Malware - Is it still hidden? [Solved]
Started by
SSri09
, Aug 26 2012 03:54 AM
-
This topic is locked
#47
Posted 31 August 2012 - 02:38 AM
SSri09
- Topic Starter
-
- Member
-
- 144 posts
Member
I thought I would come back "all well" after install....Blimey...Something seems wrong again with the Desktop after a full install. I installed win7, downloaded updates from notebook and updated the desktop with MSE and MBAM pro trial version inclusive. The browsers have all possible protections. I had a problem this morning with firewall, while MSE has not picked up anything suspicious. I ran MBAM QUICK SCAN..It threw a lot of issues (registry and bloatwares mainly). Normally, I would have fixed it. But I have not as I wanted to post and check with you. The issue was Camstudio, which now bunches with bloatware (sidekick, pricepeep, yontoo, etc). I carefully unticked the installation of bloatwares but still they found its way in; some of them are installed as you cannot untick them. I use camstudio, which was not bunching them like this before.
So, here we go again with MBAM QUICK SCAN RESULT and OTL SCAN RESULT. Sorry...I have been a pain. Should I just reinstall Windows again please?
MBAM QUICK SCAN
Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org
Database version: v2012.08.31.04
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Sundars :: SUNDARS-PC [administrator]
Protection: Enabled
31/08/2012 09:04:29
mbam-log-2012-08-31 (09-08-59).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 192292
Time elapsed: 2 minute(s), 35 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 14
HKCR\CLSID\{22222222-2222-2222-2222-220022502258} (PUP.CrossRider.SSK) -> No action taken.
HKCR\CLSID\{11111111-1111-1111-1111-110011501158} (PUP.CrossRider.SSK) -> No action taken.
HKCR\TypeLib\{44444444-4444-4444-4444-440044504458} (PUP.CrossRider.SSK) -> No action taken.
HKCR\Interface\{55555555-5555-5555-5555-550055505558} (PUP.CrossRider.SSK) -> No action taken.
HKCR\CrossriderApp0005058.BHO.1 (PUP.CrossRider.SSK) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011501158} (PUP.CrossRider.SSK) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011501158} (PUP.CrossRider.SSK) -> No action taken.
HKCR\CrossriderApp0005058.Sandbox.1 (PUP.CrossRider.SSK) -> No action taken.
HKCR\CrossriderApp0005058.Sandbox (PUP.CrossRider.SSK) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Shopping Sidekick (PUP.CrossRider.SSK) -> No action taken.
HKCR\CrossriderApp0005058.BHO (PUP.CrossFire.Gen) -> No action taken.
HKCU\Software\Cr_Installer\5058 (Adware.GamePlayLab) -> No action taken.
HKCU\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\215 APPS (PUP.CrossFire.SA) -> No action taken.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\nllafhekklanfkimibokomlmidmcmaoi (PUP.CrossRider.SSK) -> No action taken.
Registry Values Detected: 2
HKCU\Software\InstalledBrowserExtensions\215 Apps|5058 (PUP.CrossFire.SA) -> Data: Shopping Sidekick -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Shopping Sidekick|Publisher (PUP.CrossRider.SSK) -> Data: 215 Apps -> No action taken.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 1
C:\Program Files (x86)\Shopping Sidekick (PUP.CrossRider.SSK) -> No action taken.
Files Detected: 12
C:\Program Files (x86)\Shopping Sidekick\Shopping Sidekick.dll (PUP.CrossRider.SSK) -> No action taken.
C:\Users\Sundars\Downloads\Camstudio_Setup.exe (PUP.Bundle.Installer.OI) -> No action taken.
C:\Users\Sundars\Local Settings\Temporary Internet Files\Content.IE5\7P0B2DQD\ShoppingSidekick_gb[1] (PUP.215Apps) -> No action taken.
C:\Program Files (x86)\Shopping Sidekick\Shopping SidekickInstaller.log (PUP.CrossRider.SSK) -> No action taken.
C:\Program Files (x86)\Shopping Sidekick\ButtonUtil.dll (PUP.CrossRider.SSK) -> No action taken.
C:\Program Files (x86)\Shopping Sidekick\Shopping Sidekick-bg.exe (PUP.CrossRider.SSK) -> No action taken.
C:\Program Files (x86)\Shopping Sidekick\Shopping Sidekick.exe (PUP.CrossRider.SSK) -> No action taken.
C:\Program Files (x86)\Shopping Sidekick\Shopping Sidekick.ico (PUP.CrossRider.SSK) -> No action taken.
C:\Program Files (x86)\Shopping Sidekick\Shopping Sidekick.ini (PUP.CrossRider.SSK) -> No action taken.
C:\Program Files (x86)\Shopping Sidekick\Uninstall.exe (PUP.CrossRider.SSK) -> No action taken.
C:\Users\Sundars\Local Settings\Application Data\Shopping Sidekick\Chrome\Shopping Sidekick.crx (PUP.CrossRider.SSK) -> No action taken.
C:\Users\Sundars\AppData\Local\Shopping Sidekick\Chrome\Shopping Sidekick.crx (PUP.CrossRider.SSK) -> No action taken.
(end)
OTL
OTL logfile created on: 31/08/2012 09:24:27 - Run 1
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\Sundars\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
28.00 Gb Total Physical Memory | 23.88 Gb Available Physical Memory | 85.28% Memory free
56.00 Gb Paging File | 51.76 Gb Available in Paging File | 92.43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.76 Gb Total Space | 390.03 Gb Free Space | 83.74% Space Free | Partition Type: NTFS
Drive D: | 1397.27 Gb Total Space | 1260.28 Gb Free Space | 90.20% Space Free | Partition Type: NTFS
Computer Name: SUNDARS-PC | User Name: Sundars | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/08/31 09:24:15 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Sundars\Desktop\OTL.exe
PRC - [2012/08/30 11:58:09 | 001,807,560 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe
PRC - [2012/08/29 16:32:25 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/08/13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012/07/27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/07/03 13:46:42 | 000,973,488 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2012/03/28 10:42:06 | 001,867,776 | ---- | M] (Pro-Softnet Corporation, U.S.A) -- C:\ZoneAlarmBackup\ZABackupClsClient.exe
PRC - [2012/03/27 15:23:38 | 000,143,360 | ---- | M] (Pro Softnet Corporation) -- C:\ZoneAlarmBackup\ZABackup Service.exe
PRC - [2012/03/27 15:21:12 | 000,036,864 | ---- | M] (Pro Softnet Corp.) -- C:\ZoneAlarmBackup\ZABackupBackground.exe
PRC - [2012/03/27 15:14:46 | 001,994,752 | ---- | M] (Pro Softnet Corp.) -- C:\ZoneAlarmBackup\ZABackupTray.exe
PRC - [2011/12/14 22:49:22 | 000,595,968 | ---- | M] (DTN Corporation) -- C:\Program Files (x86)\DTN\IQFeed\iqconnect.exe
PRC - [2010/10/24 00:57:28 | 002,130,432 | ---- | M] (CamStudio Group) -- C:\Program Files (x86)\CamStudio 2.6b\Recorder.exe
PRC - [2003/08/29 19:05:35 | 000,360,448 | ---- | M] () -- C:\Program Files (x86)\SpywareGuard\sgmain.exe
PRC - [2003/08/29 11:14:56 | 000,233,472 | ---- | M] () -- C:\Program Files (x86)\SpywareGuard\sgbhp.exe
========== Modules (No Company Name) ==========
MOD - [2012/08/30 11:58:08 | 009,813,704 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll
MOD - [2012/08/29 16:32:15 | 002,242,528 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/08/17 23:28:55 | 000,442,392 | ---- | M] () -- C:\Users\Sundars\AppData\Local\Google\Chrome\Application\21.0.1180.83\ppgooglenaclpluginchrome.dll
MOD - [2012/08/17 23:28:52 | 003,997,720 | ---- | M] () -- C:\Users\Sundars\AppData\Local\Google\Chrome\Application\21.0.1180.83\pdf.dll
MOD - [2012/08/17 23:27:23 | 000,144,424 | ---- | M] () -- C:\Users\Sundars\AppData\Local\Google\Chrome\Application\21.0.1180.83\avutil-51.dll
MOD - [2012/08/17 23:27:22 | 000,266,792 | ---- | M] () -- C:\Users\Sundars\AppData\Local\Google\Chrome\Application\21.0.1180.83\avformat-54.dll
MOD - [2012/08/17 23:27:21 | 002,480,680 | ---- | M] () -- C:\Users\Sundars\AppData\Local\Google\Chrome\Application\21.0.1180.83\avcodec-54.dll
MOD - [2012/05/30 20:06:48 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/05/30 20:06:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/10/05 03:52:30 | 000,756,048 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL
MOD - [2011/06/22 11:46:12 | 000,434,016 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
MOD - [2011/05/26 20:18:44 | 000,136,536 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office12\OUTLCTL.DLL
MOD - [2011/04/07 22:59:24 | 000,100,352 | ---- | M] () -- C:\Program Files (x86)\DTN\IQFeed\zlib1.dll
MOD - [2009/02/26 13:46:56 | 000,064,344 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
MOD - [2007/02/20 01:04:20 | 000,057,344 | ---- | M] () -- C:\ZoneAlarmBackup\GetMailPaths.dll
MOD - [2005/05/04 09:02:54 | 000,055,808 | ---- | M] () -- C:\Windows\SysWOW64\zlib1.dll
MOD - [2003/08/29 19:05:35 | 000,360,448 | ---- | M] () -- C:\Program Files (x86)\SpywareGuard\sgmain.exe
MOD - [2003/08/29 11:14:56 | 000,233,472 | ---- | M] () -- C:\Program Files (x86)\SpywareGuard\sgbhp.exe
MOD - [2003/03/17 08:23:00 | 000,159,744 | ---- | M] () -- C:\ZoneAlarmBackup\ssleay32.dll
MOD - [2003/03/17 08:22:00 | 000,872,448 | ---- | M] () -- C:\ZoneAlarmBackup\libeay32.dll
========== Services (SafeList) ==========
SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/08/30 11:58:09 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/08/29 16:32:25 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/08/13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/07/27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/03/27 15:23:38 | 000,143,360 | ---- | M] (Pro Softnet Corporation) [Auto | Running] -- C:\ZoneAlarmBackup\ZABackup Service.exe -- (ZoneAlarmBackup Service)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/12/15 01:46:42 | 000,222,904 | ---- | M] (QFX Software Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\keyscrambler.sys -- (KeyScrambler)
DRV:64bit: - [2010/11/20 05:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 05:32:48 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/11/20 05:32:48 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 03:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 03:03:44 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 00:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1436455705-2035571507-3517363761-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1436455705-2035571507-3517363761-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\S-1-5-21-1436455705-2035571507-3517363761-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9A 7C 6A 9D BF 86 CD 01 [binary data]
IE - HKU\S-1-5-21-1436455705-2035571507-3517363761-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1436455705-2035571507-3517363761-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-1436455705-2035571507-3517363761-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1436455705-2035571507-3517363761-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Sundars\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Sundars\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/08/29 16:32:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
[2012/08/27 22:00:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sundars\AppData\Roaming\Mozilla\Extensions
[2012/08/29 21:16:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/08/29 21:16:15 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/08/29 16:32:26 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/08/29 16:32:14 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/08/29 16:32:14 | 000,002,253 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
========== Chrome ==========
CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Sundars\AppData\Local\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Sundars\AppData\Local\Google\Chrome\Application\21.0.1180.83\gcswf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Sundars\AppData\Local\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Sundars\AppData\Local\Google\Chrome\Application\21.0.1180.83\pdf.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Sundars\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: PricePeep = C:\Users\Sundars\AppData\Local\Google\Chrome\User Data\Default\Extensions\licjnkifamhpbaefhdpacpmihicfbomb\2.1.255.0_0\
CHR - Extension: Skype Click to Call = C:\Users\Sundars\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.2.0.10687_0\
CHR - Extension: Shopping Sidekick = C:\Users\Sundars\AppData\Local\Google\Chrome\User Data\Default\Extensions\nllafhekklanfkimibokomlmidmcmaoi\1.20.26_0\crossrider
CHR - Extension: Shopping Sidekick = C:\Users\Sundars\AppData\Local\Google\Chrome\User Data\Default\Extensions\nllafhekklanfkimibokomlmidmcmaoi\1.20.26_0\
O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files (x86)\KeyScrambler\x64\KeyScramblerIE.dll (QFX Software Corporation)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files (x86)\SpywareGuard\dlprotect.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1436455705-2035571507-3517363761-1000..\Run: [ZoneAlarm Backup Startup] C:\ZoneAlarmBackup\ZABackupStartup.exe (Pro Softnet Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Sundars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Users\Sundars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpywareGuard.lnk = C:\Program Files (x86)\SpywareGuard\sgmain.exe ()
O4 - Startup: C:\Users\Sundars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZoneAlarm Backup Tray.lnk = C:\ZoneAlarmBackup\ZABackupReg2ini.exe (Pro Softnet Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-1436455705-2035571507-3517363761-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-21-1436455705-2035571507-3517363761-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1
O7 - HKU\S-1-5-21-1436455705-2035571507-3517363761-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O9:64bit: - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files (x86)\KeyScrambler\x64\KeyScramblerIE.dll (QFX Software Corporation)
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.6.2.cab (DLM Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.67.222.222 208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{34D1FD84-4DBD-4397-A083-ECBEAD716994}: DhcpNameServer = 208.67.222.222 208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C6FE4E93-3C13-4C10-AE40-508A39FC0C1A}: DhcpNameServer = 208.67.222.222 208.67.220.220
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files (x86)\SpywareGuard\spywareguard.dll ()
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012/08/31 09:25:34 | 002,211,928 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Sundars\Desktop\tdsskiller.exe
[2012/08/31 09:24:14 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Users\Sundars\Desktop\OTL.exe
[2012/08/31 09:14:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2012/08/31 09:14:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2012/08/31 09:14:07 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Sundars\Desktop\erunt_setup.exe
[2012/08/31 09:09:03 | 000,000,000 | ---D | C] -- C:\Users\Sundars\Desktop\Malware - 31Aug2012
[2012/08/30 22:52:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Digiarty
[2012/08/30 18:40:37 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Roaming\iVideoConverter
[2012/08/30 18:40:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iVideo Converter
[2012/08/30 18:05:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Digiarty
[2012/08/30 17:40:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CamStudio
[2012/08/30 17:40:17 | 000,049,664 | ---- | C] (CamStudio Group) -- C:\Windows\SysNative\CamCodec.dll
[2012/08/30 17:40:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CamStudio 2.6b
[2012/08/30 17:39:58 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Local\Shopping Sidekick
[2012/08/30 17:39:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Shopping Sidekick
[2012/08/30 17:39:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PricePeep
[2012/08/30 17:39:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yontoo
[2012/08/30 17:39:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2012/08/30 15:57:22 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Roaming\Download Manager
[2012/08/30 11:58:22 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Roaming\Macromedia
[2012/08/30 11:58:22 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Local\Macromedia
[2012/08/30 11:58:08 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2012/08/30 11:58:06 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012/08/30 03:00:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2012/08/29 22:45:05 | 000,229,376 | ---- | C] (Pro-SoftNet Corporation, USA) -- C:\Windows\SysWow64\IDrLocale.dll
[2012/08/29 22:45:04 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ZoneAlarmBackup
[2012/08/29 22:45:03 | 000,526,184 | ---- | C] (Xceed Software Inc (450) 442-2626 [email protected] www.xceedsoft.com) -- C:\Windows\SysWow64\XceedCry.dll
[2012/08/29 22:45:00 | 001,245,184 | ---- | C] (Pro Soft Net Corporation) -- C:\Windows\SysWow64\ZABackupService.dll
[2012/08/29 22:45:00 | 000,135,168 | ---- | C] (Pro-Softnet Corporation) -- C:\Windows\SysWow64\LogMail.dll
[2012/08/29 22:44:59 | 000,143,360 | ---- | C] (Herman & Associates) -- C:\Windows\SysWow64\HLButton.ocx
[2012/08/29 22:44:59 | 000,086,016 | ---- | C] (Streamnet India) -- C:\Windows\SysWow64\IBwinUtil.ocx
[2012/08/29 22:44:59 | 000,028,672 | ---- | C] (Checks Unlimited) -- C:\Windows\SysWow64\Disable_X.ocx
[2012/08/29 22:44:59 | 000,024,576 | ---- | C] (Streamnet India) -- C:\Windows\SysWow64\IBcalendarser.ocx
[2012/08/29 22:44:59 | 000,000,000 | ---D | C] -- C:\ZoneAlarmBackup
[2012/08/29 21:15:57 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Roaming\Skype
[2012/08/29 21:15:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/08/29 21:15:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012/08/29 21:15:51 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2012/08/29 21:15:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2012/08/29 09:33:38 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Roaming\Canon
[2012/08/29 09:29:10 | 000,000,000 | -H-D | C] -- C:\Windows\SysNative\CanonIJ Uninstaller Information
[2012/08/29 09:29:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MP800
[2012/08/29 09:28:52 | 000,000,000 | -H-D | C] -- C:\Program Files\CanonBJ
[2012/08/29 09:23:49 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ
[2012/08/29 09:14:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
[2012/08/29 09:14:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Canon
[2012/08/29 09:14:35 | 000,000,000 | ---D | C] -- C:\Program Files\Canon
[2012/08/28 19:13:13 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Roaming\Adobe
[2012/08/28 19:13:13 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Local\Adobe
[2012/08/28 19:11:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2012/08/28 19:11:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2012/08/28 19:10:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2012/08/28 16:29:44 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Roaming\Apple Computer
[2012/08/28 16:29:44 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Local\Apple Computer
[2012/08/28 16:29:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/08/28 16:29:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2012/08/28 16:29:11 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/08/28 16:29:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012/08/28 16:29:11 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/08/28 16:29:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2012/08/28 16:29:11 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2012/08/28 16:28:49 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Local\Apple
[2012/08/28 16:28:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2012/08/28 16:28:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2012/08/28 16:28:32 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012/08/28 16:28:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2012/08/28 16:28:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2012/08/28 16:28:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2012/08/28 10:55:11 | 000,000,000 | ---D | C] -- C:\Users\Sundars\Documents\DTN
[2012/08/28 09:49:58 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IQFeed 4.8.1.7
[2012/08/28 09:49:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DTN
[2012/08/28 08:38:30 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/08/28 08:37:52 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Local\Google
[2012/08/28 07:18:43 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2012/08/28 07:18:43 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2012/08/28 05:44:01 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2012/08/28 05:43:47 | 000,000,000 | -HSD | C] -- C:\Boot
[2012/08/27 22:59:44 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Roaming\QFX Software
[2012/08/27 22:59:44 | 000,000,000 | ---D | C] -- C:\ProgramData\QFX Software
[2012/08/27 22:58:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeyScrambler
[2012/08/27 22:58:55 | 000,222,904 | ---- | C] (QFX Software Corporation) -- C:\Windows\SysNative\drivers\keyscrambler.sys
[2012/08/27 22:58:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\KeyScrambler
[2012/08/27 22:30:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AmiBroker x64
[2012/08/27 22:30:49 | 000,000,000 | ---D | C] -- C:\Program Files\AmiBroker
[2012/08/27 22:05:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareGuard
[2012/08/27 22:05:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpywareGuard
[2012/08/27 22:01:34 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Roaming\Malwarebytes
[2012/08/27 22:01:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/08/27 22:01:26 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/08/27 22:01:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/08/27 22:00:47 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Roaming\Mozilla
[2012/08/27 22:00:47 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Local\Mozilla
[2012/08/27 22:00:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/08/27 22:00:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/08/27 22:00:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/08/27 21:58:07 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Users\Sundars\Desktop\TFC.exe
[2012/08/27 21:42:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/08/27 21:41:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/08/27 21:31:41 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2012/08/27 21:18:07 | 000,116,224 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\SysNative\fms.dll
[2012/08/27 21:17:50 | 000,093,696 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\SysWow64\fms.dll
[2012/08/27 21:16:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2012/08/27 21:15:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Works
[2012/08/27 21:15:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio
[2012/08/27 21:15:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2012/08/27 21:15:16 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2012/08/27 21:15:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2012/08/27 21:13:34 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2012/08/27 21:13:10 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Local\Microsoft Help
[2012/08/27 21:13:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2012/08/27 21:13:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2012/08/27 21:13:08 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2012/08/27 21:12:42 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2012/08/27 21:00:02 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2012/08/27 20:54:41 | 000,000,000 | R--D | C] -- C:\Users\Sundars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012/08/27 20:54:41 | 000,000,000 | R--D | C] -- C:\Users\Sundars\Searches
[2012/08/27 20:54:41 | 000,000,000 | R--D | C] -- C:\Users\Sundars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012/08/27 20:54:41 | 000,000,000 | -H-D | C] -- C:\Users\Sundars\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2012/08/27 20:54:31 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Roaming\Identities
[2012/08/27 20:54:28 | 000,000,000 | R--D | C] -- C:\Users\Sundars\Contacts
[2012/08/27 20:54:26 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Local\VirtualStore
[2012/08/27 20:54:21 | 000,000,000 | --SD | C] -- C:\Users\Sundars\AppData\Roaming\Microsoft
[2012/08/27 20:54:21 | 000,000,000 | R--D | C] -- C:\Users\Sundars\Videos
[2012/08/27 20:54:21 | 000,000,000 | R--D | C] -- C:\Users\Sundars\Saved Games
[2012/08/27 20:54:21 | 000,000,000 | R--D | C] -- C:\Users\Sundars\Pictures
[2012/08/27 20:54:21 | 000,000,000 | R--D | C] -- C:\Users\Sundars\Music
[2012/08/27 20:54:21 | 000,000,000 | R--D | C] -- C:\Users\Sundars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012/08/27 20:54:21 | 000,000,000 | R--D | C] -- C:\Users\Sundars\Links
[2012/08/27 20:54:21 | 000,000,000 | R--D | C] -- C:\Users\Sundars\Favorites
[2012/08/27 20:54:21 | 000,000,000 | R--D | C] -- C:\Users\Sundars\Downloads
[2012/08/27 20:54:21 | 000,000,000 | R--D | C] -- C:\Users\Sundars\Documents
[2012/08/27 20:54:21 | 000,000,000 | R--D | C] -- C:\Users\Sundars\Desktop
[2012/08/27 20:54:21 | 000,000,000 | R--D | C] -- C:\Users\Sundars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/08/27 20:54:21 | 000,000,000 | -HSD | C] -- C:\Users\Sundars\AppData\Local\Temporary Internet Files
[2012/08/27 20:54:21 | 000,000,000 | -HSD | C] -- C:\Users\Sundars\Templates
[2012/08/27 20:54:21 | 000,000,000 | -HSD | C] -- C:\Users\Sundars\Start Menu
[2012/08/27 20:54:21 | 000,000,000 | -HSD | C] -- C:\Users\Sundars\SendTo
[2012/08/27 20:54:21 | 000,000,000 | -HSD | C] -- C:\Users\Sundars\Recent
[2012/08/27 20:54:21 | 000,000,000 | -HSD | C] -- C:\Users\Sundars\PrintHood
[2012/08/27 20:54:21 | 000,000,000 | -HSD | C] -- C:\Users\Sundars\NetHood
[2012/08/27 20:54:21 | 000,000,000 | -HSD | C] -- C:\Users\Sundars\Documents\My Videos
[2012/08/27 20:54:21 | 000,000,000 | -HSD | C] -- C:\Users\Sundars\Documents\My Pictures
[2012/08/27 20:54:21 | 000,000,000 | -HSD | C] -- C:\Users\Sundars\Documents\My Music
[2012/08/27 20:54:21 | 000,000,000 | -HSD | C] -- C:\Users\Sundars\My Documents
[2012/08/27 20:54:21 | 000,000,000 | -HSD | C] -- C:\Users\Sundars\Local Settings
[2012/08/27 20:54:21 | 000,000,000 | -HSD | C] -- C:\Users\Sundars\AppData\Local\History
[2012/08/27 20:54:21 | 000,000,000 | -HSD | C] -- C:\Users\Sundars\Cookies
[2012/08/27 20:54:21 | 000,000,000 | -HSD | C] -- C:\Users\Sundars\Application Data
[2012/08/27 20:54:21 | 000,000,000 | -HSD | C] -- C:\Users\Sundars\AppData\Local\Application Data
[2012/08/27 20:54:21 | 000,000,000 | -H-D | C] -- C:\Users\Sundars\AppData
[2012/08/27 20:54:21 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Local\Temp
[2012/08/27 20:54:21 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Local\Microsoft
[2012/08/27 20:54:21 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Roaming\Media Center Programs
[2012/08/27 20:54:15 | 000,000,000 | -HSD | C] -- C:\Recovery
[2012/08/27 20:48:18 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2012/08/27 20:46:14 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2012/08/27 20:45:44 | 000,000,000 | -HSD | C] -- C:\System Volume Information
========== Files - Modified Within 30 Days ==========
[2012/08/31 09:25:36 | 002,211,928 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Sundars\Desktop\tdsskiller.exe
[2012/08/31 09:24:15 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Sundars\Desktop\OTL.exe
[2012/08/31 09:15:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/31 09:14:41 | 000,001,108 | ---- | M] () -- C:\Users\Sundars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/08/31 09:14:36 | 000,000,909 | ---- | M] () -- C:\Users\Sundars\Desktop\ERUNT.lnk
[2012/08/31 09:14:09 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Sundars\Desktop\erunt_setup.exe
[2012/08/31 08:42:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1436455705-2035571507-3517363761-1000UA.job
[2012/08/31 08:42:00 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1436455705-2035571507-3517363761-1000Core.job
[2012/08/31 08:19:43 | 000,004,008 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012/08/30 22:52:01 | 000,001,406 | ---- | M] () -- C:\Users\Sundars\Desktop\WinX Free AVI to FLV Converter.lnk
[2012/08/30 16:10:40 | 000,013,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/30 16:10:40 | 000,013,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/29 22:45:04 | 000,001,590 | ---- | M] () -- C:\Users\Sundars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZoneAlarm Backup Tray.lnk
[2012/08/29 22:45:04 | 000,001,578 | ---- | M] () -- C:\Users\Sundars\Application Data\Microsoft\Internet Explorer\Quick Launch\ZoneAlarmBackup.lnk
[2012/08/29 22:45:04 | 000,001,554 | ---- | M] () -- C:\Users\Sundars\Desktop\ZoneAlarm Backup Powered by IDrive.lnk
[2012/08/29 22:15:27 | 000,000,285 | ---- | M] () -- C:\Users\Sundars\Desktop\CleanLog.BAT
[2012/08/29 21:15:54 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/08/29 20:39:26 | 000,721,264 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/08/29 20:39:26 | 000,624,210 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/08/29 20:39:26 | 000,109,232 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/08/29 15:55:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/29 15:54:52 | 1073,221,627 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/29 15:34:50 | 010,011,662 | ---- | M] () -- C:\Users\Sundars\Desktop\vigor2820_3372_232201.zip
[2012/08/28 19:12:11 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/08/28 16:29:42 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/08/28 14:34:55 | 000,002,579 | ---- | M] () -- C:\Users\Sundars\Desktop\Google Chrome.lnk
[2012/08/28 10:59:05 | 000,001,127 | ---- | M] () -- C:\Users\Sundars\Desktop\AmiBroker x64.lnk
[2012/08/28 08:36:09 | 000,001,137 | ---- | M] () -- C:\Users\Sundars\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2012/08/28 08:35:32 | 000,725,754 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/08/28 07:21:03 | 000,413,312 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/08/28 05:43:49 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2012/08/27 22:56:46 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/08/27 22:05:25 | 000,000,991 | ---- | M] () -- C:\Users\Sundars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpywareGuard.lnk
[2012/08/27 22:05:25 | 000,000,987 | ---- | M] () -- C:\Users\Sundars\Desktop\SpywareGuard LiveUpdate.lnk
[2012/08/27 22:05:25 | 000,000,955 | ---- | M] () -- C:\Users\Sundars\Desktop\SpywareGuard.lnk
[2012/08/27 22:01:27 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/27 22:00:42 | 000,001,134 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/08/27 21:42:30 | 000,001,441 | ---- | M] () -- C:\Users\Sundars\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/08/27 20:49:11 | 000,042,045 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2012/08/27 20:49:11 | 000,042,045 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2012/08/27 20:46:53 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
========== Files Created - No Company Name ==========
[2012/08/31 09:14:41 | 000,001,108 | ---- | C] () -- C:\Users\Sundars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/08/31 09:14:36 | 000,000,909 | ---- | C] () -- C:\Users\Sundars\Desktop\ERUNT.lnk
[2012/08/31 07:25:37 | 000,004,008 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/08/30 22:52:01 | 000,001,406 | ---- | C] () -- C:\Users\Sundars\Desktop\WinX Free AVI to FLV Converter.lnk
[2012/08/30 11:58:10 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/29 22:45:04 | 000,569,368 | ---- | C] () -- C:\Windows\SysWow64\olelib.tlb
[2012/08/29 22:45:04 | 000,022,212 | ---- | C] () -- C:\Windows\SysWow64\olelib2.tlb
[2012/08/29 22:45:04 | 000,003,841 | ---- | C] () -- C:\Windows\SysWow64\server.pem
[2012/08/29 22:45:04 | 000,001,590 | ---- | C] () -- C:\Users\Sundars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZoneAlarm Backup Tray.lnk
[2012/08/29 22:45:04 | 000,001,578 | ---- | C] () -- C:\Users\Sundars\Application Data\Microsoft\Internet Explorer\Quick Launch\ZoneAlarmBackup.lnk
[2012/08/29 22:45:04 | 000,001,554 | ---- | C] () -- C:\Users\Sundars\Desktop\ZoneAlarm Backup Powered by IDrive.lnk
[2012/08/29 22:45:01 | 000,026,128 | ---- | C] () -- C:\Windows\SysWow64\ZABackupXceedCryReg.exe
[2012/08/29 22:45:01 | 000,000,096 | ---- | C] () -- C:\Windows\SysWow64\RegisterZABackupDll.bat
[2012/08/29 22:45:00 | 000,441,705 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll
[2012/08/29 22:45:00 | 000,147,130 | ---- | C] () -- C:\Windows\SysWow64\CRYPT32.LIB
[2012/08/29 22:45:00 | 000,117,982 | ---- | C] () -- C:\Windows\SysWow64\ADVAPI32.LIB
[2012/08/29 22:45:00 | 000,055,808 | ---- | C] () -- C:\Windows\SysWow64\zlib1.dll
[2012/08/29 22:44:59 | 000,094,208 | ---- | C] () -- C:\Windows\SysWow64\IBColIml.ocx
[2012/08/29 22:44:59 | 000,000,730 | ---- | C] () -- C:\Windows\SysWow64\rootcert.pem
[2012/08/29 22:15:27 | 000,000,285 | ---- | C] () -- C:\Users\Sundars\Desktop\CleanLog.BAT
[2012/08/29 21:15:54 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/08/29 15:33:40 | 010,011,662 | ---- | C] () -- C:\Users\Sundars\Desktop\vigor2820_3372_232201.zip
[2012/08/28 19:12:11 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012/08/28 19:12:11 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/08/28 16:29:42 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/08/28 16:28:48 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012/08/28 08:38:31 | 000,002,579 | ---- | C] () -- C:\Users\Sundars\Desktop\Google Chrome.lnk
