  • 0

#5
emeraldnzl
Posted 15 October 2010 - 12:55 AM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello SSri09,

This might sound strange but please uninstall ZoneAlarm and all it's components. You can reinstall them later but for now try running your machine without it and tell me if there is a difference.

Also

Please run OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.order.1: "Web Search"

:Commands
[emptytemp]
[emptyflash]
[resethosts]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • It will produce a log for you on reboot, please post that log in your next reply.

  • 0

#6
SSri09
Posted 15 October 2010 - 03:46 AM

SSri09

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 144 posts
Hi Emeraldnzl,

Thank you for your looking into my posts. Your help is very much appreciated.

(1) I ran OTL as per your advice. On reboot, it did not reproduce the log. It was stored in the ...\_OTL folder.

ll processes killed
========== OTL ==========
Prefs.js: "Web Search" removed from browser.search.defaultenginename
Prefs.js: "Web Search" removed from browser.search.order.1
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: Sundar
->Temp folder emptied: 836608 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Sundars
->Temp folder emptied: 5609063 bytes
->Temporary Internet Files folder emptied: 10828721 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 42947919 bytes
->Google Chrome cache emptied: 6099312 bytes
->Flash cache emptied: 675 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 55894277 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 49286 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 117.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: Sundar
->Flash cache emptied: 0 bytes

User: Sundars
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.14.1 log created on 10152010_101932


(2) "This might sound strange but please uninstall ZoneAlarm and all it's components. "

This does look very strange to me. We trust your judgements and recommendations. However, the machine under possible infection is a work machine. I cannot afford to run it without an excellent security suite like zonealarm because (1) The machine is connected to broadband all the time and (2) it receives a streaming real-time market data 5 days a week from 05:00-23:00 hours. The points (1) and (2) are critical to my work. (3) The BSOD issue probably occurs once in a week or two. Please advise. Could you please highlight what your suspicion is regarding Zonealarm. The issues (BSOD, in ability to access Device Manager and Computer Management) are still there.

(3) I got another BSOD early this week.....

BSOD the report is

==================================================
Dump File : 101210-33758-01.dmp
Crash Time : 12/10/2010 09:55:53
Bug Check String : IRQL_GT_ZERO_AT_SYSTEM_SERVICE
Bug Check Code : 0x0000004a
Parameter 1 : 00000000`75052dd9
Parameter 2 : 00000000`00000002
Parameter 3 : 00000000`00000000
Parameter 4 : fffff880`04ac2c60
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+70740
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7600.16617 (win7_gdr.100618-1621)
Processor : x64
Computer Name :
Full Path : C:\Windows\Minidump\101210-33758-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7600
==================================================

==================================================
Dump File : 100810-35817-01.dmp
Crash Time : 08/10/2010 08:34:46
Bug Check String : IRQL_GT_ZERO_AT_SYSTEM_SERVICE
Bug Check Code : 0x0000004a
Parameter 1 : 00000000`74b12dd9
Parameter 2 : 00000000`00000002
Parameter 3 : 00000000`00000000
Parameter 4 : fffff880`04abbc60
Caused By Driver : csc.sys
Caused By Address : csc.sys+1a3aa48
File Description :
Product Name :
Company :
File Version :
Processor : x64
Computer Name :
Full Path : C:\Windows\Minidump\100810-35817-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7600
==================================================


Thanks,
SSri09
  • 0

#7
emeraldnzl
Posted 15 October 2010 - 12:22 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

However, the machine under possible infection is a work machine.


Generally at this site we are restricted to helping those with home computers for personal use, see Terms of Use and in particular under item 3. Geeks to Go Support Forum Rules, Policies and Disclaimers:

We offer free computer help and tech support for home and personal use. We are not here to support others that work for profit, or to support/replace your company's IT department.


If you are in a work situation you should refer to you companies IT department or you IT support contractor.

Please advise. Could you please highlight what your suspicion is regarding Zonealarm.


Personally I would stay clear of ZoneAlarm. In the past it caused no end of conflict problems (the sort of symptoms your machine is showing) taking up a lot of our time getting people to remove it to fix their systems. Nowadays those issues don't seem to be so prominent but ZoneAlarm comes packaged with foistware that changes your default search engine. It verges on becoming RogueWare.
  • 0

#8
SSri09
Posted 15 October 2010 - 04:10 PM

SSri09

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 144 posts
Thank you for your reponse.