[2012/08/28 08:37:54 | 000,000,916 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1436455705-2035571507-3517363761-1000UA.job
[2012/08/28 08:37:54 | 000,000,864 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1436455705-2035571507-3517363761-1000Core.job
[2012/08/28 08:36:09 | 000,001,137 | ---- | C] () -- C:\Users\Sundars\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2012/08/28 05:43:49 | 000,008,192 | RHS- | C] () -- C:\BOOTSECT.BAK
[2012/08/28 05:43:47 | 000,383,786 | RHS- | C] () -- C:\bootmgr
[2012/08/27 22:30:52 | 000,001,127 | ---- | C] () -- C:\Users\Sundars\Desktop\AmiBroker x64.lnk
[2012/08/27 22:05:25 | 000,000,991 | ---- | C] () -- C:\Users\Sundars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpywareGuard.lnk
[2012/08/27 22:05:25 | 000,000,987 | ---- | C] () -- C:\Users\Sundars\Desktop\SpywareGuard LiveUpdate.lnk
[2012/08/27 22:05:25 | 000,000,955 | ---- | C] () -- C:\Users\Sundars\Desktop\SpywareGuard.lnk
[2012/08/27 22:01:27 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/27 22:00:42 | 000,001,146 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/08/27 22:00:42 | 000,001,134 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/08/27 21:58:08 | 000,821,248 | ---- | C] () -- C:\Users\Sundars\Desktop\FreeISOBurner.exe
[2012/08/27 21:57:55 | 000,354,304 | ---- | C] () -- C:\Users\Sundars\Desktop\Ultimate Windows Tweaker.exe
[2012/08/27 21:42:30 | 000,001,441 | ---- | C] () -- C:\Users\Sundars\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/08/27 21:42:22 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012/08/27 21:42:12 | 000,001,915 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/08/27 21:42:08 | 000,725,754 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/08/27 21:18:17 | 000,347,904 | ---- | C] () -- C:\Windows\SysNative\systemsf.ebd
[2012/08/27 21:18:06 | 000,001,041 | ---- | C] () -- C:\Windows\SysWow64\tcpbidi.xml
[2012/08/27 21:17:57 | 000,095,744 | ---- | C] () -- C:\Windows\SysNative\RDVGHelper.exe
[2012/08/27 21:17:52 | 000,146,389 | ---- | C] () -- C:\Windows\SysWow64\printmanagement.msc
[2012/08/27 21:17:52 | 000,105,559 | ---- | C] () -- C:\Windows\SysWow64\RacRules.xml
[2012/08/27 21:17:52 | 000,105,559 | ---- | C] () -- C:\Windows\SysNative\RacRules.xml
[2012/08/27 21:17:52 | 000,010,429 | ---- | C] () -- C:\Windows\SysNative\ScavengeSpace.xml
[2012/08/27 20:55:36 | 000,001,413 | ---- | C] () -- C:\Users\Sundars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2012/08/27 20:55:33 | 000,001,447 | ---- | C] () -- C:\Users\Sundars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/08/27 20:54:21 | 000,000,290 | ---- | C] () -- C:\Users\Sundars\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012/08/27 20:54:21 | 000,000,272 | ---- | C] () -- C:\Users\Sundars\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2012/08/27 20:49:05 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012/08/27 20:48:58 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012/08/27 20:46:53 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012/08/27 20:45:44 | 1073,221,627 | -HS- | C] () -- C:\hiberfil.sys
========== LOP Check ==========
[2009/07/14 06:08:49 | 000,003,342 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report >
TDSSKILLER
09:25:54.0946 2304 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
09:25:55.0540 2304 ============================================================
09:25:55.0540 2304 Current date / time: 2012/08/31 09:25:55.0540
09:25:55.0540 2304 SystemInfo:
09:25:55.0540 2304
09:25:55.0540 2304 OS Version: 6.1.7601 ServicePack: 1.0
09:25:55.0540 2304 Product type: Workstation
09:25:55.0540 2304 ComputerName: SUNDARS-PC
09:25:55.0540 2304 UserName: Sundars
09:25:55.0540 2304 Windows directory: C:\Windows
09:25:55.0540 2304 System windows directory: C:\Windows
09:25:55.0540 2304 Running under WOW64
09:25:55.0540 2304 Processor architecture: Intel x64
09:25:55.0540 2304 Number of processors: 4
09:25:55.0540 2304 Page size: 0x1000
09:25:55.0540 2304 Boot type: Normal boot
09:25:55.0540 2304 ============================================================
09:25:57.0780 2304 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
09:25:57.0800 2304 Drive \Device\Harddisk1\DR1 - Size: 0x15D51C00000 (1397.28 Gb), SectorSize: 0x200, Cylinders: 0x2C882, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
09:25:57.0810 2304 ============================================================
09:25:57.0810 2304 \Device\Harddisk0\DR0:
09:25:57.0810 2304 MBR partitions:
09:25:57.0810 2304 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
09:25:57.0810 2304 \Device\Harddisk1\DR1:
09:25:57.0810 2304 MBR partitions:
09:25:57.0810 2304 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xAEA8A5C3
09:25:57.0810 2304 ============================================================
09:25:57.0830 2304 C: <-> \Device\Harddisk0\DR0\Partition1
09:25:57.0840 2304 D: <-> \Device\Harddisk1\DR1\Partition1
09:25:57.0840 2304 ============================================================
09:25:57.0840 2304 Initialize success
09:25:57.0840 2304 ============================================================
09:26:02.0166 3032 ============================================================
09:26:02.0166 3032 Scan started
09:26:02.0166 3032 Mode: Manual; SigCheck; TDLFS;
09:26:02.0166 3032 ============================================================
09:26:04.0676 3032 ================ Scan system memory ========================
09:26:04.0676 3032 System memory - ok
09:26:04.0676 3032 ================ Scan services =============================
09:26:05.0146 3032 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
09:26:05.0236 3032 1394ohci - ok
09:26:05.0256 3032 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
09:26:05.0286 3032 ACPI - ok
09:26:05.0306 3032 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
09:26:05.0356 3032 AcpiPmi - ok
09:26:05.0456 3032 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
09:26:05.0486 3032 AdobeARMservice - ok
09:26:05.0576 3032 [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
09:26:05.0586 3032 AdobeFlashPlayerUpdateSvc - ok
09:26:05.0626 3032 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
09:26:05.0656 3032 adp94xx - ok
09:26:05.0666 3032 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
09:26:05.0686 3032 adpahci - ok
09:26:05.0696 3032 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
09:26:05.0706 3032 adpu320 - ok
09:26:05.0726 3032 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
09:26:05.0806 3032 AeLookupSvc - ok
09:26:05.0836 3032 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
09:26:05.0876 3032 AFD - ok
09:26:05.0896 3032 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
09:26:05.0926 3032 agp440 - ok
09:26:05.0936 3032 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
09:26:05.0956 3032 ALG - ok
09:26:05.0966 3032 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
09:26:05.0986 3032 aliide - ok
09:26:05.0996 3032 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
09:26:06.0006 3032 amdide - ok
09:26:06.0026 3032 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
09:26:06.0056 3032 AmdK8 - ok
09:26:06.0066 3032 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
09:26:06.0086 3032 AmdPPM - ok
09:26:06.0106 3032 [ 6EC6D772EAE38DC17C14AED9B178D24B ] amdsata C:\Windows\system32\drivers\amdsata.sys
09:26:06.0116 3032 amdsata - ok
09:26:06.0136 3032 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
09:26:06.0166 3032 amdsbs - ok
09:26:06.0176 3032 [ 1142A21DB581A84EA5597B03A26EBAA0 ] amdxata C:\Windows\system32\drivers\amdxata.sys
09:26:06.0186 3032 amdxata - ok
09:26:06.0216 3032 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
09:26:06.0346 3032 AppID - ok
09:26:06.0386 3032 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
09:26:06.0457 3032 AppIDSvc - ok
09:26:06.0487 3032 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
09:26:06.0547 3032 Appinfo - ok
09:26:06.0587 3032 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
09:26:06.0597 3032 Apple Mobile Device - ok
09:26:06.0647 3032 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
09:26:06.0737 3032 AppMgmt - ok
09:26:06.0757 3032 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
09:26:06.0777 3032 arc - ok
09:26:06.0777 3032 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
09:26:06.0797 3032 arcsas - ok
09:26:06.0817 3032 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
09:26:06.0847 3032 AsyncMac - ok
09:26:06.0877 3032 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
09:26:06.0887 3032 atapi - ok
09:26:06.0927 3032 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
09:26:06.0997 3032 AudioEndpointBuilder - ok
09:26:07.0007 3032 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
09:26:07.0047 3032 AudioSrv - ok
09:26:07.0077 3032 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
09:26:07.0137 3032 AxInstSV - ok
09:26:07.0187 3032 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
09:26:07.0257 3032 b06bdrv - ok
09:26:07.0297 3032 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
09:26:07.0327 3032 b57nd60a - ok
09:26:07.0347 3032 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
09:26:07.0387 3032 BDESVC - ok
09:26:07.0397 3032 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
09:26:07.0427 3032 Beep - ok
09:26:07.0457 3032 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
09:26:07.0517 3032 BFE - ok
09:26:07.0547 3032 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
09:26:07.0607 3032 BITS - ok
09:26:07.0627 3032 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
09:26:07.0657 3032 blbdrive - ok
09:26:07.0717 3032 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
09:26:07.0727 3032 Bonjour Service - ok
09:26:07.0747 3032 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
09:26:07.0787 3032 bowser - ok
09:26:07.0797 3032 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
09:26:07.0827 3032 BrFiltLo - ok
09:26:07.0837 3032 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
09:26:07.0847 3032 BrFiltUp - ok
09:26:07.0877 3032 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
09:26:07.0887 3032 Browser - ok
09:26:07.0917 3032 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
09:26:07.0947 3032 Brserid - ok
09:26:07.0947 3032 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
09:26:07.0967 3032 BrSerWdm - ok
09:26:07.0977 3032 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
09:26:07.0997 3032 BrUsbMdm - ok
09:26:08.0007 3032 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
09:26:08.0017 3032 BrUsbSer - ok
09:26:08.0037 3032 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
09:26:08.0047 3032 BTHMODEM - ok
09:26:08.0067 3032 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
09:26:08.0107 3032 bthserv - ok
09:26:08.0137 3032 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
09:26:08.0177 3032 cdfs - ok
09:26:08.0217 3032 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
09:26:08.0237 3032 cdrom - ok
09:26:08.0277 3032 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
09:26:08.0307 3032 CertPropSvc - ok
09:26:08.0307 3032 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
09:26:08.0327 3032 circlass - ok
09:26:08.0347 3032 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
09:26:08.0367 3032 CLFS - ok
09:26:08.0417 3032 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:26:08.0427 3032 clr_optimization_v2.0.50727_32 - ok
09:26:08.0457 3032 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
09:26:08.0467 3032 clr_optimization_v2.0.50727_64 - ok
09:26:08.0477 3032 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
09:26:08.0497 3032 CmBatt - ok
09:26:08.0517 3032 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
09:26:08.0527 3032 cmdide - ok
09:26:08.0547 3032 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
09:26:08.0567 3032 CNG - ok
09:26:08.0577 3032 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
09:26:08.0587 3032 Compbatt - ok
09:26:08.0607 3032 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
09:26:08.0627 3032 CompositeBus - ok
09:26:08.0637 3032 COMSysApp - ok
09:26:08.0647 3032 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
09:26:08.0657 3032 crcdisk - ok
09:26:08.0687 3032 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
09:26:08.0727 3032 CryptSvc - ok
09:26:08.0757 3032 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
09:26:08.0807 3032 CSC - ok
09:26:08.0837 3032 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
09:26:08.0877 3032 CscService - ok
09:26:08.0907 3032 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
09:26:08.0952 3032 DcomLaunch - ok
09:26:08.0984 3032 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
09:26:09.0030 3032 defragsvc - ok
09:26:09.0062 3032 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
09:26:09.0093 3032 DfsC - ok
09:26:09.0124 3032 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
09:26:09.0186 3032 Dhcp - ok
09:26:09.0202 3032 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
09:26:09.0233 3032 discache - ok
09:26:09.0249 3032 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
09:26:09.0264 3032 Disk - ok
09:26:09.0280 3032 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
09:26:09.0296 3032 Dnscache - ok
09:26:09.0327 3032 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
09:26:09.0358 3032 dot3svc - ok
09:26:09.0405 3032 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
09:26:09.0436 3032 DPS - ok
09:26:09.0467 3032 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
09:26:09.0483 3032 drmkaud - ok
09:26:09.0514 3032 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
09:26:09.0545 3032 DXGKrnl - ok
09:26:09.0592 3032 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
09:26:09.0623 3032 EapHost - ok
09:26:09.0686 3032 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
09:26:09.0764 3032 ebdrv - ok
09:26:09.0779 3032 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
09:26:09.0826 3032 EFS - ok
09:26:09.0857 3032 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
09:26:09.0888 3032 ehRecvr - ok
09:26:09.0904 3032 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
09:26:09.0920 3032 ehSched - ok
09:26:09.0951 3032 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
09:26:09.0966 3032 elxstor - ok
09:26:09.0982 3032 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
09:26:09.0998 3032 ErrDev - ok
09:26:10.0029 3032 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
09:26:10.0060 3032 EventSystem - ok
09:26:10.0091 3032 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
09:26:10.0122 3032 exfat - ok
09:26:10.0169 3032 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
09:26:10.0247 3032 fastfat - ok
09:26:10.0278 3032 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
09:26:10.0325 3032 Fax - ok
09:26:10.0325 3032 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
09:26:10.0341 3032 fdc - ok
09:26:10.0356 3032 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
09:26:10.0388 3032 fdPHost - ok
09:26:10.0388 3032 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
09:26:10.0434 3032 FDResPub - ok
09:26:10.0450 3032 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
09:26:10.0450 3032 FileInfo - ok
09:26:10.0466 3032 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
09:26:10.0512 3032 Filetrace - ok
09:26:10.0512 3032 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
09:26:10.0528 3032 flpydisk - ok
09:26:10.0544 3032 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
09:26:10.0559 3032 FltMgr - ok
09:26:10.0606 3032 [ B4447F606BB19FD8AD0BAFB59B90F5D9 ] FontCache C:\Windows\system32\FntCache.dll
09:26:10.0668 3032 FontCache - ok
09:26:10.0700 3032 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
09:26:10.0700 3032 FontCache3.0.0.0 - ok
09:26:10.0715 3032 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
09:26:10.0731 3032 FsDepends - ok
09:26:10.0746 3032 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
09:26:10.0746 3032 Fs_Rec - ok
09:26:10.0762 3032 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
09:26:10.0778 3032 fvevol - ok
09:26:10.0793 3032 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
09:26:10.0809 3032 gagp30kx - ok
09:26:10.0824 3032 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
09:26:10.0840 3032 GEARAspiWDM - ok
09:26:10.0887 3032 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
09:26:10.0934 3032 gpsvc - ok
09:26:10.0965 3032 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
09:26:10.0996 3032 hcw85cir - ok
09:26:11.0027 3032 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
09:26:11.0058 3032 HdAudAddService - ok
09:26:11.0074 3032 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
09:26:11.0105 3032 HDAudBus - ok
09:26:11.0121 3032 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
09:26:11.0136 3032 HidBatt - ok
09:26:11.0136 3032 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
09:26:11.0168 3032 HidBth - ok
09:26:11.0168 3032 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
09:26:11.0183 3032 HidIr - ok
09:26:11.0199 3032 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
09:26:11.0246 3032 hidserv - ok
09:26:11.0277 3032 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
09:26:11.0292 3032 HidUsb - ok
09:26:11.0324 3032 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
09:26:11.0355 3032 hkmsvc - ok
09:26:11.0370 3032 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
09:26:11.0402 3032 HomeGroupListener - ok
09:26:11.0417 3032 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
09:26:11.0433 3032 HomeGroupProvider - ok
09:26:11.0448 3032 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
09:26:11.0448 3032 HpSAMD - ok
09:26:11.0495 3032 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
09:26:11.0542 3032 HTTP - ok
09:26:11.0573 3032 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
09:26:11.0573 3032 hwpolicy - ok
09:26:11.0589 3032 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
09:26:11.0604 3032 i8042prt - ok
09:26:11.0620 3032 [ 3DF4395A7CF8B7A72A5F4606366B8C2D ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
09:26:11.0636 3032 iaStorV - ok
09:26:11.0682 3032 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
09:26:11.0698 3032 idsvc - ok
09:26:11.0729 3032 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
09:26:11.0729 3032 iirsp - ok
09:26:11.0760 3032 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
09:26:11.0823 3032 IKEEXT - ok
09:26:11.0838 3032 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
09:26:11.0854 3032 intelide - ok
09:26:11.0870 3032 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
09:26:11.0885 3032 intelppm - ok
09:26:11.0901 3032 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
09:26:11.0948 3032 IPBusEnum - ok
09:26:11.0963 3032 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:26:11.0994 3032 IpFilterDriver - ok
09:26:12.0010 3032 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
09:26:12.0057 3032 iphlpsvc - ok
09:26:12.0072 3032 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
09:26:12.0088 3032 IPMIDRV - ok
09:26:12.0104 3032 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
09:26:12.0150 3032 IPNAT - ok
09:26:12.0213 3032 [ A9AB99EE7D39725EAFEC82732D2B3271 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
09:26:12.0228 3032 iPod Service - ok
09:26:12.0244 3032 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
09:26:12.0291 3032 IRENUM - ok
09:26:12.0306 3032 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
09:26:12.0306 3032 isapnp - ok
09:26:12.0322 3032 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
09:26:12.0338 3032 iScsiPrt - ok
09:26:12.0369 3032 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
09:26:12.0369 3032 kbdclass - ok
09:26:12.0384 3032 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
09:26:12.0400 3032 kbdhid - ok
09:26:12.0416 3032 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
09:26:12.0431 3032 KeyIso - ok
09:26:12.0462 3032 [ E3CF421210EBDDACB4590AE67A0226DC ] KeyScrambler C:\Windows\system32\drivers\keyscrambler.sys
09:26:12.0509 3032 KeyScrambler - ok
09:26:12.0525 3032 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
09:26:12.0540 3032 KSecDD - ok
09:26:12.0556 3032 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
09:26:12.0556 3032 KSecPkg - ok
09:26:12.0572 3032 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
09:26:12.0603 3032 ksthunk - ok
09:26:12.0634 3032 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
09:26:12.0665 3032 KtmRm - ok
09:26:12.0681 3032 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
09:26:12.0712 3032 LanmanServer - ok
09:26:12.0743 3032 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
09:26:12.0774 3032 LanmanWorkstation - ok
09:26:12.0806 3032 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
09:26:12.0837 3032 lltdio - ok
09:26:12.0852 3032 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
09:26:12.0899 3032 lltdsvc - ok
09:26:12.0899 3032 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
09:26:12.0930 3032 lmhosts - ok
09:26:12.0946 3032 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
09:26:12.0962 3032 LSI_FC - ok
09:26:12.0962 3032 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
09:26:12.0977 3032 LSI_SAS - ok
09:26:12.0977 3032 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
09:26:12.0993 3032 LSI_SAS2 - ok
09:26:12.0993 3032 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
09:26:13.0008 3032 LSI_SCSI - ok
09:26:13.0008 3032 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
09:26:13.0055 3032 luafv - ok
09:26:13.0086 3032 [ DC8490812A3B72811AE534F423B4C206 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
09:26:13.0086 3032 MBAMProtector - ok
09:26:13.0118 3032 [ 43683E970F008C93C9429EF428147A54 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
09:26:13.0133 3032 MBAMService - ok
09:26:13.0164 3032 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
09:26:13.0180 3032 Mcx2Svc - ok
09:26:13.0227 3032 [ 7CF1B716372B89568AE4C0FE769F5869 ] MDM C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
09:26:13.0227 3032 MDM ( UnsignedFile.Multi.Generic ) - warning
09:26:13.0227 3032 MDM - detected UnsignedFile.Multi.Generic (1)
09:26:13.0227 3032 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
09:26:13.0242 3032 megasas - ok
09:26:13.0258 3032 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
09:26:13.0274 3032 MegaSR - ok
09:26:13.0289 3032 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
09:26:13.0336 3032 MMCSS - ok
09:26:13.0336 3032 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
09:26:13.0383 3032 Modem - ok
09:26:13.0383 3032 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
09:26:13.0414 3032 monitor - ok
09:26:13.0430 3032 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
09:26:13.0445 3032 mouclass - ok
09:26:13.0445 3032 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
09:26:13.0476 3032 mouhid - ok
09:26:13.0492 3032 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
09:26:13.0508 3032 mountmgr - ok
09:26:13.0523 3032 [ E8D79312373F254DC13F3965BDB3D521 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
09:26:13.0539 3032 MozillaMaintenance - ok
09:26:13.0586 3032 [ 94C66EDEDCDB6A126880472F9A704D8E ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
09:26:13.0586 3032 MpFilter - ok
09:26:13.0601 3032 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
09:26:13.0617 3032 mpio - ok
09:26:13.0617 3032 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
09:26:13.0648 3032 mpsdrv - ok
09:26:13.0679 3032 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
09:26:13.0726 3032 MpsSvc - ok
09:26:13.0742 3032 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
09:26:13.0773 3032 MRxDAV - ok
09:26:13.0804 3032 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
09:26:13.0835 3032 mrxsmb - ok
09:26:13.0851 3032 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:26:13.0851 3032 mrxsmb10 - ok
09:26:13.0882 3032 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:26:13.0882 3032 mrxsmb20 - ok
09:26:13.0898 3032 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
09:26:13.0913 3032 msahci - ok
09:26:13.0929 3032 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
09:26:13.0944 3032 msdsm - ok
09:26:13.0976 3032 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
09:26:13.0991 3032 MSDTC - ok
09:26:14.0007 3032 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
09:26:14.0038 3032 Msfs - ok
09:26:14.0054 3032 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
09:26:14.0085 3032 mshidkmdf - ok
09:26:14.0100 3032 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
09:26:14.0116 3032 msisadrv - ok
09:26:14.0116 3032 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
09:26:14.0147 3032 MSiSCSI - ok
09:26:14.0163 3032 msiserver - ok
09:26:14.0178 3032 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
09:26:14.0225 3032 MSKSSRV - ok
09:26:14.0272 3032 [ 59FAAF2C83C8169EA20F9E335E418907 ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe
09:26:14.0288 3032 MsMpSvc - ok
09:26:14.0288 3032 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
09:26:14.0334 3032 MSPCLOCK - ok
09:26:14.0334 3032 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
09:26:14.0381 3032 MSPQM - ok
09:26:14.0397 3032 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
09:26:14.0412 3032 MsRPC - ok
09:26:14.0428 3032 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
09:26:14.0444 3032 mssmbios - ok
09:26:14.0459 3032 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
09:26:14.0490 3032 MSTEE - ok
09:26:14.0506 3032 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
09:26:14.0522 3032 MTConfig - ok
09:26:14.0522 3032 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
09:26:14.0537 3032 Mup - ok
09:26:14.0553 3032 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
09:26:14.0615 3032 napagent - ok
09:26:14.0631 3032 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
09:26:14.0662 3032 NativeWifiP - ok
09:26:14.0693 3032 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
09:26:14.0724 3032 NDIS - ok
09:26:14.0740 3032 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
09:26:14.0771 3032 NdisCap - ok
09:26:14.0771 3032 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
09:26:14.0802 3032 NdisTapi - ok
09:26:14.0818 3032 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
09:26:14.0849 3032 Ndisuio - ok
09:26:14.0865 3032 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
09:26:14.0896 3032 NdisWan - ok
09:26:14.0927 3032 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
09:26:14.0958 3032 NDProxy - ok
09:26:14.0958 3032 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
09:26:15.0005 3032 NetBIOS - ok
09:26:15.0021 3032 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
09:26:15.0052 3032 NetBT - ok
09:26:15.0068 3032 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
09:26:15.0083 3032 Netlogon - ok
09:26:15.0114 3032 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
09:26:15.0146 3032 Netman - ok
09:26:15.0177 3032 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
09:26:15.0224 3032 netprofm - ok
09:26:15.0270 3032 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
09:26:15.0270 3032 NetTcpPortSharing - ok
09:26:15.0302 3032 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
09:26:15.0302 3032 nfrd960 - ok
09:26:15.0380 3032 [ 91B4E0273D2F6C24EF845F2B41311289 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
09:26:15.0395 3032 NisDrv - ok
09:26:15.0411 3032 [ 10A43829A9E606AF3EEF25A1C1665923 ] NisSrv C:\Program Files\Microsoft Security Client\NisSrv.exe
09:26:15.0426 3032 NisSrv - ok
09:26:15.0442 3032 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
09:26:15.0473 3032 NlaSvc - ok
09:26:15.0489 3032 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
09:26:15.0520 3032 Npfs - ok
09:26:15.0520 3032 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
09:26:15.0551 3032 nsi - ok
09:26:15.0567 3032 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
09:26:15.0598 3032 nsiproxy - ok
09:26:15.0645 3032 [ 05D78AA5CB5F3F5C31160BDB955D0B7C ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
09:26:15.0692 3032 Ntfs - ok
09:26:15.0707 3032 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
09:26:15.0738 3032 Null - ok
09:26:15.0941 3032 [ DD81FBC57AB9134CDDC5CE90880BFD80 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
09:26:16.0253 3032 nvlddmkm - ok
09:26:16.0284 3032 [ 5D9FD91F3D38DC9DA01E3CB5FA89CD48 ] nvraid C:\Windows\system32\drivers\nvraid.sys
09:26:16.0300 3032 nvraid - ok
09:26:16.0316 3032 [ F7CD50FE7139F07E77DA8AC8033D1832 ] nvstor C:\Windows\system32\drivers\nvstor.sys
09:26:16.0316 3032 nvstor - ok
09:26:16.0347 3032 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
09:26:16.0362 3032 nv_agp - ok
09:26:16.0409 3032 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
09:26:16.0425 3032 odserv - ok
09:26:16.0440 3032 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
09:26:16.0440 3032 ohci1394 - ok
09:26:16.0487 3032 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:26:16.0503 3032 ose - ok
09:26:16.0534 3032 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
09:26:16.0550 3032 p2pimsvc - ok
09:26:16.0581 3032 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
09:26:16.0612 3032 p2psvc - ok
09:26:16.0628 3032 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
09:26:16.0643 3032 Parport - ok
09:26:16.0659 3032 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
09:26:16.0674 3032 partmgr - ok
09:26:16.0674 3032 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
09:26:16.0706 3032 PcaSvc - ok
09:26:16.0721 3032 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
09:26:16.0721 3032 pci - ok
09:26:16.0737 3032 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
09:26:16.0752 3032 pciide - ok
09:26:16.0768 3032 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
09:26:16.0784 3032 pcmcia - ok
09:26:16.0784 3032 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
09:26:16.0799 3032 pcw - ok
09:26:16.0815 3032 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
09:26:16.0862 3032 PEAUTH - ok
09:26:16.0908 3032 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
09:26:16.0955 3032 PeerDistSvc - ok
09:26:17.0033 3032 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
09:26:17.0049 3032 PerfHost - ok
09:26:17.0096 3032 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
09:26:17.0158 3032 pla - ok
09:26:17.0189 3032 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
09:26:17.0220 3032 PlugPlay - ok
09:26:17.0236 3032 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
09:26:17.0236 3032 PNRPAutoReg - ok
09:26:17.0267 3032 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
09:26:17.0283 3032 PNRPsvc - ok
09:26:17.0314 3032 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
09:26:17.0361 3032 PolicyAgent - ok
09:26:17.0376 3032 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
09:26:17.0408 3032 Power - ok
09:26:17.0439 3032 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
09:26:17.0470 3032 PptpMiniport - ok
09:26:17.0486 3032 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
09:26:17.0501 3032 Processor - ok
09:26:17.0532 3032 [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc C:\Windows\system32\profsvc.dll
09:26:17.0564 3032 ProfSvc - ok
09:26:17.0579 3032 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
09:26:17.0579 3032 ProtectedStorage - ok
09:26:17.0595 3032 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
09:26:17.0626 3032 Psched - ok
09:26:17.0673 3032 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
09:26:17.0720 3032 ql2300 - ok
09:26:17.0720 3032 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
09:26:17.0735 3032 ql40xx - ok
09:26:17.0751 3032 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
09:26:17.0766 3032 QWAVE - ok
09:26:17.0782 3032 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
09:26:17.0798 3032 QWAVEdrv - ok
09:26:17.0798 3032 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
09:26:17.0829 3032 RasAcd - ok
09:26:17.0860 3032 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
09:26:17.0876 3032 RasAgileVpn - ok
09:26:17.0891 3032 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
09:26:17.0922 3032 RasAuto - ok
09:26:17.0954 3032 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
09:26:17.0985 3032 Rasl2tp - ok
09:26:18.0000 3032 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
09:26:18.0032 3032 RasMan - ok
09:26:18.0047 3032 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
09:26:18.0078 3032 RasPppoe - ok
09:26:18.0078 3032 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
09:26:18.0110 3032 RasSstp - ok
09:26:18.0125 3032 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
09:26:18.0156 3032 rdbss - ok
09:26:18.0172 3032 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
09:26:18.0188 3032 rdpbus - ok
09:26:18.0203 3032 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
09:26:18.0234 3032 RDPCDD - ok
09:26:18.0250 3032 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
09:26:18.0281 3032 RDPDR - ok
09:26:18.0281 3032 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
09:26:18.0328 3032 RDPENCDD - ok
09:26:18.0328 3032 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
09:26:18.0359 3032 RDPREFMP - ok
09:26:18.0437 3032 [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
09:26:18.0453 3032 RdpVideoMiniport - ok
09:26:18.0484 3032 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
09:26:18.0515 3032 RDPWD - ok
09:26:18.0546 3032 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
09:26:18.0546 3032 rdyboost - ok
09:26:18.0578 3032 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
09:26:18.0609 3032 RemoteAccess - ok
09:26:18.0640 3032 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
09:26:18.0687 3032 RemoteRegistry - ok
09:26:18.0702 3032 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
09:26:18.0734 3032 RpcEptMapper - ok
09:26:18.0765 3032 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
09:26:18.0780 3032 RpcLocator - ok
09:26:18.0796 3032 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
09:26:18.0827 3032 RpcSs - ok
09:26:18.0858 3032 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
09:26:18.0905 3032 rspndr - ok
09:26:18.0952 3032 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
09:26:18.0983 3032 s3cap - ok
09:26:19.0030 3032 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
09:26:19.0030 3032 SamSs - ok
09:26:19.0046 3032 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
09:26:19.0061 3032 sbp2port - ok
09:26:19.0061 3032 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
09:26:19.0092 3032 SCardSvr - ok
09:26:19.0124 3032 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
09:26:19.0155 3032 scfilter - ok
09:26:19.0202 3032 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
09:26:19.0248 3032 Schedule - ok
09:26:19.0280 3032 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
09:26:19.0311 3032 SCPolicySvc - ok
09:26:19.0326 3032 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
09:26:19.0358 3032 SDRSVC - ok
09:26:19.0373 3032 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
09:26:19.0404 3032 secdrv - ok
09:26:19.0420 3032 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
09:26:19.0451 3032 seclogon - ok
09:26:19.0467 3032 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
09:26:19.0529 3032 SENS - ok
09:26:19.0529 3032 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
09:26:19.0545 3032 SensrSvc - ok
09:26:19.0560 3032 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
09:26:19.0592 3032 Serenum - ok
09:26:19.0592 3032 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
09:26:19.0607 3032 Serial - ok
09:26:19.0638 3032 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
09:26:19.0654 3032 sermouse - ok
09:26:19.0685 3032 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
09:26:19.0716 3032 SessionEnv - ok
09:26:19.0732 3032 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
09:26:19.0763 3032 sffdisk - ok
09:26:19.0779 3032 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
09:26:19.0794 3032 sffp_mmc - ok
09:26:19.0810 3032 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
09:26:19.0841 3032 sffp_sd - ok
09:26:19.0841 3032 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
09:26:19.0857 3032 sfloppy - ok
09:26:19.0888 3032 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
09:26:19.0935 3032 SharedAccess - ok
09:26:19.0966 3032 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
09:26:19.0997 3032 ShellHWDetection - ok
09:26:19.0997 3032 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
09:26:20.0013 3032 SiSRaid2 - ok
09:26:20.0013 3032 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
09:26:20.0028 3032 SiSRaid4 - ok
09:26:20.0122 3032 [ 753D254205E0A62100A050BD8B458D06 ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
09:26:20.0169 3032 Skype C2C Service - ok
09:26:20.0184 3032 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
09:26:20.0200 3032 SkypeUpdate - ok
09:26:20.0262 3032 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
09:26:20.0294 3032 Smb - ok
09:26:20.0325 3032 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
09:26:20.0340 3032 SNMPTRAP - ok
09:26:20.0340 3032 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
09:26:20.0356 3032 spldr - ok
09:26:20.0372 3032 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe
09:26:20.0418 3032 Spooler - ok
09:26:20.0496 3032 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
09:26:20.0559 3032 sppsvc - ok
09:26:20.0574 3032 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
09:26:20.0606 3032 sppuinotify - ok
09:26:20.0637 3032 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
09:26:20.0668 3032 srv - ok
09:26:20.0684 3032 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
09:26:20.0730 3032 srv2 - ok
09:26:20.0746 3032 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
09:26:20.0762 3032 srvnet - ok
09:26:20.0777 3032 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
09:26:20.0824 3032 SSDPSRV - ok
09:26:20.0824 3032 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
09:26:20.0855 3032 SstpSvc - ok
09:26:20.0886 3032 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
09:26:20.0886 3032 stexstor - ok
09:26:20.0918 3032 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
09:26:20.0949 3032 stisvc - ok
09:26:20.0964 3032 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
09:26:20.0980 3032 storflt - ok
09:26:20.0996 3032 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
09:26:21.0011 3032 storvsc - ok
09:26:21.0027 3032 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
09:26:21.0027 3032 swenum - ok
09:26:21.0042 3032 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
09:26:21.0089 3032 swprv - ok
09:26:21.0105 3032 Synth3dVsc - ok
09:26:21.0152 3032 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
09:26:21.0198 3032 SysMain - ok
09:26:21.0230 3032 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
09:26:21.0245 3032 TabletInputService - ok
09:26:21.0276 3032 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
09:26:21.0323 3032 TapiSrv - ok
09:26:21.0339 3032 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
09:26:21.0370 3032 TBS - ok
09:26:21.0417 3032 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
09:26:21.0479 3032 Tcpip - ok
09:26:21.0526 3032 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
09:26:21.0557 3032 TCPIP6 - ok
09:26:21.0573 3032 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
09:26:21.0604 3032 tcpipreg - ok
09:26:21.0620 3032 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
09:26:21.0635 3032 TDPIPE - ok
09:26:21.0651 3032 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
09:26:21.0682 3032 TDTCP - ok
09:26:21.0713 3032 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
09:26:21.0744 3032 tdx - ok
09:26:21.0744 3032 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
09:26:21.0760 3032 TermDD - ok
09:26:21.0776 3032 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
09:26:21.0822 3032 TermService - ok
09:26:21.0838 3032 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
09:26:21.0854 3032 Themes - ok
09:26:21.0869 3032 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
09:26:21.0900 3032 THREADORDER - ok
09:26:21.0916 3032 [ DBCC20C02E8A3E43B03C304A4E40A84F ] TPM C:\Windows\system32\drivers\tpm.sys
09:26:21.0947 3032 TPM - ok
09:26:21.0947 3032 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
09:26:21.0978 3032 TrkWks - ok
09:26:22.0010 3032 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
09:26:22.0056 3032 TrustedInstaller - ok
09:26:22.0072 3032 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
09:26:22.0119 3032 tssecsrv - ok
09:26:22.0134 3032 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
09:26:22.0150 3032 TsUsbFlt - ok
09:26:22.0150 3032 tsusbhub - ok
09:26:22.0197 3032 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
09:26:22.0212 3032 tunnel - ok
09:26:22.0244 3032 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
09:26:22.0244 3032 uagp35 - ok
09:26:22.0259 3032 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
09:26:22.0306 3032 udfs - ok
09:26:22.0322 3032 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
09:26:22.0337 3032 UI0Detect - ok
09:26:22.0353 3032 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
09:26:22.0353 3032 uliagpkx - ok
09:26:22.0384 3032 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
09:26:22.0415 3032 umbus - ok
09:26:22.0431 3032 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
09:26:22.0446 3032 UmPass - ok
09:26:22.0462 3032 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
09:26:22.0478 3032 UmRdpService - ok
09:26:22.0493 3032 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
09:26:22.0524 3032 upnphost - ok
09:26:22.0540 3032 [ 481DFF26B4DCA8F4CBAC1F7DCE1D6829 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
09:26:22.0571 3032 usbccgp - ok
09:26:22.0587 3032 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
09:26:22.0602 3032 usbcir - ok
09:26:22.0618 3032 [ 2EA4AFF7BE7EB4632E3AA8595B0803B5 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
09:26:22.0634 3032 usbehci - ok
09:26:22.0649 3032 [ DC96BD9CCB8403251BCF25047573558E ] usbhub C:\Windows\system32\drivers\usbhub.sys
09:26:22.0680 3032 usbhub - ok
09:26:22.0696 3032 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
09:26:22.0696 3032 usbohci - ok
09:26:22.0727 3032 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
09:26:22.0743 3032 usbprint - ok
09:26:22.0758 3032 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
09:26:22.0790 3032 usbscan - ok
09:26:22.0790 3032 [ D76510CFA0FC09023077F22C2F979D86 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:26:22.0821 3032 USBSTOR - ok
09:26:22.0821 3032 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
09:26:22.0836 3032 usbuhci - ok
09:26:22.0883 3032 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
09:26:22.0930 3032 UxSms - ok
09:26:22.0961 3032 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
09:26:22.0977 3032 VaultSvc - ok
09:26:22.0992 3032 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
09:26:23.0008 3032 vdrvroot - ok
09:26:23.0024 3032 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
09:26:23.0070 3032 vds - ok
09:26:23.0086 3032 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
09:26:23.0102 3032 vga - ok
09:26:23.0102 3032 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
09:26:23.0133 3032 VgaSave - ok
09:26:23.0148 3032 VGPU - ok
09:26:23.0164 3032 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
09:26:23.0180 3032 vhdmp - ok
09:26:23.0195 3032 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
09:26:23.0211 3032 viaide - ok
09:26:23.0226 3032 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
09:26:23.0242 3032 vmbus - ok
09:26:23.0258 3032 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
09:26:23.0258 3032 VMBusHID - ok
09:26:23.0273 3032 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
09:26:23.0273 3032 volmgr - ok
09:26:23.0304 3032 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
09:26:23.0320 3032 volmgrx - ok
09:26:23.0336 3032 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
09:26:23.0351 3032 volsnap - ok
09:26:23.0382 3032 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
09:26:23.0398 3032 vsmraid - ok
09:26:23.0460 3032 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
09:26:23.0554 3032 VSS - ok
09:26:23.0570 3032 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
09:26:23.0585 3032 vwifibus - ok
09:26:23.0616 3032 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
09:26:23.0648 3032 W32Time - ok
09:26:23.0648 3032 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
09:26:23.0679 3032 WacomPen - ok
09:26:23.0710 3032 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
09:26:23.0741 3032 WANARP - ok
09:26:23.0757 3032 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
09:26:23.0788 3032 Wanarpv6 - ok
09:26:23.0835 3032 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
09:26:23.0882 3032 WatAdminSvc - ok
09:26:23.0928 3032 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
09:26:23.0975 3032 wbengine - ok
09:26:23.0991 3032 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
09:26:24.0022 3032 WbioSrvc - ok
09:26:24.0038 3032 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
09:26:24.0069 3032 wcncsvc - ok
09:26:24.0084 3032 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
09:26:24.0116 3032 WcsPlugInService - ok
09:26:24.0116 3032 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
09:26:24.0131 3032 Wd - ok
09:26:24.0147 3032 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
09:26:24.0162 3032 Wdf01000 - ok
09:26:24.0178 3032 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
09:26:24.0240 3032 WdiServiceHost - ok
09:26:24.0240 3032 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
09:26:24.0256 3032 WdiSystemHost - ok
09:26:24.0256 3032 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
09:26:24.0287 3032 WebClient - ok
09:26:24.0287 3032 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
09:26:24.0334 3032 Wecsvc - ok
09:26:24.0350 3032 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
09:26:24.0381 3032 wercplsupport - ok
09:26:24.0381 3032 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
09:26:24.0412 3032 WerSvc - ok
09:26:24.0428 3032 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
09:26:24.0459 3032 WfpLwf - ok
09:26:24.0474 3032 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
09:26:24.0490 3032 WIMMount - ok
09:26:24.0490 3032 WinDefend - ok
09:26:24.0490 3032 WinHttpAutoProxySvc - ok
09:26:24.0537 3032 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
09:26:24.0584 3032 Winmgmt - ok
09:26:24.0630 3032 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
09:26:24.0693 3032 WinRM - ok
09:26:24.0740 3032 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
09:26:24.0771 3032 Wlansvc - ok
09:26:24.0786 3032 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
09:26:24.0802 3032 WmiAcpi - ok
09:26:24.0818 3032 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
09:26:24.0833 3032 wmiApSrv - ok
09:26:24.0849 3032 WMPNetworkSvc - ok
09:26:24.0864 3032 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
09:26:24.0880 3032 WPCSvc - ok
09:26:24.0911 3032 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
09:26:24.0927 3032 WPDBusEnum - ok
09:26:24.0942 3032 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
09:26:24.0974 3032 ws2ifsl - ok
09:26:24.0989 3032 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
09:26:25.0020 3032 wscsvc - ok
09:26:25.0020 3032 WSearch - ok
09:26:25.0083 3032 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
09:26:25.0161 3032 wuauserv - ok
09:26:25.0176 3032 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
09:26:25.0208 3032 WudfPf - ok
09:26:25.0223 3032 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
09:26:25.0254 3032 WUDFRd - ok
09:26:25.0270 3032 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
09:26:25.0301 3032 wudfsvc - ok
09:26:25.0317 3032 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
09:26:25.0348 3032 WwanSvc - ok
09:26:25.0442 3032 [ A107BDCFE7CF82CF60F2653C5F2FF3A8 ] ZoneAlarmBackup Service C:\ZoneAlarmBackup\ZABackup Service.exe
09:26:25.0488 3032 ZoneAlarmBackup Service ( UnsignedFile.Multi.Generic ) - warning
09:26:25.0488 3032 ZoneAlarmBackup Service - detected UnsignedFile.Multi.Generic (1)
09:26:25.0544 3032 ================ Scan global ===============================
09:26:25.0614 3032 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
09:26:25.0724 3032 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
09:26:25.0744 3032 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
09:26:25.0764 3032 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
09:26:25.0784 3032 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
09:26:25.0784 3032 [Global] - ok
09:26:25.0784 3032 ================ Scan MBR ==================================
09:26:25.0804 3032 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
09:26:26.0074 3032 \Device\Harddisk0\DR0 - ok
09:26:26.0084 3032 [ E64B2A49894D1FD5A0201870E3E41A51 ] \Device\Harddisk1\DR1
09:26:26.0154 3032 \Device\Harddisk1\DR1 - ok
09:26:26.0154 3032 ================ Scan VBR ==================================
09:26:26.0164 3032 [ 91CA6712131845DC78D6C19C878AE51F ] \Device\Harddisk0\DR0\Partition1
09:26:26.0164 3032 \Device\Harddisk0\DR0\Partition1 - ok
09:26:26.0164 3032 [ 7301DD4F2B4EB4E2334F7ADD5BC9F278 ] \Device\Harddisk1\DR1\Partition1
09:26:26.0164 3032 \Device\Harddisk1\DR1\Partition1 - ok
09:26:26.0164 3032 ============================================================
09:26:26.0164 3032 Scan finished
09:26:26.0164 3032 ============================================================
09:26:26.0174 4772 Detected object count: 2
09:26:26.0174 4772 Actual detected object count: 2
09:26:47.0784 4772 MDM ( UnsignedFile.Multi.Generic ) - skipped by user
09:26:47.0784 4772 MDM ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:26:47.0799 4772 ZoneAlarmBackup Service ( UnsignedFile.Multi.Generic ) - skipped by user
09:26:47.0799 4772 ZoneAlarmBackup Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
So, here we go again with MBAM QUICK SCAN RESULT and OTL SCAN RESULT. Sorry...I have been a pain. Should I just reinstall Windows again please?
MBAM QUICK SCAN
Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org
Database version: v2012.08.31.04
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Sundars :: SUNDARS-PC [administrator]
Protection: Enabled
31/08/2012 09:04:29
mbam-log-2012-08-31 (09-08-59).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 192292
Time elapsed: 2 minute(s), 35 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 14
HKCR\CLSID\{22222222-2222-2222-2222-220022502258} (PUP.CrossRider.SSK) -> No action taken.
HKCR\CLSID\{11111111-1111-1111-1111-110011501158} (PUP.CrossRider.SSK) -> No action taken.
HKCR\TypeLib\{44444444-4444-4444-4444-440044504458} (PUP.CrossRider.SSK) -> No action taken.
HKCR\Interface\{55555555-5555-5555-5555-550055505558} (PUP.CrossRider.SSK) -> No action taken.
HKCR\CrossriderApp0005058.BHO.1 (PUP.CrossRider.SSK) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011501158} (PUP.CrossRider.SSK) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011501158} (PUP.CrossRider.SSK) -> No action taken.
HKCR\CrossriderApp0005058.Sandbox.1 (PUP.CrossRider.SSK) -> No action taken.
HKCR\CrossriderApp0005058.Sandbox (PUP.CrossRider.SSK) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Shopping Sidekick (PUP.CrossRider.SSK) -> No action taken.
HKCR\CrossriderApp0005058.BHO (PUP.CrossFire.Gen) -> No action taken.
HKCU\Software\Cr_Installer\5058 (Adware.GamePlayLab) -> No action taken.
HKCU\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\215 APPS (PUP.CrossFire.SA) -> No action taken.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\nllafhekklanfkimibokomlmidmcmaoi (PUP.CrossRider.SSK) -> No action taken.
Registry Values Detected: 2
HKCU\Software\InstalledBrowserExtensions\215 Apps|5058 (PUP.CrossFire.SA) -> Data: Shopping Sidekick -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Shopping Sidekick|Publisher (PUP.CrossRider.SSK) -> Data: 215 Apps -> No action taken.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 1
C:\Program Files (x86)\Shopping Sidekick (PUP.CrossRider.SSK) -> No action taken.
Files Detected: 12
C:\Program Files (x86)\Shopping Sidekick\Shopping Sidekick.dll (PUP.CrossRider.SSK) -> No action taken.
C:\Users\Sundars\Downloads\Camstudio_Setup.exe (PUP.Bundle.Installer.OI) -> No action taken.
C:\Users\Sundars\Local Settings\Temporary Internet Files\Content.IE5\7P0B2DQD\ShoppingSidekick_gb[1] (PUP.215Apps) -> No action taken.
C:\Program Files (x86)\Shopping Sidekick\Shopping SidekickInstaller.log (PUP.CrossRider.SSK) -> No action taken.
C:\Program Files (x86)\Shopping Sidekick\ButtonUtil.dll (PUP.CrossRider.SSK) -> No action taken.
C:\Program Files (x86)\Shopping Sidekick\Shopping Sidekick-bg.exe (PUP.CrossRider.SSK) -> No action taken.
C:\Program Files (x86)\Shopping Sidekick\Shopping Sidekick.exe (PUP.CrossRider.SSK) -> No action taken.
C:\Program Files (x86)\Shopping Sidekick\Shopping Sidekick.ico (PUP.CrossRider.SSK) -> No action taken.
C:\Program Files (x86)\Shopping Sidekick\Shopping Sidekick.ini (PUP.CrossRider.SSK) -> No action taken.
C:\Program Files (x86)\Shopping Sidekick\Uninstall.exe (PUP.CrossRider.SSK) -> No action taken.
C:\Users\Sundars\Local Settings\Application Data\Shopping Sidekick\Chrome\Shopping Sidekick.crx (PUP.CrossRider.SSK) -> No action taken.
C:\Users\Sundars\AppData\Local\Shopping Sidekick\Chrome\Shopping Sidekick.crx (PUP.CrossRider.SSK) -> No action taken.
(end)
OTL
OTL logfile created on: 31/08/2012 09:24:27 - Run 1
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\Sundars\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
28.00 Gb Total Physical Memory | 23.88 Gb Available Physical Memory | 85.28% Memory free
56.00 Gb Paging File | 51.76 Gb Available in Paging File | 92.43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.76 Gb Total Space | 390.03 Gb Free Space | 83.74% Space Free | Partition Type: NTFS
Drive D: | 1397.27 Gb Total Space | 1260.28 Gb Free Space | 90.20% Space Free | Partition Type: NTFS
Computer Name: SUNDARS-PC | User Name: Sundars | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/08/31 09:24:15 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Sundars\Desktop\OTL.exe
PRC - [2012/08/30 11:58:09 | 001,807,560 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe
PRC - [2012/08/29 16:32:25 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/08/13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012/07/27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/07/03 13:46:42 | 000,973,488 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2012/03/28 10:42:06 | 001,867,776 | ---- | M] (Pro-Softnet Corporation, U.S.A) -- C:\ZoneAlarmBackup\ZABackupClsClient.exe
PRC - [2012/03/27 15:23:38 | 000,143,360 | ---- | M] (Pro Softnet Corporation) -- C:\ZoneAlarmBackup\ZABackup Service.exe
PRC - [2012/03/27 15:21:12 | 000,036,864 | ---- | M] (Pro Softnet Corp.) -- C:\ZoneAlarmBackup\ZABackupBackground.exe
PRC - [2012/03/27 15:14:46 | 001,994,752 | ---- | M] (Pro Softnet Corp.) -- C:\ZoneAlarmBackup\ZABackupTray.exe
PRC - [2011/12/14 22:49:22 | 000,595,968 | ---- | M] (DTN Corporation) -- C:\Program Files (x86)\DTN\IQFeed\iqconnect.exe
PRC - [2010/10/24 00:57:28 | 002,130,432 | ---- | M] (CamStudio Group) -- C:\Program Files (x86)\CamStudio 2.6b\Recorder.exe
PRC - [2003/08/29 19:05:35 | 000,360,448 | ---- | M] () -- C:\Program Files (x86)\SpywareGuard\sgmain.exe
PRC - [2003/08/29 11:14:56 | 000,233,472 | ---- | M] () -- C:\Program Files (x86)\SpywareGuard\sgbhp.exe
========== Modules (No Company Name) ==========
MOD - [2012/08/30 11:58:08 | 009,813,704 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll
MOD - [2012/08/29 16:32:15 | 002,242,528 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/08/17 23:28:55 | 000,442,392 | ---- | M] () -- C:\Users\Sundars\AppData\Local\Google\Chrome\Application\21.0.1180.83\ppgooglenaclpluginchrome.dll
MOD - [2012/08/17 23:28:52 | 003,997,720 | ---- | M] () -- C:\Users\Sundars\AppData\Local\Google\Chrome\Application\21.0.1180.83\pdf.dll
MOD - [2012/08/17 23:27:23 | 000,144,424 | ---- | M] () -- C:\Users\Sundars\AppData\Local\Google\Chrome\Application\21.0.1180.83\avutil-51.dll
MOD - [2012/08/17 23:27:22 | 000,266,792 | ---- | M] () -- C:\Users\Sundars\AppData\Local\Google\Chrome\Application\21.0.1180.83\avformat-54.dll
MOD - [2012/08/17 23:27:21 | 002,480,680 | ---- | M] () -- C:\Users\Sundars\AppData\Local\Google\Chrome\Application\21.0.1180.83\avcodec-54.dll
MOD - [2012/05/30 20:06:48 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/05/30 20:06:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/10/05 03:52:30 | 000,756,048 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL
MOD - [2011/06/22 11:46:12 | 000,434,016 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
MOD - [2011/05/26 20:18:44 | 000,136,536 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office12\OUTLCTL.DLL
MOD - [2011/04/07 22:59:24 | 000,100,352 | ---- | M] () -- C:\Program Files (x86)\DTN\IQFeed\zlib1.dll
MOD - [2009/02/26 13:46:56 | 000,064,344 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
MOD - [2007/02/20 01:04:20 | 000,057,344 | ---- | M] () -- C:\ZoneAlarmBackup\GetMailPaths.dll
MOD - [2005/05/04 09:02:54 | 000,055,808 | ---- | M] () -- C:\Windows\SysWOW64\zlib1.dll
MOD - [2003/08/29 19:05:35 | 000,360,448 | ---- | M] () -- C:\Program Files (x86)\SpywareGuard\sgmain.exe
MOD - [2003/08/29 11:14:56 | 000,233,472 | ---- | M] () -- C:\Program Files (x86)\SpywareGuard\sgbhp.exe
MOD - [2003/03/17 08:23:00 | 000,159,744 | ---- | M] () -- C:\ZoneAlarmBackup\ssleay32.dll
MOD - [2003/03/17 08:22:00 | 000,872,448 | ---- | M] () -- C:\ZoneAlarmBackup\libeay32.dll
========== Services (SafeList) ==========
SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/08/30 11:58:09 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/08/29 16:32:25 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/08/13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/07/27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/03/27 15:23:38 | 000,143,360 | ---- | M] (Pro Softnet Corporation) [Auto | Running] -- C:\ZoneAlarmBackup\ZABackup Service.exe -- (ZoneAlarmBackup Service)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/12/15 01:46:42 | 000,222,904 | ---- | M] (QFX Software Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\keyscrambler.sys -- (KeyScrambler)
DRV:64bit: - [2010/11/20 05:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 05:32:48 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/11/20 05:32:48 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 03:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 03:03:44 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 00:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1436455705-2035571507-3517363761-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1436455705-2035571507-3517363761-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\S-1-5-21-1436455705-2035571507-3517363761-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9A 7C 6A 9D BF 86 CD 01 [binary data]
IE - HKU\S-1-5-21-1436455705-2035571507-3517363761-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1436455705-2035571507-3517363761-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-1436455705-2035571507-3517363761-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1436455705-2035571507-3517363761-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Sundars\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Sundars\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/08/29 16:32:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
[2012/08/27 22:00:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sundars\AppData\Roaming\Mozilla\Extensions
[2012/08/29 21:16:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/08/29 21:16:15 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/08/29 16:32:26 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/08/29 16:32:14 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/08/29 16:32:14 | 000,002,253 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
========== Chrome ==========
CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Sundars\AppData\Local\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Sundars\AppData\Local\Google\Chrome\Application\21.0.1180.83\gcswf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Sundars\AppData\Local\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Sundars\AppData\Local\Google\Chrome\Application\21.0.1180.83\pdf.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Sundars\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: PricePeep = C:\Users\Sundars\AppData\Local\Google\Chrome\User Data\Default\Extensions\licjnkifamhpbaefhdpacpmihicfbomb\2.1.255.0_0\
CHR - Extension: Skype Click to Call = C:\Users\Sundars\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.2.0.10687_0\
CHR - Extension: Shopping Sidekick = C:\Users\Sundars\AppData\Local\Google\Chrome\User Data\Default\Extensions\nllafhekklanfkimibokomlmidmcmaoi\1.20.26_0\crossrider
CHR - Extension: Shopping Sidekick = C:\Users\Sundars\AppData\Local\Google\Chrome\User Data\Default\Extensions\nllafhekklanfkimibokomlmidmcmaoi\1.20.26_0\
O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files (x86)\KeyScrambler\x64\KeyScramblerIE.dll (QFX Software Corporation)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files (x86)\SpywareGuard\dlprotect.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1436455705-2035571507-3517363761-1000..\Run: [ZoneAlarm Backup Startup] C:\ZoneAlarmBackup\ZABackupStartup.exe (Pro Softnet Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Sundars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Users\Sundars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpywareGuard.lnk = C:\Program Files (x86)\SpywareGuard\sgmain.exe ()
O4 - Startup: C:\Users\Sundars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZoneAlarm Backup Tray.lnk = C:\ZoneAlarmBackup\ZABackupReg2ini.exe (Pro Softnet Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-1436455705-2035571507-3517363761-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-21-1436455705-2035571507-3517363761-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1
O7 - HKU\S-1-5-21-1436455705-2035571507-3517363761-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O9:64bit: - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files (x86)\KeyScrambler\x64\KeyScramblerIE.dll (QFX Software Corporation)
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.6.2.cab (DLM Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.67.222.222 208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{34D1FD84-4DBD-4397-A083-ECBEAD716994}: DhcpNameServer = 208.67.222.222 208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C6FE4E93-3C13-4C10-AE40-508A39FC0C1A}: DhcpNameServer = 208.67.222.222 208.67.220.220
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files (x86)\SpywareGuard\spywareguard.dll ()
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012/08/31 09:25:34 | 002,211,928 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Sundars\Desktop\tdsskiller.exe
[2012/08/31 09:24:14 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Users\Sundars\Desktop\OTL.exe
[2012/08/31 09:14:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2012/08/31 09:14:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2012/08/31 09:14:07 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Sundars\Desktop\erunt_setup.exe
[2012/08/31 09:09:03 | 000,000,000 | ---D | C] -- C:\Users\Sundars\Desktop\Malware - 31Aug2012
[2012/08/30 22:52:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Digiarty
[2012/08/30 18:40:37 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Roaming\iVideoConverter
[2012/08/30 18:40:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iVideo Converter
[2012/08/30 18:05:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Digiarty
[2012/08/30 17:40:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CamStudio
[2012/08/30 17:40:17 | 000,049,664 | ---- | C] (CamStudio Group) -- C:\Windows\SysNative\CamCodec.dll
[2012/08/30 17:40:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CamStudio 2.6b
[2012/08/30 17:39:58 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Local\Shopping Sidekick
[2012/08/30 17:39:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Shopping Sidekick
[2012/08/30 17:39:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PricePeep
[2012/08/30 17:39:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yontoo
[2012/08/30 17:39:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2012/08/30 15:57:22 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Roaming\Download Manager
[2012/08/30 11:58:22 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Roaming\Macromedia
[2012/08/30 11:58:22 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Local\Macromedia
[2012/08/30 11:58:08 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2012/08/30 11:58:06 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012/08/30 03:00:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2012/08/29 22:45:05 | 000,229,376 | ---- | C] (Pro-SoftNet Corporation, USA) -- C:\Windows\SysWow64\IDrLocale.dll
[2012/08/29 22:45:04 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ZoneAlarmBackup
[2012/08/29 22:45:03 | 000,526,184 | ---- | C] (Xceed Software Inc (450) 442-2626 [email protected] www.xceedsoft.com) -- C:\Windows\SysWow64\XceedCry.dll
[2012/08/29 22:45:00 | 001,245,184 | ---- | C] (Pro Soft Net Corporation) -- C:\Windows\SysWow64\ZABackupService.dll
[2012/08/29 22:45:00 | 000,135,168 | ---- | C] (Pro-Softnet Corporation) -- C:\Windows\SysWow64\LogMail.dll
[2012/08/29 22:44:59 | 000,143,360 | ---- | C] (Herman & Associates) -- C:\Windows\SysWow64\HLButton.ocx
[2012/08/29 22:44:59 | 000,086,016 | ---- | C] (Streamnet India) -- C:\Windows\SysWow64\IBwinUtil.ocx
[2012/08/29 22:44:59 | 000,028,672 | ---- | C] (Checks Unlimited) -- C:\Windows\SysWow64\Disable_X.ocx
[2012/08/29 22:44:59 | 000,024,576 | ---- | C] (Streamnet India) -- C:\Windows\SysWow64\IBcalendarser.ocx
[2012/08/29 22:44:59 | 000,000,000 | ---D | C] -- C:\ZoneAlarmBackup
[2012/08/29 21:15:57 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Roaming\Skype
[2012/08/29 21:15:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/08/29 21:15:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012/08/29 21:15:51 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2012/08/29 21:15:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2012/08/29 09:33:38 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Roaming\Canon
[2012/08/29 09:29:10 | 000,000,000 | -H-D | C] -- C:\Windows\SysNative\CanonIJ Uninstaller Information
[2012/08/29 09:29:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MP800
[2012/08/29 09:28:52 | 000,000,000 | -H-D | C] -- C:\Program Files\CanonBJ
[2012/08/29 09:23:49 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ
[2012/08/29 09:14:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
[2012/08/29 09:14:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Canon
[2012/08/29 09:14:35 | 000,000,000 | ---D | C] -- C:\Program Files\Canon
[2012/08/28 19:13:13 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Roaming\Adobe
[2012/08/28 19:13:13 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Local\Adobe
[2012/08/28 19:11:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2012/08/28 19:11:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2012/08/28 19:10:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2012/08/28 16:29:44 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Roaming\Apple Computer
[2012/08/28 16:29:44 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Local\Apple Computer
[2012/08/28 16:29:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/08/28 16:29:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2012/08/28 16:29:11 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/08/28 16:29:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012/08/28 16:29:11 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/08/28 16:29:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2012/08/28 16:29:11 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2012/08/28 16:28:49 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Local\Apple
[2012/08/28 16:28:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2012/08/28 16:28:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2012/08/28 16:28:32 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012/08/28 16:28:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2012/08/28 16:28:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2012/08/28 16:28:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2012/08/28 10:55:11 | 000,000,000 | ---D | C] -- C:\Users\Sundars\Documents\DTN
[2012/08/28 09:49:58 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IQFeed 4.8.1.7
[2012/08/28 09:49:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DTN
[2012/08/28 08:38:30 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/08/28 08:37:52 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Local\Google
[2012/08/28 07:18:43 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2012/08/28 07:18:43 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2012/08/28 05:44:01 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2012/08/28 05:43:47 | 000,000,000 | -HSD | C] -- C:\Boot
[2012/08/27 22:59:44 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Roaming\QFX Software
[2012/08/27 22:59:44 | 000,000,000 | ---D | C] -- C:\ProgramData\QFX Software
[2012/08/27 22:58:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeyScrambler
[2012/08/27 22:58:55 | 000,222,904 | ---- | C] (QFX Software Corporation) -- C:\Windows\SysNative\drivers\keyscrambler.sys
[2012/08/27 22:58:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\KeyScrambler
[2012/08/27 22:30:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AmiBroker x64
[2012/08/27 22:30:49 | 000,000,000 | ---D | C] -- C:\Program Files\AmiBroker
[2012/08/27 22:05:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareGuard
[2012/08/27 22:05:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpywareGuard
[2012/08/27 22:01:34 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Roaming\Malwarebytes
[2012/08/27 22:01:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/08/27 22:01:26 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/08/27 22:01:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/08/27 22:00:47 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Roaming\Mozilla
[2012/08/27 22:00:47 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Local\Mozilla
[2012/08/27 22:00:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/08/27 22:00:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/08/27 22:00:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/08/27 21:58:07 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Users\Sundars\Desktop\TFC.exe
[2012/08/27 21:42:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/08/27 21:41:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/08/27 21:31:41 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2012/08/27 21:18:07 | 000,116,224 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\SysNative\fms.dll
[2012/08/27 21:17:50 | 000,093,696 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\SysWow64\fms.dll
[2012/08/27 21:16:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2012/08/27 21:15:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Works
[2012/08/27 21:15:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio
[2012/08/27 21:15:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2012/08/27 21:15:16 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2012/08/27 21:15:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2012/08/27 21:13:34 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2012/08/27 21:13:10 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Local\Microsoft Help
[2012/08/27 21:13:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2012/08/27 21:13:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2012/08/27 21:13:08 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2012/08/27 21:12:42 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2012/08/27 21:00:02 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2012/08/27 20:54:41 | 000,000,000 | R--D | C] -- C:\Users\Sundars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012/08/27 20:54:41 | 000,000,000 | R--D | C] -- C:\Users\Sundars\Searches
[2012/08/27 20:54:41 | 000,000,000 | R--D | C] -- C:\Users\Sundars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012/08/27 20:54:41 | 000,000,000 | -H-D | C] -- C:\Users\Sundars\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2012/08/27 20:54:31 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Roaming\Identities
[2012/08/27 20:54:28 | 000,000,000 | R--D | C] -- C:\Users\Sundars\Contacts
[2012/08/27 20:54:26 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Local\VirtualStore
[2012/08/27 20:54:21 | 000,000,000 | --SD | C] -- C:\Users\Sundars\AppData\Roaming\Microsoft
[2012/08/27 20:54:21 | 000,000,000 | R--D | C] -- C:\Users\Sundars\Videos
[2012/08/27 20:54:21 | 000,000,000 | R--D | C] -- C:\Users\Sundars\Saved Games
[2012/08/27 20:54:21 | 000,000,000 | R--D | C] -- C:\Users\Sundars\Pictures
[2012/08/27 20:54:21 | 000,000,000 | R--D | C] -- C:\Users\Sundars\Music
[2012/08/27 20:54:21 | 000,000,000 | R--D | C] -- C:\Users\Sundars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012/08/27 20:54:21 | 000,000,000 | R--D | C] -- C:\Users\Sundars\Links
[2012/08/27 20:54:21 | 000,000,000 | R--D | C] -- C:\Users\Sundars\Favorites
[2012/08/27 20:54:21 | 000,000,000 | R--D | C] -- C:\Users\Sundars\Downloads
[2012/08/27 20:54:21 | 000,000,000 | R--D | C] -- C:\Users\Sundars\Documents
[2012/08/27 20:54:21 | 000,000,000 | R--D | C] -- C:\Users\Sundars\Desktop
[2012/08/27 20:54:21 | 000,000,000 | R--D | C] -- C:\Users\Sundars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/08/27 20:54:21 | 000,000,000 | -HSD | C] -- C:\Users\Sundars\AppData\Local\Temporary Internet Files
[2012/08/27 20:54:21 | 000,000,000 | -HSD | C] -- C:\Users\Sundars\Templates
[2012/08/27 20:54:21 | 000,000,000 | -HSD | C] -- C:\Users\Sundars\Start Menu
[2012/08/27 20:54:21 | 000,000,000 | -HSD | C] -- C:\Users\Sundars\SendTo
[2012/08/27 20:54:21 | 000,000,000 | -HSD | C] -- C:\Users\Sundars\Recent
[2012/08/27 20:54:21 | 000,000,000 | -HSD | C] -- C:\Users\Sundars\PrintHood
[2012/08/27 20:54:21 | 000,000,000 | -HSD | C] -- C:\Users\Sundars\NetHood
[2012/08/27 20:54:21 | 000,000,000 | -HSD | C] -- C:\Users\Sundars\Documents\My Videos
[2012/08/27 20:54:21 | 000,000,000 | -HSD | C] -- C:\Users\Sundars\Documents\My Pictures
[2012/08/27 20:54:21 | 000,000,000 | -HSD | C] -- C:\Users\Sundars\Documents\My Music
[2012/08/27 20:54:21 | 000,000,000 | -HSD | C] -- C:\Users\Sundars\My Documents
[2012/08/27 20:54:21 | 000,000,000 | -HSD | C] -- C:\Users\Sundars\Local Settings
[2012/08/27 20:54:21 | 000,000,000 | -HSD | C] -- C:\Users\Sundars\AppData\Local\History
[2012/08/27 20:54:21 | 000,000,000 | -HSD | C] -- C:\Users\Sundars\Cookies
[2012/08/27 20:54:21 | 000,000,000 | -HSD | C] -- C:\Users\Sundars\Application Data
[2012/08/27 20:54:21 | 000,000,000 | -HSD | C] -- C:\Users\Sundars\AppData\Local\Application Data
[2012/08/27 20:54:21 | 000,000,000 | -H-D | C] -- C:\Users\Sundars\AppData
[2012/08/27 20:54:21 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Local\Temp
[2012/08/27 20:54:21 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Local\Microsoft
[2012/08/27 20:54:21 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Roaming\Media Center Programs
[2012/08/27 20:54:15 | 000,000,000 | -HSD | C] -- C:\Recovery
[2012/08/27 20:48:18 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2012/08/27 20:46:14 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2012/08/27 20:45:44 | 000,000,000 | -HSD | C] -- C:\System Volume Information
========== Files - Modified Within 30 Days ==========
[2012/08/31 09:25:36 | 002,211,928 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Sundars\Desktop\tdsskiller.exe
[2012/08/31 09:24:15 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Sundars\Desktop\OTL.exe
[2012/08/31 09:15:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/31 09:14:41 | 000,001,108 | ---- | M] () -- C:\Users\Sundars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/08/31 09:14:36 | 000,000,909 | ---- | M] () -- C:\Users\Sundars\Desktop\ERUNT.lnk
[2012/08/31 09:14:09 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Sundars\Desktop\erunt_setup.exe
[2012/08/31 08:42:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1436455705-2035571507-3517363761-1000UA.job
[2012/08/31 08:42:00 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1436455705-2035571507-3517363761-1000Core.job
[2012/08/31 08:19:43 | 000,004,008 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012/08/30 22:52:01 | 000,001,406 | ---- | M] () -- C:\Users\Sundars\Desktop\WinX Free AVI to FLV Converter.lnk
[2012/08/30 16:10:40 | 000,013,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/30 16:10:40 | 000,013,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/29 22:45:04 | 000,001,590 | ---- | M] () -- C:\Users\Sundars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZoneAlarm Backup Tray.lnk
[2012/08/29 22:45:04 | 000,001,578 | ---- | M] () -- C:\Users\Sundars\Application Data\Microsoft\Internet Explorer\Quick Launch\ZoneAlarmBackup.lnk
[2012/08/29 22:45:04 | 000,001,554 | ---- | M] () -- C:\Users\Sundars\Desktop\ZoneAlarm Backup Powered by IDrive.lnk
[2012/08/29 22:15:27 | 000,000,285 | ---- | M] () -- C:\Users\Sundars\Desktop\CleanLog.BAT
[2012/08/29 21:15:54 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/08/29 20:39:26 | 000,721,264 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/08/29 20:39:26 | 000,624,210 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/08/29 20:39:26 | 000,109,232 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/08/29 15:55:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/29 15:54:52 | 1073,221,627 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/29 15:34:50 | 010,011,662 | ---- | M] () -- C:\Users\Sundars\Desktop\vigor2820_3372_232201.zip
[2012/08/28 19:12:11 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/08/28 16:29:42 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/08/28 14:34:55 | 000,002,579 | ---- | M] () -- C:\Users\Sundars\Desktop\Google Chrome.lnk
[2012/08/28 10:59:05 | 000,001,127 | ---- | M] () -- C:\Users\Sundars\Desktop\AmiBroker x64.lnk
[2012/08/28 08:36:09 | 000,001,137 | ---- | M] () -- C:\Users\Sundars\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2012/08/28 08:35:32 | 000,725,754 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/08/28 07:21:03 | 000,413,312 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/08/28 05:43:49 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2012/08/27 22:56:46 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/08/27 22:05:25 | 000,000,991 | ---- | M] () -- C:\Users\Sundars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpywareGuard.lnk
[2012/08/27 22:05:25 | 000,000,987 | ---- | M] () -- C:\Users\Sundars\Desktop\SpywareGuard LiveUpdate.lnk
[2012/08/27 22:05:25 | 000,000,955 | ---- | M] () -- C:\Users\Sundars\Desktop\SpywareGuard.lnk
[2012/08/27 22:01:27 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/27 22:00:42 | 000,001,134 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/08/27 21:42:30 | 000,001,441 | ---- | M] () -- C:\Users\Sundars\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/08/27 20:49:11 | 000,042,045 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2012/08/27 20:49:11 | 000,042,045 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2012/08/27 20:46:53 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
========== Files Created - No Company Name ==========
[2012/08/31 09:14:41 | 000,001,108 | ---- | C] () -- C:\Users\Sundars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/08/31 09:14:36 | 000,000,909 | ---- | C] () -- C:\Users\Sundars\Desktop\ERUNT.lnk
[2012/08/31 07:25:37 | 000,004,008 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/08/30 22:52:01 | 000,001,406 | ---- | C] () -- C:\Users\Sundars\Desktop\WinX Free AVI to FLV Converter.lnk
[2012/08/30 11:58:10 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/29 22:45:04 | 000,569,368 | ---- | C] () -- C:\Windows\SysWow64\olelib.tlb
[2012/08/29 22:45:04 | 000,022,212 | ---- | C] () -- C:\Windows\SysWow64\olelib2.tlb
[2012/08/29 22:45:04 | 000,003,841 | ---- | C] () -- C:\Windows\SysWow64\server.pem
[2012/08/29 22:45:04 | 000,001,590 | ---- | C] () -- C:\Users\Sundars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZoneAlarm Backup Tray.lnk
[2012/08/29 22:45:04 | 000,001,578 | ---- | C] () -- C:\Users\Sundars\Application Data\Microsoft\Internet Explorer\Quick Launch\ZoneAlarmBackup.lnk
[2012/08/29 22:45:04 | 000,001,554 | ---- | C] () -- C:\Users\Sundars\Desktop\ZoneAlarm Backup Powered by IDrive.lnk
[2012/08/29 22:45:01 | 000,026,128 | ---- | C] () -- C:\Windows\SysWow64\ZABackupXceedCryReg.exe
[2012/08/29 22:45:01 | 000,000,096 | ---- | C] () -- C:\Windows\SysWow64\RegisterZABackupDll.bat
[2012/08/29 22:45:00 | 000,441,705 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll
[2012/08/29 22:45:00 | 000,147,130 | ---- | C] () -- C:\Windows\SysWow64\CRYPT32.LIB
[2012/08/29 22:45:00 | 000,117,982 | ---- | C] () -- C:\Windows\SysWow64\ADVAPI32.LIB
[2012/08/29 22:45:00 | 000,055,808 | ---- | C] () -- C:\Windows\SysWow64\zlib1.dll
[2012/08/29 22:44:59 | 000,094,208 | ---- | C] () -- C:\Windows\SysWow64\IBColIml.ocx
[2012/08/29 22:44:59 | 000,000,730 | ---- | C] () -- C:\Windows\SysWow64\rootcert.pem
[2012/08/29 22:15:27 | 000,000,285 | ---- | C] () -- C:\Users\Sundars\Desktop\CleanLog.BAT
[2012/08/29 21:15:54 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/08/29 15:33:40 | 010,011,662 | ---- | C] () -- C:\Users\Sundars\Desktop\vigor2820_3372_232201.zip
[2012/08/28 19:12:11 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012/08/28 19:12:11 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/08/28 16:29:42 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/08/28 16:28:48 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012/08/28 08:38:31 | 000,002,579 | ---- | C] () -- C:\Users\Sundars\Desktop\Google Chrome.lnk
[2012/08/28 08:37:54 | 000,000,916 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1436455705-2035571507-3517363761-1000UA.job
[2012/08/28 08:37:54 | 000,000,864 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1436455705-2035571507-3517363761-1000Core.job
[2012/08/28 08:36:09 | 000,001,137 | ---- | C] () -- C:\Users\Sundars\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2012/08/28 05:43:49 | 000,008,192 | RHS- | C] () -- C:\BOOTSECT.BAK
[2012/08/28 05:43:47 | 000,383,786 | RHS- | C] () -- C:\bootmgr
[2012/08/27 22:30:52 | 000,001,127 | ---- | C] () -- C:\Users\Sundars\Desktop\AmiBroker x64.lnk
[2012/08/27 22:05:25 | 000,000,991 | ---- | C] () -- C:\Users\Sundars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpywareGuard.lnk
[2012/08/27 22:05:25 | 000,000,987 | ---- | C] () -- C:\Users\Sundars\Desktop\SpywareGuard LiveUpdate.lnk
[2012/08/27 22:05:25 | 000,000,955 | ---- | C] () -- C:\Users\Sundars\Desktop\SpywareGuard.lnk
[2012/08/27 22:01:27 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/27 22:00:42 | 000,001,146 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/08/27 22:00:42 | 000,001,134 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/08/27 21:58:08 | 000,821,248 | ---- | C] () -- C:\Users\Sundars\Desktop\FreeISOBurner.exe
[2012/08/27 21:57:55 | 000,354,304 | ---- | C] () -- C:\Users\Sundars\Desktop\Ultimate Windows Tweaker.exe
[2012/08/27 21:42:30 | 000,001,441 | ---- | C] () -- C:\Users\Sundars\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/08/27 21:42:22 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012/08/27 21:42:12 | 000,001,915 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/08/27 21:42:08 | 000,725,754 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/08/27 21:18:17 | 000,347,904 | ---- | C] () -- C:\Windows\SysNative\systemsf.ebd
[2012/08/27 21:18:06 | 000,001,041 | ---- | C] () -- C:\Windows\SysWow64\tcpbidi.xml
[2012/08/27 21:17:57 | 000,095,744 | ---- | C] () -- C:\Windows\SysNative\RDVGHelper.exe
[2012/08/27 21:17:52 | 000,146,389 | ---- | C] () -- C:\Windows\SysWow64\printmanagement.msc
[2012/08/27 21:17:52 | 000,105,559 | ---- | C] () -- C:\Windows\SysWow64\RacRules.xml
[2012/08/27 21:17:52 | 000,105,559 | ---- | C] () -- C:\Windows\SysNative\RacRules.xml
[2012/08/27 21:17:52 | 000,010,429 | ---- | C] () -- C:\Windows\SysNative\ScavengeSpace.xml
[2012/08/27 20:55:36 | 000,001,413 | ---- | C] () -- C:\Users\Sundars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2012/08/27 20:55:33 | 000,001,447 | ---- | C] () -- C:\Users\Sundars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/08/27 20:54:21 | 000,000,290 | ---- | C] () -- C:\Users\Sundars\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012/08/27 20:54:21 | 000,000,272 | ---- | C] () -- C:\Users\Sundars\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2012/08/27 20:49:05 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012/08/27 20:48:58 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012/08/27 20:46:53 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012/08/27 20:45:44 | 1073,221,627 | -HS- | C] () -- C:\hiberfil.sys
========== LOP Check ==========
[2009/07/14 06:08:49 | 000,003,342 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report >
TDSSKILLER
09:25:54.0946 2304 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
09:25:55.0540 2304 ============================================================
09:25:55.0540 2304 Current date / time: 2012/08/31 09:25:55.0540
09:25:55.0540 2304 SystemInfo:
09:25:55.0540 2304
09:25:55.0540 2304 OS Version: 6.1.7601 ServicePack: 1.0
09:25:55.0540 2304 Product type: Workstation
09:25:55.0540 2304 ComputerName: SUNDARS-PC
09:25:55.0540 2304 UserName: Sundars
09:25:55.0540 2304 Windows directory: C:\Windows
09:25:55.0540 2304 System windows directory: C:\Windows
09:25:55.0540 2304 Running under WOW64
09:25:55.0540 2304 Processor architecture: Intel x64
09:25:55.0540 2304 Number of processors: 4
09:25:55.0540 2304 Page size: 0x1000
09:25:55.0540 2304 Boot type: Normal boot
09:25:55.0540 2304 ============================================================
09:25:57.0780 2304 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
09:25:57.0800 2304 Drive \Device\Harddisk1\DR1 - Size: 0x15D51C00000 (1397.28 Gb), SectorSize: 0x200, Cylinders: 0x2C882, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
09:25:57.0810 2304 ============================================================
09:25:57.0810 2304 \Device\Harddisk0\DR0:
09:25:57.0810 2304 MBR partitions:
09:25:57.0810 2304 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
09:25:57.0810 2304 \Device\Harddisk1\DR1:
09:25:57.0810 2304 MBR partitions:
09:25:57.0810 2304 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xAEA8A5C3
09:25:57.0810 2304 ============================================================
09:25:57.0830 2304 C: <-> \Device\Harddisk0\DR0\Partition1
09:25:57.0840 2304 D: <-> \Device\Harddisk1\DR1\Partition1
09:25:57.0840 2304 ============================================================
09:25:57.0840 2304 Initialize success
09:25:57.0840 2304 ============================================================
09:26:02.0166 3032 ============================================================
09:26:02.0166 3032 Scan started
09:26:02.0166 3032 Mode: Manual; SigCheck; TDLFS;
09:26:02.0166 3032 ============================================================
09:26:04.0676 3032 ================ Scan system memory ========================
09:26:04.0676 3032 System memory - ok
09:26:04.0676 3032 ================ Scan services =============================
09:26:05.0146 3032 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
09:26:05.0236 3032 1394ohci - ok
09:26:05.0256 3032 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
09:26:05.0286 3032 ACPI - ok
09:26:05.0306 3032 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
09:26:05.0356 3032 AcpiPmi - ok
09:26:05.0456 3032 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
09:26:05.0486 3032 AdobeARMservice - ok
09:26:05.0576 3032 [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
09:26:05.0586 3032 AdobeFlashPlayerUpdateSvc - ok
09:26:05.0626 3032 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
09:26:05.0656 3032 adp94xx - ok
09:26:05.0666 3032 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
09:26:05.0686 3032 adpahci - ok
09:26:05.0696 3032 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
09:26:05.0706 3032 adpu320 - ok
09:26:05.0726 3032 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
09:26:05.0806 3032 AeLookupSvc - ok
09:26:05.0836 3032 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
09:26:05.0876 3032 AFD - ok
09:26:05.0896 3032 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
09:26:05.0926 3032 agp440 - ok
09:26:05.0936 3032 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
09:26:05.0956 3032 ALG - ok
09:26:05.0966 3032 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
09:26:05.0986 3032 aliide - ok
09:26:05.0996 3032 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
09:26:06.0006 3032 amdide - ok
09:26:06.0026 3032 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
09:26:06.0056 3032 AmdK8 - ok
09:26:06.0066 3032 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
09:26:06.0086 3032 AmdPPM - ok
09:26:06.0106 3032 [ 6EC6D772EAE38DC17C14AED9B178D24B ] amdsata C:\Windows\system32\drivers\amdsata.sys
09:26:06.0116 3032 amdsata - ok
09:26:06.0136 3032 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
09:26:06.0166 3032 amdsbs - ok
09:26:06.0176 3032 [ 1142A21DB581A84EA5597B03A26EBAA0 ] amdxata C:\Windows\system32\drivers\amdxata.sys
09:26:06.0186 3032 amdxata - ok
09:26:06.0216 3032 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
09:26:06.0346 3032 AppID - ok
09:26:06.0386 3032 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
09:26:06.0457 3032 AppIDSvc - ok
09:26:06.0487 3032 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
09:26:06.0547 3032 Appinfo - ok
09:26:06.0587 3032 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
09:26:06.0597 3032 Apple Mobile Device - ok
09:26:06.0647 3032 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
09:26:06.0737 3032 AppMgmt - ok
09:26:06.0757 3032 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
09:26:06.0777 3032 arc - ok
09:26:06.0777 3032 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
09:26:06.0797 3032 arcsas - ok
09:26:06.0817 3032 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
09:26:06.0847 3032 AsyncMac - ok
09:26:06.0877 3032 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
09:26:06.0887 3032 atapi - ok
09:26:06.0927 3032 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
09:26:06.0997 3032 AudioEndpointBuilder - ok
09:26:07.0007 3032 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
09:26:07.0047 3032 AudioSrv - ok
09:26:07.0077 3032 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
09:26:07.0137 3032 AxInstSV - ok
09:26:07.0187 3032 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
09:26:07.0257 3032 b06bdrv - ok
09:26:07.0297 3032 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
09:26:07.0327 3032 b57nd60a - ok
09:26:07.0347 3032 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
09:26:07.0387 3032 BDESVC - ok
09:26:07.0397 3032 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
09:26:07.0427 3032 Beep - ok
09:26:07.0457 3032 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
09:26:07.0517 3032 BFE - ok
09:26:07.0547 3032 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
09:26:07.0607 3032 BITS - ok
09:26:07.0627 3032 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
09:26:07.0657 3032 blbdrive - ok
09:26:07.0717 3032 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
09:26:07.0727 3032 Bonjour Service - ok
09:26:07.0747 3032 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
09:26:07.0787 3032 bowser - ok
09:26:07.0797 3032 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
09:26:07.0827 3032 BrFiltLo - ok
09:26:07.0837 3032 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
09:26:07.0847 3032 BrFiltUp - ok
09:26:07.0877 3032 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
09:26:07.0887 3032 Browser - ok
09:26:07.0917 3032 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
09:26:07.0947 3032 Brserid - ok
09:26:07.0947 3032 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
09:26:07.0967 3032 BrSerWdm - ok
09:26:07.0977 3032 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
09:26:07.0997 3032 BrUsbMdm - ok
09:26:08.0007 3032 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
09:26:08.0017 3032 BrUsbSer - ok
09:26:08.0037 3032 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
09:26:08.0047 3032 BTHMODEM - ok
09:26:08.0067 3032 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
09:26:08.0107 3032 bthserv - ok
09:26:08.0137 3032 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
09:26:08.0177 3032 cdfs - ok
09:26:08.0217 3032 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
09:26:08.0237 3032 cdrom - ok
09:26:08.0277 3032 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
09:26:08.0307 3032 CertPropSvc - ok
09:26:08.0307 3032 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
09:26:08.0327 3032 circlass - ok
09:26:08.0347 3032 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
09:26:08.0367 3032 CLFS - ok
09:26:08.0417 3032 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:26:08.0427 3032 clr_optimization_v2.0.50727_32 - ok
09:26:08.0457 3032 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
09:26:08.0467 3032 clr_optimization_v2.0.50727_64 - ok
09:26:08.0477 3032 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
09:26:08.0497 3032 CmBatt - ok
09:26:08.0517 3032 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
09:26:08.0527 3032 cmdide - ok
09:26:08.0547 3032 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
09:26:08.0567 3032 CNG - ok
09:26:08.0577 3032 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
09:26:08.0587 3032 Compbatt - ok
09:26:08.0607 3032 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
09:26:08.0627 3032 CompositeBus - ok
09:26:08.0637 3032 COMSysApp - ok
09:26:08.0647 3032 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
09:26:08.0657 3032 crcdisk - ok
09:26:08.0687 3032 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
09:26:08.0727 3032 CryptSvc - ok
09:26:08.0757 3032 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
09:26:08.0807 3032 CSC - ok
09:26:08.0837 3032 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
09:26:08.0877 3032 CscService - ok
09:26:08.0907 3032 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
09:26:08.0952 3032 DcomLaunch - ok
09:26:08.0984 3032 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
09:26:09.0030 3032 defragsvc - ok
09:26:09.0062 3032 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
09:26:09.0093 3032 DfsC - ok
09:26:09.0124 3032 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
09:26:09.0186 3032 Dhcp - ok
09:26:09.0202 3032 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
09:26:09.0233 3032 discache - ok
09:26:09.0249 3032 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
09:26:09.0264 3032 Disk - ok
09:26:09.0280 3032 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
09:26:09.0296 3032 Dnscache - ok
09:26:09.0327 3032 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
09:26:09.0358 3032 dot3svc - ok
09:26:09.0405 3032 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
09:26:09.0436 3032 DPS - ok
09:26:09.0467 3032 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
09:26:09.0483 3032 drmkaud - ok
09:26:09.0514 3032 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
09:26:09.0545 3032 DXGKrnl - ok
09:26:09.0592 3032 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
09:26:09.0623 3032 EapHost - ok
09:26:09.0686 3032 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
09:26:09.0764 3032 ebdrv - ok
09:26:09.0779 3032 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
09:26:09.0826 3032 EFS - ok
09:26:09.0857 3032 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
09:26:09.0888 3032 ehRecvr - ok
09:26:09.0904 3032 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
09:26:09.0920 3032 ehSched - ok
09:26:09.0951 3032 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
09:26:09.0966 3032 elxstor - ok
09:26:09.0982 3032 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
09:26:09.0998 3032 ErrDev - ok
09:26:10.0029 3032 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
09:26:10.0060 3032 EventSystem - ok
09:26:10.0091 3032 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
09:26:10.0122 3032 exfat - ok
09:26:10.0169 3032 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
09:26:10.0247 3032 fastfat - ok
09:26:10.0278 3032 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
09:26:10.0325 3032 Fax - ok
09:26:10.0325 3032 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
09:26:10.0341 3032 fdc - ok
09:26:10.0356 3032 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
09:26:10.0388 3032 fdPHost - ok
09:26:10.0388 3032 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
09:26:10.0434 3032 FDResPub - ok
09:26:10.0450 3032 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
09:26:10.0450 3032 FileInfo - ok
09:26:10.0466 3032 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
09:26:10.0512 3032 Filetrace - ok
09:26:10.0512 3032 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
09:26:10.0528 3032 flpydisk - ok
09:26:10.0544 3032 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
09:26:10.0559 3032 FltMgr - ok
09:26:10.0606 3032 [ B4447F606BB19FD8AD0BAFB59B90F5D9 ] FontCache C:\Windows\system32\FntCache.dll
09:26:10.0668 3032 FontCache - ok
09:26:10.0700 3032 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
09:26:10.0700 3032 FontCache3.0.0.0 - ok
09:26:10.0715 3032 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
09:26:10.0731 3032 FsDepends - ok
09:26:10.0746 3032 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
09:26:10.0746 3032 Fs_Rec - ok
09:26:10.0762 3032 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
09:26:10.0778 3032 fvevol - ok
09:26:10.0793 3032 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
09:26:10.0809 3032 gagp30kx - ok
09:26:10.0824 3032 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
09:26:10.0840 3032 GEARAspiWDM - ok
09:26:10.0887 3032 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
09:26:10.0934 3032 gpsvc - ok
09:26:10.0965 3032 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
09:26:10.0996 3032 hcw85cir - ok
09:26:11.0027 3032 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
09:26:11.0058 3032 HdAudAddService - ok
09:26:11.0074 3032 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
09:26:11.0105 3032 HDAudBus - ok
09:26:11.0121 3032 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
09:26:11.0136 3032 HidBatt - ok
09:26:11.0136 3032 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
09:26:11.0168 3032 HidBth - ok
09:26:11.0168 3032 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
09:26:11.0183 3032 HidIr - ok
09:26:11.0199 3032 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
09:26:11.0246 3032 hidserv - ok
09:26:11.0277 3032 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
09:26:11.0292 3032 HidUsb - ok
09:26:11.0324 3032 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
09:26:11.0355 3032 hkmsvc - ok
09:26:11.0370 3032 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
09:26:11.0402 3032 HomeGroupListener - ok
09:26:11.0417 3032 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
09:26:11.0433 3032 HomeGroupProvider - ok
09:26:11.0448 3032 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
09:26:11.0448 3032 HpSAMD - ok
09:26:11.0495 3032 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
09:26:11.0542 3032 HTTP - ok
09:26:11.0573 3032 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
09:26:11.0573 3032 hwpolicy - ok
09:26:11.0589 3032 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
09:26:11.0604 3032 i8042prt - ok
09:26:11.0620 3032 [ 3DF4395A7CF8B7A72A5F4606366B8C2D ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
09:26:11.0636 3032 iaStorV - ok
09:26:11.0682 3032 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
09:26:11.0698 3032 idsvc - ok
09:26:11.0729 3032 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
09:26:11.0729 3032 iirsp - ok
09:26:11.0760 3032 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
09:26:11.0823 3032 IKEEXT - ok
09:26:11.0838 3032 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
09:26:11.0854 3032 intelide - ok
09:26:11.0870 3032 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
09:26:11.0885 3032 intelppm - ok
09:26:11.0901 3032 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
09:26:11.0948 3032 IPBusEnum - ok
09:26:11.0963 3032 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:26:11.0994 3032 IpFilterDriver - ok
09:26:12.0010 3032 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
09:26:12.0057 3032 iphlpsvc - ok
09:26:12.0072 3032 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
09:26:12.0088 3032 IPMIDRV - ok
09:26:12.0104 3032 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
09:26:12.0150 3032 IPNAT - ok
09:26:12.0213 3032 [ A9AB99EE7D39725EAFEC82732D2B3271 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
09:26:12.0228 3032 iPod Service - ok
09:26:12.0244 3032 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
09:26:12.0291 3032 IRENUM - ok
09:26:12.0306 3032 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
09:26:12.0306 3032 isapnp - ok
09:26:12.0322 3032 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
09:26:12.0338 3032 iScsiPrt - ok
09:26:12.0369 3032 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
09:26:12.0369 3032 kbdclass - ok
09:26:12.0384 3032 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
09:26:12.0400 3032 kbdhid - ok
09:26:12.0416 3032 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
09:26:12.0431 3032 KeyIso - ok
09:26:12.0462 3032 [ E3CF421210EBDDACB4590AE67A0226DC ] KeyScrambler C:\Windows\system32\drivers\keyscrambler.sys
09:26:12.0509 3032 KeyScrambler - ok
09:26:12.0525 3032 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
09:26:12.0540 3032 KSecDD - ok
09:26:12.0556 3032 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
09:26:12.0556 3032 KSecPkg - ok
09:26:12.0572 3032 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
09:26:12.0603 3032 ksthunk - ok
09:26:12.0634 3032 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
09:26:12.0665 3032 KtmRm - ok
09:26:12.0681 3032 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
09:26:12.0712 3032 LanmanServer - ok
09:26:12.0743 3032 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
09:26:12.0774 3032 LanmanWorkstation - ok
09:26:12.0806 3032 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
09:26:12.0837 3032 lltdio - ok
09:26:12.0852 3032 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
09:26:12.0899 3032 lltdsvc - ok
09:26:12.0899 3032 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
09:26:12.0930 3032 lmhosts - ok
09:26:12.0946 3032 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
09:26:12.0962 3032 LSI_FC - ok
09:26:12.0962 3032 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
09:26:12.0977 3032 LSI_SAS - ok
09:26:12.0977 3032 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
09:26:12.0993 3032 LSI_SAS2 - ok
09:26:12.0993 3032 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
09:26:13.0008 3032 LSI_SCSI - ok
09:26:13.0008 3032 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
09:26:13.0055 3032 luafv - ok
09:26:13.0086 3032 [ DC8490812A3B72811AE534F423B4C206 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
09:26:13.0086 3032 MBAMProtector - ok
09:26:13.0118 3032 [ 43683E970F008C93C9429EF428147A54 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
09:26:13.0133 3032 MBAMService - ok
09:26:13.0164 3032 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
09:26:13.0180 3032 Mcx2Svc - ok
09:26:13.0227 3032 [ 7CF1B716372B89568AE4C0FE769F5869 ] MDM C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
09:26:13.0227 3032 MDM ( UnsignedFile.Multi.Generic ) - warning
09:26:13.0227 3032 MDM - detected UnsignedFile.Multi.Generic (1)
09:26:13.0227 3032 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
09:26:13.0242 3032 megasas - ok
09:26:13.0258 3032 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
09:26:13.0274 3032 MegaSR - ok
09:26:13.0289 3032 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
09:26:13.0336 3032 MMCSS - ok
09:26:13.0336 3032 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
09:26:13.0383 3032 Modem - ok
09:26:13.0383 3032 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
09:26:13.0414 3032 monitor - ok
09:26:13.0430 3032 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
09:26:13.0445 3032 mouclass - ok
09:26:13.0445 3032 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
09:26:13.0476 3032 mouhid - ok
09:26:13.0492 3032 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
09:26:13.0508 3032 mountmgr - ok
09:26:13.0523 3032 [ E8D79312373F254DC13F3965BDB3D521 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
09:26:13.0539 3032 MozillaMaintenance - ok
09:26:13.0586 3032 [ 94C66EDEDCDB6A126880472F9A704D8E ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
09:26:13.0586 3032 MpFilter - ok
09:26:13.0601 3032 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
09:26:13.0617 3032 mpio - ok
09:26:13.0617 3032 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
09:26:13.0648 3032 mpsdrv - ok
09:26:13.0679 3032 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
09:26:13.0726 3032 MpsSvc - ok
09:26:13.0742 3032 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
09:26:13.0773 3032 MRxDAV - ok
09:26:13.0804 3032 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
09:26:13.0835 3032 mrxsmb - ok
09:26:13.0851 3032 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:26:13.0851 3032 mrxsmb10 - ok
09:26:13.0882 3032 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:26:13.0882 3032 mrxsmb20 - ok
09:26:13.0898 3032 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
09:26:13.0913 3032 msahci - ok
09:26:13.0929 3032 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
09:26:13.0944 3032 msdsm - ok
09:26:13.0976 3032 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
09:26:13.0991 3032 MSDTC - ok
09:26:14.0007 3032 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
09:26:14.0038 3032 Msfs - ok
09:26:14.0054 3032 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
09:26:14.0085 3032 mshidkmdf - ok
09:26:14.0100 3032 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
09:26:14.0116 3032 msisadrv - ok
09:26:14.0116 3032 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
09:26:14.0147 3032 MSiSCSI - ok
09:26:14.0163 3032 msiserver - ok
09:26:14.0178 3032 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
09:26:14.0225 3032 MSKSSRV - ok
09:26:14.0272 3032 [ 59FAAF2C83C8169EA20F9E335E418907 ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe
09:26:14.0288 3032 MsMpSvc - ok
09:26:14.0288 3032 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
09:26:14.0334 3032 MSPCLOCK - ok
09:26:14.0334 3032 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
09:26:14.0381 3032 MSPQM - ok
09:26:14.0397 3032 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
09:26:14.0412 3032 MsRPC - ok
09:26:14.0428 3032 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
09:26:14.0444 3032 mssmbios - ok
09:26:14.0459 3032 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
09:26:14.0490 3032 MSTEE - ok
09:26:14.0506 3032 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
09:26:14.0522 3032 MTConfig - ok
09:26:14.0522 3032 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
09:26:14.0537 3032 Mup - ok
09:26:14.0553 3032 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
09:26:14.0615 3032 napagent - ok
09:26:14.0631 3032 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
09:26:14.0662 3032 NativeWifiP - ok
09:26:14.0693 3032 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
09:26:14.0724 3032 NDIS - ok
09:26:14.0740 3032 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
09:26:14.0771 3032 NdisCap - ok
09:26:14.0771 3032 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
09:26:14.0802 3032 NdisTapi - ok
09:26:14.0818 3032 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
09:26:14.0849 3032 Ndisuio - ok
09:26:14.0865 3032 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
09:26:14.0896 3032 NdisWan - ok
09:26:14.0927 3032 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
09:26:14.0958 3032 NDProxy - ok
09:26:14.0958 3032 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
09:26:15.0005 3032 NetBIOS - ok
09:26:15.0021 3032 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
09:26:15.0052 3032 NetBT - ok
09:26:15.0068 3032 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
09:26:15.0083 3032 Netlogon - ok
09:26:15.0114 3032 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
09:26:15.0146 3032 Netman - ok
09:26:15.0177 3032 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
09:26:15.0224 3032 netprofm - ok
09:26:15.0270 3032 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
09:26:15.0270 3032 NetTcpPortSharing - ok
09:26:15.0302 3032 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
09:26:15.0302 3032 nfrd960 - ok
09:26:15.0380 3032 [ 91B4E0273D2F6C24EF845F2B41311289 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
09:26:15.0395 3032 NisDrv - ok
09:26:15.0411 3032 [ 10A43829A9E606AF3EEF25A1C1665923 ] NisSrv C:\Program Files\Microsoft Security Client\NisSrv.exe
09:26:15.0426 3032 NisSrv - ok
09:26:15.0442 3032 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
09:26:15.0473 3032 NlaSvc - ok
09:26:15.0489 3032 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
09:26:15.0520 3032 Npfs - ok
09:26:15.0520 3032 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
09:26:15.0551 3032 nsi - ok
09:26:15.0567 3032 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
09:26:15.0598 3032 nsiproxy - ok
09:26:15.0645 3032 [ 05D78AA5CB5F3F5C31160BDB955D0B7C ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
09:26:15.0692 3032 Ntfs - ok
09:26:15.0707 3032 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
09:26:15.0738 3032 Null - ok
09:26:15.0941 3032 [ DD81FBC57AB9134CDDC5CE90880BFD80 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
09:26:16.0253 3032 nvlddmkm - ok
09:26:16.0284 3032 [ 5D9FD91F3D38DC9DA01E3CB5FA89CD48 ] nvraid C:\Windows\system32\drivers\nvraid.sys
09:26:16.0300 3032 nvraid - ok
09:26:16.0316 3032 [ F7CD50FE7139F07E77DA8AC8033D1832 ] nvstor C:\Windows\system32\drivers\nvstor.sys
09:26:16.0316 3032 nvstor - ok
09:26:16.0347 3032 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
09:26:16.0362 3032 nv_agp - ok
09:26:16.0409 3032 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
09:26:16.0425 3032 odserv - ok
09:26:16.0440 3032 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
09:26:16.0440 3032 ohci1394 - ok
09:26:16.0487 3032 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:26:16.0503 3032 ose - ok
09:26:16.0534 3032 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
09:26:16.0550 3032 p2pimsvc - ok
09:26:16.0581 3032 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
09:26:16.0612 3032 p2psvc - ok
09:26:16.0628 3032 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
09:26:16.0643 3032 Parport - ok
09:26:16.0659 3032 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
09:26:16.0674 3032 partmgr - ok
09:26:16.0674 3032 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
09:26:16.0706 3032 PcaSvc - ok
09:26:16.0721 3032 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
09:26:16.0721 3032 pci - ok
09:26:16.0737 3032 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
09:26:16.0752 3032 pciide - ok
09:26:16.0768 3032 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
09:26:16.0784 3032 pcmcia - ok
09:26:16.0784 3032 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
09:26:16.0799 3032 pcw - ok
09:26:16.0815 3032 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
09:26:16.0862 3032 PEAUTH - ok
09:26:16.0908 3032 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
09:26:16.0955 3032 PeerDistSvc - ok
09:26:17.0033 3032 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
09:26:17.0049 3032 PerfHost - ok
09:26:17.0096 3032 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
09:26:17.0158 3032 pla - ok
09:26:17.0189 3032 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
09:26:17.0220 3032 PlugPlay - ok
09:26:17.0236 3032 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
09:26:17.0236 3032 PNRPAutoReg - ok
09:26:17.0267 3032 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
09:26:17.0283 3032 PNRPsvc - ok
09:26:17.0314 3032 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
09:26:17.0361 3032 PolicyAgent - ok
09:26:17.0376 3032 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
09:26:17.0408 3032 Power - ok
09:26:17.0439 3032 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
09:26:17.0470 3032 PptpMiniport - ok
09:26:17.0486 3032 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
09:26:17.0501 3032 Processor - ok
09:26:17.0532 3032 [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc C:\Windows\system32\profsvc.dll
09:26:17.0564 3032 ProfSvc - ok
09:26:17.0579 3032 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
09:26:17.0579 3032 ProtectedStorage - ok
09:26:17.0595 3032 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
09:26:17.0626 3032 Psched - ok
09:26:17.0673 3032 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
09:26:17.0720 3032 ql2300 - ok
09:26:17.0720 3032 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
09:26:17.0735 3032 ql40xx - ok
09:26:17.0751 3032 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
09:26:17.0766 3032 QWAVE - ok
09:26:17.0782 3032 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
09:26:17.0798 3032 QWAVEdrv - ok
09:26:17.0798 3032 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
09:26:17.0829 3032 RasAcd - ok
09:26:17.0860 3032 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
09:26:17.0876 3032 RasAgileVpn - ok
09:26:17.0891 3032 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
09:26:17.0922 3032 RasAuto - ok
09:26:17.0954 3032 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
09:26:17.0985 3032 Rasl2tp - ok
09:26:18.0000 3032 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
09:26:18.0032 3032 RasMan - ok
09:26:18.0047 3032 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
09:26:18.0078 3032 RasPppoe - ok
09:26:18.0078 3032 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
09:26:18.0110 3032 RasSstp - ok
09:26:18.0125 3032 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
09:26:18.0156 3032 rdbss - ok
09:26:18.0172 3032 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
09:26:18.0188 3032 rdpbus - ok
09:26:18.0203 3032 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
09:26:18.0234 3032 RDPCDD - ok
09:26:18.0250 3032 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
09:26:18.0281 3032 RDPDR - ok
09:26:18.0281 3032 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
09:26:18.0328 3032 RDPENCDD - ok
09:26:18.0328 3032 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
09:26:18.0359 3032 RDPREFMP - ok
09:26:18.0437 3032 [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
09:26:18.0453 3032 RdpVideoMiniport - ok
09:26:18.0484 3032 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
09:26:18.0515 3032 RDPWD - ok
09:26:18.0546 3032 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
09:26:18.0546 3032 rdyboost - ok
09:26:18.0578 3032 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
09:26:18.0609 3032 RemoteAccess - ok
09:26:18.0640 3032 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
09:26:18.0687 3032 RemoteRegistry - ok
09:26:18.0702 3032 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
09:26:18.0734 3032 RpcEptMapper - ok
09:26:18.0765 3032 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
09:26:18.0780 3032 RpcLocator - ok
09:26:18.0796 3032 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
09:26:18.0827 3032 RpcSs - ok
09:26:18.0858 3032 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
09:26:18.0905 3032 rspndr - ok
09:26:18.0952 3032 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
09:26:18.0983 3032 s3cap - ok
09:26:19.0030 3032 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
09:26:19.0030 3032 SamSs - ok
09:26:19.0046 3032 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
09:26:19.0061 3032 sbp2port - ok
09:26:19.0061 3032 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
09:26:19.0092 3032 SCardSvr - ok
09:26:19.0124 3032 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
09:26:19.0155 3032 scfilter - ok
09:26:19.0202 3032 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
09:26:19.0248 3032 Schedule - ok
09:26:19.0280 3032 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
09:26:19.0311 3032 SCPolicySvc - ok
09:26:19.0326 3032 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
09:26:19.0358 3032 SDRSVC - ok
09:26:19.0373 3032 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
09:26:19.0404 3032 secdrv - ok
09:26:19.0420 3032 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
09:26:19.0451 3032 seclogon - ok
09:26:19.0467 3032 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
09:26:19.0529 3032 SENS - ok
09:26:19.0529 3032 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
09:26:19.0545 3032 SensrSvc - ok
09:26:19.0560 3032 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
09:26:19.0592 3032 Serenum - ok
09:26:19.0592 3032 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
09:26:19.0607 3032 Serial - ok
09:26:19.0638 3032 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
09:26:19.0654 3032 sermouse - ok
09:26:19.0685 3032 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
09:26:19.0716 3032 SessionEnv - ok
09:26:19.0732 3032 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
09:26:19.0763 3032 sffdisk - ok
09:26:19.0779 3032 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
09:26:19.0794 3032 sffp_mmc - ok
09:26:19.0810 3032 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
09:26:19.0841 3032 sffp_sd - ok
09:26:19.0841 3032 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
09:26:19.0857 3032 sfloppy - ok
09:26:19.0888 3032 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
09:26:19.0935 3032 SharedAccess - ok
09:26:19.0966 3032 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
09:26:19.0997 3032 ShellHWDetection - ok
09:26:19.0997 3032 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
09:26:20.0013 3032 SiSRaid2 - ok
09:26:20.0013 3032 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
09:26:20.0028 3032 SiSRaid4 - ok
09:26:20.0122 3032 [ 753D254205E0A62100A050BD8B458D06 ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
09:26:20.0169 3032 Skype C2C Service - ok
09:26:20.0184 3032 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
09:26:20.0200 3032 SkypeUpdate - ok
09:26:20.0262 3032 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
09:26:20.0294 3032 Smb - ok
09:26:20.0325 3032 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
09:26:20.0340 3032 SNMPTRAP - ok
09:26:20.0340 3032 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
09:26:20.0356 3032 spldr - ok
09:26:20.0372 3032 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe
09:26:20.0418 3032 Spooler - ok
09:26:20.0496 3032 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
09:26:20.0559 3032 sppsvc - ok
09:26:20.0574 3032 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
09:26:20.0606 3032 sppuinotify - ok
09:26:20.0637 3032 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
09:26:20.0668 3032 srv - ok
09:26:20.0684 3032 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
09:26:20.0730 3032 srv2 - ok
09:26:20.0746 3032 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
09:26:20.0762 3032 srvnet - ok
09:26:20.0777 3032 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
09:26:20.0824 3032 SSDPSRV - ok
09:26:20.0824 3032 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
09:26:20.0855 3032 SstpSvc - ok
09:26:20.0886 3032 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
09:26:20.0886 3032 stexstor - ok
09:26:20.0918 3032 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
09:26:20.0949 3032 stisvc - ok
09:26:20.0964 3032 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
09:26:20.0980 3032 storflt - ok
09:26:20.0996 3032 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
09:26:21.0011 3032 storvsc - ok
09:26:21.0027 3032 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
09:26:21.0027 3032 swenum - ok
09:26:21.0042 3032 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
09:26:21.0089 3032 swprv - ok
09:26:21.0105 3032 Synth3dVsc - ok
09:26:21.0152 3032 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
09:26:21.0198 3032 SysMain - ok
09:26:21.0230 3032 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
09:26:21.0245 3032 TabletInputService - ok
09:26:21.0276 3032 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
09:26:21.0323 3032 TapiSrv - ok
09:26:21.0339 3032 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
09:26:21.0370 3032 TBS - ok
09:26:21.0417 3032 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
09:26:21.0479 3032 Tcpip - ok
09:26:21.0526 3032 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
09:26:21.0557 3032 TCPIP6 - ok
09:26:21.0573 3032 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
09:26:21.0604 3032 tcpipreg - ok
09:26:21.0620 3032 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
09:26:21.0635 3032 TDPIPE - ok
09:26:21.0651 3032 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
09:26:21.0682 3032 TDTCP - ok
09:26:21.0713 3032 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
09:26:21.0744 3032 tdx - ok
09:26:21.0744 3032 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
09:26:21.0760 3032 TermDD - ok
09:26:21.0776 3032 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
09:26:21.0822 3032 TermService - ok
09:26:21.0838 3032 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
09:26:21.0854 3032 Themes - ok
09:26:21.0869 3032 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
09:26:21.0900 3032 THREADORDER - ok
09:26:21.0916 3032 [ DBCC20C02E8A3E43B03C304A4E40A84F ] TPM C:\Windows\system32\drivers\tpm.sys
09:26:21.0947 3032 TPM - ok
09:26:21.0947 3032 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
09:26:21.0978 3032 TrkWks - ok
09:26:22.0010 3032 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
09:26:22.0056 3032 TrustedInstaller - ok
09:26:22.0072 3032 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
09:26:22.0119 3032 tssecsrv - ok
09:26:22.0134 3032 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
09:26:22.0150 3032 TsUsbFlt - ok
09:26:22.0150 3032 tsusbhub - ok
09:26:22.0197 3032 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
09:26:22.0212 3032 tunnel - ok
09:26:22.0244 3032 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
09:26:22.0244 3032 uagp35 - ok
09:26:22.0259 3032 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
09:26:22.0306 3032 udfs - ok
09:26:22.0322 3032 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
09:26:22.0337 3032 UI0Detect - ok
09:26:22.0353 3032 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
09:26:22.0353 3032 uliagpkx - ok
09:26:22.0384 3032 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
09:26:22.0415 3032 umbus - ok
09:26:22.0431 3032 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
09:26:22.0446 3032 UmPass - ok
09:26:22.0462 3032 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
09:26:22.0478 3032 UmRdpService - ok
09:26:22.0493 3032 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
09:26:22.0524 3032 upnphost - ok
09:26:22.0540 3032 [ 481DFF26B4DCA8F4CBAC1F7DCE1D6829 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
09:26:22.0571 3032 usbccgp - ok
09:26:22.0587 3032 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
09:26:22.0602 3032 usbcir - ok
09:26:22.0618 3032 [ 2EA4AFF7BE7EB4632E3AA8595B0803B5 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
09:26:22.0634 3032 usbehci - ok
09:26:22.0649 3032 [ DC96BD9CCB8403251BCF25047573558E ] usbhub C:\Windows\system32\drivers\usbhub.sys
09:26:22.0680 3032 usbhub - ok
09:26:22.0696 3032 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
09:26:22.0696 3032 usbohci - ok
09:26:22.0727 3032 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
09:26:22.0743 3032 usbprint - ok
09:26:22.0758 3032 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
09:26:22.0790 3032 usbscan - ok
09:26:22.0790 3032 [ D76510CFA0FC09023077F22C2F979D86 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:26:22.0821 3032 USBSTOR - ok
09:26:22.0821 3032 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
09:26:22.0836 3032 usbuhci - ok
09:26:22.0883 3032 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
09:26:22.0930 3032 UxSms - ok
09:26:22.0961 3032 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
09:26:22.0977 3032 VaultSvc - ok
09:26:22.0992 3032 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
09:26:23.0008 3032 vdrvroot - ok
09:26:23.0024 3032 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
09:26:23.0070 3032 vds - ok
09:26:23.0086 3032 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
09:26:23.0102 3032 vga - ok
09:26:23.0102 3032 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
09:26:23.0133 3032 VgaSave - ok
09:26:23.0148 3032 VGPU - ok
09:26:23.0164 3032 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
09:26:23.0180 3032 vhdmp - ok
09:26:23.0195 3032 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
09:26:23.0211 3032 viaide - ok
09:26:23.0226 3032 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
09:26:23.0242 3032 vmbus - ok
09:26:23.0258 3032 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
09:26:23.0258 3032 VMBusHID - ok
09:26:23.0273 3032 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
09:26:23.0273 3032 volmgr - ok
09:26:23.0304 3032 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
09:26:23.0320 3032 volmgrx - ok
09:26:23.0336 3032 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
09:26:23.0351 3032 volsnap - ok
09:26:23.0382 3032 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
09:26:23.0398 3032 vsmraid - ok
09:26:23.0460 3032 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
09:26:23.0554 3032 VSS - ok
09:26:23.0570 3032 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
09:26:23.0585 3032 vwifibus - ok
09:26:23.0616 3032 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
09:26:23.0648 3032 W32Time - ok
09:26:23.0648 3032 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
09:26:23.0679 3032 WacomPen - ok
09:26:23.0710 3032 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
09:26:23.0741 3032 WANARP - ok
09:26:23.0757 3032 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
09:26:23.0788 3032 Wanarpv6 - ok
09:26:23.0835 3032 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
09:26:23.0882 3032 WatAdminSvc - ok
09:26:23.0928 3032 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
09:26:23.0975 3032 wbengine - ok
09:26:23.0991 3032 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
09:26:24.0022 3032 WbioSrvc - ok
09:26:24.0038 3032 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
09:26:24.0069 3032 wcncsvc - ok
09:26:24.0084 3032 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
09:26:24.0116 3032 WcsPlugInService - ok
09:26:24.0116 3032 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
09:26:24.0131 3032 Wd - ok
09:26:24.0147 3032 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
09:26:24.0162 3032 Wdf01000 - ok
09:26:24.0178 3032 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
09:26:24.0240 3032 WdiServiceHost - ok
09:26:24.0240 3032 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
09:26:24.0256 3032 WdiSystemHost - ok
09:26:24.0256 3032 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
09:26:24.0287 3032 WebClient - ok
09:26:24.0287 3032 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
09:26:24.0334 3032 Wecsvc - ok
09:26:24.0350 3032 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
09:26:24.0381 3032 wercplsupport - ok
09:26:24.0381 3032 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
09:26:24.0412 3032 WerSvc - ok
09:26:24.0428 3032 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
09:26:24.0459 3032 WfpLwf - ok
09:26:24.0474 3032 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
09:26:24.0490 3032 WIMMount - ok
09:26:24.0490 3032 WinDefend - ok
09:26:24.0490 3032 WinHttpAutoProxySvc - ok
09:26:24.0537 3032 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
09:26:24.0584 3032 Winmgmt - ok
09:26:24.0630 3032 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
09:26:24.0693 3032 WinRM - ok
09:26:24.0740 3032 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
09:26:24.0771 3032 Wlansvc - ok
09:26:24.0786 3032 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
09:26:24.0802 3032 WmiAcpi - ok
09:26:24.0818 3032 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
09:26:24.0833 3032 wmiApSrv - ok
09:26:24.0849 3032 WMPNetworkSvc - ok
09:26:24.0864 3032 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
09:26:24.0880 3032 WPCSvc - ok
09:26:24.0911 3032 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
09:26:24.0927 3032 WPDBusEnum - ok
09:26:24.0942 3032 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
09:26:24.0974 3032 ws2ifsl - ok
09:26:24.0989 3032 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
09:26:25.0020 3032 wscsvc - ok
09:26:25.0020 3032 WSearch - ok
09:26:25.0083 3032 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
09:26:25.0161 3032 wuauserv - ok
09:26:25.0176 3032 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
09:26:25.0208 3032 WudfPf - ok
09:26:25.0223 3032 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
09:26:25.0254 3032 WUDFRd - ok
09:26:25.0270 3032 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
09:26:25.0301 3032 wudfsvc - ok
09:26:25.0317 3032 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
09:26:25.0348 3032 WwanSvc - ok
09:26:25.0442 3032 [ A107BDCFE7CF82CF60F2653C5F2FF3A8 ] ZoneAlarmBackup Service C:\ZoneAlarmBackup\ZABackup Service.exe
09:26:25.0488 3032 ZoneAlarmBackup Service ( UnsignedFile.Multi.Generic ) - warning
09:26:25.0488 3032 ZoneAlarmBackup Service - detected UnsignedFile.Multi.Generic (1)
09:26:25.0544 3032 ================ Scan global ===============================
09:26:25.0614 3032 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
09:26:25.0724 3032 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
09:26:25.0744 3032 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
09:26:25.0764 3032 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
09:26:25.0784 3032 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
09:26:25.0784 3032 [Global] - ok
09:26:25.0784 3032 ================ Scan MBR ==================================
09:26:25.0804 3032 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
09:26:26.0074 3032 \Device\Harddisk0\DR0 - ok
09:26:26.0084 3032 [ E64B2A49894D1FD5A0201870E3E41A51 ] \Device\Harddisk1\DR1
09:26:26.0154 3032 \Device\Harddisk1\DR1 - ok
09:26:26.0154 3032 ================ Scan VBR ==================================
09:26:26.0164 3032 [ 91CA6712131845DC78D6C19C878AE51F ] \Device\Harddisk0\DR0\Partition1
09:26:26.0164 3032 \Device\Harddisk0\DR0\Partition1 - ok
09:26:26.0164 3032 [ 7301DD4F2B4EB4E2334F7ADD5BC9F278 ] \Device\Harddisk1\DR1\Partition1
09:26:26.0164 3032 \Device\Harddisk1\DR1\Partition1 - ok
09:26:26.0164 3032 ============================================================
09:26:26.0164 3032 Scan finished
09:26:26.0164 3032 ============================================================
09:26:26.0174 4772 Detected object count: 2
09:26:26.0174 4772 Actual detected object count: 2
09:26:47.0784 4772 MDM ( UnsignedFile.Multi.Generic ) - skipped by user
09:26:47.0784 4772 MDM ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:26:47.0799 4772 ZoneAlarmBackup Service ( UnsignedFile.Multi.Generic ) - skipped by user
09:26:47.0799 4772 ZoneAlarmBackup Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
#48
Posted 31 August 2012 - 03:41 AM
SSri09
- Topic Starter
-
- Member
-
- 144 posts
Member
Did an ESET online scanner; it found some threads and cleaned them.
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll Win32/Adware.Yontoo.B application cleaned by deleting - quarantined
C:\Users\Sundars\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DGM5QTA2\bi_downloader[1].exe a variant of Win32/Somoto.A application cleaned by deleting - quarantined
C:\Users\Sundars\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DGM5QTA2\ezLooker-S-Setup_Suite1[1].exe probably a variant of Win32/Adware.FCVRETQ application cleaned by deleting - quarantined
C:\Users\Sundars\AppData\Local\Temp\BetterInstaller.exe a variant of Win32/Somoto.A application cleaned by deleting - quarantined
C:\Users\Sundars\AppData\Local\Temp\nsyC092.tmp a variant of Win32/Somoto.A application cleaned by deleting - quarantined
C:\Users\Sundars\Downloads\Camstudio_Setup.exe a variant of Win32/Adware.iBryte.C application cleaned by deleting - quarantined
I will be be away for a couple of days and will return on Sunday afternoon. I hope you would be able to look at these logs and advise by then.
Thank you very much for your help in advance.
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll Win32/Adware.Yontoo.B application cleaned by deleting - quarantined
C:\Users\Sundars\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DGM5QTA2\bi_downloader[1].exe a variant of Win32/Somoto.A application cleaned by deleting - quarantined
C:\Users\Sundars\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DGM5QTA2\ezLooker-S-Setup_Suite1[1].exe probably a variant of Win32/Adware.FCVRETQ application cleaned by deleting - quarantined
C:\Users\Sundars\AppData\Local\Temp\BetterInstaller.exe a variant of Win32/Somoto.A application cleaned by deleting - quarantined
C:\Users\Sundars\AppData\Local\Temp\nsyC092.tmp a variant of Win32/Somoto.A application cleaned by deleting - quarantined
C:\Users\Sundars\Downloads\Camstudio_Setup.exe a variant of Win32/Adware.iBryte.C application cleaned by deleting - quarantined
I will be be away for a couple of days and will return on Sunday afternoon. I hope you would be able to look at these logs and advise by then.
Thank you very much for your help in advance.
#49
Posted 31 August 2012 - 06:18 AM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
Hi unfortunately that is a by product now of "free" programmes... However, someone has very nicely put a tool together to remove this garbage. So we will run that first and then do another OTL all user quick scan to pick up any remnants
Download AdwCleaner from here to your desktop
Run AdwCleaner and select Delete
Once done it will ask to reboot, allow this
On reboot a log will be produced please attach that
Download AdwCleaner from here to your desktop
Run AdwCleaner and select Delete
Once done it will ask to reboot, allow this
On reboot a log will be produced please attach that
#50
Posted 02 September 2012 - 09:21 AM
SSri09
- Topic Starter
-
- Member
-
- 144 posts
Member
Thanks! I have thrown Camstudio out of the window. I would most probably choose a paid version if I do not find a clean free version.
Adw Cleaner
# AdwCleaner v2.000 - Logfile created 09/02/2012 at 16:11:23
# Updated 30/08/2012 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : Sundars - SUNDARS-PC
# Boot Mode : Normal
# Running from : C:\Users\Sundars\Downloads\adwcleaner.exe
# Option [Delete]
***** [Services] *****
***** [Files / Folders] *****
Folder Deleted : C:\Program Files (x86)\PricePeep
Folder Deleted : C:\Program Files (x86)\Yontoo
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Users\Sundars\AppData\Local\Google\Chrome\User Data\Default\Extensions\licjnkifamhpbaefhdpacpmihicfbomb
***** [Registry] *****
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{38A066B0-DD5F-4226-AC4F-6A27C1BFB892}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0005058.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0005058.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0005058.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0005058.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\PricePeep.PricePeepBho
Key Deleted : HKLM\SOFTWARE\Classes\PricePeep.PricePeepBho.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3BF3DED5-0FC8-4207-AC09-AA7B5AF4E408}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1B97A696-5576-43AC-A73B-E1D2C78F21E8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\licjnkifamhpbaefhdpacpmihicfbomb
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\PricePeep
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1B97A696-5576-43AC-A73B-E1D2C78F21E8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Tarma Installer
***** [Internet Browsers] *****
-\\ Internet Explorer v8.0.7601.17514
Restored : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
-\\ Mozilla Firefox v15.0 (en-US)
Profile name : Sundars Profile [Profil par défaut]
File : D:\Browser - FireFox\Profiles\prefs.js
Deleted : user_pref("extensions.browserprotect.searchProviderExceptions", "hxxp://en.wikipedia.org/wiki/Specia[...]
Deleted : user_pref("extensions.crossriderapp5058.5058.InstallationThankYouPage", true);
Deleted : user_pref("extensions.crossriderapp5058.5058.InstallationTime", 1346344793);
Deleted : user_pref("extensions.crossriderapp5058.5058.InstallationUserSettings.searchUserConifrmation", false[...]
Deleted : user_pref("extensions.crossriderapp5058.5058.InstallationUserSettings.setHomepage", false);
Deleted : user_pref("extensions.crossriderapp5058.5058.InstallationUserSettings.setNewTab", false);
Deleted : user_pref("extensions.crossriderapp5058.5058.InstallationUserSettings.setSearch", false);
Deleted : user_pref("extensions.crossriderapp5058.5058.active", true);
Deleted : user_pref("extensions.crossriderapp5058.5058.addressbar", "");
Deleted : user_pref("extensions.crossriderapp5058.5058.backgroundjs", "\n\n\"undefined\"!=typeof _GPL_BG&&appA[...]
Deleted : user_pref("extensions.crossriderapp5058.5058.backgroundver", 5);
Deleted : user_pref("extensions.crossriderapp5058.5058.can_run_bg_code", true);
Deleted : user_pref("extensions.crossriderapp5058.5058.certdomaininstaller", "");
Deleted : user_pref("extensions.crossriderapp5058.5058.changeprevious", false);
Deleted : user_pref("extensions.crossriderapp5058.5058.cookie.InstallationTime.expiration", "Fri Feb 01 2030 0[...]
Deleted : user_pref("extensions.crossriderapp5058.5058.cookie.InstallationTime.value", "1346344793");
Deleted : user_pref("extensions.crossriderapp5058.5058.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00[...]
Deleted : user_pref("extensions.crossriderapp5058.5058.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 [...]
Deleted : user_pref("extensions.crossriderapp5058.5058.cookie._GPL_aoi.value", "1346344793");
Deleted : user_pref("extensions.crossriderapp5058.5058.cookie._GPL_blocklist.expiration", "Fri Aug 31 2012 11:[...]
Deleted : user_pref("extensions.crossriderapp5058.5058.cookie._GPL_blocklist.value", "%5B%22nonexistantdomain.[...]
Deleted : user_pref("extensions.crossriderapp5058.5058.cookie._GPL_country_code.expiration", "Thu Sep 06 2012 [...]
Deleted : user_pref("extensions.crossriderapp5058.5058.cookie._GPL_country_code.value", "%22GB%22");
Deleted : user_pref("extensions.crossriderapp5058.5058.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:00 [...]
Deleted : user_pref("extensions.crossriderapp5058.5058.cookie._GPL_crr.value", "1346407691");
Deleted : user_pref("extensions.crossriderapp5058.5058.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 01 [...]
Deleted : user_pref("extensions.crossriderapp5058.5058.cookie._GPL_hotfix20111102645.value", "%221%22");
Deleted : user_pref("extensions.crossriderapp5058.5058.cookie._GPL_installer_params.expiration", "Fri Feb 01 2[...]
Deleted : user_pref("extensions.crossriderapp5058.5058.cookie._GPL_installer_params.value", "%7B%22source_id%2[...]
Deleted : user_pref("extensions.crossriderapp5058.5058.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030[...]
Deleted : user_pref("extensions.crossriderapp5058.5058.cookie._GPL_parent_zoneid.value", "%2214019%22");
Deleted : user_pref("extensions.crossriderapp5058.5058.cookie._GPL_pc_20120828.expiration", "Fri Feb 01 2030 0[...]
Deleted : user_pref("extensions.crossriderapp5058.5058.cookie._GPL_pc_20120828.value", "1346347232215");
Deleted : user_pref("extensions.crossriderapp5058.5058.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 00[...]
Deleted : user_pref("extensions.crossriderapp5058.5058.cookie._GPL_product_id.value", "%221269%22");
Deleted : user_pref("extensions.crossriderapp5058.5058.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:[...]
Deleted : user_pref("extensions.crossriderapp5058.5058.cookie._GPL_zoneid.value", "%2274671%22");
Deleted : user_pref("extensions.crossriderapp5058.5058.cookie.dbtest.expiration", "Fri Feb 01 2030 00:00:00 GM[...]
Deleted : user_pref("extensions.crossriderapp5058.5058.cookie.dbtest.value", "1346347220853");
Deleted : user_pref("extensions.crossriderapp5058.5058.description", "Shopping Sidekick");
Deleted : user_pref("extensions.crossriderapp5058.5058.domain", "");
Deleted : user_pref("extensions.crossriderapp5058.5058.enablesearch", false);
Deleted : user_pref("extensions.crossriderapp5058.5058.fbremoteurl", "");
Deleted : user_pref("extensions.crossriderapp5058.5058.group", 0);
Deleted : user_pref("extensions.crossriderapp5058.5058.homepage", "");
Deleted : user_pref("extensions.crossriderapp5058.5058.iframe", false);
Deleted : user_pref("extensions.crossriderapp5058.5058.internaldb.InstallerIdentifiers.expiration", "Fri Feb 0[...]
Deleted : user_pref("extensions.crossriderapp5058.5058.internaldb.InstallerIdentifiers.value", "%7B%22installe[...]
Deleted : user_pref("extensions.crossriderapp5058.5058.internaldb.Resources_appVer.expiration", "Fri Feb 01 20[...]
Deleted : user_pref("extensions.crossriderapp5058.5058.internaldb.Resources_appVer.value", "29");
Deleted : user_pref("extensions.crossriderapp5058.5058.internaldb.Resources_lastVersion.expiration", "Fri Feb [...]
Deleted : user_pref("extensions.crossriderapp5058.5058.internaldb.Resources_lastVersion.value", "0");
Deleted : user_pref("extensions.crossriderapp5058.5058.internaldb.Resources_meta.expiration", "Fri Feb 01 2030[...]
Deleted : user_pref("extensions.crossriderapp5058.5058.internaldb.Resources_meta.value", "%7B%7D");
Deleted : user_pref("extensions.crossriderapp5058.5058.internaldb.Resources_nextCheck.expiration", "Fri Aug 31[...]
Deleted : user_pref("extensions.crossriderapp5058.5058.internaldb.Resources_nextCheck.value", "true");
Deleted : user_pref("extensions.crossriderapp5058.5058.internaldb.Resources_queue.expiration", "Fri Feb 01 203[...]
Deleted : user_pref("extensions.crossriderapp5058.5058.internaldb.Resources_queue.value", "%7B%7D");
Deleted : user_pref("extensions.crossriderapp5058.5058.internaldb.SoftwareDetected.expiration", "Fri Feb 01 20[...]
Deleted : user_pref("extensions.crossriderapp5058.5058.internaldb.SoftwareDetected.value", "%7B%22AnySoftware%[...]
Deleted : user_pref("extensions.crossriderapp5058.5058.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _GP[...]
Deleted : user_pref("extensions.crossriderapp5058.5058.manifesturl", "");
Deleted : user_pref("extensions.crossriderapp5058.5058.name", "Shopping Sidekick");
Deleted : user_pref("extensions.crossriderapp5058.5058.newtab", "");
Deleted : user_pref("extensions.crossriderapp5058.5058.opensearch", "");
Deleted : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_1.code", "appAPI._cr_config={appID:funct[...]
Deleted : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_1.name", "base");
Deleted : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_1.ver", 3);
Deleted : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_1000014.code", "Array.prototype.indexOf|[...]
Deleted : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_1000014.name", "GPL Plugin (Loader)");
Deleted : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_1000014.ver", 4);
Deleted : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_1000015.code", "var _GPL_BG={vars:{},rul[...]
Deleted : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_1000015.name", "GPL Background (BG)");
Deleted : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_1000015.ver", 2);
Deleted : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_13.code", "(function(a){a.selectedText=f[...]
Deleted : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_13.name", "CrossriderAppUtils");
Deleted : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_13.ver", 2);
Deleted : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_14.code", "if(typeof(appAPI)===\"undefin[...]
Deleted : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_14.name", "CrossriderUtils");
Deleted : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_14.ver", 2);
Deleted : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_15.code", "(function(f){var u={};var e=M[...]
Deleted : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_15.name", "FacebookFFIE");
Deleted : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_15.ver", 1);
Deleted : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_16.code", "(function(f,b){if(typeof(b)==[...]
Deleted : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_16.name", "FFAppAPIWrapper");
Deleted : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_16.ver", 3);
Deleted : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_17.code", "if(typeof window!==\"undefine[...]
Deleted : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_17.name", "jQuery");
Deleted : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_17.ver", 3);
Deleted : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_21.code", "var CrossriderDebugManager=(f[...]
Deleted : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_21.name", "debug");
Deleted : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_21.ver", 3);
Deleted : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_22.code", "");
Deleted : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_22.name", "resources");
Deleted : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_22.ver", 2);
Deleted : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_28.code", "var CrossriderInitializerPlug[...]
Deleted : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_28.name", "initializer");
Deleted : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_28.ver", 2);
Deleted : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_4.code", "/*! jQuery v1.7.1 jquery.com |[...]
Deleted : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_4.name", "jquery_1_7_1");
Deleted : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_4.ver", 3);
Deleted : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_47.code", "(function(){appAPI.ready=func[...]
Deleted : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_47.name", "resources_background");
Deleted : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_47.ver", 1);
Deleted : user_pref("extensions.crossriderapp5058.5058.plugins_lists.plugins_0", "17,14,16,47,1000015");
Deleted : user_pref("extensions.crossriderapp5058.5058.plugins_lists.plugins_1", "17,14,13,16,15,4,1,21,22,100[...]
Deleted : user_pref("extensions.crossriderapp5058.5058.pluginsurl", "hxxp://app-static.crossrider.com/plugin/a[...]
Deleted : user_pref("extensions.crossriderapp5058.5058.pluginsversion", 10);
Deleted : user_pref("extensions.crossriderapp5058.5058.publisher", "215 Apps");
Deleted : user_pref("extensions.crossriderapp5058.5058.searchstatus", 0);
Deleted : user_pref("extensions.crossriderapp5058.5058.setnewtab", false);
Deleted : user_pref("extensions.crossriderapp5058.5058.settingsurl", "");
Deleted : user_pref("extensions.crossriderapp5058.5058.thankyou", "");
Deleted : user_pref("extensions.crossriderapp5058.5058.updateinterval", 360);
Deleted : user_pref("extensions.crossriderapp5058.5058.ver", 29);
Deleted : user_pref("extensions.crossriderapp5058.adsOldValue", -1);
Deleted : user_pref("extensions.crossriderapp5058.apps", "5058");
Deleted : user_pref("extensions.crossriderapp5058.bic", "139788b7e0af4178e27d0013f88f1152");
Deleted : user_pref("extensions.crossriderapp5058.cid", 5058);
Deleted : user_pref("extensions.crossriderapp5058.firstrun", false);
Deleted : user_pref("extensions.crossriderapp5058.hadappinstalled", true);
Deleted : user_pref("extensions.crossriderapp5058.installationdate", 1346347171);
Deleted : user_pref("extensions.crossriderapp5058.lastcheck", 22439891);
Deleted : user_pref("extensions.crossriderapp5058.lastcheckitem", 22440134);
Deleted : user_pref("extensions.crossriderapp5058.modetype", "production");
Deleted : user_pref("extensions.enabledAddons", "[email protected]:0.4,browserprotect@browserprot[...]
-\\ Google Chrome v21.0.1180.83
File : C:\Users\Sundars\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
*************************
AdwCleaner[S1].txt - [16741 octets] - [02/09/2012 16:11:23]
########## EOF - C:\AdwCleaner[S1].txt - [16802 octets] ##########
OTL
OTL logfile created on: 02/09/2012 16:14:25 - Run 2
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\Sundars\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
28.00 Gb Total Physical Memory | 25.45 Gb Available Physical Memory | 90.88% Memory free
56.00 Gb Paging File | 53.28 Gb Available in Paging File | 95.14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.76 Gb Total Space | 389.08 Gb Free Space | 83.54% Space Free | Partition Type: NTFS
Drive D: | 1397.27 Gb Total Space | 1260.24 Gb Free Space | 90.19% Space Free | Partition Type: NTFS
Computer Name: SUNDARS-PC | User Name: Sundars | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/08/31 09:24:15 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Sundars\Desktop\OTL.exe
PRC - [2012/08/29 16:32:25 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/08/13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012/07/27 21:51:36 | 000,035,768 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\reader_sl.exe
PRC - [2012/07/27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) -- C:\Program Files (x86)\Skype\Updater\Updater.exe
PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/03/27 15:23:38 | 000,143,360 | ---- | M] (Pro Softnet Corporation) -- C:\ZoneAlarmBackup\ZABackup Service.exe
PRC - [2012/03/27 15:21:12 | 000,036,864 | ---- | M] (Pro Softnet Corp.) -- C:\ZoneAlarmBackup\ZABackupBackground.exe
PRC - [2012/03/27 15:14:46 | 001,994,752 | ---- | M] (Pro Softnet Corp.) -- C:\ZoneAlarmBackup\ZABackupTray.exe
PRC - [2003/08/29 19:05:35 | 000,360,448 | ---- | M] () -- C:\Program Files (x86)\SpywareGuard\sgmain.exe
PRC - [2003/08/29 11:14:56 | 000,233,472 | ---- | M] () -- C:\Program Files (x86)\SpywareGuard\sgbhp.exe
========== Modules (No Company Name) ==========
MOD - [2012/08/29 16:32:15 | 002,242,528 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/05/30 20:06:48 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/05/30 20:06:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2003/08/29 19:05:35 | 000,360,448 | ---- | M] () -- C:\Program Files (x86)\SpywareGuard\sgmain.exe
MOD - [2003/08/29 11:14:56 | 000,233,472 | ---- | M] () -- C:\Program Files (x86)\SpywareGuard\sgbhp.exe
========== Services (SafeList) ==========
SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/08/30 11:58:09 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/08/29 16:32:25 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/08/13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/07/27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Running] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/03/27 15:23:38 | 000,143,360 | ---- | M] (Pro Softnet Corporation) [Auto | Running] -- C:\ZoneAlarmBackup\ZABackup Service.exe -- (ZoneAlarmBackup Service)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/12/15 01:46:42 | 000,222,904 | ---- | M] (QFX Software Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\keyscrambler.sys -- (KeyScrambler)
DRV:64bit: - [2010/11/20 05:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 05:32:48 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/11/20 05:32:48 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 03:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 03:03:44 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 00:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1436455705-2035571507-3517363761-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1436455705-2035571507-3517363761-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\S-1-5-21-1436455705-2035571507-3517363761-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9A 7C 6A 9D BF 86 CD 01 [binary data]
IE - HKU\S-1-5-21-1436455705-2035571507-3517363761-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1436455705-2035571507-3517363761-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-1436455705-2035571507-3517363761-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1436455705-2035571507-3517363761-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Sundars\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Sundars\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/08/29 16:32:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
[2012/08/27 22:00:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sundars\AppData\Roaming\Mozilla\Extensions
[2012/08/29 21:16:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/08/29 21:16:15 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/08/29 16:32:26 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/08/29 16:32:14 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/08/29 16:32:14 | 000,002,253 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
========== Chrome ==========
CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Sundars\AppData\Local\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Sundars\AppData\Local\Google\Chrome\Application\21.0.1180.83\gcswf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Sundars\AppData\Local\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Sundars\AppData\Local\Google\Chrome\Application\21.0.1180.83\pdf.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Sundars\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: Skype Click to Call = C:\Users\Sundars\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.2.0.10687_0\
CHR - Extension: Shopping Sidekick = C:\Users\Sundars\AppData\Local\Google\Chrome\User Data\Default\Extensions\nllafhekklanfkimibokomlmidmcmaoi\1.20.26_0\crossrider
CHR - Extension: Shopping Sidekick = C:\Users\Sundars\AppData\Local\Google\Chrome\User Data\Default\Extensions\nllafhekklanfkimibokomlmidmcmaoi\1.20.26_0\
O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files (x86)\KeyScrambler\x64\KeyScramblerIE.dll (QFX Software Corporation)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files (x86)\SpywareGuard\dlprotect.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1436455705-2035571507-3517363761-1000..\Run: [ZoneAlarm Backup Startup] C:\ZoneAlarmBackup\ZABackupStartup.exe (Pro Softnet Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Sundars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Users\Sundars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpywareGuard.lnk = C:\Program Files (x86)\SpywareGuard\sgmain.exe ()
O4 - Startup: C:\Users\Sundars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZoneAlarm Backup Tray.lnk = C:\ZoneAlarmBackup\ZABackupReg2ini.exe (Pro Softnet Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-1436455705-2035571507-3517363761-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-21-1436455705-2035571507-3517363761-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1
O7 - HKU\S-1-5-21-1436455705-2035571507-3517363761-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O9:64bit: - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files (x86)\KeyScrambler\x64\KeyScramblerIE.dll (QFX Software Corporation)
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.6.2.cab (DLM Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.67.222.222 208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{34D1FD84-4DBD-4397-A083-ECBEAD716994}: DhcpNameServer = 208.67.222.222 208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C6FE4E93-3C13-4C10-AE40-508A39FC0C1A}: DhcpNameServer = 208.67.222.222 208.67.220.220
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files (x86)\SpywareGuard\spywareguard.dll ()
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012/09/02 15:55:56 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/08/31 09:43:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/08/31 09:43:31 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Sundars\Desktop\esetsmartinstaller_enu.exe
[2012/08/31 09:25:34 | 002,211,928 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Sundars\Desktop\tdsskiller.exe
[2012/08/31 09:24:14 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Users\Sundars\Desktop\OTL.exe
[2012/08/31 09:14:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2012/08/31 09:14:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2012/08/31 09:14:07 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Sundars\Desktop\erunt_setup.exe
[2012/08/31 09:09:03 | 000,000,000 | ---D | C] -- C:\Users\Sundars\Desktop\Malware - 31Aug2012
[2012/08/30 22:52:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Digiarty
[2012/08/30 18:40:37 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Roaming\iVideoConverter
[2012/08/30 18:40:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iVideo Converter
[2012/08/30 18:05:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Digiarty
[2012/08/30 17:40:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CamStudio
[2012/08/30 17:40:17 | 000,049,664 | ---- | C] (CamStudio Group) -- C:\Windows\SysNative\CamCodec.dll
[2012/08/30 17:40:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CamStudio 2.6b
[2012/08/30 17:39:58 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Local\Shopping Sidekick
[2012/08/30 17:39:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Shopping Sidekick
[2012/08/30 15:57:22 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Roaming\Download Manager
[2012/08/30 11:58:22 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Roaming\Macromedia
[2012/08/30 11:58:22 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Local\Macromedia
[2012/08/30 11:58:08 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2012/08/30 11:58:06 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012/08/30 03:00:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2012/08/29 22:45:05 | 000,229,376 | ---- | C] (Pro-SoftNet Corporation, USA) -- C:\Windows\SysWow64\IDrLocale.dll
[2012/08/29 22:45:04 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ZoneAlarmBackup
[2012/08/29 22:45:03 | 000,526,184 | ---- | C] (Xceed Software Inc (450) 442-2626 [email protected] www.xceedsoft.com) -- C:\Windows\SysWow64\XceedCry.dll
[2012/08/29 22:45:00 | 001,245,184 | ---- | C] (Pro Soft Net Corporation) -- C:\Windows\SysWow64\ZABackupService.dll
[2012/08/29 22:45:00 | 000,135,168 | ---- | C] (Pro-Softnet Corporation) -- C:\Windows\SysWow64\LogMail.dll
[2012/08/29 22:44:59 | 000,143,360 | ---- | C] (Herman & Associates) -- C:\Windows\SysWow64\HLButton.ocx
[2012/08/29 22:44:59 | 000,086,016 | ---- | C] (Streamnet India) -- C:\Windows\SysWow64\IBwinUtil.ocx
[2012/08/29 22:44:59 | 000,028,672 | ---- | C] (Checks Unlimited) -- C:\Windows\SysWow64\Disable_X.ocx
[2012/08/29 22:44:59 | 000,024,576 | ---- | C] (Streamnet India) -- C:\Windows\SysWow64\IBcalendarser.ocx
[2012/08/29 22:44:59 | 000,000,000 | ---D | C] -- C:\ZoneAlarmBackup
[2012/08/29 21:15:57 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Roaming\Skype
[2012/08/29 21:15:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/08/29 21:15:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012/08/29 21:15:51 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2012/08/29 21:15:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2012/08/29 09:33:38 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Roaming\Canon
[2012/08/29 09:29:10 | 000,000,000 | -H-D | C] -- C:\Windows\SysNative\CanonIJ Uninstaller Information
[2012/08/29 09:29:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MP800
[2012/08/29 09:28:52 | 000,000,000 | -H-D | C] -- C:\Program Files\CanonBJ
[2012/08/29 09:23:49 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ
[2012/08/29 09:14:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
[2012/08/29 09:14:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Canon
[2012/08/29 09:14:35 | 000,000,000 | ---D | C] -- C:\Program Files\Canon
[2012/08/28 19:13:13 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Roaming\Adobe
[2012/08/28 19:13:13 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Local\Adobe
[2012/08/28 19:11:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2012/08/28 19:11:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2012/08/28 19:10:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2012/08/28 16:29:44 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Roaming\Apple Computer
[2012/08/28 16:29:44 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Local\Apple Computer
[2012/08/28 16:29:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/08/28 16:29:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2012/08/28 16:29:11 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/08/28 16:29:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012/08/28 16:29:11 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/08/28 16:29:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2012/08/28 16:29:11 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2012/08/28 16:28:49 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Local\Apple
[2012/08/28 16:28:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2012/08/28 16:28:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2012/08/28 16:28:32 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012/08/28 16:28:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2012/08/28 16:28:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2012/08/28 16:28:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2012/08/28 10:55:11 | 000,000,000 | ---D | C] -- C:\Users\Sundars\Documents\DTN
[2012/08/28 09:49:58 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IQFeed 4.8.1.7
[2012/08/28 09:49:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DTN
[2012/08/28 08:38:30 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/08/28 08:37:52 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Local\Google
[2012/08/28 07:18:43 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2012/08/28 07:18:43 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2012/08/28 05:44:01 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2012/08/28 05:43:47 | 000,000,000 | -HSD | C] -- C:\Boot
[2012/08/27 22:59:44 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Roaming\QFX Software
[2012/08/27 22:59:44 | 000,000,000 | ---D | C] -- C:\ProgramData\QFX Software
[2012/08/27 22:58:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeyScrambler
[2012/08/27 22:58:55 | 000,222,904 | ---- | C] (QFX Software Corporation) -- C:\Windows\SysNative\drivers\keyscrambler.sys
[2012/08/27 22:58:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\KeyScrambler
[2012/08/27 22:30:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AmiBroker x64
[2012/08/27 22:30:49 | 000,000,000 | ---D | C] -- C:\Program Files\AmiBroker
[2012/08/27 22:05:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareGuard
[2012/08/27 22:05:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpywareGuard
[2012/08/27 22:01:34 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Roaming\Malwarebytes
[2012/08/27 22:01:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/08/27 22:01:26 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/08/27 22:01:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/08/27 22:00:47 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Roaming\Mozilla
[2012/08/27 22:00:47 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Local\Mozilla
[2012/08/27 22:00:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/08/27 22:00:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/08/27 22:00:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/08/27 21:58:07 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Users\Sundars\Desktop\TFC.exe
[2012/08/27 21:42:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/08/27 21:41:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/08/27 21:31:41 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2012/08/27 21:18:07 | 000,116,224 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\SysNative\fms.dll
[2012/08/27 21:17:50 | 000,093,696 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\SysWow64\fms.dll
[2012/08/27 21:16:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2012/08/27 21:15:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Works
[2012/08/27 21:15:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio
[2012/08/27 21:15:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2012/08/27 21:15:16 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2012/08/27 21:15:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2012/08/27 21:13:34 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2012/08/27 21:13:10 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Local\Microsoft Help
[2012/08/27 21:13:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2012/08/27 21:13:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2012/08/27 21:13:08 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2012/08/27 21:12:42 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2012/08/27 21:00:02 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2012/08/27 20:54:41 | 000,000,000 | R--D | C] -- C:\Users\Sundars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012/08/27 20:54:41 | 000,000,000 | R--D | C] -- C:\Users\Sundars\Searches
[2012/08/27 20:54:41 | 000,000,000 | R--D | C] -- C:\Users\Sundars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012/08/27 20:54:41 | 000,000,000 | -H-D | C] -- C:\Users\Sundars\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2012/08/27 20:54:31 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Roaming\Identities
[2012/08/27 20:54:28 | 000,000,000 | R--D | C] -- C:\Users\Sundars\Contacts
[2012/08/27 20:54:26 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Local\VirtualStore
[2012/08/27 20:54:21 | 000,000,000 | --SD | C] -- C:\Users\Sundars\AppData\Roaming\Microsoft
[2012/08/27 20:54:21 | 000,000,000 | R--D | C] -- C:\Users\Sundars\Videos
[2012/08/27 20:54:21 | 000,000,000 | R--D | C] -- C:\Users\Sundars\Saved Games
[2012/08/27 20:54:21 | 000,000,000 | R--D | C] -- C:\Users\Sundars\Pictures
[2012/08/27 20:54:21 | 000,000,000 | R--D | C] -- C:\Users\Sundars\Music
[2012/08/27 20:54:21 | 000,000,000 | R--D | C] -- C:\Users\Sundars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012/08/27 20:54:21 | 000,000,000 | R--D | C] -- C:\Users\Sundars\Links
[2012/08/27 20:54:21 | 000,000,000 | R--D | C] -- C:\Users\Sundars\Favorites
[2012/08/27 20:54:21 | 000,000,000 | R--D | C] -- C:\Users\Sundars\Downloads
[2012/08/27 20:54:21 | 000,000,000 | R--D | C] -- C:\Users\Sundars\Documents
[2012/08/27 20:54:21 | 000,000,000 | R--D | C] -- C:\Users\Sundars\Desktop
[2012/08/27 20:54:21 | 000,000,000 | R--D | C] -- C:\Users\Sundars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/08/27 20:54:21 | 000,000,000 | -HSD | C] -- C:\Users\Sundars\AppData\Local\Temporary Internet Files
[2012/08/27 20:54:21 | 000,000,000 | -HSD | C] -- C:\Users\Sundars\Templates
[2012/08/27 20:54:21 | 000,000,000 | -HSD | C] -- C:\Users\Sundars\Start Menu
[2012/08/27 20:54:21 | 000,000,000 | -HSD | C] -- C:\Users\Sundars\SendTo
[2012/08/27 20:54:21 | 000,000,000 | -HSD | C] -- C:\Users\Sundars\Recent
[2012/08/27 20:54:21 | 000,000,000 | -HSD | C] -- C:\Users\Sundars\PrintHood
[2012/08/27 20:54:21 | 000,000,000 | -HSD | C] -- C:\Users\Sundars\NetHood
[2012/08/27 20:54:21 | 000,000,000 | -HSD | C] -- C:\Users\Sundars\Documents\My Videos
[2012/08/27 20:54:21 | 000,000,000 | -HSD | C] -- C:\Users\Sundars\Documents\My Pictures
[2012/08/27 20:54:21 | 000,000,000 | -HSD | C] -- C:\Users\Sundars\Documents\My Music
[2012/08/27 20:54:21 | 000,000,000 | -HSD | C] -- C:\Users\Sundars\My Documents
[2012/08/27 20:54:21 | 000,000,000 | -HSD | C] -- C:\Users\Sundars\Local Settings
[2012/08/27 20:54:21 | 000,000,000 | -HSD | C] -- C:\Users\Sundars\AppData\Local\History
[2012/08/27 20:54:21 | 000,000,000 | -HSD | C] -- C:\Users\Sundars\Cookies
[2012/08/27 20:54:21 | 000,000,000 | -HSD | C] -- C:\Users\Sundars\Application Data
[2012/08/27 20:54:21 | 000,000,000 | -HSD | C] -- C:\Users\Sundars\AppData\Local\Application Data
[2012/08/27 20:54:21 | 000,000,000 | -H-D | C] -- C:\Users\Sundars\AppData
[2012/08/27 20:54:21 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Local\Temp
[2012/08/27 20:54:21 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Local\Microsoft
[2012/08/27 20:54:21 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Roaming\Media Center Programs
[2012/08/27 20:54:15 | 000,000,000 | -HSD | C] -- C:\Recovery
[2012/08/27 20:48:18 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2012/08/27 20:46:14 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2012/08/27 20:45:44 | 000,000,000 | -HSD | C] -- C:\System Volume Information
========== Files - Modified Within 30 Days ==========
[2012/09/02 16:15:04 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/09/02 16:13:44 | 000,004,008 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012/09/02 16:13:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/02 16:13:32 | 1073,221,627 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/02 15:59:28 | 000,013,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/02 15:59:28 | 000,013,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/02 15:57:55 | 000,721,264 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/09/02 15:57:55 | 000,624,210 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/09/02 15:57:55 | 000,109,232 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/08/31 11:42:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1436455705-2035571507-3517363761-1000UA.job
[2012/08/31 09:43:31 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Sundars\Desktop\esetsmartinstaller_enu.exe
[2012/08/31 09:25:36 | 002,211,928 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Sundars\Desktop\tdsskiller.exe
[2012/08/31 09:24:15 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Sundars\Desktop\OTL.exe
[2012/08/31 09:14:41 | 000,001,108 | ---- | M] () -- C:\Users\Sundars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/08/31 09:14:36 | 000,000,909 | ---- | M] () -- C:\Users\Sundars\Desktop\ERUNT.lnk
[2012/08/31 09:14:09 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Sundars\Desktop\erunt_setup.exe
[2012/08/31 08:42:00 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1436455705-2035571507-3517363761-1000Core.job
[2012/08/30 22:52:01 | 000,001,406 | ---- | M] () -- C:\Users\Sundars\Desktop\WinX Free AVI to FLV Converter.lnk
[2012/08/29 22:45:04 | 000,001,590 | ---- | M] () -- C:\Users\Sundars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZoneAlarm Backup Tray.lnk
[2012/08/29 22:45:04 | 000,001,578 | ---- | M] () -- C:\Users\Sundars\Application Data\Microsoft\Internet Explorer\Quick Launch\ZoneAlarmBackup.lnk
[2012/08/29 22:45:04 | 000,001,554 | ---- | M] () -- C:\Users\Sundars\Desktop\ZoneAlarm Backup Powered by IDrive.lnk
[2012/08/29 22:15:27 | 000,000,285 | ---- | M] () -- C:\Users\Sundars\Desktop\CleanLog.BAT
[2012/08/29 21:15:54 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/08/29 15:34:50 | 010,011,662 | ---- | M] () -- C:\Users\Sundars\Desktop\vigor2820_3372_232201.zip
[2012/08/28 19:12:11 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/08/28 16:29:42 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/08/28 14:34:55 | 000,002,579 | ---- | M] () -- C:\Users\Sundars\Desktop\Google Chrome.lnk
[2012/08/28 10:59:05 | 000,001,127 | ---- | M] () -- C:\Users\Sundars\Desktop\AmiBroker x64.lnk
[2012/08/28 08:36:09 | 000,001,137 | ---- | M] () -- C:\Users\Sundars\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2012/08/28 08:35:32 | 000,725,754 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/08/28 07:21:03 | 000,413,312 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/08/28 05:43:49 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2012/08/27 22:56:46 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/08/27 22:05:25 | 000,000,991 | ---- | M] () -- C:\Users\Sundars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpywareGuard.lnk
[2012/08/27 22:05:25 | 000,000,987 | ---- | M] () -- C:\Users\Sundars\Desktop\SpywareGuard LiveUpdate.lnk
[2012/08/27 22:05:25 | 000,000,955 | ---- | M] () -- C:\Users\Sundars\Desktop\SpywareGuard.lnk
[2012/08/27 22:01:27 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/27 22:00:42 | 000,001,134 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/08/27 21:42:30 | 000,001,441 | ---- | M] () -- C:\Users\Sundars\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/08/27 20:49:11 | 000,042,045 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2012/08/27 20:49:11 | 000,042,045 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2012/08/27 20:46:53 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
========== Files Created - No Company Name ==========
[2012/08/31 09:14:41 | 000,001,108 | ---- | C] () -- C:\Users\Sundars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/08/31 09:14:36 | 000,000,909 | ---- | C] () -- C:\Users\Sundars\Desktop\ERUNT.lnk
[2012/08/31 07:25:37 | 000,004,008 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/08/30 22:52:01 | 000,001,406 | ---- | C] () -- C:\Users\Sundars\Desktop\WinX Free AVI to FLV Converter.lnk
[2012/08/30 11:58:10 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/29 22:45:04 | 000,569,368 | ---- | C] () -- C:\Windows\SysWow64\olelib.tlb
[2012/08/29 22:45:04 | 000,022,212 | ---- | C] () -- C:\Windows\SysWow64\olelib2.tlb
[2012/08/29 22:45:04 | 000,003,841 | ---- | C] () -- C:\Windows\SysWow64\server.pem
[2012/08/29 22:45:04 | 000,001,590 | ---- | C] () -- C:\Users\Sundars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZoneAlarm Backup Tray.lnk
[2012/08/29 22:45:04 | 000,001,578 | ---- | C] () -- C:\Users\Sundars\Application Data\Microsoft\Internet Explorer\Quick Launch\ZoneAlarmBackup.lnk
[2012/08/29 22:45:04 | 000,001,554 | ---- | C] () -- C:\Users\Sundars\Desktop\ZoneAlarm Backup Powered by IDrive.lnk
[2012/08/29 22:45:01 | 000,026,128 | ---- | C] () -- C:\Windows\SysWow64\ZABackupXceedCryReg.exe
[2012/08/29 22:45:01 | 000,000,096 | ---- | C] () -- C:\Windows\SysWow64\RegisterZABackupDll.bat
[2012/08/29 22:45:00 | 000,441,705 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll
[2012/08/29 22:45:00 | 000,147,130 | ---- | C] () -- C:\Windows\SysWow64\CRYPT32.LIB
[2012/08/29 22:45:00 | 000,117,982 | ---- | C] () -- C:\Windows\SysWow64\ADVAPI32.LIB
[2012/08/29 22:45:00 | 000,055,808 | ---- | C] () -- C:\Windows\SysWow64\zlib1.dll
[2012/08/29 22:44:59 | 000,094,208 | ---- | C] () -- C:\Windows\SysWow64\IBColIml.ocx
[2012/08/29 22:44:59 | 000,000,730 | ---- | C] () -- C:\Windows\SysWow64\rootcert.pem
[2012/08/29 22:15:27 | 000,000,285 | ---- | C] () -- C:\Users\Sundars\Desktop\CleanLog.BAT
[2012/08/29 21:15:54 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/08/29 15:33:40 | 010,011,662 | ---- | C] () -- C:\Users\Sundars\Desktop\vigor2820_3372_232201.zip
[2012/08/28 19:12:11 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012/08/28 19:12:11 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/08/28 16:29:42 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/08/28 16:28:48 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012/08/28 08:38:31 | 000,002,579 | ---- | C] () -- C:\Users\Sundars\Desktop\Google Chrome.lnk
[2012/08/28 08:37:54 | 000,000,916 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1436455705-2035571507-3517363761-1000UA.job
[2012/08/28 08:37:54 | 000,000,864 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1436455705-2035571507-3517363761-1000Core.job
[2012/08/28 08:36:09 | 000,001,137 | ---- | C] () -- C:\Users\Sundars\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2012/08/28 05:43:49 | 000,008,192 | RHS- | C] () -- C:\BOOTSECT.BAK
[2012/08/28 05:43:47 | 000,383,786 | RHS- | C] () -- C:\bootmgr
[2012/08/27 22:30:52 | 000,001,127 | ---- | C] () -- C:\Users\Sundars\Desktop\AmiBroker x64.lnk
[2012/08/27 22:05:25 | 000,000,991 | ---- | C] () -- C:\Users\Sundars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpywareGuard.lnk
[2012/08/27 22:05:25 | 000,000,987 | ---- | C] () -- C:\Users\Sundars\Desktop\SpywareGuard LiveUpdate.lnk
[2012/08/27 22:05:25 | 000,000,955 | ---- | C] () -- C:\Users\Sundars\Desktop\SpywareGuard.lnk
[2012/08/27 22:01:27 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/27 22:00:42 | 000,001,146 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/08/27 22:00:42 | 000,001,134 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/08/27 21:58:08 | 000,821,248 | ---- | C] () -- C:\Users\Sundars\Desktop\FreeISOBurner.exe
[2012/08/27 21:57:55 | 000,354,304 | ---- | C] () -- C:\Users\Sundars\Desktop\Ultimate Windows Tweaker.exe
[2012/08/27 21:42:30 | 000,001,441 | ---- | C] () -- C:\Users\Sundars\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/08/27 21:42:22 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012/08/27 21:42:12 | 000,001,915 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/08/27 21:42:08 | 000,725,754 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/08/27 21:18:17 | 000,347,904 | ---- | C] () -- C:\Windows\SysNative\systemsf.ebd
[2012/08/27 21:18:06 | 000,001,041 | ---- | C] () -- C:\Windows\SysWow64\tcpbidi.xml
[2012/08/27 21:17:57 | 000,095,744 | ---- | C] () -- C:\Windows\SysNative\RDVGHelper.exe
[2012/08/27 21:17:52 | 000,146,389 | ---- | C] () -- C:\Windows\SysWow64\printmanagement.msc
[2012/08/27 21:17:52 | 000,105,559 | ---- | C] () -- C:\Windows\SysWow64\RacRules.xml
[2012/08/27 21:17:52 | 000,105,559 | ---- | C] () -- C:\Windows\SysNative\RacRules.xml
[2012/08/27 21:17:52 | 000,010,429 | ---- | C] () -- C:\Windows\SysNative\ScavengeSpace.xml
[2012/08/27 20:55:36 | 000,001,413 | ---- | C] () -- C:\Users\Sundars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2012/08/27 20:55:33 | 000,001,447 | ---- | C] () -- C:\Users\Sundars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/08/27 20:54:21 | 000,000,290 | ---- | C] () -- C:\Users\Sundars\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012/08/27 20:54:21 | 000,000,272 | ---- | C] () -- C:\Users\Sundars\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2012/08/27 20:49:05 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012/08/27 20:48:58 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012/08/27 20:46:53 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012/08/27 20:45:44 | 1073,221,627 | -HS- | C] () -- C:\hiberfil.sys
========== LOP Check ==========
[2009/07/14 06:08:49 | 000,003,838 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report >
Hopefully, we may close this thread. Thanks ton for your patience and invaluable help.
Adw Cleaner
# AdwCleaner v2.000 - Logfile created 09/02/2012 at 16:11:23
# Updated 30/08/2012 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : Sundars - SUNDARS-PC
# Boot Mode : Normal
# Running from : C:\Users\Sundars\Downloads\adwcleaner.exe
# Option [Delete]
***** [Services] *****
***** [Files / Folders] *****
Folder Deleted : C:\Program Files (x86)\PricePeep
Folder Deleted : C:\Program Files (x86)\Yontoo
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Users\Sundars\AppData\Local\Google\Chrome\User Data\Default\Extensions\licjnkifamhpbaefhdpacpmihicfbomb
***** [Registry] *****
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{38A066B0-DD5F-4226-AC4F-6A27C1BFB892}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0005058.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0005058.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0005058.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0005058.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\PricePeep.PricePeepBho
Key Deleted : HKLM\SOFTWARE\Classes\PricePeep.PricePeepBho.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3BF3DED5-0FC8-4207-AC09-AA7B5AF4E408}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1B97A696-5576-43AC-A73B-E1D2C78F21E8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\licjnkifamhpbaefhdpacpmihicfbomb
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\PricePeep
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1B97A696-5576-43AC-A73B-E1D2C78F21E8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Tarma Installer
***** [Internet Browsers] *****
-\\ Internet Explorer v8.0.7601.17514
Restored : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
-\\ Mozilla Firefox v15.0 (en-US)
Profile name : Sundars Profile [Profil par défaut]
File : D:\Browser - FireFox\Profiles\prefs.js
Deleted : user_pref("extensions.browserprotect.searchProviderExceptions", "hxxp://en.wikipedia.org/wiki/Specia[...]
Deleted : user_pref("extensions.crossriderapp5058.5058.InstallationThankYouPage", true);
Deleted : user_pref("extensions.crossriderapp5058.5058.InstallationTime", 1346344793);
Deleted : user_pref("extensions.crossriderapp5058.5058.InstallationUserSettings.searchUserConifrmation", false[...]
Deleted : user_pref("extensions.crossriderapp5058.5058.InstallationUserSettings.setHomepage", false);
Deleted : user_pref("extensions.crossriderapp5058.5058.InstallationUserSettings.setNewTab", false);
Deleted : user_pref("extensions.crossriderapp5058.5058.InstallationUserSettings.setSearch", false);
Deleted : user_pref("extensions.crossriderapp5058.5058.active", true);
Deleted : user_pref("extensions.crossriderapp5058.5058.addressbar", "");
Deleted : user_pref("extensions.crossriderapp5058.5058.backgroundjs", "\n\n\"undefined\"!=typeof _GPL_BG&&appA[...]
Deleted : user_pref("extensions.crossriderapp5058.5058.backgroundver", 5);
Deleted : user_pref("extensions.crossriderapp5058.5058.can_run_bg_code", true);
Deleted : user_pref("extensions.crossriderapp5058.5058.certdomaininstaller", "");
Deleted : user_pref("extensions.crossriderapp5058.5058.changeprevious", false);
Deleted : user_pref("extensions.crossriderapp5058.5058.cookie.InstallationTime.expiration", "Fri Feb 01 2030 0[...]
Deleted : user_pref("extensions.crossriderapp5058.5058.cookie.InstallationTime.value", "1346344793");
Deleted : user_pref("extensions.crossriderapp5058.5058.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00[...]
Deleted : user_pref("extensions.crossriderapp5058.5058.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 [...]
Deleted : user_pref("extensions.crossriderapp5058.5058.cookie._GPL_aoi.value", "1346344793");
Deleted : user_pref("extensions.crossriderapp5058.5058.cookie._GPL_blocklist.expiration", "Fri Aug 31 2012 11:[...]
Deleted : user_pref("extensions.crossriderapp5058.5058.cookie._GPL_blocklist.value", "%5B%22nonexistantdomain.[...]
Deleted : user_pref("extensions.crossriderapp5058.5058.cookie._GPL_country_code.expiration", "Thu Sep 06 2012 [...]
Deleted : user_pref("extensions.crossriderapp5058.5058.cookie._GPL_country_code.value", "%22GB%22");
Deleted : user_pref("extensions.crossriderapp5058.5058.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:00 [...]
Deleted : user_pref("extensions.crossriderapp5058.5058.cookie._GPL_crr.value", "1346407691");
Deleted : user_pref("extensions.crossriderapp5058.5058.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 01 [...]
Deleted : user_pref("extensions.crossriderapp5058.5058.cookie._GPL_hotfix20111102645.value", "%221%22");
Deleted : user_pref("extensions.crossriderapp5058.5058.cookie._GPL_installer_params.expiration", "Fri Feb 01 2[...]
Deleted : user_pref("extensions.crossriderapp5058.5058.cookie._GPL_installer_params.value", "%7B%22source_id%2[...]
Deleted : user_pref("extensions.crossriderapp5058.5058.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030[...]
Deleted : user_pref("extensions.crossriderapp5058.5058.cookie._GPL_parent_zoneid.value", "%2214019%22");
Deleted : user_pref("extensions.crossriderapp5058.5058.cookie._GPL_pc_20120828.expiration", "Fri Feb 01 2030 0[...]
Deleted : user_pref("extensions.crossriderapp5058.5058.cookie._GPL_pc_20120828.value", "1346347232215");
Deleted : user_pref("extensions.crossriderapp5058.5058.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 00[...]
Deleted : user_pref("extensions.crossriderapp5058.5058.cookie._GPL_product_id.value", "%221269%22");
Deleted : user_pref("extensions.crossriderapp5058.5058.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:[...]
Deleted : user_pref("extensions.crossriderapp5058.5058.cookie._GPL_zoneid.value", "%2274671%22");
Deleted : user_pref("extensions.crossriderapp5058.5058.cookie.dbtest.expiration", "Fri Feb 01 2030 00:00:00 GM[...]
Deleted : user_pref("extensions.crossriderapp5058.5058.cookie.dbtest.value", "1346347220853");
Deleted : user_pref("extensions.crossriderapp5058.5058.description", "Shopping Sidekick");
Deleted : user_pref("extensions.crossriderapp5058.5058.domain", "");
Deleted : user_pref("extensions.crossriderapp5058.5058.enablesearch", false);
Deleted : user_pref("extensions.crossriderapp5058.5058.fbremoteurl", "");
Deleted : user_pref("extensions.crossriderapp5058.5058.group", 0);
Deleted : user_pref("extensions.crossriderapp5058.5058.homepage", "");
Deleted : user_pref("extensions.crossriderapp5058.5058.iframe", false);
Deleted : user_pref("extensions.crossriderapp5058.5058.internaldb.InstallerIdentifiers.expiration", "Fri Feb 0[...]
Deleted : user_pref("extensions.crossriderapp5058.5058.internaldb.InstallerIdentifiers.value", "%7B%22installe[...]
Deleted : user_pref("extensions.crossriderapp5058.5058.internaldb.Resources_appVer.expiration", "Fri Feb 01 20[...]
Deleted : user_pref("extensions.crossriderapp5058.5058.internaldb.Resources_appVer.value", "29");
Deleted : user_pref("extensions.crossriderapp5058.5058.internaldb.Resources_lastVersion.expiration", "Fri Feb [...]
Deleted : user_pref("extensions.crossriderapp5058.5058.internaldb.Resources_lastVersion.value", "0");
Deleted : user_pref("extensions.crossriderapp5058.5058.internaldb.Resources_meta.expiration", "Fri Feb 01 2030[...]
Deleted : user_pref("extensions.crossriderapp5058.5058.internaldb.Resources_meta.value", "%7B%7D");
Deleted : user_pref("extensions.crossriderapp5058.5058.internaldb.Resources_nextCheck.expiration", "Fri Aug 31[...]
Deleted : user_pref("extensions.crossriderapp5058.5058.internaldb.Resources_nextCheck.value", "true");
Deleted : user_pref("extensions.crossriderapp5058.5058.internaldb.Resources_queue.expiration", "Fri Feb 01 203[...]
Deleted : user_pref("extensions.crossriderapp5058.5058.internaldb.Resources_queue.value", "%7B%7D");
Deleted : user_pref("extensions.crossriderapp5058.5058.internaldb.SoftwareDetected.expiration", "Fri Feb 01 20[...]
Deleted : user_pref("extensions.crossriderapp5058.5058.internaldb.SoftwareDetected.value", "%7B%22AnySoftware%[...]
Deleted : user_pref("extensions.crossriderapp5058.5058.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _GP[...]
Deleted : user_pref("extensions.crossriderapp5058.5058.manifesturl", "");
Deleted : user_pref("extensions.crossriderapp5058.5058.name", "Shopping Sidekick");
Deleted : user_pref("extensions.crossriderapp5058.5058.newtab", "");
Deleted : user_pref("extensions.crossriderapp5058.5058.opensearch", "");
Deleted : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_1.code", "appAPI._cr_config={appID:funct[...]
Deleted : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_1.name", "base");
Deleted : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_1.ver", 3);
Deleted : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_1000014.code", "Array.prototype.indexOf|[...]
Deleted : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_1000014.name", "GPL Plugin (Loader)");
Deleted : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_1000014.ver", 4);
Deleted : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_1000015.code", "var _GPL_BG={vars:{},rul[...]
Deleted : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_1000015.name", "GPL Background (BG)");
Deleted : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_1000015.ver", 2);
Deleted : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_13.code", "(function(a){a.selectedText=f[...]
Deleted : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_13.name", "CrossriderAppUtils");
Deleted : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_13.ver", 2);
Deleted : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_14.code", "if(typeof(appAPI)===\"undefin[...]
Deleted : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_14.name", "CrossriderUtils");
Deleted : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_14.ver", 2);
Deleted : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_15.code", "(function(f){var u={};var e=M[...]
Deleted : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_15.name", "FacebookFFIE");
Deleted : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_15.ver", 1);
Deleted : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_16.code", "(function(f,b){if(typeof(b)==[...]
Deleted : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_16.name", "FFAppAPIWrapper");
Deleted : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_16.ver", 3);
Deleted : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_17.code", "if(typeof window!==\"undefine[...]
Deleted : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_17.name", "jQuery");
Deleted : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_17.ver", 3);
Deleted : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_21.code", "var CrossriderDebugManager=(f[...]
Deleted : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_21.name", "debug");
Deleted : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_21.ver", 3);
Deleted : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_22.code", "");
Deleted : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_22.name", "resources");
Deleted : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_22.ver", 2);
Deleted : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_28.code", "var CrossriderInitializerPlug[...]
Deleted : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_28.name", "initializer");
Deleted : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_28.ver", 2);
Deleted : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_4.code", "/*! jQuery v1.7.1 jquery.com |[...]
Deleted : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_4.name", "jquery_1_7_1");
Deleted : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_4.ver", 3);
Deleted : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_47.code", "(function(){appAPI.ready=func[...]
Deleted : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_47.name", "resources_background");
Deleted : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_47.ver", 1);
Deleted : user_pref("extensions.crossriderapp5058.5058.plugins_lists.plugins_0", "17,14,16,47,1000015");
Deleted : user_pref("extensions.crossriderapp5058.5058.plugins_lists.plugins_1", "17,14,13,16,15,4,1,21,22,100[...]
Deleted : user_pref("extensions.crossriderapp5058.5058.pluginsurl", "hxxp://app-static.crossrider.com/plugin/a[...]
Deleted : user_pref("extensions.crossriderapp5058.5058.pluginsversion", 10);
Deleted : user_pref("extensions.crossriderapp5058.5058.publisher", "215 Apps");
Deleted : user_pref("extensions.crossriderapp5058.5058.searchstatus", 0);
Deleted : user_pref("extensions.crossriderapp5058.5058.setnewtab", false);
Deleted : user_pref("extensions.crossriderapp5058.5058.settingsurl", "");
Deleted : user_pref("extensions.crossriderapp5058.5058.thankyou", "");
Deleted : user_pref("extensions.crossriderapp5058.5058.updateinterval", 360);
Deleted : user_pref("extensions.crossriderapp5058.5058.ver", 29);
Deleted : user_pref("extensions.crossriderapp5058.adsOldValue", -1);
Deleted : user_pref("extensions.crossriderapp5058.apps", "5058");
Deleted : user_pref("extensions.crossriderapp5058.bic", "139788b7e0af4178e27d0013f88f1152");
Deleted : user_pref("extensions.crossriderapp5058.cid", 5058);
Deleted : user_pref("extensions.crossriderapp5058.firstrun", false);
Deleted : user_pref("extensions.crossriderapp5058.hadappinstalled", true);
Deleted : user_pref("extensions.crossriderapp5058.installationdate", 1346347171);
Deleted : user_pref("extensions.crossriderapp5058.lastcheck", 22439891);
Deleted : user_pref("extensions.crossriderapp5058.lastcheckitem", 22440134);
Deleted : user_pref("extensions.crossriderapp5058.modetype", "production");
Deleted : user_pref("extensions.enabledAddons", "[email protected]:0.4,browserprotect@browserprot[...]
-\\ Google Chrome v21.0.1180.83
File : C:\Users\Sundars\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
*************************
AdwCleaner[S1].txt - [16741 octets] - [02/09/2012 16:11:23]
########## EOF - C:\AdwCleaner[S1].txt - [16802 octets] ##########
OTL
OTL logfile created on: 02/09/2012 16:14:25 - Run 2
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\Sundars\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
28.00 Gb Total Physical Memory | 25.45 Gb Available Physical Memory | 90.88% Memory free
56.00 Gb Paging File | 53.28 Gb Available in Paging File | 95.14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.76 Gb Total Space | 389.08 Gb Free Space | 83.54% Space Free | Partition Type: NTFS
Drive D: | 1397.27 Gb Total Space | 1260.24 Gb Free Space | 90.19% Space Free | Partition Type: NTFS
Computer Name: SUNDARS-PC | User Name: Sundars | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/08/31 09:24:15 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Sundars\Desktop\OTL.exe
PRC - [2012/08/29 16:32:25 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/08/13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012/07/27 21:51:36 | 000,035,768 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\reader_sl.exe
PRC - [2012/07/27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) -- C:\Program Files (x86)\Skype\Updater\Updater.exe
PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/03/27 15:23:38 | 000,143,360 | ---- | M] (Pro Softnet Corporation) -- C:\ZoneAlarmBackup\ZABackup Service.exe
PRC - [2012/03/27 15:21:12 | 000,036,864 | ---- | M] (Pro Softnet Corp.) -- C:\ZoneAlarmBackup\ZABackupBackground.exe
PRC - [2012/03/27 15:14:46 | 001,994,752 | ---- | M] (Pro Softnet Corp.) -- C:\ZoneAlarmBackup\ZABackupTray.exe
PRC - [2003/08/29 19:05:35 | 000,360,448 | ---- | M] () -- C:\Program Files (x86)\SpywareGuard\sgmain.exe
PRC - [2003/08/29 11:14:56 | 000,233,472 | ---- | M] () -- C:\Program Files (x86)\SpywareGuard\sgbhp.exe
========== Modules (No Company Name) ==========
MOD - [2012/08/29 16:32:15 | 002,242,528 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/05/30 20:06:48 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/05/30 20:06:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2003/08/29 19:05:35 | 000,360,448 | ---- | M] () -- C:\Program Files (x86)\SpywareGuard\sgmain.exe
MOD - [2003/08/29 11:14:56 | 000,233,472 | ---- | M] () -- C:\Program Files (x86)\SpywareGuard\sgbhp.exe
========== Services (SafeList) ==========
SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/08/30 11:58:09 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/08/29 16:32:25 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/08/13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/07/27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Running] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/03/27 15:23:38 | 000,143,360 | ---- | M] (Pro Softnet Corporation) [Auto | Running] -- C:\ZoneAlarmBackup\ZABackup Service.exe -- (ZoneAlarmBackup Service)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/12/15 01:46:42 | 000,222,904 | ---- | M] (QFX Software Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\keyscrambler.sys -- (KeyScrambler)
DRV:64bit: - [2010/11/20 05:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 05:32:48 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/11/20 05:32:48 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 03:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 03:03:44 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 00:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1436455705-2035571507-3517363761-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1436455705-2035571507-3517363761-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\S-1-5-21-1436455705-2035571507-3517363761-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9A 7C 6A 9D BF 86 CD 01 [binary data]
IE - HKU\S-1-5-21-1436455705-2035571507-3517363761-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1436455705-2035571507-3517363761-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-1436455705-2035571507-3517363761-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1436455705-2035571507-3517363761-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Sundars\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Sundars\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/08/29 16:32:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
[2012/08/27 22:00:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sundars\AppData\Roaming\Mozilla\Extensions
[2012/08/29 21:16:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/08/29 21:16:15 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/08/29 16:32:26 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/08/29 16:32:14 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/08/29 16:32:14 | 000,002,253 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
========== Chrome ==========
CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Sundars\AppData\Local\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Sundars\AppData\Local\Google\Chrome\Application\21.0.1180.83\gcswf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Sundars\AppData\Local\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Sundars\AppData\Local\Google\Chrome\Application\21.0.1180.83\pdf.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Sundars\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: Skype Click to Call = C:\Users\Sundars\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.2.0.10687_0\
CHR - Extension: Shopping Sidekick = C:\Users\Sundars\AppData\Local\Google\Chrome\User Data\Default\Extensions\nllafhekklanfkimibokomlmidmcmaoi\1.20.26_0\crossrider
CHR - Extension: Shopping Sidekick = C:\Users\Sundars\AppData\Local\Google\Chrome\User Data\Default\Extensions\nllafhekklanfkimibokomlmidmcmaoi\1.20.26_0\
O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files (x86)\KeyScrambler\x64\KeyScramblerIE.dll (QFX Software Corporation)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files (x86)\SpywareGuard\dlprotect.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1436455705-2035571507-3517363761-1000..\Run: [ZoneAlarm Backup Startup] C:\ZoneAlarmBackup\ZABackupStartup.exe (Pro Softnet Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Sundars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Users\Sundars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpywareGuard.lnk = C:\Program Files (x86)\SpywareGuard\sgmain.exe ()
O4 - Startup: C:\Users\Sundars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZoneAlarm Backup Tray.lnk = C:\ZoneAlarmBackup\ZABackupReg2ini.exe (Pro Softnet Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-1436455705-2035571507-3517363761-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-21-1436455705-2035571507-3517363761-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1
O7 - HKU\S-1-5-21-1436455705-2035571507-3517363761-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O9:64bit: - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files (x86)\KeyScrambler\x64\KeyScramblerIE.dll (QFX Software Corporation)
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.6.2.cab (DLM Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.67.222.222 208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{34D1FD84-4DBD-4397-A083-ECBEAD716994}: DhcpNameServer = 208.67.222.222 208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C6FE4E93-3C13-4C10-AE40-508A39FC0C1A}: DhcpNameServer = 208.67.222.222 208.67.220.220
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files (x86)\SpywareGuard\spywareguard.dll ()
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012/09/02 15:55:56 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/08/31 09:43:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/08/31 09:43:31 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Sundars\Desktop\esetsmartinstaller_enu.exe
[2012/08/31 09:25:34 | 002,211,928 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Sundars\Desktop\tdsskiller.exe
[2012/08/31 09:24:14 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Users\Sundars\Desktop\OTL.exe
[2012/08/31 09:14:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2012/08/31 09:14:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2012/08/31 09:14:07 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Sundars\Desktop\erunt_setup.exe
[2012/08/31 09:09:03 | 000,000,000 | ---D | C] -- C:\Users\Sundars\Desktop\Malware - 31Aug2012
[2012/08/30 22:52:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Digiarty
[2012/08/30 18:40:37 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Roaming\iVideoConverter
[2012/08/30 18:40:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iVideo Converter
[2012/08/30 18:05:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Digiarty
[2012/08/30 17:40:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CamStudio
[2012/08/30 17:40:17 | 000,049,664 | ---- | C] (CamStudio Group) -- C:\Windows\SysNative\CamCodec.dll
[2012/08/30 17:40:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CamStudio 2.6b
[2012/08/30 17:39:58 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Local\Shopping Sidekick
[2012/08/30 17:39:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Shopping Sidekick
[2012/08/30 15:57:22 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Roaming\Download Manager
[2012/08/30 11:58:22 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Roaming\Macromedia
[2012/08/30 11:58:22 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Local\Macromedia
[2012/08/30 11:58:08 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2012/08/30 11:58:06 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012/08/30 03:00:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2012/08/29 22:45:05 | 000,229,376 | ---- | C] (Pro-SoftNet Corporation, USA) -- C:\Windows\SysWow64\IDrLocale.dll
[2012/08/29 22:45:04 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ZoneAlarmBackup
[2012/08/29 22:45:03 | 000,526,184 | ---- | C] (Xceed Software Inc (450) 442-2626 [email protected] www.xceedsoft.com) -- C:\Windows\SysWow64\XceedCry.dll
[2012/08/29 22:45:00 | 001,245,184 | ---- | C] (Pro Soft Net Corporation) -- C:\Windows\SysWow64\ZABackupService.dll
[2012/08/29 22:45:00 | 000,135,168 | ---- | C] (Pro-Softnet Corporation) -- C:\Windows\SysWow64\LogMail.dll
[2012/08/29 22:44:59 | 000,143,360 | ---- | C] (Herman & Associates) -- C:\Windows\SysWow64\HLButton.ocx
[2012/08/29 22:44:59 | 000,086,016 | ---- | C] (Streamnet India) -- C:\Windows\SysWow64\IBwinUtil.ocx
[2012/08/29 22:44:59 | 000,028,672 | ---- | C] (Checks Unlimited) -- C:\Windows\SysWow64\Disable_X.ocx
[2012/08/29 22:44:59 | 000,024,576 | ---- | C] (Streamnet India) -- C:\Windows\SysWow64\IBcalendarser.ocx
[2012/08/29 22:44:59 | 000,000,000 | ---D | C] -- C:\ZoneAlarmBackup
[2012/08/29 21:15:57 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Roaming\Skype
[2012/08/29 21:15:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/08/29 21:15:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012/08/29 21:15:51 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2012/08/29 21:15:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2012/08/29 09:33:38 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Roaming\Canon
[2012/08/29 09:29:10 | 000,000,000 | -H-D | C] -- C:\Windows\SysNative\CanonIJ Uninstaller Information
[2012/08/29 09:29:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MP800
[2012/08/29 09:28:52 | 000,000,000 | -H-D | C] -- C:\Program Files\CanonBJ
[2012/08/29 09:23:49 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ
[2012/08/29 09:14:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
[2012/08/29 09:14:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Canon
[2012/08/29 09:14:35 | 000,000,000 | ---D | C] -- C:\Program Files\Canon
[2012/08/28 19:13:13 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Roaming\Adobe
[2012/08/28 19:13:13 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Local\Adobe
[2012/08/28 19:11:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2012/08/28 19:11:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2012/08/28 19:10:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2012/08/28 16:29:44 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Roaming\Apple Computer
[2012/08/28 16:29:44 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Local\Apple Computer
[2012/08/28 16:29:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/08/28 16:29:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2012/08/28 16:29:11 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/08/28 16:29:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012/08/28 16:29:11 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/08/28 16:29:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2012/08/28 16:29:11 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2012/08/28 16:28:49 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Local\Apple
[2012/08/28 16:28:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2012/08/28 16:28:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2012/08/28 16:28:32 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012/08/28 16:28:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2012/08/28 16:28:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2012/08/28 16:28:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2012/08/28 10:55:11 | 000,000,000 | ---D | C] -- C:\Users\Sundars\Documents\DTN
[2012/08/28 09:49:58 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IQFeed 4.8.1.7
[2012/08/28 09:49:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DTN
[2012/08/28 08:38:30 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/08/28 08:37:52 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Local\Google
[2012/08/28 07:18:43 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2012/08/28 07:18:43 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2012/08/28 05:44:01 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2012/08/28 05:43:47 | 000,000,000 | -HSD | C] -- C:\Boot
[2012/08/27 22:59:44 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Roaming\QFX Software
[2012/08/27 22:59:44 | 000,000,000 | ---D | C] -- C:\ProgramData\QFX Software
[2012/08/27 22:58:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeyScrambler
[2012/08/27 22:58:55 | 000,222,904 | ---- | C] (QFX Software Corporation) -- C:\Windows\SysNative\drivers\keyscrambler.sys
[2012/08/27 22:58:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\KeyScrambler
[2012/08/27 22:30:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AmiBroker x64
[2012/08/27 22:30:49 | 000,000,000 | ---D | C] -- C:\Program Files\AmiBroker
[2012/08/27 22:05:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareGuard
[2012/08/27 22:05:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpywareGuard
[2012/08/27 22:01:34 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Roaming\Malwarebytes
[2012/08/27 22:01:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/08/27 22:01:26 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/08/27 22:01:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/08/27 22:00:47 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Roaming\Mozilla
[2012/08/27 22:00:47 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Local\Mozilla
[2012/08/27 22:00:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/08/27 22:00:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/08/27 22:00:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/08/27 21:58:07 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Users\Sundars\Desktop\TFC.exe
[2012/08/27 21:42:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/08/27 21:41:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/08/27 21:31:41 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2012/08/27 21:18:07 | 000,116,224 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\SysNative\fms.dll
[2012/08/27 21:17:50 | 000,093,696 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\SysWow64\fms.dll
[2012/08/27 21:16:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2012/08/27 21:15:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Works
[2012/08/27 21:15:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio
[2012/08/27 21:15:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2012/08/27 21:15:16 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2012/08/27 21:15:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2012/08/27 21:13:34 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2012/08/27 21:13:10 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Local\Microsoft Help
[2012/08/27 21:13:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2012/08/27 21:13:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2012/08/27 21:13:08 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2012/08/27 21:12:42 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2012/08/27 21:00:02 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2012/08/27 20:54:41 | 000,000,000 | R--D | C] -- C:\Users\Sundars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012/08/27 20:54:41 | 000,000,000 | R--D | C] -- C:\Users\Sundars\Searches
[2012/08/27 20:54:41 | 000,000,000 | R--D | C] -- C:\Users\Sundars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012/08/27 20:54:41 | 000,000,000 | -H-D | C] -- C:\Users\Sundars\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2012/08/27 20:54:31 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Roaming\Identities
[2012/08/27 20:54:28 | 000,000,000 | R--D | C] -- C:\Users\Sundars\Contacts
[2012/08/27 20:54:26 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Local\VirtualStore
[2012/08/27 20:54:21 | 000,000,000 | --SD | C] -- C:\Users\Sundars\AppData\Roaming\Microsoft
[2012/08/27 20:54:21 | 000,000,000 | R--D | C] -- C:\Users\Sundars\Videos
[2012/08/27 20:54:21 | 000,000,000 | R--D | C] -- C:\Users\Sundars\Saved Games
[2012/08/27 20:54:21 | 000,000,000 | R--D | C] -- C:\Users\Sundars\Pictures
[2012/08/27 20:54:21 | 000,000,000 | R--D | C] -- C:\Users\Sundars\Music
[2012/08/27 20:54:21 | 000,000,000 | R--D | C] -- C:\Users\Sundars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012/08/27 20:54:21 | 000,000,000 | R--D | C] -- C:\Users\Sundars\Links
[2012/08/27 20:54:21 | 000,000,000 | R--D | C] -- C:\Users\Sundars\Favorites
[2012/08/27 20:54:21 | 000,000,000 | R--D | C] -- C:\Users\Sundars\Downloads
[2012/08/27 20:54:21 | 000,000,000 | R--D | C] -- C:\Users\Sundars\Documents
[2012/08/27 20:54:21 | 000,000,000 | R--D | C] -- C:\Users\Sundars\Desktop
[2012/08/27 20:54:21 | 000,000,000 | R--D | C] -- C:\Users\Sundars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/08/27 20:54:21 | 000,000,000 | -HSD | C] -- C:\Users\Sundars\AppData\Local\Temporary Internet Files
[2012/08/27 20:54:21 | 000,000,000 | -HSD | C] -- C:\Users\Sundars\Templates
[2012/08/27 20:54:21 | 000,000,000 | -HSD | C] -- C:\Users\Sundars\Start Menu
[2012/08/27 20:54:21 | 000,000,000 | -HSD | C] -- C:\Users\Sundars\SendTo
[2012/08/27 20:54:21 | 000,000,000 | -HSD | C] -- C:\Users\Sundars\Recent
[2012/08/27 20:54:21 | 000,000,000 | -HSD | C] -- C:\Users\Sundars\PrintHood
[2012/08/27 20:54:21 | 000,000,000 | -HSD | C] -- C:\Users\Sundars\NetHood
[2012/08/27 20:54:21 | 000,000,000 | -HSD | C] -- C:\Users\Sundars\Documents\My Videos
[2012/08/27 20:54:21 | 000,000,000 | -HSD | C] -- C:\Users\Sundars\Documents\My Pictures
[2012/08/27 20:54:21 | 000,000,000 | -HSD | C] -- C:\Users\Sundars\Documents\My Music
[2012/08/27 20:54:21 | 000,000,000 | -HSD | C] -- C:\Users\Sundars\My Documents
[2012/08/27 20:54:21 | 000,000,000 | -HSD | C] -- C:\Users\Sundars\Local Settings
[2012/08/27 20:54:21 | 000,000,000 | -HSD | C] -- C:\Users\Sundars\AppData\Local\History
[2012/08/27 20:54:21 | 000,000,000 | -HSD | C] -- C:\Users\Sundars\Cookies
[2012/08/27 20:54:21 | 000,000,000 | -HSD | C] -- C:\Users\Sundars\Application Data
[2012/08/27 20:54:21 | 000,000,000 | -HSD | C] -- C:\Users\Sundars\AppData\Local\Application Data
[2012/08/27 20:54:21 | 000,000,000 | -H-D | C] -- C:\Users\Sundars\AppData
[2012/08/27 20:54:21 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Local\Temp
[2012/08/27 20:54:21 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Local\Microsoft
[2012/08/27 20:54:21 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Roaming\Media Center Programs
[2012/08/27 20:54:15 | 000,000,000 | -HSD | C] -- C:\Recovery
[2012/08/27 20:48:18 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2012/08/27 20:46:14 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2012/08/27 20:45:44 | 000,000,000 | -HSD | C] -- C:\System Volume Information
========== Files - Modified Within 30 Days ==========
[2012/09/02 16:15:04 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/09/02 16:13:44 | 000,004,008 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012/09/02 16:13:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/02 16:13:32 | 1073,221,627 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/02 15:59:28 | 000,013,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/02 15:59:28 | 000,013,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/02 15:57:55 | 000,721,264 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/09/02 15:57:55 | 000,624,210 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/09/02 15:57:55 | 000,109,232 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/08/31 11:42:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1436455705-2035571507-3517363761-1000UA.job
[2012/08/31 09:43:31 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Sundars\Desktop\esetsmartinstaller_enu.exe
[2012/08/31 09:25:36 | 002,211,928 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Sundars\Desktop\tdsskiller.exe
[2012/08/31 09:24:15 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Sundars\Desktop\OTL.exe
[2012/08/31 09:14:41 | 000,001,108 | ---- | M] () -- C:\Users\Sundars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/08/31 09:14:36 | 000,000,909 | ---- | M] () -- C:\Users\Sundars\Desktop\ERUNT.lnk
[2012/08/31 09:14:09 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Sundars\Desktop\erunt_setup.exe
[2012/08/31 08:42:00 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1436455705-2035571507-3517363761-1000Core.job
[2012/08/30 22:52:01 | 000,001,406 | ---- | M] () -- C:\Users\Sundars\Desktop\WinX Free AVI to FLV Converter.lnk
[2012/08/29 22:45:04 | 000,001,590 | ---- | M] () -- C:\Users\Sundars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZoneAlarm Backup Tray.lnk
[2012/08/29 22:45:04 | 000,001,578 | ---- | M] () -- C:\Users\Sundars\Application Data\Microsoft\Internet Explorer\Quick Launch\ZoneAlarmBackup.lnk
[2012/08/29 22:45:04 | 000,001,554 | ---- | M] () -- C:\Users\Sundars\Desktop\ZoneAlarm Backup Powered by IDrive.lnk
[2012/08/29 22:15:27 | 000,000,285 | ---- | M] () -- C:\Users\Sundars\Desktop\CleanLog.BAT
[2012/08/29 21:15:54 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/08/29 15:34:50 | 010,011,662 | ---- | M] () -- C:\Users\Sundars\Desktop\vigor2820_3372_232201.zip
[2012/08/28 19:12:11 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/08/28 16:29:42 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/08/28 14:34:55 | 000,002,579 | ---- | M] () -- C:\Users\Sundars\Desktop\Google Chrome.lnk
[2012/08/28 10:59:05 | 000,001,127 | ---- | M] () -- C:\Users\Sundars\Desktop\AmiBroker x64.lnk
[2012/08/28 08:36:09 | 000,001,137 | ---- | M] () -- C:\Users\Sundars\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2012/08/28 08:35:32 | 000,725,754 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/08/28 07:21:03 | 000,413,312 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/08/28 05:43:49 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2012/08/27 22:56:46 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/08/27 22:05:25 | 000,000,991 | ---- | M] () -- C:\Users\Sundars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpywareGuard.lnk
[2012/08/27 22:05:25 | 000,000,987 | ---- | M] () -- C:\Users\Sundars\Desktop\SpywareGuard LiveUpdate.lnk
[2012/08/27 22:05:25 | 000,000,955 | ---- | M] () -- C:\Users\Sundars\Desktop\SpywareGuard.lnk
[2012/08/27 22:01:27 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/27 22:00:42 | 000,001,134 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/08/27 21:42:30 | 000,001,441 | ---- | M] () -- C:\Users\Sundars\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/08/27 20:49:11 | 000,042,045 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2012/08/27 20:49:11 | 000,042,045 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2012/08/27 20:46:53 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
========== Files Created - No Company Name ==========
[2012/08/31 09:14:41 | 000,001,108 | ---- | C] () -- C:\Users\Sundars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/08/31 09:14:36 | 000,000,909 | ---- | C] () -- C:\Users\Sundars\Desktop\ERUNT.lnk
[2012/08/31 07:25:37 | 000,004,008 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/08/30 22:52:01 | 000,001,406 | ---- | C] () -- C:\Users\Sundars\Desktop\WinX Free AVI to FLV Converter.lnk
[2012/08/30 11:58:10 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/29 22:45:04 | 000,569,368 | ---- | C] () -- C:\Windows\SysWow64\olelib.tlb
[2012/08/29 22:45:04 | 000,022,212 | ---- | C] () -- C:\Windows\SysWow64\olelib2.tlb
[2012/08/29 22:45:04 | 000,003,841 | ---- | C] () -- C:\Windows\SysWow64\server.pem
[2012/08/29 22:45:04 | 000,001,590 | ---- | C] () -- C:\Users\Sundars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZoneAlarm Backup Tray.lnk
[2012/08/29 22:45:04 | 000,001,578 | ---- | C] () -- C:\Users\Sundars\Application Data\Microsoft\Internet Explorer\Quick Launch\ZoneAlarmBackup.lnk
[2012/08/29 22:45:04 | 000,001,554 | ---- | C] () -- C:\Users\Sundars\Desktop\ZoneAlarm Backup Powered by IDrive.lnk
[2012/08/29 22:45:01 | 000,026,128 | ---- | C] () -- C:\Windows\SysWow64\ZABackupXceedCryReg.exe
[2012/08/29 22:45:01 | 000,000,096 | ---- | C] () -- C:\Windows\SysWow64\RegisterZABackupDll.bat
[2012/08/29 22:45:00 | 000,441,705 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll
[2012/08/29 22:45:00 | 000,147,130 | ---- | C] () -- C:\Windows\SysWow64\CRYPT32.LIB
[2012/08/29 22:45:00 | 000,117,982 | ---- | C] () -- C:\Windows\SysWow64\ADVAPI32.LIB
[2012/08/29 22:45:00 | 000,055,808 | ---- | C] () -- C:\Windows\SysWow64\zlib1.dll
[2012/08/29 22:44:59 | 000,094,208 | ---- | C] () -- C:\Windows\SysWow64\IBColIml.ocx
[2012/08/29 22:44:59 | 000,000,730 | ---- | C] () -- C:\Windows\SysWow64\rootcert.pem
[2012/08/29 22:15:27 | 000,000,285 | ---- | C] () -- C:\Users\Sundars\Desktop\CleanLog.BAT
[2012/08/29 21:15:54 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/08/29 15:33:40 | 010,011,662 | ---- | C] () -- C:\Users\Sundars\Desktop\vigor2820_3372_232201.zip
[2012/08/28 19:12:11 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012/08/28 19:12:11 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/08/28 16:29:42 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/08/28 16:28:48 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012/08/28 08:38:31 | 000,002,579 | ---- | C] () -- C:\Users\Sundars\Desktop\Google Chrome.lnk
[2012/08/28 08:37:54 | 000,000,916 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1436455705-2035571507-3517363761-1000UA.job
[2012/08/28 08:37:54 | 000,000,864 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1436455705-2035571507-3517363761-1000Core.job
[2012/08/28 08:36:09 | 000,001,137 | ---- | C] () -- C:\Users\Sundars\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2012/08/28 05:43:49 | 000,008,192 | RHS- | C] () -- C:\BOOTSECT.BAK
[2012/08/28 05:43:47 | 000,383,786 | RHS- | C] () -- C:\bootmgr
[2012/08/27 22:30:52 | 000,001,127 | ---- | C] () -- C:\Users\Sundars\Desktop\AmiBroker x64.lnk
[2012/08/27 22:05:25 | 000,000,991 | ---- | C] () -- C:\Users\Sundars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpywareGuard.lnk
[2012/08/27 22:05:25 | 000,000,987 | ---- | C] () -- C:\Users\Sundars\Desktop\SpywareGuard LiveUpdate.lnk
[2012/08/27 22:05:25 | 000,000,955 | ---- | C] () -- C:\Users\Sundars\Desktop\SpywareGuard.lnk
[2012/08/27 22:01:27 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/27 22:00:42 | 000,001,146 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/08/27 22:00:42 | 000,001,134 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/08/27 21:58:08 | 000,821,248 | ---- | C] () -- C:\Users\Sundars\Desktop\FreeISOBurner.exe
[2012/08/27 21:57:55 | 000,354,304 | ---- | C] () -- C:\Users\Sundars\Desktop\Ultimate Windows Tweaker.exe
[2012/08/27 21:42:30 | 000,001,441 | ---- | C] () -- C:\Users\Sundars\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/08/27 21:42:22 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012/08/27 21:42:12 | 000,001,915 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/08/27 21:42:08 | 000,725,754 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/08/27 21:18:17 | 000,347,904 | ---- | C] () -- C:\Windows\SysNative\systemsf.ebd
[2012/08/27 21:18:06 | 000,001,041 | ---- | C] () -- C:\Windows\SysWow64\tcpbidi.xml
[2012/08/27 21:17:57 | 000,095,744 | ---- | C] () -- C:\Windows\SysNative\RDVGHelper.exe
[2012/08/27 21:17:52 | 000,146,389 | ---- | C] () -- C:\Windows\SysWow64\printmanagement.msc
[2012/08/27 21:17:52 | 000,105,559 | ---- | C] () -- C:\Windows\SysWow64\RacRules.xml
[2012/08/27 21:17:52 | 000,105,559 | ---- | C] () -- C:\Windows\SysNative\RacRules.xml
[2012/08/27 21:17:52 | 000,010,429 | ---- | C] () -- C:\Windows\SysNative\ScavengeSpace.xml
[2012/08/27 20:55:36 | 000,001,413 | ---- | C] () -- C:\Users\Sundars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2012/08/27 20:55:33 | 000,001,447 | ---- | C] () -- C:\Users\Sundars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/08/27 20:54:21 | 000,000,290 | ---- | C] () -- C:\Users\Sundars\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012/08/27 20:54:21 | 000,000,272 | ---- | C] () -- C:\Users\Sundars\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2012/08/27 20:49:05 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012/08/27 20:48:58 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012/08/27 20:46:53 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012/08/27 20:45:44 | 1073,221,627 | -HS- | C] () -- C:\hiberfil.sys
========== LOP Check ==========
[2009/07/14 06:08:49 | 000,003,838 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report >
Hopefully, we may close this thread. Thanks ton for your patience and invaluable help.
#51
Posted 02 September 2012 - 10:04 AM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
It missed a few ... They just need tidying up and are of no import
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
Run OTL
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
:OTL [2012/08/30 17:39:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Shopping Sidekick [2012/08/30 17:40:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CamStudio [2012/08/30 17:40:17 | 000,049,664 | ---- | C] (CamStudio Group) -- C:\Windows\SysNative\CamCodec.dll [2012/08/30 17:40:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CamStudio 2.6b [2012/08/30 17:39:58 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Local\Shopping Sidekick [2012/08/30 17:39:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Shopping Sidekick :Commands [emptytemp] [CREATERESTOREPOINT] [Reboot]
- Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
#52
Posted 02 September 2012 - 11:18 AM
SSri09
- Topic Starter
-
- Member
-
- 144 posts
Member
Thank you 
OTL FIX
All processes killed
========== OTL ==========
C:\Program Files (x86)\Shopping Sidekick folder moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CamStudio folder moved successfully.
C:\Windows\SysNative\CamCodec.dll moved successfully.
C:\Program Files (x86)\CamStudio 2.6b\Recordings folder moved successfully.
C:\Program Files (x86)\CamStudio 2.6b\controller folder moved successfully.
C:\Program Files (x86)\CamStudio 2.6b folder moved successfully.
C:\Users\Sundars\AppData\Local\Shopping Sidekick\Chrome folder moved successfully.
C:\Users\Sundars\AppData\Local\Shopping Sidekick folder moved successfully.
Folder C:\Program Files (x86)\Shopping Sidekick\ not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
User: Sundars
->Temp folder emptied: 94963905 bytes
->Temporary Internet Files folder emptied: 16100213 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 344843458 bytes
->Flash cache emptied: 506 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 130430510 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
RecycleBin emptied: 10342353096 bytes
Total Files Cleaned = 10,422.00 mb
Restore point Set: OTL Restore Point
OTL by OldTimer - Version 3.2.59.1 log created on 09022012_181330
Files\Folders moved on Reboot...
C:\Users\Sundars\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
OTL FIX
All processes killed
========== OTL ==========
C:\Program Files (x86)\Shopping Sidekick folder moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CamStudio folder moved successfully.
C:\Windows\SysNative\CamCodec.dll moved successfully.
C:\Program Files (x86)\CamStudio 2.6b\Recordings folder moved successfully.
C:\Program Files (x86)\CamStudio 2.6b\controller folder moved successfully.
C:\Program Files (x86)\CamStudio 2.6b folder moved successfully.
C:\Users\Sundars\AppData\Local\Shopping Sidekick\Chrome folder moved successfully.
C:\Users\Sundars\AppData\Local\Shopping Sidekick folder moved successfully.
Folder C:\Program Files (x86)\Shopping Sidekick\ not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
User: Sundars
->Temp folder emptied: 94963905 bytes
->Temporary Internet Files folder emptied: 16100213 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 344843458 bytes
->Flash cache emptied: 506 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 130430510 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
RecycleBin emptied: 10342353096 bytes
Total Files Cleaned = 10,422.00 mb
Restore point Set: OTL Restore Point
OTL by OldTimer - Version 3.2.59.1 log created on 09022012_181330
Files\Folders moved on Reboot...
C:\Users\Sundars\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
#53
Posted 02 September 2012 - 11:57 AM
SSri09
- Topic Starter
-
- Member
-
- 144 posts
Member
MBAM still showed reg keys that are still not deleted. It removed them....
Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org
Database version: v2012.09.02.04
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Sundars :: SUNDARS-PC [administrator]
Protection: Enabled
02/09/2012 18:21:05
mbam-log-2012-09-02 (18-21-05).txt
Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 334921
Time elapsed: 28 minute(s), 3 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 5
HKCR\CLSID\{22222222-2222-2222-2222-220022502258} (PUP.CrossRider.SSK) -> Quarantined and deleted successfully.
HKCR\TypeLib\{44444444-4444-4444-4444-440044504458} (PUP.CrossRider.SSK) -> Quarantined and deleted successfully.
HKCR\Interface\{55555555-5555-5555-5555-550055505558} (PUP.CrossRider.SSK) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SHOPPING SIDEKICK (PUP.CrossRider.SSK) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\nllafhekklanfkimibokomlmidmcmaoi (PUP.CrossRider.SSK) -> Quarantined and deleted successfully.
Registry Values Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Shopping Sidekick|Publisher (PUP.CrossRider.SSK) -> Data: 215 Apps -> Quarantined and deleted successfully.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 4
C:\_OTL\MovedFiles\09022012_181330\C_Program Files (x86)\Shopping Sidekick\Shopping Sidekick-bg.exe (PUP.215Apps) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\09022012_181330\C_Program Files (x86)\Shopping Sidekick\Shopping Sidekick.dll (PUP.215Apps) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\09022012_181330\C_Program Files (x86)\Shopping Sidekick\Shopping Sidekick.exe (PUP.215Apps) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\09022012_181330\C_Program Files (x86)\Shopping Sidekick\Uninstall.exe (PUP.215Apps) -> Quarantined and deleted successfully.
(end)
Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org
Database version: v2012.09.02.04
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Sundars :: SUNDARS-PC [administrator]
Protection: Enabled
02/09/2012 18:21:05
mbam-log-2012-09-02 (18-21-05).txt
Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 334921
Time elapsed: 28 minute(s), 3 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 5
HKCR\CLSID\{22222222-2222-2222-2222-220022502258} (PUP.CrossRider.SSK) -> Quarantined and deleted successfully.
HKCR\TypeLib\{44444444-4444-4444-4444-440044504458} (PUP.CrossRider.SSK) -> Quarantined and deleted successfully.
HKCR\Interface\{55555555-5555-5555-5555-550055505558} (PUP.CrossRider.SSK) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SHOPPING SIDEKICK (PUP.CrossRider.SSK) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\nllafhekklanfkimibokomlmidmcmaoi (PUP.CrossRider.SSK) -> Quarantined and deleted successfully.
Registry Values Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Shopping Sidekick|Publisher (PUP.CrossRider.SSK) -> Data: 215 Apps -> Quarantined and deleted successfully.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 4
C:\_OTL\MovedFiles\09022012_181330\C_Program Files (x86)\Shopping Sidekick\Shopping Sidekick-bg.exe (PUP.215Apps) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\09022012_181330\C_Program Files (x86)\Shopping Sidekick\Shopping Sidekick.dll (PUP.215Apps) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\09022012_181330\C_Program Files (x86)\Shopping Sidekick\Shopping Sidekick.exe (PUP.215Apps) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\09022012_181330\C_Program Files (x86)\Shopping Sidekick\Uninstall.exe (PUP.215Apps) -> Quarantined and deleted successfully.
(end)
#54
Posted 02 September 2012 - 12:06 PM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
How is the computer behaving now ?
#55
Posted 02 September 2012 - 12:19 PM
SSri09
- Topic Starter
-
- Member
-
- 144 posts
Member
It is fine...nothing unusual as re-install restored the house in order except the bloatware from camstudio. I am grateful for your help. You may close the thread....
#56
Posted 02 September 2012 - 12:22 PM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
My pleasure.. Run OTL and hit the cleanup button to remove it
#57
Posted 03 September 2012 - 12:48 AM
SSri09
- Topic Starter
-
- Member
-
- 144 posts
Member
Thanks once again.
#58
Posted 03 September 2012 - 07:15 AM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