I should have clarified "it is my work machine". I do not work for anyone. I make a living on my own as a kind of self-employed as a very small firm (one-man show) with no IT department or contractor! Myself and my family also use the machine for home and personal use. If this conflicts with the site policies, I am sorry. I understand. We may close this post.

However, if you think it is fine to proceed further, I could uninstall zonealarm. Please advise a suitable security suite that has an excellent firewall.

Thanks for your time and help.

SSri09
  • 0

#9
emeraldnzl
Posted 15 October 2010 - 04:43 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

I do not work for anyone. I make a living on my own as a kind of self-employed as a very small firm (one-man show) with no IT department


Let's see what we can do to help.

I could uninstall zonealarm.


That was a temporary suggestion to see if it was the cause of your problem. Up to you whether you do it.

Having said that if you do decide to go ahead here are some suggested alternatives.

Here are a three good anti-virus programs to choose from (these are also free for personal use):I like Avira but some people find the pop up advertisements each time it updates a bit trying.

and

Here are three good firewalls free for personal use:

Note: Do not use more than one anti-virus or firewall. Running two or more real-time anti-virus, anti-spyware and firewall monitors at the same time can cause a conflict. That conflict can result in slow computer performance, error messages, crashes of the programs or other types of failure. You will very likely end up with little or no protection.

Your machine is Windows 7 so my recommendation would be:

Microsoft Security Essentials with the Windows Firewall which comes with the OS.

As a matter of interest that is what I have on my Windows 7 64bit machine and it works beautifully. I use Avira on my XP machine. Of the firewalls other than Windows the one I like most is PC Tools Firewall.
  • 0

#10
SSri09
Posted 15 October 2010 - 06:00 PM

SSri09

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 144 posts
Thank you very much for your gesture and help. I will uninstall Zonealarm and enable windows firewall plus microsoft security essentials.

The following wilders security link gives a guide on setting up custom firewall rules for windows firewall. I will try and use that for enabling inbound and outbound controls. Once done, I will check whether I can access the device manager and computer management console (which were working earlier). BTW, I forgot to add, the mouse and the keyboard also freezes suddenly at regular intervals forcing a hardboot. The BSODs do not occur every day. It happens at regular intervals. So, there could be a long delay before I post an update. Please therefore keep this post active.

Wilders security link for windows firewall

http://www.wildersse...ad.php?t=239750

BTW, (1) I understand matousec.com results show windows firewall fails the windows leak test. What's your take on this please? They rate Comodo Internet security 4.0.14182 828 as 100%. The online and outpost are excellent at 99% and 97% respectively. Would you also recommend comodo?

http://www.matousec....roducts-ratings

I will keep you posted about the system performance after implementing your advice.

thanks
SSri
  • 0

Advertisements

#11
emeraldnzl
Posted 15 October 2010 - 09:58 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

Would you also recommend comodo?


I used to like Comodo. Had it on my machines but recently they did two things:

1) The now include foistware, the Ask search bar, bundled with their firewall

2) They have added a limited anti-virus program with the firewall which while not overly intrusive has the potential to conflict with other programs.

windows firewall fails the windows leak test


Windows firewall has had issues in the past. Mainly that it works only one way i.e. it doesn't/used not to, check outgoing traffic. This has been seen as a disadvantage to some. Here we deal with the ordinary user and I think for the run of the mill personal user Windows firewall is good. It is unobtrusive and doesn't ask whether to allow a file or not... really only knowledgeable computers users know which files to allow and which not to. Often with other proprietory firewalls users would refuse to allow a file because they were asked what to do by their firewall only to find that some system file would not work.

The situation with your machine is that we are trying to ascertain whether you have a conflict issue (I am also going to ask you to run an on line scan in the post to check for malware), to do this we want to use the most benign environment. Both Microsoft Security Essentials and Windows Firewall are designed to run on your machine so they would be a good starting point for such an experiment. If you are happy to do that in the interim you can look at changing to another firewall later. :D

Wilders security link for windows firewall


I have briefly... very briefly look at that and it seems to have the answers. What you want to do is uninstall your existing programs and then download Microsoft Security Essentials, install and reboot. You will likely find that everything is automatically in place after that. Go to Control Panel > System and Security and you will see a list including Windows Firewall with items that can be checked to ensure everything is active. ;)

Once you have all that in place do this:

Kaspersky on line scanner is very thorough. It can take a long time and for periods may seem not to be working. Just be patient and let it do its job.

Kaspersky works with Internet Explorer and Firefox 3. It uses Java Runtime Environment (JRE) .

Go to Kaspersky website and perform an online antivirus scan.

Note: you will need to turn off your security programs to allow Kaspersky to do its job.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Copy and paste that information in your next post.
  • 0

#12
SSri09
Posted 16 October 2010 - 10:51 AM

SSri09

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 144 posts
I followed your advice and carried out the following:

I did a clean uninstall of zonealarm, installed MS Security Essentials and rebooted. I made no changes to the Windows Firewall, which is at default settings. I know this is an interim step, otherwise it concerns me about the adequacy of the windows firewall.

I still could not access the Devise Manager, or the Computer Management or the other things...The message I get is "the snap-in, refererenced in this document, has been restricted by policy. Contact the administrator for details.They worked fine in the past. " Clicking Ok shows "MNC could not create the snap-in". I have not made any changes to my settings or rights. I tried switching from my account with, without and with admin rigths, which have no effect.

I followed your Kaspersky link, downloaded the online scanner. When it the download was complete, I disconnected the system from the internet (which I think should be fine as the online scan files have been downloaded). It ran for 2:45 hours. It did not find any infection. I Clicked the report, which showed me a blank screen.

KASPERSKY ONLINE SCAN REPORT

Saturday, October 16, 2010
Operating system: Microsoft (build 7600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Saturday, October 16, 2010 08:50:13
Records in database: 4180221
Scan settings
scan using the following database extended
Scan archives yes
Scan e-mail databases yes
Scan area My Computer
C:\
D:\
E:\
Scan statistics
Objects scanned 313452
Threats found 0
Infected objects found 0
Suspicious objects found 0
Scan duration 02:44:43

No threats found. Scanned area is clean.
Selected area has been scanned.

Let me run another scan from the account where I usually carry out my work and post another update. thanks

SSri09

Edited by SSri09, 16 October 2010 - 12:04 PM.

  • 0

#13
emeraldnzl
Posted 16 October 2010 - 01:42 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

I still could not access the Devise Manager, or the Computer Management or the other things


Try this:

Please use the System File Checker tool (SFC.exe) to check your system and replace files where necessary.

To do this, follow these steps:
  • To do this, click Start, click All Programs, click Accessories, right-click Command Prompt, and then click Run as administrator.
  • If you are prompted for an administrator password or for a confirmation, type the password, or click Allow.
  • Type the following command, and then press ENTER:
    sfc /scannow Please note that there is a single space between sfc and /scannow.
The sfc /scannow command scans all protected system files and replaces incorrect versions with correct Microsoft versions.

Come back and tell me if that has made any difference.
  • 0

#14
SSri09
Posted 16 October 2010 - 03:21 PM

SSri09

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 144 posts
The second Kaspersky online scan from the frequently used account did not show any infection

Kaspersky online scan

aturday, October 16, 2010
Operating system: Microsoft (build 7600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Saturday, October 16, 2010 12:58:52
Records in database: 4179277
Scan settings
scan using the following database extended
Scan archives yes
Scan e-mail databases yes
Scan area My Computer
C:\
D:\
E:\
Scan statistics
Objects scanned 316332
Threats found 0
Infected objects found 0
Suspicious objects found 0
Scan duration 02:45:21

No threats found. Scanned area is clean.
Selected area has been scanned.

SFC /SCANOW

No problem detected.

Windows Resources.....did not find any integrity violations....

Still cannot access systems areas such as device manager, computer management.....


Thanks
SSri09

Edited by SSri09, 16 October 2010 - 03:24 PM.

  • 0

#15
emeraldnzl
Posted 16 October 2010 - 03:34 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

Still cannot access systems areas such as device manager, computer management.....


As a matter of interest does this work to open Device Manager?

Go to Start > Run and type in

devmgmt.msc

Hit OK
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP