Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

System infected with multiple malwares from a single email attachment


  • Please log in to reply

#1
SSri09

SSri09

    Member

  • Member
  • PipPipPip
  • 144 posts
Hello,

I run win7 64 bit Ultimate. The security tools are Windows Firewall, MSE, MBAM pro, on demand SuperAntispyware and Sandboxie. I have just taken a free trial of Zemana Antilogger.
All browsing is done in SB; a separate SB is used for online transactions. I have stopped double clicking web links in emails. I always cut and paste them the links in the email, provided they are from known sources and I am reasonably confident of the source. All attachments are downloaded, scanned by MSE, MBAM and Virus total (hash check) before running. The rest of emails with/without any attachment, if from unknown source, is deleted.

I was expecting an attachment from payroll. An email did come and paid the price for deviating from the routine. I realised my mistake instantaneously but it is too late to retrace the steps. I did the VT hascheck and it throw many malwares/viruses.

MBAM, MSE and TDSSKiller did not find anything. SuperAntispyware picked up a malware from the attachment that I had sent to the Recycle Bin. Ditto in the case of ESET online scanner;
The workstation logs of OTL, OTL extra, MBAM, TDSSKiller and ESet are attached. I am also attaching an image of the VT Hash Check.
I have a notebook, which keeps in sync with the workstation. I am not sure if that is also infected.
I request someone to help me check if the infections are still active.

Thanks,
Sundar

--------------------------
OTL
--------------------------
OTL logfile created on: 27/02/2013 17:43:35 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Sundars\Desktop\GeeksFeb13
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

28.00 Gb Total Physical Memory | 19.20 Gb Available Physical Memory | 68.56% Memory free
56.00 Gb Paging File | 47.34 Gb Available in Paging File | 84.54% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.76 Gb Total Space | 373.20 Gb Free Space | 80.13% Space Free | Partition Type: NTFS
Drive D: | 1397.27 Gb Total Space | 1217.79 Gb Free Space | 87.15% Space Free | Partition Type: NTFS
Drive F: | 3.99 Gb Total Space | 3.29 Gb Free Space | 82.42% Space Free | Partition Type: NTFS

Computer Name: SUNDARS-PC | User Name: Sundars | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/02/27 16:01:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sundars\Desktop\GeeksFeb13\OTL.exe
PRC - [2013/02/13 09:18:54 | 002,115,416 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
PRC - [2013/02/13 09:18:54 | 001,124,184 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2013/02/07 12:35:46 | 000,546,944 | ---- | M] (ESET) -- C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe
PRC - [2013/02/07 12:35:40 | 000,579,904 | ---- | M] () -- C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
PRC - [2013/01/20 19:29:18 | 028,539,272 | ---- | M] (Dropbox, Inc.) -- C:\Users\Sundars\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013/01/14 10:40:56 | 000,070,152 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\NLSSRV32.EXE
PRC - [2013/01/09 17:36:06 | 000,795,208 | ---- | M] (pdfforge GbR) -- C:\Program Files (x86)\PDF Architect\ConversionService.exe
PRC - [2013/01/09 17:34:26 | 001,324,104 | ---- | M] (pdfforge GbR) -- C:\Program Files (x86)\PDF Architect\HelperService.exe
PRC - [2012/12/18 14:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/11/26 14:09:22 | 001,225,312 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psia.exe
PRC - [2012/11/26 14:09:20 | 000,573,024 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
PRC - [2012/11/22 10:29:16 | 003,290,304 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012/09/04 18:06:07 | 003,696,632 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2012/08/31 09:03:00 | 000,537,918 | ---- | M] () -- C:\Program Files (x86)\OpenDNS\DNSCrypt\dnscrypt-proxy.exe
PRC - [2012/08/31 09:03:00 | 000,098,072 | ---- | M] (OpenDNS) -- C:\Program Files (x86)\OpenDNS\DNSCrypt\OpenDNSInterface.exe
PRC - [2012/08/31 09:03:00 | 000,014,336 | ---- | M] () -- C:\Program Files (x86)\OpenDNS\DNSCrypt\OpenDNSCryptService.exe
PRC - [2012/08/18 20:23:46 | 007,017,896 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
PRC - [2012/03/27 14:23:38 | 000,143,360 | ---- | M] (Pro Softnet Corporation) -- C:\ZoneAlarmBackup\ZABackup Service.exe
PRC - [2012/03/27 14:21:12 | 000,036,864 | ---- | M] (Pro Softnet Corp.) -- C:\ZoneAlarmBackup\ZABackupBackground.exe
PRC - [2012/03/08 11:25:18 | 000,203,600 | ---- | M] (X-Rite Inc.) -- C:\Program Files (x86)\X-Rite\Devices\Services\xrdd.exe
PRC - [2012/01/24 16:21:22 | 000,021,880 | ---- | M] (Schneider Electric) -- C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe
PRC - [2012/01/24 16:11:56 | 000,705,912 | ---- | M] (Schneider Electric) -- C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe
PRC - [2012/01/24 16:06:48 | 000,673,144 | ---- | M] (Schneider Electric) -- C:\Program Files (x86)\APC\PowerChute Personal Edition\apcsystray.exe
PRC - [2010/06/16 21:42:58 | 000,839,680 | ---- | M] () -- C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe
PRC - [2009/10/19 18:53:02 | 000,102,400 | ---- | M] (Wireless Service) -- C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe
PRC - [2009/02/11 17:57:14 | 000,147,456 | ---- | M] () -- C:\Windows\SysWOW64\ANIWConnService.exe


========== Modules (No Company Name) ==========

MOD - [2013/02/15 03:32:58 | 000,557,368 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
MOD - [2013/02/15 03:31:02 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\7ff638de44686eab4afaa8b3c8a9cfca\System.ServiceProcess.ni.dll
MOD - [2013/02/15 03:30:30 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll
MOD - [2013/02/07 12:35:40 | 000,579,904 | ---- | M] () -- C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
MOD - [2013/01/10 03:37:10 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll
MOD - [2013/01/10 03:30:55 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013/01/10 03:30:51 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013/01/10 03:30:48 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013/01/10 03:30:36 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013/01/10 03:30:31 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2012/08/27 20:15:27 | 008,007,680 | ---- | M] () -- C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
MOD - [2012/06/27 14:09:06 | 000,557,056 | ---- | M] () -- C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
MOD - [2012/05/30 19:06:48 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/05/30 19:06:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/06/16 21:42:58 | 000,839,680 | ---- | M] () -- C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe
MOD - [2009/10/19 17:57:04 | 000,270,336 | ---- | M] () -- C:\Windows\SysWOW64\wlanapp.dll
MOD - [2009/06/01 13:23:24 | 000,315,392 | ---- | M] () -- C:\Windows\SysWOW64\ANIOApi.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/01/27 11:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/01/27 11:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/01/14 10:40:50 | 000,230,408 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe -- (NitroDriverReadSpool8)
SRV:64bit: - [2012/12/16 11:25:38 | 000,123,664 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV:64bit: - [2012/09/15 08:03:10 | 000,142,488 | ---- | M] (BiniSoft.org) [Auto | Running] -- C:\Program Files\Windows Firewall Control\wfcs.exe -- (wfcs)
SRV:64bit: - [2012/07/11 18:54:58 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2009/07/14 01:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 01:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013/02/16 00:34:06 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/02/15 03:16:25 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/02/13 09:18:54 | 001,124,184 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2013/01/14 10:40:56 | 000,070,152 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2013/01/09 17:36:06 | 000,795,208 | ---- | M] (pdfforge GbR) [Auto | Running] -- C:\Program Files (x86)\PDF Architect\ConversionService.exe -- (PDF Architect Service)
SRV - [2013/01/09 17:34:26 | 001,324,104 | ---- | M] (pdfforge GbR) [Auto | Running] -- C:\Program Files (x86)\PDF Architect\HelperService.exe -- (PDF Architect Helper Service)
SRV - [2013/01/08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/12/18 14:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/11/26 14:09:22 | 001,225,312 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2012/11/26 14:09:20 | 000,659,040 | ---- | M] (Secunia) [Auto | Stopped] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2012/11/22 10:29:16 | 003,290,304 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/09/04 18:06:07 | 003,696,632 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2012/08/31 09:03:00 | 000,014,336 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\OpenDNS\DNSCrypt\OpenDNSCryptService.exe -- (DNSCrypt)
SRV - [2012/08/23 03:53:18 | 001,126,912 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2012/08/18 20:23:46 | 007,017,896 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe -- (syncagentsrv)
SRV - [2012/07/09 00:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012/03/27 14:23:38 | 000,143,360 | ---- | M] (Pro Softnet Corporation) [Auto | Running] -- C:\ZoneAlarmBackup\ZABackup Service.exe -- (ZoneAlarmBackup Service)
SRV - [2012/03/08 11:25:18 | 000,203,600 | ---- | M] (X-Rite Inc.) [Auto | Running] -- C:\Program Files (x86)\X-Rite\Devices\Services\xrdd.exe -- (xrdd.exe)
SRV - [2012/01/24 16:21:22 | 000,021,880 | ---- | M] (Schneider Electric) [Auto | Running] -- C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe -- (APC Data Service)
SRV - [2012/01/24 16:11:56 | 000,705,912 | ---- | M] (Schneider Electric) [Auto | Running] -- C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe -- (APC UPS Service)
SRV - [2009/06/10 21:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/02/11 17:57:14 | 000,147,456 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\ANIWConnService.exe -- (ANIWConnService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/01/20 15:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/12/16 11:25:34 | 000,202,632 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV:64bit: - [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/09/28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/09/06 09:52:36 | 000,073,040 | ---- | M] (Dataram, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RAMDiskVE.sys -- (RAMDiskVE)
DRV:64bit: - [2012/09/04 18:06:10 | 000,367,200 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\afcdp.sys -- (afcdp)
DRV:64bit: - [2012/09/04 18:06:03 | 001,340,040 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpman.sys -- (tdrpman)
DRV:64bit: - [2012/09/04 18:06:00 | 001,093,256 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tib_mounter.sys -- (tib_mounter)
DRV:64bit: - [2012/09/04 18:05:54 | 000,228,488 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vididr.sys -- (vididr)
DRV:64bit: - [2012/09/04 18:05:53 | 000,166,024 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vidsflt.sys -- (vidsflt)
DRV:64bit: - [2012/09/04 18:05:48 | 000,340,104 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
DRV:64bit: - [2012/09/04 18:05:45 | 000,155,272 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fltsrv.sys -- (fltsrv)
DRV:64bit: - [2012/08/23 14:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 14:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 06:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/12/15 00:46:42 | 000,222,904 | ---- | M] (QFX Software Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\keyscrambler.sys -- (KeyScrambler)
DRV:64bit: - [2011/07/22 16:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 21:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/03/11 06:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 06:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 04:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/09/01 08:30:58 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI)
DRV:64bit: - [2009/12/30 10:21:26 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt)
DRV:64bit: - [2009/08/05 20:59:48 | 000,987,648 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2009/07/14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 23:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/06/10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 20:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/06 17:10:10 | 000,015,872 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\anodlwfx.sys -- (anodlwf)
DRV - [2013/02/15 03:32:58 | 000,175,352 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Running] -- c:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportIaso64.sys -- (RapportIaso)
DRV - [2013/02/15 03:32:55 | 000,585,944 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_50414.sys -- (RapportCerberus_50414)
DRV - [2013/02/13 09:19:12 | 000,357,272 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys -- (RapportPG64)
DRV - [2013/02/13 09:19:12 | 000,228,760 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys -- (RapportEI64)
DRV - [2009/07/14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-1436455705-2035571507-3517363761-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1436455705-2035571507-3517363761-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\S-1-5-21-1436455705-2035571507-3517363761-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 38 1B 4A 1F 7E CC CD 01 [binary data]
IE - HKU\S-1-5-21-1436455705-2035571507-3517363761-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1436455705-2035571507-3517363761-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-1436455705-2035571507-3517363761-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1436455705-2035571507-3517363761-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_168.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_168.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Sundars\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Sundars\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013/02/24 16:08:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/02/24 18:03:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/02/24 18:04:05 | 000,000,000 | ---D | M]

[2012/08/27 21:00:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sundars\AppData\Roaming\Mozilla\Extensions
[2013/02/24 18:03:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/12/07 21:34:10 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/02/16 00:34:54 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013/01/18 22:56:20 | 000,171,584 | ---- | M] (Tracker Software Products (Canada) Ltd.) -- C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
[2013/02/16 04:40:51 | 000,001,738 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
[2013/02/16 04:40:51 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013/02/16 04:40:51 | 000,001,148 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
[2013/02/16 04:40:52 | 000,001,379 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
[2013/02/16 04:40:52 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
[2013/02/16 04:40:52 | 000,001,334 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Sundars\AppData\Local\Google\Chrome\Application\25.0.1364.97\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Sundars\AppData\Local\Google\Chrome\Application\25.0.1364.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Sundars\AppData\Local\Google\Chrome\Application\25.0.1364.97\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: PDF-XChange Viewer (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U9 (Disabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility for IJ (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Disabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - Extension: Entanglement = C:\Users\Sundars\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: WOT = C:\Users\Sundars\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\1.4.9_0\
CHR - Extension: Abine TACO = C:\Users\Sundars\AppData\Local\Google\Chrome\User Data\Default\Extensions\cadbkmipeldjmjfcpcjibfjgflahmphk\1.50_0\
CHR - Extension: Adblock Plus = C:\Users\Sundars\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.3.4_0\
CHR - Extension: DoNotTrackMe = C:\Users\Sundars\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd\2.2.8.109_0\
CHR - Extension: LastPass = C:\Users\Sundars\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\2.0.20_0\
CHR - Extension: Poppit = C:\Users\Sundars\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: FlashControl = C:\Users\Sundars\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfidmkgnfgnkihnjeklbekckimkipmoe\3.0.16_0\
CHR - Extension: Google Mail Checker = C:\Users\Sundars\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\4.4.0_0\

O1 HOSTS File: ([2012/09/20 21:51:54 | 000,600,511 | ---- | M]) - C:\Windows\SysNative\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost #[IPv6]
O1 - Hosts: 127.0.0.1 fr.a2dfp.net
O1 - Hosts: 127.0.0.1 m.fr.a2dfp.net
O1 - Hosts: 127.0.0.1 ad.a8.net
O1 - Hosts: 127.0.0.1 asy.a8ww.net
O1 - Hosts: 127.0.0.1 abcstats.com
O1 - Hosts: 127.0.0.1 a.abv.bg
O1 - Hosts: 127.0.0.1 adserver.abv.bg
O1 - Hosts: 127.0.0.1 adv.abv.bg
O1 - Hosts: 127.0.0.1 bimg.abv.bg
O1 - Hosts: 127.0.0.1 ca.abv.bg
O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua
O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com
O1 - Hosts: 127.0.0.1 accuserveadsystem.com
O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com
O1 - Hosts: 127.0.0.1 achmedia.com
O1 - Hosts: 127.0.0.1 aconti.net
O1 - Hosts: 127.0.0.1 secure.aconti.net
O1 - Hosts: 127.0.0.1 www.aconti.net #[Dialer.Aconti]
O1 - Hosts: 127.0.0.1 csh.actiondesk.com
O1 - Hosts: 127.0.0.1 www.activemeter.com #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ads.activepower.net
O1 - Hosts: 127.0.0.1 stat.active24stats.nl #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 cms.ad2click.nl
O1 - Hosts: 16124 more lines...
O2:64bit: - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files (x86)\KeyScrambler\x64\KeyScramblerIE.dll (QFX Software Corporation)
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O2 - BHO: (PDF Architect Helper) - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (PDF Architect Toolbar) - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll (pdfforge GbR)
O4:64bit: - HKLM..\Run: [Eraser] C:\Program Files\Eraser\Eraser.exe (The Eraser Project)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ANIWZCS2Service] C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Wireless Service)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Display] C:\Program Files (x86)\APC\PowerChute Personal Edition\DataCollectionLauncher.exe (Schneider Electric)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1436455705-2035571507-3517363761-1000..\Run: [OpenDNS Updater] C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe ()
O4 - HKU\S-1-5-21-1436455705-2035571507-3517363761-1000..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O4 - HKU\S-1-5-21-1436455705-2035571507-3517363761-1000..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O4 - HKU\S-1-5-21-1436455705-2035571507-3517363761-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-1436455705-2035571507-3517363761-1000..\Run: [ZoneAlarm Backup Startup] C:\ZoneAlarmBackup\ZABackupStartup.exe (Pro Softnet Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Sundars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Sundars\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Sundars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\VTHash - Shortcut.lnk = C:\Program Files (x86)\Boredom Software\VT Hash Check\VTHash.exe (Boredom Software)
O4 - Startup: C:\Users\Sundars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZoneAlarm Backup Tray.lnk = C:\ZoneAlarmBackup\ZABackupReg2ini.exe (Pro Softnet Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\S-1-5-21-1436455705-2035571507-3517363761-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-21-1436455705-2035571507-3517363761-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1
O7 - HKU\S-1-5-21-1436455705-2035571507-3517363761-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O9:64bit: - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files (x86)\KeyScrambler\x64\KeyScramblerIE.dll (QFX Software Corporation)
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.6.2.cab (DLM Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.67.222.222 208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{34D1FD84-4DBD-4397-A083-ECBEAD716994}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C6FE4E93-3C13-4C10-AE40-508A39FC0C1A}: DhcpNameServer = 208.67.222.222 208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C6FE4E93-3C13-4C10-AE40-508A39FC0C1A}: NameServer = 127.0.0.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2049/12/01 21:46:58 | 000,000,000 | ---D | C] -- C:\Users\Sundars\Documents\Shri Jyoti Star
[2013/02/27 15:50:32 | 000,000,000 | ---D | C] -- C:\Users\Sundars\Desktop\GeeksFeb13
[2013/02/26 23:01:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AlpariUK
[2013/02/24 16:56:45 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Roaming\PDF Architect
[2013/02/24 16:08:36 | 000,000,000 | ---D | C] -- C:\Users\Sundars\Documents\PDF Architect Files
[2013/02/24 16:08:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Architect
[2013/02/24 16:08:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDF Architect
[2013/02/24 16:08:01 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Roaming\pdfforge
[2013/02/24 16:08:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
[2013/02/24 16:06:25 | 000,103,936 | ---- | C] (pdfforge GbR) -- C:\Windows\SysNative\pdfcmon.dll
[2013/02/24 16:06:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDFCreator
[2013/02/22 03:34:08 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013/02/14 11:18:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AmiBroker x64
[2013/02/14 11:18:13 | 000,000,000 | ---D | C] -- C:\Program Files\AmiBroker
[2013/02/14 08:49:46 | 000,000,000 | ---D | C] -- C:\ProgramData\VS Revo Group
[2013/02/11 21:15:11 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Roaming\MAPILab Ltd
[2013/02/11 21:09:18 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MAPILab
[2013/02/11 21:09:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Outlook Security Manager
[2013/02/11 21:09:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MAPILab Ltd
[2013/02/11 21:09:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MAPILab Ltd
[2013/02/11 21:08:47 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[2013/02/11 20:30:54 | 000,000,000 | --SD | C] -- C:\Users\Sundars\Documents\My Data Sources
[2013/02/11 18:51:50 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Sundars\Desktop\TDSSKiller.exe
[2013/02/07 14:22:53 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Roaming\FEXTrader
[2013/02/07 14:19:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AlpariUK
[2013/02/04 16:46:06 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Roaming\Saxo Bank
[2013/02/04 16:46:04 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Local\Saxo Bank
[2013/01/31 20:20:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Saxo Bank
[2013/01/31 20:20:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Saxo Bank
[2013/01/29 13:46:12 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Roaming\FXTS2
[2013/01/29 13:46:09 | 000,000,000 | -H-D | C] -- C:\ProgramData\{38A62063-1033-4FC5-9C3A-95CC87213C6E}
[2013/01/29 13:46:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FX Trading
[2013/01/29 10:56:46 | 000,000,000 | -H-D | C] -- C:\ProgramData\~0
[2013/01/29 10:56:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Candleworks
[2013/01/29 10:56:04 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Local\PackageAware
[2012/12/01 18:52:03 | 013,923,704 | ---- | C] (Schneider Electric) -- C:\Users\Sundars\PCPE Setup.exe
[2012/12/01 18:52:03 | 001,079,808 | ---- | C] (Microsoft Corporation) -- C:\Users\Sundars\mfc80u.dll
[2012/12/01 18:52:03 | 000,626,688 | ---- | C] (Microsoft Corporation) -- C:\Users\Sundars\msvcr80.dll
[2012/12/01 18:52:03 | 000,021,880 | ---- | C] (Schneider Electric) -- C:\Users\Sundars\grm_res.dll
[2012/12/01 18:52:03 | 000,021,880 | ---- | C] (Schneider Electric) -- C:\Users\Sundars\fr_res.dll
[2012/12/01 18:52:03 | 000,021,368 | ---- | C] (Schneider Electric) -- C:\Users\Sundars\pt_res.dll
[2012/12/01 18:52:03 | 000,021,368 | ---- | C] (Schneider Electric) -- C:\Users\Sundars\it_res.dll
[2012/12/01 18:52:03 | 000,021,368 | ---- | C] (Schneider Electric) -- C:\Users\Sundars\es_res.dll
[2012/12/01 18:52:03 | 000,021,368 | ---- | C] (Schneider Electric) -- C:\Users\Sundars\en_res.dll
[2012/12/01 18:52:03 | 000,020,856 | ---- | C] (Schneider Electric) -- C:\Users\Sundars\ru_res.dll
[2012/12/01 18:52:03 | 000,020,344 | ---- | C] (Schneider Electric) -- C:\Users\Sundars\jp_res.dll
[2012/12/01 18:52:03 | 000,019,832 | ---- | C] (Schneider Electric) -- C:\Users\Sundars\zh_res.dll
[2012/11/19 15:14:34 | 000,498,352 | ---- | C] (Norgate Investor Services Pty Ltd) -- C:\Users\Sundars\AppData\Roaming\ngUninstaller.exe

========== Files - Modified Within 30 Days ==========

[2013/02/27 17:15:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/02/27 16:53:12 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1436455705-2035571507-3517363761-1000UA.job
[2013/02/27 16:52:11 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/02/27 16:01:38 | 000,012,926 | ---- | M] () -- C:\Windows\Sandboxie.ini
[2013/02/27 15:49:45 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Sundars\Desktop\TDSSKiller.exe
[2013/02/27 11:55:39 | 000,209,403 | ---- | M] () -- C:\Users\Sundars\Desktop\Saxo.cs2
[2013/02/27 06:52:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/02/27 03:26:45 | 000,013,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/02/27 03:26:45 | 000,013,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/02/27 03:18:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/02/27 03:18:11 | 1073,221,627 | -HS- | M] () -- C:\hiberfil.sys
[2013/02/27 03:01:10 | 000,002,155 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/02/27 02:53:01 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1436455705-2035571507-3517363761-1000Core.job
[2013/02/26 23:01:25 | 000,001,909 | ---- | M] () -- C:\Users\Public\Desktop\AlpariDirect.lnk
[2013/02/26 22:57:27 | 000,209,042 | ---- | M] () -- C:\Users\Sundars\Desktop\Saxo.bs2
[2013/02/26 22:20:46 | 000,202,176 | ---- | M] () -- C:\Users\Sundars\Desktop\Saxo_Simulation.cs2
[2013/02/26 22:20:46 | 000,202,176 | ---- | M] () -- C:\Users\Sundars\Desktop\Saxo_Live.cs2
[2013/02/25 14:10:29 | 011,680,494 | ---- | M] () -- C:\Users\Sundars\Desktop\Millard_Cycles-A Tribute to J. M. Hurst.pdf
[2013/02/25 09:49:58 | 006,004,403 | ---- | M] () -- C:\Users\Sundars\Desktop\Balan , Robert - Elliott Wave Principle Forex.pdf
[2013/02/25 09:45:35 | 000,566,110 | ---- | M] () -- C:\Users\Sundars\Desktop\Vedic Astrology and Rasi Characteristics.pdf
[2013/02/25 09:43:54 | 000,119,885 | ---- | M] () -- C:\Users\Sundars\Desktop\JYOTISH VEDIC ASTROLOGY Brihat Jatak.pdf
[2013/02/25 09:36:29 | 018,322,616 | ---- | M] () -- C:\Users\Sundars\Desktop\fundamentals of vedic astro. by Bepin Bihari.pdf
[2013/02/25 09:32:31 | 000,294,327 | ---- | M] () -- C:\Users\Sundars\Desktop\JYOTISH VEDIC ASTROLOGY Bhrigu Sutras.pdf
[2013/02/24 23:15:35 | 000,989,704 | ---- | M] () -- C:\Users\Sundars\Desktop\Narayana Dasa - S. Rath [Chi].pdf
[2013/02/24 18:04:21 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/02/24 16:37:27 | 000,001,121 | ---- | M] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2013/02/24 16:37:27 | 000,000,909 | ---- | M] () -- C:\Users\Sundars\Desktop\AmiBroker x64.lnk
[2013/02/24 16:08:47 | 000,000,997 | ---- | M] () -- C:\Users\Sundars\Desktop\PDF Architect.lnk
[2013/02/24 16:08:01 | 000,001,035 | ---- | M] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[2013/02/23 17:55:22 | 000,002,380 | ---- | M] () -- C:\Users\Sundars\Desktop\Google Chrome.lnk
[2013/02/18 23:16:16 | 000,000,018 | ---- | M] () -- C:\UserName.ini
[2013/02/15 15:00:30 | 000,785,302 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/02/15 15:00:30 | 000,668,644 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/02/15 15:00:30 | 000,126,260 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/02/15 03:26:42 | 000,424,808 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/02/08 17:49:13 | 000,001,062 | ---- | M] () -- C:\Users\Public\Desktop\PDF-Viewer.lnk
[2013/02/03 12:42:22 | 000,001,053 | ---- | M] () -- C:\Users\Sundars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013/02/03 12:42:01 | 000,001,025 | ---- | M] () -- C:\Users\Sundars\Desktop\Dropbox.lnk
[2013/01/31 20:20:31 | 000,002,068 | ---- | M] () -- C:\Users\Public\Desktop\SaxoTrader.lnk
[2013/01/29 13:46:07 | 000,000,968 | ---- | M] () -- C:\Users\Public\Desktop\FXCM Trading Station.lnk

========== Files Created - No Company Name ==========

[2013/02/26 22:53:48 | 000,202,176 | ---- | C] () -- C:\Users\Sundars\Desktop\Saxo_Live.cs2
[2013/02/26 22:20:53 | 000,202,176 | ---- | C] () -- C:\Users\Sundars\Desktop\Saxo_Simulation.cs2
[2013/02/25 17:01:40 | 000,405,166 | ---- | C] () -- C:\Users\Sundars\Desktop\1024880_CB-876159501001_INV_CB-876159501001-20130124_20130124.pdf
[2013/02/25 17:00:45 | 000,404,985 | ---- | C] () -- C:\Users\Sundars\Desktop\1024880_CB-876159501001_INV_CB-876159501001-20121219_20121219.pdf
[2013/02/25 16:59:06 | 000,408,586 | ---- | C] () -- C:\Users\Sundars\Desktop\1024880_CB-876159501001_INV_CB-876159501001-20121126_20121126.pdf
[2013/02/25 14:09:57 | 011,680,494 | ---- | C] () -- C:\Users\Sundars\Desktop\Millard_Cycles-A Tribute to J. M. Hurst.pdf
[2013/02/25 09:49:41 | 006,004,403 | ---- | C] () -- C:\Users\Sundars\Desktop\Balan , Robert - Elliott Wave Principle Forex.pdf
[2013/02/25 09:45:30 | 000,566,110 | ---- | C] () -- C:\Users\Sundars\Desktop\Vedic Astrology and Rasi Characteristics.pdf
[2013/02/25 09:43:52 | 000,119,885 | ---- | C] () -- C:\Users\Sundars\Desktop\JYOTISH VEDIC ASTROLOGY Brihat Jatak.pdf
[2013/02/25 09:35:30 | 018,322,616 | ---- | C] () -- C:\Users\Sundars\Desktop\fundamentals of vedic astro. by Bepin Bihari.pdf
[2013/02/25 09:32:28 | 000,294,327 | ---- | C] () -- C:\Users\Sundars\Desktop\JYOTISH VEDIC ASTROLOGY Bhrigu Sutras.pdf
[2013/02/24 23:15:34 | 000,989,704 | ---- | C] () -- C:\Users\Sundars\Desktop\Narayana Dasa - S. Rath [Chi].pdf
[2013/02/24 16:08:47 | 000,000,997 | ---- | C] () -- C:\Users\Sundars\Desktop\PDF Architect.lnk
[2013/02/24 16:08:01 | 000,001,035 | ---- | C] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[2013/02/14 11:18:18 | 000,000,909 | ---- | C] () -- C:\Users\Sundars\Desktop\AmiBroker x64.lnk
[2013/02/14 11:14:30 | 000,001,121 | ---- | C] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2013/02/07 14:19:57 | 000,001,909 | ---- | C] () -- C:\Users\Public\Desktop\AlpariDirect.lnk
[2013/02/04 16:53:52 | 000,209,403 | ---- | C] () -- C:\Users\Sundars\Desktop\Saxo.cs2
[2013/02/04 16:53:52 | 000,209,042 | ---- | C] () -- C:\Users\Sundars\Desktop\Saxo.bs2
[2013/01/31 20:20:31 | 000,002,068 | ---- | C] () -- C:\Users\Public\Desktop\SaxoTrader.lnk
[2013/01/29 13:46:07 | 000,000,968 | ---- | C] () -- C:\Users\Public\Desktop\FXCM Trading Station.lnk
[2013/01/22 22:56:57 | 000,000,115 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2012/12/12 07:28:24 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\NtDirect.dll
[2012/12/10 21:48:05 | 000,000,208 | ---- | C] () -- C:\Windows\SJDemo.INI
[2012/12/01 18:52:05 | 013,338,112 | ---- | C] () -- C:\Users\Sundars\PCPE_3.0.1.msi
[2012/12/01 18:52:03 | 000,018,808 | ---- | C] () -- C:\Users\Sundars\ResourceReader.dll
[2012/10/01 19:05:07 | 000,000,079 | ---- | C] () -- C:\Users\Sundars\AppData\Local\CrystalDiskMark30.ini
[2012/09/18 13:03:30 | 000,012,926 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2012/09/17 20:32:41 | 000,197,800 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2012/09/13 18:24:38 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\ANIWConnService.exe
[2012/09/13 18:24:28 | 000,270,336 | ---- | C] () -- C:\Windows\SysWow64\wlanapp.dll
[2012/09/13 18:24:28 | 000,217,088 | ---- | C] () -- C:\Windows\SysWow64\aIPH.dll
[2012/09/13 18:24:28 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\AQCKGen.dll
[2012/09/13 18:24:28 | 000,045,115 | ---- | C] () -- C:\Windows\SysWow64\ANICtl.dll
[2012/09/13 18:24:01 | 000,315,392 | ---- | C] () -- C:\Windows\SysWow64\ANIOApi.dll
[2012/09/13 18:24:00 | 000,733,184 | ---- | C] () -- C:\Windows\SysWow64\ANIOWPS.dll
[2012/09/13 18:24:00 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\ANIWPS.exe
[2012/08/31 06:25:37 | 000,005,544 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/08/29 21:45:01 | 000,026,128 | ---- | C] () -- C:\Windows\SysWow64\ZABackupXceedCryReg.exe
[2012/08/29 21:45:00 | 000,441,705 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll
[2012/08/29 21:45:00 | 000,055,808 | ---- | C] () -- C:\Windows\SysWow64\zlib1.dll
[2012/08/27 20:42:08 | 000,769,284 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/09/19 07:07:46 | 000,015,360 | ---- | C] () -- C:\Windows\SysWow64\bdmjpeg.dll
[2011/09/19 07:07:32 | 000,058,368 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll

========== ZeroAccess Check ==========

[2012/11/26 22:33:56 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RC65CCW\Futures-PremiumData\l
[2012/11/26 22:33:56 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RC65CCW\Futures-PremiumData\n
[2012/11/26 22:33:56 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RC65CCW\Futures-PremiumData\u
[2012/12/31 09:49:12 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RSFYH16\l
[2012/12/31 09:49:12 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RSFYH16\n
[2012/12/31 09:49:12 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RSFYH16\u
[2012/11/26 22:36:55 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RY4MAPM\l
[2012/11/26 22:36:55 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RY4MAPM\n
[2012/11/26 22:36:55 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RY4MAPM\u
[2009/07/14 04:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 05:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 04:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/08/21 13:11:31 | 000,857,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/08/21 13:37:44 | 000,636,928 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/08/21 13:08:38 | 000,453,120 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========


========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 192 bytes -> C:\Windows:nlsPreferences

< End of report >


------------------------------------------------
OTL EXTRAS
---------------------------------------------------------
OTL Extras logfile created on: 27/02/2013 17:43:35 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Sundars\Desktop\GeeksFeb13
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

28.00 Gb Total Physical Memory | 19.20 Gb Available Physical Memory | 68.56% Memory free
56.00 Gb Paging File | 47.34 Gb Available in Paging File | 84.54% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.76 Gb Total Space | 373.20 Gb Free Space | 80.13% Space Free | Partition Type: NTFS
Drive D: | 1397.27 Gb Total Space | 1217.79 Gb Free Space | 87.15% Space Free | Partition Type: NTFS
Drive F: | 3.99 Gb Total Space | 3.29 Gb Free Space | 82.42% Space Free | Partition Type: NTFS

Computer Name: SUNDARS-PC | User Name: Sundars | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
"PolicyVersion" = 522

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
"DisableNotifications" = 0
"AllowLocalPolicyMerge" = 1
"DefaultInboundAction" = 1
"EnableFirewall" = 1
"DefaultOutboundAction" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging]
"LogDroppedPackets" = 1
"LogSuccessfulConnections" = 0
"LogFilePath" = D:\Firewall Logs\Corp Domain\CorpDomFirewall.log -- ()

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile]
"DisableNotifications" = 0
"AllowLocalPolicyMerge" = 1
"AllowLocalIPsecPolicyMerge" = 1
"DefaultInboundAction" = 1
"EnableFirewall" = 1
"DefaultOutboundAction" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile\Logging]
"LogFilePath" = D:\Firewall Logs\Private Domain\Private-firewall.log -- ()
"LogDroppedPackets" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile]
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0
"AllowLocalPolicyMerge" = 1
"AllowLocalIPsecPolicyMerge" = 1
"DefaultInboundAction" = 1
"EnableFirewall" = 1
"DefaultOutboundAction" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\Logging]
"LogFilePath" = D:\Firewall Logs\Pub Domain\pubfirewall.log -- ()
"LogDroppedPackets" = 1
"LogSuccessfulConnections" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
"PolicyVersion" = 522

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
"DisableNotifications" = 0
"AllowLocalPolicyMerge" = 1
"DefaultInboundAction" = 1
"EnableFirewall" = 1
"DefaultOutboundAction" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging]
"LogDroppedPackets" = 1
"LogSuccessfulConnections" = 0
"LogFilePath" = D:\Firewall Logs\Corp Domain\CorpDomFirewall.log -- ()

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile]
"DisableNotifications" = 0
"AllowLocalPolicyMerge" = 1
"AllowLocalIPsecPolicyMerge" = 1
"DefaultInboundAction" = 1
"EnableFirewall" = 1
"DefaultOutboundAction" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile\Logging]
"LogFilePath" = D:\Firewall Logs\Private Domain\Private-firewall.log -- ()
"LogDroppedPackets" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile]
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0
"AllowLocalPolicyMerge" = 1
"AllowLocalIPsecPolicyMerge" = 1
"DefaultInboundAction" = 1
"EnableFirewall" = 1
"DefaultOutboundAction" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\Logging]
"LogFilePath" = D:\Firewall Logs\Pub Domain\pubfirewall.log -- ()
"LogDroppedPackets" = 1
"LogSuccessfulConnections" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DefaultOutboundAction" = 1
"DefaultInboundAction" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DefaultOutboundAction" = 1
"DefaultInboundAction" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DefaultOutboundAction" = 1
"DefaultInboundAction" = 1
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0080B179-9CEC-40A5-A462-0B82343768A9}" = rport=80 | protocol=6 | dir=out | app=c:\program files\internet explorer\iexplore.exe |
"{037817A2-0C36-4F80-BD21-4E9E93B11B83}" = lport=2869 | protocol=6 | dir=in | app=system |
"{0435F557-D1A4-402E-B1F7-3D9E7F648381}" = rport=60020 | protocol=6 | dir=out | app=c:\program files (x86)\dtn\iqfeed\iqconnect.exe |
"{0B304621-B5AE-4C95-9DE1-13FF76A6BBFC}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0BC3C76A-D498-4DC2-892B-EA6D8A22F9CC}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"{0ED09BE7-AE91-4C38-82B5-FC9EA8C190B7}" = rport=5357 | protocol=6 | dir=out | app=c:\windows\system32\svchost.exe |
"{1004C511-AFBE-458B-98D5-833B7DB26337}" = rport=80 | protocol=6 | dir=out | app=%programfiles% (x86)\common files\java\java update\jaucheck.exe |
"{12CF2A8A-9497-417A-9D2E-2F3506289CC2}" = rport=80 | protocol=6 | dir=out | app=%programfiles% (x86)\java\jre7\bin\java.exe |
"{1525DB6D-2600-44F1-A2A9-965CBE65F773}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{17CA3D79-A96C-4BBE-B23E-75A7FCDBC4FD}" = rport=80 | protocol=6 | dir=out | app=%programfiles% (x86)\java\jre7\bin\javaws.exe |
"{19149804-26F3-43C8-B148-CBDBAD23C459}" = rport=80 | protocol=6 | dir=out | app=%programfiles% (x86)\candleworks\fxts2\fxtspp.exe |
"{1C941435-EAAF-43D2-90E6-0ACF03B62B9F}" = rport=139 | protocol=6 | dir=out | app=system |
"{1EDA99A7-9AD4-4AF0-9303-435091387BCB}" = rport=80 | protocol=6 | dir=out | name=custom - sanboxie update |
"{27BFBB78-5FD9-477D-904A-1AB9E0882C54}" = rport=80 | protocol=6 | dir=out | app=%userprofile%\downloads\jre-7u7-windows-i586.exe |
"{2C11ED30-390F-402B-A3F8-A3D1815BBE6B}" = rport=80 | protocol=6 | dir=out | app=%programfiles%\microsoft security client\msseces.exe |
"{2E0D74DE-530B-4CB9-9F2C-7C2979EDDE73}" = rport=80 | protocol=6 | dir=out | app=%programfiles%\tracker software\live update\liveupdate.exe |
"{2FA6246B-3291-43C2-9104-335418D2B2C9}" = rport=443 | protocol=6 | dir=out | app=c:\program files (x86)\malwarebytes' anti-malware\mbamscheduler.exe |
"{37173833-9E91-4523-BB2C-9D0F35330214}" = rport=80 | protocol=6 | dir=out | svc=wuauserv | app=%systemroot%\syswow64\svchost.exe |
"{38A745CD-9C0B-481F-A0F6-2B55D409C8DE}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\apple software update\softwareupdate.exe |
"{3C8CE795-74B8-446F-945B-9143E289DC40}" = lport=138 | protocol=17 | dir=in | app=system |
"{3E10042F-FF69-4A2F-885D-593CF23AB8CB}" = rport=21 | protocol=6 | dir=out | app=ftpcommand |
"{41852DE7-8F6D-4FEB-9118-570AF75F6ED5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{435B5C72-25C2-4F4C-BECB-128217EA84E2}" = rport=80 | protocol=6 | dir=out | app=%programfiles% (x86)\java\jre7\bin\javacpl.exe |
"{460D9863-B5A3-49C7-85EB-1B0A0DEAFF55}" = rport=990 | protocol=6 | dir=out | app=ftps |
"{48215E7D-0375-41A7-85B3-D2A416BA1280}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{487D674D-A0F6-43F4-BE83-7001E3313EF9}" = rport=80 | protocol=6 | dir=out | app=%userprofile%\downloads\chromeinstall-7u7.exe |
"{4951FC49-C199-4CE8-890B-81217AEDC5DE}" = rport=80 | protocol=6 | dir=out | svc=wuauserv | app=%systemroot%\system32\svchost.exe |
"{4F54FEDD-A0E7-47A7-AEE2-67576541E639}" = lport=139 | protocol=6 | dir=in | app=system |
"{4FA3CDD0-5078-45F5-83F0-5C0267DA3BFD}" = lport=445 | protocol=6 | dir=in | app=system |
"{51253AA4-83E7-4D1C-9453-CF0923CCA2D9}" = rport=80 | protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{52F0BEC5-E727-493E-9ED9-8F53C11E1BA8}" = rport=25 | protocol=6 | dir=out | app=%programfiles% (x86)\microsoft office\office12\outlook.exe |
"{55A77A94-5B62-498A-9426-C02BAF3F977B}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\google\update\googleupdate.exe |
"{55BD0BCC-0811-4876-A209-C948E128C403}" = rport=80 | protocol=6 | dir=out | app=%programfiles% (x86)\common files\java\java update\jusched.exe |
"{5AAF81B0-C53F-4746-ACBC-FD09B38AF601}" = rport=443 | protocol=6 | dir=out | app=c:\program files (x86)\trusteer\rapport\bin\rapportmgmtservice.exe |
"{5AC02C1F-54F8-4DE5-817E-4FC269EDA339}" = rport=80 | protocol=6 | dir=out | app=%programfiles% (x86)\itunes\itunes.exe |
"{5DE4A4D2-FA9F-4353-A708-D73DA3A652C4}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\trusteer\rapport\bin\rapportservice.exe |
"{5F3BD7B4-F12D-4F53-9333-8388EC1F3D79}" = rport=80 | protocol=6 | dir=out | app=%programfiles% (x86)\java\jre7\bin\javaw.exe |
"{691532FC-BDE4-4416-9D10-2D58CFF798D8}" = rport=0 | protocol=6 | dir=out | app=ftpdatapass |
"{6C1BA8E5-4A21-45F5-B319-EF1E5CAF2FAA}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{72D52E9A-3F98-49B6-B994-27D898CF3E7E}" = rport=445 | protocol=6 | dir=out | app=system |
"{7647472E-4DD4-4328-B47E-EFC512D8E11C}" = lport=5454 | protocol=6 | dir=in | name=x-rite device services manager |
"{7675492C-551C-4CEA-8D24-47BF6BB555D5}" = rport=123 | protocol=17 | dir=out | svc=w32time | app=%systemroot%\system32\svchost.exe |
"{76D7BFC5-DE32-4D2B-975E-BF311A970C2B}" = rport=123 | protocol=17 | dir=out | svc=w32time | app=%systemroot%\syswow64\svchost.exe |
"{770D90DC-A3EC-4E2A-9BD9-D1A9A381A196}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\malwarebytes' anti-malware\mbamscheduler.exe |
"{77642868-B51E-4862-AE57-8A1241E8ADBA}" = rport=53242 | protocol=17 | dir=out | app=c:\windows\system32\svchost.exe |
"{79727309-7478-4C34-A02A-4FCA4BBC2401}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7ACB291D-24AD-4E50-BB18-18419E47F26E}" = rport=80 | protocol=6 | dir=out | app=%userprofile%\downloads\flashplayer.exe |
"{7F4C80D8-4753-4040-86C6-DC5EF60A84FA}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\mozilla firefox\updater.exe |
"{8100B946-DF54-49CB-9A6C-1178D20ED7B4}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\vs revo group\revo uninstaller\revouninstaller.exe |
"{88ED0056-AB28-4434-9B29-D8B1BC7FB02F}" = lport=137 | protocol=17 | dir=in | app=system |
"{8B2101E0-12C1-4346-9CAA-A39F0E6EBB11}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{8D9FF397-5CD4-41D2-9720-83ED65EF6CD4}" = rport=0 | protocol=17 | dir=out | app=%systemroot%\system32\lsass.exe |
"{8DBDF54A-6044-4280-BD95-A75FE5503C6F}" = rport=80 | protocol=6 | dir=in | app=%programfiles% (x86)\dtn\iqfeed\iqconnect.exe |
"{93E8D073-5DCA-48FF-A7C6-AF87BDE40FCC}" = rport=53 | protocol=17 | dir=out | app=%programfiles% (x86)\opendns\dnscrypt\dnscrypt-proxy.exe |
"{94A3740E-1CBD-4890-92D0-544398794671}" = rport=0 | protocol=6 | dir=in | app=ftpdata |
"{9768C54D-E186-418F-A875-D6E358FA8DBA}" = lport=135 | protocol=6 | dir=in | name=custom network rule - block port 135 & 445 |
"{9931D52F-202A-4B3B-AA60-4DE087F1CBF6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{9DC477C0-F7D9-4366-A090-90FD2940964B}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\imgburn\imgburn.exe |
"{A1199EF9-80D2-4765-9926-6ECDF199968E}" = rport=80 | protocol=6 | dir=out | app=%programfiles% (x86)\alpariuk\alpariukdirect.exe |
"{A1CC236B-EDE1-4BC3-B998-29369803D698}" = rport=443 | protocol=6 | dir=out | app=c:\program files (x86)\trusteer\rapport\bin\rapportservice.exe |
"{A3E44110-D81C-4C40-97A6-AC370F8A58BC}" = rport=80 | protocol=6 | dir=out | app=%programfiles% (x86)\common files\java\java update\jucheck.exe |
"{ACDD36DC-9D27-47EB-90D0-F926A4EB5BE5}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AD288ADA-13A6-4AB7-9F11-667E8037441E}" = rport=53 | protocol=17 | dir=out | svc=dnscache | app=c:\windows\system32\svchost.exe |
"{AD64947C-D997-48B1-BE42-91B8A0D7DE10}" = rport=53 | protocol=17 | dir=out | app=c:\windows\system32\svchost.exe |
"{AEE2927D-0BE7-48AD-B84F-BB9420B413F7}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\google\update\googleupdate.exe |
"{BE35D014-7375-4CF8-96E7-FB48BD4FC589}" = rport=80 | protocol=6 | dir=out | svc=helpsvc | app=%systemroot%\system32\svchost.exe |
"{C1517DCF-0153-411F-B6F7-437EABA15734}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\trusteer\rapport\bin\rapportmgmtservice.exe |
"{C25FDC95-75C8-4B02-A680-A9683369255D}" = rport=1900 | protocol=17 | dir=in | name=custom network rule - block port 1900 |
"{C54F4BEA-6C5D-49A4-A404-106D40F36805}" = rport=137 | protocol=17 | dir=out | app=system |
"{C7AF0FCA-D9E0-46CC-9560-CC3F6374000F}" = rport=21 | protocol=6 | dir=out | app=c:\windows\system32\ftp.exe |
"{CB8C8985-DED2-4AD8-A6DB-9DACB7382757}" = rport=80 | protocol=6 | dir=out | app=c:\windows\explorer.exe |
"{CED1BDAB-355B-43E1-AE4C-B6F2BDACD7D7}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\internet explorer\iexplore.exe |
"{D1FD6188-2C72-4D8D-B00D-4F5DDF1B4C16}" = rport=10243 | protocol=6 | dir=out | app=system |
"{D2E3F49D-5D14-4A30-8692-3D62D9EB66C4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D3D68CB4-1CA5-4CD2-97B5-BD401CAECA3B}" = rport=53 | protocol=17 | dir=out | app=c:\users\sundars\desktop\dnsbench.exe |
"{D69D0BA4-25AA-45D5-B13B-D16F60E7BC56}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DCA478A1-17F1-4837-BCA8-076A2AF54BD5}" = lport=445 | protocol=6 | dir=in | app=system |
"{E5DA8FC4-8E91-479F-8B46-600566B7B709}" = rport=80 | protocol=6 | dir=out | app=%programfiles% (x86)\neosmart technologies\easybcd\easybcd.exe |
"{E606D67D-B1AB-4EE1-A69C-9D2FE4938B7C}" = rport=19105 | protocol=6 | dir=out | app=c:\zonealarmbackup\zabackupclsclient.exe |
"{E7E35D46-CB1B-43FD-BA53-5AA1F210DD54}" = rport=138 | protocol=17 | dir=out | app=system |
"{EDA4A98E-8370-4539-AD6B-72404B071835}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EE6EC7EC-AC60-4DC6-A6CE-A862F8571CF9}" = rport=80 | protocol=6 | dir=out | app=%userprofile%\desktop\dnsbench.exe |
"{EED2690E-C22D-4DD0-9E27-D640DC27DD9F}" = lport=10243 | protocol=6 | dir=in | app=system |
"{EFB25419-6427-4026-863D-0D0ABAF13106}" = rport=5353 | protocol=17 | dir=out | app=c:\program files\bonjour\mdnsresponder.exe |
"{F1465CE8-C087-48DF-9FDC-B822BB36ABE3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{F8629104-F619-49D0-AE1C-6100248D1A28}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\dtn\iqfeed\iqconnect.exe |
"{FA99D32A-DFE9-4A49-8244-3AF34448FA84}" = rport=9300 | protocol=17 | dir=in | app=%programfiles% (x86)\dtn\iqfeed\iqconnect.exe |
"{FAD88354-8E90-48F0-9C06-93B86887956B}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\malwarebytes' anti-malware\mbam.exe |
"{FBA1FFFE-E890-4A05-A650-C5E74DF32FC9}" = rport=443 | protocol=6 | dir=out | app=c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02AE0858-A1D2-4E46-B57B-0B53F51CC875}" = protocol=6 | dir=out | app=system |
"{02F6CF83-B922-4DFA-A538-CE9690B4F467}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{07DE943A-FCCE-4632-8583-9233297F71B3}" = protocol=6 | dir=out | app=c:\program files (x86)\dtn\iqfeed\iqlinklauncher.exe |
"{081C384A-26DC-49A0-BE1C-512FA0F7B368}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0E22F87F-52A2-49DA-BFC4-F82A0BD47882}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1A44AE1D-755F-4204-A097-239793D3B011}" = protocol=6 | dir=out | app=system |
"{1C436F62-F9BB-48E5-9500-734DF5514EA4}" = protocol=41 | dir=out | app=system |
"{1F60ADFE-3A22-45A4-B306-BB7677B1D361}" = protocol=17 | dir=in | app=%programfiles% (x86)\skype\phone\skype.exe |
"{23283D50-1E32-41EB-92A8-8C37E25517B0}" = protocol=6 | dir=in | app=c:\users\sundars\appdata\roaming\dropbox\bin\dropbox.exe |
"{27BD713F-6845-4387-BBFF-E98D8C0B5B20}" = protocol=1 | dir=out | app=any |
"{2AD065AB-674C-4B08-B2A9-5E042F7FE9E3}" = protocol=58 | dir=out | [email protected],-28546 |
"{31AFFA1F-636C-450F-ADD6-E24735461E56}" = protocol=6 | dir=out | app=c:\program files (x86)\dtn\iqfeed\iqlinklauncher.exe |
"{36E58820-6D9D-457A-B352-AF3F0CB53A5E}" = protocol=1 | dir=out | app=any |
"{3ABF56B1-01A2-483B-9B66-AFA61B4AB951}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3BAC2DCA-4022-4E72-BA73-873017E23D51}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3E22B6B3-3727-4519-A3DE-BD48C9488392}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{46C26C40-03DB-4FEC-AC98-FB914BD94B8F}" = protocol=58 | dir=in | [email protected],-28545 |
"{4986A3E3-3510-421C-A080-B6D2C3FC360C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{52AFB3C1-C1A5-491D-A84A-21256767B8BC}" = dir=out | app=c:\windows\system32\svchost.exe |
"{58F648BB-3EA9-4859-8669-E4F47E6EA2E5}" = protocol=6 | dir=out | app=%programfiles% (x86)\skype\phone\skype.exe |
"{6005D19E-3CB0-4A6F-A579-E270439F9869}" = dir=out | app=%programfiles% (x86)\skype\phone\skype.exe |
"{65F4782F-EACD-41DB-9ED5-26393C29DE82}" = protocol=17 | dir=out | app=c:\windows\system32\svchost.exe |
"{72BCEA47-6BB6-4ADE-983B-228641C9302D}" = protocol=1 | dir=out | app=system |
"{734788E0-AFAF-487E-AED0-9298930A1088}" = protocol=17 | dir=out | app=%programfiles% (x86)\dtn\iqfeed\iqconnect.exe |
"{741143EC-C7A7-47A7-B42A-2EFF2ED9B126}" = protocol=1 | dir=out | [email protected],-28544 |
"{7ED03C91-09EB-4076-A2FF-5E7E98C1EFAA}" = dir=out | app=c:\windows\system32\svchost.exe |
"{7F0036D4-EC68-46E5-B69A-42C2C1344461}" = protocol=17 | dir=in | app=c:\users\sundars\appdata\roaming\dropbox\bin\dropbox.exe |
"{8B32DC7A-B6D2-4A37-BE2E-B4EEDA94468D}" = protocol=1 | dir=in | app=system |
"{8D31B319-72A4-41E0-8FBA-86E99DB4EA81}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9568630F-847B-42F1-8ACE-407919AAB359}" = protocol=1 | dir=in | [email protected],-28543 |
"{9C3E662D-983C-48E1-A95A-E3BCEC1256BF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9F5E6F7C-1BAE-48C0-906A-5B84CB0FF752}" = dir=out | app=c:\windows\system32\svchost.exe |
"{A0ADB1FB-9594-4BB7-8AFC-1F713A9E2518}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A1DD282B-58C7-45B4-BEE7-752EA6D3906C}" = dir=out | app=c:\program files\bonjour\mdnsresponder.exe |
"{A6D498CF-E09B-444E-92C0-96E7D1F913DB}" = protocol=6 | dir=out | app=c:\users\sundars\appdata\local\google\chrome\application\chrome.exe |
"{A8535852-4D23-44D2-9DEE-CD01379E81BB}" = protocol=6 | dir=out | app=%programfiles% (x86)\skype\phone\skype.exe |
"{B1823B2B-EDC0-4BC0-837F-A88EEE3007D8}" = dir=out | app=%programfiles% (x86)\skype\phone\skype.exe |
"{B1988050-9ED7-4E08-BCE1-373D183E3673}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B4BC57CD-0FD5-4741-A302-6BBB97016F68}" = dir=out | app=c:\windows\system32\svchost.exe |
"{B8109073-8311-4FAD-A67C-734030419875}" = protocol=6 | dir=in | app=system |
"{C1595049-4E1F-4439-97B2-1E19F1B33573}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{CB76087B-1BA0-4271-8CF5-6DD3F72E2E98}" = protocol=6 | dir=out | app=%programfiles% (x86)\dtn\iqfeed\iqconnect.exe |
"{CCC19B31-EF85-46CA-AF61-A8745EC86EC7}" = protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{D1D6BDA2-327D-4124-A999-7B5CBC25EFBF}" = dir=out | app=localhost |
"{D3BE2D32-9A18-45C7-B6B9-FED10B20B3F6}" = protocol=6 | dir=in | app=%programfiles% (x86)\skype\phone\skype.exe |
"{D61688A1-CA8B-4CF4-BEDF-A2560DA1F10D}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{D6405D40-BAFA-4502-B088-63AC198989EF}" = dir=out | app=c:\users\sundars\appdata\local\google\update\googleupdate.exe |
"{D85495EB-0B42-4E83-959F-0855C57BDBD3}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D8E461AB-C02C-4F03-98C4-CDA6AEB570BC}" = dir=out | app=c:\windows\system32\svchost.exe |
"{DB19B829-055B-4A4E-8806-EEEB69794CB4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DE8F6E81-1B58-4C50-BC81-E216FA32945E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DED7948D-BB40-406E-86D7-D218E54D7025}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E231AF57-69BB-40B9-8E60-7AEA8D2AFCBF}" = protocol=17 | dir=out | app=%programfiles% (x86)\dtn\iqfeed\iqconnect.exe |
"{E7BE0CEA-2882-4E7A-9D41-24999CE84D8A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F44AF056-E079-4E84-B7AD-6C93D96D4425}" = protocol=17 | dir=in | app=system |
"{F97CFC43-DDBB-4A9D-B160-1838A78D4AF9}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"TCP Query User{233BB6F8-395C-4ABB-B0F1-CFBDFB632F0E}C:\program files (x86)\ninjatrader 7\bin64\ninjatrader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ninjatrader 7\bin64\ninjatrader.exe |
"UDP Query User{145BF891-3E97-4094-978C-8DA141CC18AD}C:\program files (x86)\ninjatrader 7\bin64\ninjatrader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ninjatrader 7\bin64\ninjatrader.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04F9B09E-CDB5-46fc-AC30-2E7E7C7A8A34}" = Canon MP800
"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
"{1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1}" = Microsoft .NET Framework 4.5
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417015FF}" = Java 7 Update 15 (64-bit)
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 3.0.1
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E5159B4-A519-41EF-80EF-AD58371515DF}" = Eraser 6.0.10.2620
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5
"{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer
"{AAE9AB32-071F-46AF-B0C3-F936E6345F4A}" = Nitro Pro 8
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D0CB24F4-084F-40DE-B6B9-A03626E682F0}" = iCloud
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client
"{F92F0AAB-2EF6-412C-8BF4-0B11EB535280}_is1" = PDF-XChange 2012 Pro
"AmiBroker64_is1" = AmiBroker 5.60.3 x64
"CCleaner" = CCleaner
"CrystalDiskMark_is1" = CrystalDiskMark 3.0.1c
"Microsoft Security Client" = Microsoft Security Essentials
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"Sandboxie" = Sandboxie 3.76 (64-bit)
"Windows Firewall Control" = Windows Firewall Control

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{1E579B65-503B-4184-B481-5138124BEE1D}_is1" = VT Hash Check 1.2
"{26A24AE4-039D-4CA4-87B4-2F83217015FF}" = Java 7 Update 15
"{272E80B6-9579-421F-8B8E-6E8855FA1F91}" = Vigor N61 802.11n Wireless USB Adapter
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{3577E42B-3347-4EB8-BFDA-D36E8ED3C519}" = Windows 7 USB/DVD Download Tool
"{45EECCAE-403C-44CE-AE2F-6028617B63F8}" = X-Rite Device Services Manager
"{494367EC-82A9-4C0D-A788-74A967998E8C}" = FXCM Trading Station
"{49C14B93-58AD-4178-B52C-750D54CE618D}" = SaxoTrader
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C590030-7469-453E-8589-D15DA9D03F52}" = ANIWZCS2 Service
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{80A07844-CA64-4DE4-AB61-D37DDBE8074F}" = PDF Architect
"{8ED262EE-FC73-47A9-BB86-D92223246881}" = PowerChute Personal Edition 3.0.2
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_PROR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.6)
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B008D66F-B796-4C06-B707-932F0B225531}" = Mail Merge Toolkit
"{B3314ED3-506E-40BE-BBB0-104E719AE44B}" = AlpariUK
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BB2338E5-3156-49D3-B539-7E6EF5BC3ECF}" = NinjaTrader 7
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{DEF3592F-0751-4632-9875-8BF9AD602898}" = DNSCrypt
"{E04FD66D-ADDD-48A0-B766-4111945C09D4}" = RAMDisk
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{FBD7AFBB-8D94-4207-A013-CAF1BBA51AB3}" = Microsoft .NET Framework 3.5 SP1 Setup
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Bandicam" = Bandicam
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"CanonMyPrinter" = Canon My Printer
"EasyBCD" = EasyBCD 2.1.2
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"ERUNT_is1" = ERUNT 1.1j
"ESET Online Scanner" = ESET Online Scanner v3
"FXCM Trading Station" = FXCM Trading Station
"ImgBurn" = ImgBurn
"IQFeed Client" = IQFeed Client 4.9.0.3
"Jagannatha Hora_is1" = Jagannatha Hora 7.64
"KeyScrambler" = KeyScrambler
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"Mozilla Firefox 19.0 (x86 en-GB)" = Mozilla Firefox 19.0 (x86 en-GB)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator 2.0" = Canon MP Navigator 2.0
"OpenDNS Updater" = OpenDNS Updater 2.2.1
"PROR" = Microsoft Office Professional 2007
"Rapport_msi" = Rapport
"Revo Uninstaller" = Revo Uninstaller 1.94
"Secunia PSI" = Secunia PSI (3.0.0.6001)
"TaxCalc 2007" = TaxCalc 2007
"TaxCalc 2011" = TaxCalc 2011
"TaxCalc 2012" = TaxCalc 2012
"WinX Free AVI to FLV Converter_is1" = WinX Free AVI to FLV Converter 4.1.11
"ZoneAlarm Backup Powered by IDrive_is1" = ZoneAlarm Backup Powered by IDrive version 1.0.5 March 01, 2011

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1436455705-2035571507-3517363761-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"DataTools" = DataTools
"DataUpdater" = Premium Data
"Dropbox" = Dropbox
"fx2" = Premium Forex
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 22/02/2013 04:37:31 | Computer Name = Sundars-PC | Source = Desktop Window Manager | ID = 9020
Description = The Desktop Window Manager has encountered a fatal error (0x88980406)

Error - 23/02/2013 10:18:21 | Computer Name = Sundars-PC | Source = Desktop Window Manager | ID = 9020
Description = The Desktop Window Manager has encountered a fatal error (0x88980406)

Error - 24/02/2013 19:28:03 | Computer Name = Sundars-PC | Source = Application Error | ID = 0
Description =

Error - 24/02/2013 19:28:04 | Computer Name = Sundars-PC | Source = Application Error | ID = 0
Description =

Error - 24/02/2013 19:28:06 | Computer Name = Sundars-PC | Source = Application Error | ID = 1000
Description = Faulting application name: PDF Architect.exe, version: 1.0.52.8917,
time stamp: 0x50ed8023 Faulting module name: PDF Architect.exe, version: 1.0.52.8917,
time stamp: 0x50ed8023 Exception code: 0xc0000005 Fault offset: 0x0042f6dd Faulting
process id: 0x740 Faulting application start time: 0x01ce12e683166f6d Faulting application
path: C:\Program Files (x86)\PDF Architect\PDF Architect.exe Faulting module path:
C:\Program Files (x86)\PDF Architect\PDF Architect.exe Report Id: d7512472-7ed9-11e2-ab60-00215ac6f264

Error - 25/02/2013 06:22:26 | Computer Name = Sundars-PC | Source = Desktop Window Manager | ID = 9020
Description = The Desktop Window Manager has encountered a fatal error (0x88980406)

Error - 27/02/2013 11:54:14 | Computer Name = Sundars-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\Sundars\Desktop\esetsmartinstaller_enu.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 27/02/2013 11:57:06 | Computer Name = Sundars-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\Sundars\Desktop\GeeksFeb13\esetsmartinstaller_enu
(1).exe".Error in manifest or policy file "" on line . A component version required
by the application conflicts with another component version already active. Conflicting
components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 27/02/2013 11:57:12 | Computer Name = Sundars-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\Sundars\Desktop\GeeksFeb13\esetsmartinstaller_enu
(1).exe".Error in manifest or policy file "" on line . A component version required
by the application conflicts with another component version already active. Conflicting
components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 27/02/2013 11:58:29 | Computer Name = Sundars-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\Sundars\Desktop\GeeksFeb13\esetsmartinstaller_enu
(1).exe".Error in manifest or policy file "" on line . A component version required
by the application conflicts with another component version already active. Conflicting
components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

[ OSession Events ]
Error - 05/11/2012 06:11:45 | Computer Name = Sundars-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 17
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 14/02/2013 06:04:46 | Computer Name = Sundars-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk3\DR3.

Error - 14/02/2013 06:04:47 | Computer Name = Sundars-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk3\DR3.

Error - 14/02/2013 06:04:47 | Computer Name = Sundars-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk3\DR3.

Error - 14/02/2013 06:04:48 | Computer Name = Sundars-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk3\DR3.

Error - 14/02/2013 06:04:49 | Computer Name = Sundars-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk3\DR3.

Error - 14/02/2013 06:04:49 | Computer Name = Sundars-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk3\DR3.

Error - 14/02/2013 06:04:50 | Computer Name = Sundars-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk3\DR3.

Error - 14/02/2013 06:04:50 | Computer Name = Sundars-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk3\DR3.

Error - 14/02/2013 06:04:51 | Computer Name = Sundars-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk3\DR3.

Error - 14/02/2013 07:21:53 | Computer Name = Sundars-PC | Source = Service Control Manager | ID = 7031
Description = The Acronis Nonstop Backup Service service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
10000 milliseconds: Restart the service.


< End of report >

-----------------------
MBAM SCAN
-----------------------------
OTL Extras logfile created on: 27/02/2013 17:43:35 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Sundars\Desktop\GeeksFeb13
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

28.00 Gb Total Physical Memory | 19.20 Gb Available Physical Memory | 68.56% Memory free
56.00 Gb Paging File | 47.34 Gb Available in Paging File | 84.54% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.76 Gb Total Space | 373.20 Gb Free Space | 80.13% Space Free | Partition Type: NTFS
Drive D: | 1397.27 Gb Total Space | 1217.79 Gb Free Space | 87.15% Space Free | Partition Type: NTFS
Drive F: | 3.99 Gb Total Space | 3.29 Gb Free Space | 82.42% Space Free | Partition Type: NTFS

Computer Name: SUNDARS-PC | User Name: Sundars | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
"PolicyVersion" = 522

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
"DisableNotifications" = 0
"AllowLocalPolicyMerge" = 1
"DefaultInboundAction" = 1
"EnableFirewall" = 1
"DefaultOutboundAction" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging]
"LogDroppedPackets" = 1
"LogSuccessfulConnections" = 0
"LogFilePath" = D:\Firewall Logs\Corp Domain\CorpDomFirewall.log -- ()

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile]
"DisableNotifications" = 0
"AllowLocalPolicyMerge" = 1
"AllowLocalIPsecPolicyMerge" = 1
"DefaultInboundAction" = 1
"EnableFirewall" = 1
"DefaultOutboundAction" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile\Logging]
"LogFilePath" = D:\Firewall Logs\Private Domain\Private-firewall.log -- ()
"LogDroppedPackets" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile]
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0
"AllowLocalPolicyMerge" = 1
"AllowLocalIPsecPolicyMerge" = 1
"DefaultInboundAction" = 1
"EnableFirewall" = 1
"DefaultOutboundAction" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\Logging]
"LogFilePath" = D:\Firewall Logs\Pub Domain\pubfirewall.log -- ()
"LogDroppedPackets" = 1
"LogSuccessfulConnections" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
"PolicyVersion" = 522

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
"DisableNotifications" = 0
"AllowLocalPolicyMerge" = 1
"DefaultInboundAction" = 1
"EnableFirewall" = 1
"DefaultOutboundAction" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging]
"LogDroppedPackets" = 1
"LogSuccessfulConnections" = 0
"LogFilePath" = D:\Firewall Logs\Corp Domain\CorpDomFirewall.log -- ()

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile]
"DisableNotifications" = 0
"AllowLocalPolicyMerge" = 1
"AllowLocalIPsecPolicyMerge" = 1
"DefaultInboundAction" = 1
"EnableFirewall" = 1
"DefaultOutboundAction" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile\Logging]
"LogFilePath" = D:\Firewall Logs\Private Domain\Private-firewall.log -- ()
"LogDroppedPackets" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile]
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0
"AllowLocalPolicyMerge" = 1
"AllowLocalIPsecPolicyMerge" = 1
"DefaultInboundAction" = 1
"EnableFirewall" = 1
"DefaultOutboundAction" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\Logging]
"LogFilePath" = D:\Firewall Logs\Pub Domain\pubfirewall.log -- ()
"LogDroppedPackets" = 1
"LogSuccessfulConnections" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DefaultOutboundAction" = 1
"DefaultInboundAction" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DefaultOutboundAction" = 1
"DefaultInboundAction" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DefaultOutboundAction" = 1
"DefaultInboundAction" = 1
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0080B179-9CEC-40A5-A462-0B82343768A9}" = rport=80 | protocol=6 | dir=out | app=c:\program files\internet explorer\iexplore.exe |
"{037817A2-0C36-4F80-BD21-4E9E93B11B83}" = lport=2869 | protocol=6 | dir=in | app=system |
"{0435F557-D1A4-402E-B1F7-3D9E7F648381}" = rport=60020 | protocol=6 | dir=out | app=c:\program files (x86)\dtn\iqfeed\iqconnect.exe |
"{0B304621-B5AE-4C95-9DE1-13FF76A6BBFC}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0BC3C76A-D498-4DC2-892B-EA6D8A22F9CC}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"{0ED09BE7-AE91-4C38-82B5-FC9EA8C190B7}" = rport=5357 | protocol=6 | dir=out | app=c:\windows\system32\svchost.exe |
"{1004C511-AFBE-458B-98D5-833B7DB26337}" = rport=80 | protocol=6 | dir=out | app=%programfiles% (x86)\common files\java\java update\jaucheck.exe |
"{12CF2A8A-9497-417A-9D2E-2F3506289CC2}" = rport=80 | protocol=6 | dir=out | app=%programfiles% (x86)\java\jre7\bin\java.exe |
"{1525DB6D-2600-44F1-A2A9-965CBE65F773}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{17CA3D79-A96C-4BBE-B23E-75A7FCDBC4FD}" = rport=80 | protocol=6 | dir=out | app=%programfiles% (x86)\java\jre7\bin\javaws.exe |
"{19149804-26F3-43C8-B148-CBDBAD23C459}" = rport=80 | protocol=6 | dir=out | app=%programfiles% (x86)\candleworks\fxts2\fxtspp.exe |
"{1C941435-EAAF-43D2-90E6-0ACF03B62B9F}" = rport=139 | protocol=6 | dir=out | app=system |
"{1EDA99A7-9AD4-4AF0-9303-435091387BCB}" = rport=80 | protocol=6 | dir=out | name=custom - sanboxie update |
"{27BFBB78-5FD9-477D-904A-1AB9E0882C54}" = rport=80 | protocol=6 | dir=out | app=%userprofile%\downloads\jre-7u7-windows-i586.exe |
"{2C11ED30-390F-402B-A3F8-A3D1815BBE6B}" = rport=80 | protocol=6 | dir=out | app=%programfiles%\microsoft security client\msseces.exe |
"{2E0D74DE-530B-4CB9-9F2C-7C2979EDDE73}" = rport=80 | protocol=6 | dir=out | app=%programfiles%\tracker software\live update\liveupdate.exe |
"{2FA6246B-3291-43C2-9104-335418D2B2C9}" = rport=443 | protocol=6 | dir=out | app=c:\program files (x86)\malwarebytes' anti-malware\mbamscheduler.exe |
"{37173833-9E91-4523-BB2C-9D0F35330214}" = rport=80 | protocol=6 | dir=out | svc=wuauserv | app=%systemroot%\syswow64\svchost.exe |
"{38A745CD-9C0B-481F-A0F6-2B55D409C8DE}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\apple software update\softwareupdate.exe |
"{3C8CE795-74B8-446F-945B-9143E289DC40}" = lport=138 | protocol=17 | dir=in | app=system |
"{3E10042F-FF69-4A2F-885D-593CF23AB8CB}" = rport=21 | protocol=6 | dir=out | app=ftpcommand |
"{41852DE7-8F6D-4FEB-9118-570AF75F6ED5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{435B5C72-25C2-4F4C-BECB-128217EA84E2}" = rport=80 | protocol=6 | dir=out | app=%programfiles% (x86)\java\jre7\bin\javacpl.exe |
"{460D9863-B5A3-49C7-85EB-1B0A0DEAFF55}" = rport=990 | protocol=6 | dir=out | app=ftps |
"{48215E7D-0375-41A7-85B3-D2A416BA1280}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{487D674D-A0F6-43F4-BE83-7001E3313EF9}" = rport=80 | protocol=6 | dir=out | app=%userprofile%\downloads\chromeinstall-7u7.exe |
"{4951FC49-C199-4CE8-890B-81217AEDC5DE}" = rport=80 | protocol=6 | dir=out | svc=wuauserv | app=%systemroot%\system32\svchost.exe |
"{4F54FEDD-A0E7-47A7-AEE2-67576541E639}" = lport=139 | protocol=6 | dir=in | app=system |
"{4FA3CDD0-5078-45F5-83F0-5C0267DA3BFD}" = lport=445 | protocol=6 | dir=in | app=system |
"{51253AA4-83E7-4D1C-9453-CF0923CCA2D9}" = rport=80 | protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{52F0BEC5-E727-493E-9ED9-8F53C11E1BA8}" = rport=25 | protocol=6 | dir=out | app=%programfiles% (x86)\microsoft office\office12\outlook.exe |
"{55A77A94-5B62-498A-9426-C02BAF3F977B}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\google\update\googleupdate.exe |
"{55BD0BCC-0811-4876-A209-C948E128C403}" = rport=80 | protocol=6 | dir=out | app=%programfiles% (x86)\common files\java\java update\jusched.exe |
"{5AAF81B0-C53F-4746-ACBC-FD09B38AF601}" = rport=443 | protocol=6 | dir=out | app=c:\program files (x86)\trusteer\rapport\bin\rapportmgmtservice.exe |
"{5AC02C1F-54F8-4DE5-817E-4FC269EDA339}" = rport=80 | protocol=6 | dir=out | app=%programfiles% (x86)\itunes\itunes.exe |
"{5DE4A4D2-FA9F-4353-A708-D73DA3A652C4}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\trusteer\rapport\bin\rapportservice.exe |
"{5F3BD7B4-F12D-4F53-9333-8388EC1F3D79}" = rport=80 | protocol=6 | dir=out | app=%programfiles% (x86)\java\jre7\bin\javaw.exe |
"{691532FC-BDE4-4416-9D10-2D58CFF798D8}" = rport=0 | protocol=6 | dir=out | app=ftpdatapass |
"{6C1BA8E5-4A21-45F5-B319-EF1E5CAF2FAA}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{72D52E9A-3F98-49B6-B994-27D898CF3E7E}" = rport=445 | protocol=6 | dir=out | app=system |
"{7647472E-4DD4-4328-B47E-EFC512D8E11C}" = lport=5454 | protocol=6 | dir=in | name=x-rite device services manager |
"{7675492C-551C-4CEA-8D24-47BF6BB555D5}" = rport=123 | protocol=17 | dir=out | svc=w32time | app=%systemroot%\system32\svchost.exe |
"{76D7BFC5-DE32-4D2B-975E-BF311A970C2B}" = rport=123 | protocol=17 | dir=out | svc=w32time | app=%systemroot%\syswow64\svchost.exe |
"{770D90DC-A3EC-4E2A-9BD9-D1A9A381A196}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\malwarebytes' anti-malware\mbamscheduler.exe |
"{77642868-B51E-4862-AE57-8A1241E8ADBA}" = rport=53242 | protocol=17 | dir=out | app=c:\windows\system32\svchost.exe |
"{79727309-7478-4C34-A02A-4FCA4BBC2401}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7ACB291D-24AD-4E50-BB18-18419E47F26E}" = rport=80 | protocol=6 | dir=out | app=%userprofile%\downloads\flashplayer.exe |
"{7F4C80D8-4753-4040-86C6-DC5EF60A84FA}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\mozilla firefox\updater.exe |
"{8100B946-DF54-49CB-9A6C-1178D20ED7B4}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\vs revo group\revo uninstaller\revouninstaller.exe |
"{88ED0056-AB28-4434-9B29-D8B1BC7FB02F}" = lport=137 | protocol=17 | dir=in | app=system |
"{8B2101E0-12C1-4346-9CAA-A39F0E6EBB11}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{8D9FF397-5CD4-41D2-9720-83ED65EF6CD4}" = rport=0 | protocol=17 | dir=out | app=%systemroot%\system32\lsass.exe |
"{8DBDF54A-6044-4280-BD95-A75FE5503C6F}" = rport=80 | protocol=6 | dir=in | app=%programfiles% (x86)\dtn\iqfeed\iqconnect.exe |
"{93E8D073-5DCA-48FF-A7C6-AF87BDE40FCC}" = rport=53 | protocol=17 | dir=out | app=%programfiles% (x86)\opendns\dnscrypt\dnscrypt-proxy.exe |
"{94A3740E-1CBD-4890-92D0-544398794671}" = rport=0 | protocol=6 | dir=in | app=ftpdata |
"{9768C54D-E186-418F-A875-D6E358FA8DBA}" = lport=135 | protocol=6 | dir=in | name=custom network rule - block port 135 & 445 |
"{9931D52F-202A-4B3B-AA60-4DE087F1CBF6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{9DC477C0-F7D9-4366-A090-90FD2940964B}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\imgburn\imgburn.exe |
"{A1199EF9-80D2-4765-9926-6ECDF199968E}" = rport=80 | protocol=6 | dir=out | app=%programfiles% (x86)\alpariuk\alpariukdirect.exe |
"{A1CC236B-EDE1-4BC3-B998-29369803D698}" = rport=443 | protocol=6 | dir=out | app=c:\program files (x86)\trusteer\rapport\bin\rapportservice.exe |
"{A3E44110-D81C-4C40-97A6-AC370F8A58BC}" = rport=80 | protocol=6 | dir=out | app=%programfiles% (x86)\common files\java\java update\jucheck.exe |
"{ACDD36DC-9D27-47EB-90D0-F926A4EB5BE5}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AD288ADA-13A6-4AB7-9F11-667E8037441E}" = rport=53 | protocol=17 | dir=out | svc=dnscache | app=c:\windows\system32\svchost.exe |
"{AD64947C-D997-48B1-BE42-91B8A0D7DE10}" = rport=53 | protocol=17 | dir=out | app=c:\windows\system32\svchost.exe |
"{AEE2927D-0BE7-48AD-B84F-BB9420B413F7}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\google\update\googleupdate.exe |
"{BE35D014-7375-4CF8-96E7-FB48BD4FC589}" = rport=80 | protocol=6 | dir=out | svc=helpsvc | app=%systemroot%\system32\svchost.exe |
"{C1517DCF-0153-411F-B6F7-437EABA15734}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\trusteer\rapport\bin\rapportmgmtservice.exe |
"{C25FDC95-75C8-4B02-A680-A9683369255D}" = rport=1900 | protocol=17 | dir=in | name=custom network rule - block port 1900 |
"{C54F4BEA-6C5D-49A4-A404-106D40F36805}" = rport=137 | protocol=17 | dir=out | app=system |
"{C7AF0FCA-D9E0-46CC-9560-CC3F6374000F}" = rport=21 | protocol=6 | dir=out | app=c:\windows\system32\ftp.exe |
"{CB8C8985-DED2-4AD8-A6DB-9DACB7382757}" = rport=80 | protocol=6 | dir=out | app=c:\windows\explorer.exe |
"{CED1BDAB-355B-43E1-AE4C-B6F2BDACD7D7}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\internet explorer\iexplore.exe |
"{D1FD6188-2C72-4D8D-B00D-4F5DDF1B4C16}" = rport=10243 | protocol=6 | dir=out | app=system |
"{D2E3F49D-5D14-4A30-8692-3D62D9EB66C4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D3D68CB4-1CA5-4CD2-97B5-BD401CAECA3B}" = rport=53 | protocol=17 | dir=out | app=c:\users\sundars\desktop\dnsbench.exe |
"{D69D0BA4-25AA-45D5-B13B-D16F60E7BC56}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DCA478A1-17F1-4837-BCA8-076A2AF54BD5}" = lport=445 | protocol=6 | dir=in | app=system |
"{E5DA8FC4-8E91-479F-8B46-600566B7B709}" = rport=80 | protocol=6 | dir=out | app=%programfiles% (x86)\neosmart technologies\easybcd\easybcd.exe |
"{E606D67D-B1AB-4EE1-A69C-9D2FE4938B7C}" = rport=19105 | protocol=6 | dir=out | app=c:\zonealarmbackup\zabackupclsclient.exe |
"{E7E35D46-CB1B-43FD-BA53-5AA1F210DD54}" = rport=138 | protocol=17 | dir=out | app=system |
"{EDA4A98E-8370-4539-AD6B-72404B071835}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EE6EC7EC-AC60-4DC6-A6CE-A862F8571CF9}" = rport=80 | protocol=6 | dir=out | app=%userprofile%\desktop\dnsbench.exe |
"{EED2690E-C22D-4DD0-9E27-D640DC27DD9F}" = lport=10243 | protocol=6 | dir=in | app=system |
"{EFB25419-6427-4026-863D-0D0ABAF13106}" = rport=5353 | protocol=17 | dir=out | app=c:\program files\bonjour\mdnsresponder.exe |
"{F1465CE8-C087-48DF-9FDC-B822BB36ABE3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{F8629104-F619-49D0-AE1C-6100248D1A28}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\dtn\iqfeed\iqconnect.exe |
"{FA99D32A-DFE9-4A49-8244-3AF34448FA84}" = rport=9300 | protocol=17 | dir=in | app=%programfiles% (x86)\dtn\iqfeed\iqconnect.exe |
"{FAD88354-8E90-48F0-9C06-93B86887956B}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\malwarebytes' anti-malware\mbam.exe |
"{FBA1FFFE-E890-4A05-A650-C5E74DF32FC9}" = rport=443 | protocol=6 | dir=out | app=c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02AE0858-A1D2-4E46-B57B-0B53F51CC875}" = protocol=6 | dir=out | app=system |
"{02F6CF83-B922-4DFA-A538-CE9690B4F467}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{07DE943A-FCCE-4632-8583-9233297F71B3}" = protocol=6 | dir=out | app=c:\program files (x86)\dtn\iqfeed\iqlinklauncher.exe |
"{081C384A-26DC-49A0-BE1C-512FA0F7B368}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0E22F87F-52A2-49DA-BFC4-F82A0BD47882}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1A44AE1D-755F-4204-A097-239793D3B011}" = protocol=6 | dir=out | app=system |
"{1C436F62-F9BB-48E5-9500-734DF5514EA4}" = protocol=41 | dir=out | app=system |
"{1F60ADFE-3A22-45A4-B306-BB7677B1D361}" = protocol=17 | dir=in | app=%programfiles% (x86)\skype\phone\skype.exe |
"{23283D50-1E32-41EB-92A8-8C37E25517B0}" = protocol=6 | dir=in | app=c:\users\sundars\appdata\roaming\dropbox\bin\dropbox.exe |
"{27BD713F-6845-4387-BBFF-E98D8C0B5B20}" = protocol=1 | dir=out | app=any |
"{2AD065AB-674C-4B08-B2A9-5E042F7FE9E3}" = protocol=58 | dir=out | [email protected],-28546 |
"{31AFFA1F-636C-450F-ADD6-E24735461E56}" = protocol=6 | dir=out | app=c:\program files (x86)\dtn\iqfeed\iqlinklauncher.exe |
"{36E58820-6D9D-457A-B352-AF3F0CB53A5E}" = protocol=1 | dir=out | app=any |
"{3ABF56B1-01A2-483B-9B66-AFA61B4AB951}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3BAC2DCA-4022-4E72-BA73-873017E23D51}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3E22B6B3-3727-4519-A3DE-BD48C9488392}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{46C26C40-03DB-4FEC-AC98-FB914BD94B8F}" = protocol=58 | dir=in | [email protected],-28545 |
"{4986A3E3-3510-421C-A080-B6D2C3FC360C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{52AFB3C1-C1A5-491D-A84A-21256767B8BC}" = dir=out | app=c:\windows\system32\svchost.exe |
"{58F648BB-3EA9-4859-8669-E4F47E6EA2E5}" = protocol=6 | dir=out | app=%programfiles% (x86)\skype\phone\skype.exe |
"{6005D19E-3CB0-4A6F-A579-E270439F9869}" = dir=out | app=%programfiles% (x86)\skype\phone\skype.exe |
"{65F4782F-EACD-41DB-9ED5-26393C29DE82}" = protocol=17 | dir=out | app=c:\windows\system32\svchost.exe |
"{72BCEA47-6BB6-4ADE-983B-228641C9302D}" = protocol=1 | dir=out | app=system |
"{734788E0-AFAF-487E-AED0-9298930A1088}" = protocol=17 | dir=out | app=%programfiles% (x86)\dtn\iqfeed\iqconnect.exe |
"{741143EC-C7A7-47A7-B42A-2EFF2ED9B126}" = protocol=1 | dir=out | [email protected],-28544 |
"{7ED03C91-09EB-4076-A2FF-5E7E98C1EFAA}" = dir=out | app=c:\windows\system32\svchost.exe |
"{7F0036D4-EC68-46E5-B69A-42C2C1344461}" = protocol=17 | dir=in | app=c:\users\sundars\appdata\roaming\dropbox\bin\dropbox.exe |
"{8B32DC7A-B6D2-4A37-BE2E-B4EEDA94468D}" = protocol=1 | dir=in | app=system |
"{8D31B319-72A4-41E0-8FBA-86E99DB4EA81}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9568630F-847B-42F1-8ACE-407919AAB359}" = protocol=1 | dir=in | [email protected],-28543 |
"{9C3E662D-983C-48E1-A95A-E3BCEC1256BF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9F5E6F7C-1BAE-48C0-906A-5B84CB0FF752}" = dir=out | app=c:\windows\system32\svchost.exe |
"{A0ADB1FB-9594-4BB7-8AFC-1F713A9E2518}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A1DD282B-58C7-45B4-BEE7-752EA6D3906C}" = dir=out | app=c:\program files\bonjour\mdnsresponder.exe |
"{A6D498CF-E09B-444E-92C0-96E7D1F913DB}" = protocol=6 | dir=out | app=c:\users\sundars\appdata\local\google\chrome\application\chrome.exe |
"{A8535852-4D23-44D2-9DEE-CD01379E81BB}" = protocol=6 | dir=out | app=%programfiles% (x86)\skype\phone\skype.exe |
"{B1823B2B-EDC0-4BC0-837F-A88EEE3007D8}" = dir=out | app=%programfiles% (x86)\skype\phone\skype.exe |
"{B1988050-9ED7-4E08-BCE1-373D183E3673}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B4BC57CD-0FD5-4741-A302-6BBB97016F68}" = dir=out | app=c:\windows\system32\svchost.exe |
"{B8109073-8311-4FAD-A67C-734030419875}" = protocol=6 | dir=in | app=system |
"{C1595049-4E1F-4439-97B2-1E19F1B33573}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{CB76087B-1BA0-4271-8CF5-6DD3F72E2E98}" = protocol=6 | dir=out | app=%programfiles% (x86)\dtn\iqfeed\iqconnect.exe |
"{CCC19B31-EF85-46CA-AF61-A8745EC86EC7}" = protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{D1D6BDA2-327D-4124-A999-7B5CBC25EFBF}" = dir=out | app=localhost |
"{D3BE2D32-9A18-45C7-B6B9-FED10B20B3F6}" = protocol=6 | dir=in | app=%programfiles% (x86)\skype\phone\skype.exe |
"{D61688A1-CA8B-4CF4-BEDF-A2560DA1F10D}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{D6405D40-BAFA-4502-B088-63AC198989EF}" = dir=out | app=c:\users\sundars\appdata\local\google\update\googleupdate.exe |
"{D85495EB-0B42-4E83-959F-0855C57BDBD3}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D8E461AB-C02C-4F03-98C4-CDA6AEB570BC}" = dir=out | app=c:\windows\system32\svchost.exe |
"{DB19B829-055B-4A4E-8806-EEEB69794CB4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DE8F6E81-1B58-4C50-BC81-E216FA32945E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DED7948D-BB40-406E-86D7-D218E54D7025}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E231AF57-69BB-40B9-8E60-7AEA8D2AFCBF}" = protocol=17 | dir=out | app=%programfiles% (x86)\dtn\iqfeed\iqconnect.exe |
"{E7BE0CEA-2882-4E7A-9D41-24999CE84D8A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F44AF056-E079-4E84-B7AD-6C93D96D4425}" = protocol=17 | dir=in | app=system |
"{F97CFC43-DDBB-4A9D-B160-1838A78D4AF9}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"TCP Query User{233BB6F8-395C-4ABB-B0F1-CFBDFB632F0E}C:\program files (x86)\ninjatrader 7\bin64\ninjatrader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ninjatrader 7\bin64\ninjatrader.exe |
"UDP Query User{145BF891-3E97-4094-978C-8DA141CC18AD}C:\program files (x86)\ninjatrader 7\bin64\ninjatrader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ninjatrader 7\bin64\ninjatrader.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04F9B09E-CDB5-46fc-AC30-2E7E7C7A8A34}" = Canon MP800
"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
"{1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1}" = Microsoft .NET Framework 4.5
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417015FF}" = Java 7 Update 15 (64-bit)
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 3.0.1
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E5159B4-A519-41EF-80EF-AD58371515DF}" = Eraser 6.0.10.2620
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5
"{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer
"{AAE9AB32-071F-46AF-B0C3-F936E6345F4A}" = Nitro Pro 8
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D0CB24F4-084F-40DE-B6B9-A03626E682F0}" = iCloud
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client
"{F92F0AAB-2EF6-412C-8BF4-0B11EB535280}_is1" = PDF-XChange 2012 Pro
"AmiBroker64_is1" = AmiBroker 5.60.3 x64
"CCleaner" = CCleaner
"CrystalDiskMark_is1" = CrystalDiskMark 3.0.1c
"Microsoft Security Client" = Microsoft Security Essentials
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"Sandboxie" = Sandboxie 3.76 (64-bit)
"Windows Firewall Control" = Windows Firewall Control

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{1E579B65-503B-4184-B481-5138124BEE1D}_is1" = VT Hash Check 1.2
"{26A24AE4-039D-4CA4-87B4-2F83217015FF}" = Java 7 Update 15
"{272E80B6-9579-421F-8B8E-6E8855FA1F91}" = Vigor N61 802.11n Wireless USB Adapter
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{3577E42B-3347-4EB8-BFDA-D36E8ED3C519}" = Windows 7 USB/DVD Download Tool
"{45EECCAE-403C-44CE-AE2F-6028617B63F8}" = X-Rite Device Services Manager
"{494367EC-82A9-4C0D-A788-74A967998E8C}" = FXCM Trading Station
"{49C14B93-58AD-4178-B52C-750D54CE618D}" = SaxoTrader
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C590030-7469-453E-8589-D15DA9D03F52}" = ANIWZCS2 Service
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{80A07844-CA64-4DE4-AB61-D37DDBE8074F}" = PDF Architect
"{8ED262EE-FC73-47A9-BB86-D92223246881}" = PowerChute Personal Edition 3.0.2
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_PROR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.6)
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B008D66F-B796-4C06-B707-932F0B225531}" = Mail Merge Toolkit
"{B3314ED3-506E-40BE-BBB0-104E719AE44B}" = AlpariUK
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BB2338E5-3156-49D3-B539-7E6EF5BC3ECF}" = NinjaTrader 7
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{DEF3592F-0751-4632-9875-8BF9AD602898}" = DNSCrypt
"{E04FD66D-ADDD-48A0-B766-4111945C09D4}" = RAMDisk
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{FBD7AFBB-8D94-4207-A013-CAF1BBA51AB3}" = Microsoft .NET Framework 3.5 SP1 Setup
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Bandicam" = Bandicam
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"CanonMyPrinter" = Canon My Printer
"EasyBCD" = EasyBCD 2.1.2
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"ERUNT_is1" = ERUNT 1.1j
"ESET Online Scanner" = ESET Online Scanner v3
"FXCM Trading Station" = FXCM Trading Station
"ImgBurn" = ImgBurn
"IQFeed Client" = IQFeed Client 4.9.0.3
"Jagannatha Hora_is1" = Jagannatha Hora 7.64
"KeyScrambler" = KeyScrambler
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"Mozilla Firefox 19.0 (x86 en-GB)" = Mozilla Firefox 19.0 (x86 en-GB)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator 2.0" = Canon MP Navigator 2.0
"OpenDNS Updater" = OpenDNS Updater 2.2.1
"PROR" = Microsoft Office Professional 2007
"Rapport_msi" = Rapport
"Revo Uninstaller" = Revo Uninstaller 1.94
"Secunia PSI" = Secunia PSI (3.0.0.6001)
"TaxCalc 2007" = TaxCalc 2007
"TaxCalc 2011" = TaxCalc 2011
"TaxCalc 2012" = TaxCalc 2012
"WinX Free AVI to FLV Converter_is1" = WinX Free AVI to FLV Converter 4.1.11
"ZoneAlarm Backup Powered by IDrive_is1" = ZoneAlarm Backup Powered by IDrive version 1.0.5 March 01, 2011

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1436455705-2035571507-3517363761-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"DataTools" = DataTools
"DataUpdater" = Premium Data
"Dropbox" = Dropbox
"fx2" = Premium Forex
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 22/02/2013 04:37:31 | Computer Name = Sundars-PC | Source = Desktop Window Manager | ID = 9020
Description = The Desktop Window Manager has encountered a fatal error (0x88980406)

Error - 23/02/2013 10:18:21 | Computer Name = Sundars-PC | Source = Desktop Window Manager | ID = 9020
Description = The Desktop Window Manager has encountered a fatal error (0x88980406)

Error - 24/02/2013 19:28:03 | Computer Name = Sundars-PC | Source = Application Error | ID = 0
Description =

Error - 24/02/2013 19:28:04 | Computer Name = Sundars-PC | Source = Application Error | ID = 0
Description =

Error - 24/02/2013 19:28:06 | Computer Name = Sundars-PC | Source = Application Error | ID = 1000
Description = Faulting application name: PDF Architect.exe, version: 1.0.52.8917,
time stamp: 0x50ed8023 Faulting module name: PDF Architect.exe, version: 1.0.52.8917,
time stamp: 0x50ed8023 Exception code: 0xc0000005 Fault offset: 0x0042f6dd Faulting
process id: 0x740 Faulting application start time: 0x01ce12e683166f6d Faulting application
path: C:\Program Files (x86)\PDF Architect\PDF Architect.exe Faulting module path:
C:\Program Files (x86)\PDF Architect\PDF Architect.exe Report Id: d7512472-7ed9-11e2-ab60-00215ac6f264

Error - 25/02/2013 06:22:26 | Computer Name = Sundars-PC | Source = Desktop Window Manager | ID = 9020
Description = The Desktop Window Manager has encountered a fatal error (0x88980406)

Error - 27/02/2013 11:54:14 | Computer Name = Sundars-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\Sundars\Desktop\esetsmartinstaller_enu.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 27/02/2013 11:57:06 | Computer Name = Sundars-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\Sundars\Desktop\GeeksFeb13\esetsmartinstaller_enu
(1).exe".Error in manifest or policy file "" on line . A component version required
by the application conflicts with another component version already active. Conflicting
components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 27/02/2013 11:57:12 | Computer Name = Sundars-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\Sundars\Desktop\GeeksFeb13\esetsmartinstaller_enu
(1).exe".Error in manifest or policy file "" on line . A component version required
by the application conflicts with another component version already active. Conflicting
components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 27/02/2013 11:58:29 | Computer Name = Sundars-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\Sundars\Desktop\GeeksFeb13\esetsmartinstaller_enu
(1).exe".Error in manifest or policy file "" on line . A component version required
by the application conflicts with another component version already active. Conflicting
components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

[ OSession Events ]
Error - 05/11/2012 06:11:45 | Computer Name = Sundars-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 17
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 14/02/2013 06:04:46 | Computer Name = Sundars-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk3\DR3.

Error - 14/02/2013 06:04:47 | Computer Name = Sundars-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk3\DR3.

Error - 14/02/2013 06:04:47 | Computer Name = Sundars-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk3\DR3.

Error - 14/02/2013 06:04:48 | Computer Name = Sundars-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk3\DR3.

Error - 14/02/2013 06:04:49 | Computer Name = Sundars-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk3\DR3.

Error - 14/02/2013 06:04:49 | Computer Name = Sundars-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk3\DR3.

Error - 14/02/2013 06:04:50 | Computer Name = Sundars-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk3\DR3.

Error - 14/02/2013 06:04:50 | Computer Name = Sundars-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk3\DR3.

Error - 14/02/2013 06:04:51 | Computer Name = Sundars-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk3\DR3.

Error - 14/02/2013 07:21:53 | Computer Name = Sundars-PC | Source = Service Control Manager | ID = 7031
Description = The Acronis Nonstop Backup Service service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
10000 milliseconds: Restart the service.


< End of report >
---------------------------------------
TDSS Killer Scan
-----------------------------------------
15:49:54.0808 6984 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
15:49:55.0147 6984 ============================================================
15:49:55.0147 6984 Current date / time: 2013/02/27 15:49:55.0147
15:49:55.0147 6984 SystemInfo:
15:49:55.0147 6984
15:49:55.0147 6984 OS Version: 6.1.7601 ServicePack: 1.0
15:49:55.0147 6984 Product type: Workstation
15:49:55.0148 6984 ComputerName: SUNDARS-PC
15:49:55.0148 6984 UserName: Sundars
15:49:55.0148 6984 Windows directory: C:\Windows
15:49:55.0148 6984 System windows directory: C:\Windows
15:49:55.0148 6984 Running under WOW64
15:49:55.0148 6984 Processor architecture: Intel x64
15:49:55.0148 6984 Number of processors: 4
15:49:55.0148 6984 Page size: 0x1000
15:49:55.0148 6984 Boot type: Normal boot
15:49:55.0148 6984 ============================================================
15:50:03.0018 6984 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:50:03.0147 6984 Drive \Device\Harddisk1\DR1 - Size: 0x15D51C00000 (1397.28 Gb), SectorSize: 0x200, Cylinders: 0x2C882, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:50:03.0261 6984 Drive \Device\Harddisk2\DR0 - Size: 0xFFC00000 (4.00 Gb), SectorSize: 0x200, Cylinders: 0x3FF, SectorsPerTrack: 0x20, TracksPerCylinder: 0x100, Type 'W'
15:50:03.0263 6984 ============================================================
15:50:03.0263 6984 \Device\Harddisk0\DR0:
15:50:03.0265 6984 MBR partitions:
15:50:03.0265 6984 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
15:50:03.0265 6984 \Device\Harddisk1\DR1:
15:50:03.0265 6984 MBR partitions:
15:50:03.0265 6984 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xAEA8A5C3
15:50:03.0265 6984 \Device\Harddisk2\DR0:
15:50:03.0265 6984 MBR partitions:
15:50:03.0265 6984 \Device\Harddisk2\DR0\Partition1: MBR, Type 0x7, StartLBA 0x80, BlocksNum 0x7FC800
15:50:03.0266 6984 ============================================================
15:50:03.0445 6984 C: <-> \Device\Harddisk0\DR0\Partition1
15:50:03.0865 6984 D: <-> \Device\Harddisk1\DR1\Partition1
15:50:03.0865 6984 F: <-> \Device\Harddisk2\DR0\Partition1
15:50:03.0865 6984 ============================================================
15:50:03.0866 6984 Initialize success
15:50:03.0866 6984 ============================================================
15:50:10.0366 4760 ============================================================
15:50:10.0366 4760 Scan started
15:50:10.0366 4760 Mode: Manual; SigCheck; TDLFS;
15:50:10.0366 4760 ============================================================
15:50:13.0719 4760 ================ Scan system memory ========================
15:50:13.0719 4760 System memory - ok
15:50:13.0720 4760 ================ Scan services =============================
15:50:13.0974 4760 [ 581D88B25C4D4121824FED2CA38E562F ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
15:50:14.0204 4760 !SASCORE - ok
15:50:14.0387 4760 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
15:50:14.0431 4760 1394ohci - ok
15:50:14.0488 4760 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
15:50:14.0507 4760 ACPI - ok
15:50:14.0532 4760 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
15:50:14.0577 4760 AcpiPmi - ok
15:50:14.0811 4760 [ DBD0F1FCA3A26E565A864E5DC505D713 ] AcrSch2Svc C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
15:50:14.0838 4760 AcrSch2Svc - ok
15:50:15.0113 4760 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:50:15.0126 4760 AdobeARMservice - ok
15:50:15.0449 4760 [ 563CDCFEEAEF97163E206AF71A61AA6E ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:50:15.0465 4760 AdobeFlashPlayerUpdateSvc - ok
15:50:15.0543 4760 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
15:50:15.0574 4760 adp94xx - ok
15:50:15.0604 4760 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
15:50:15.0626 4760 adpahci - ok
15:50:15.0675 4760 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
15:50:15.0733 4760 adpu320 - ok
15:50:15.0876 4760 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
15:50:16.0012 4760 AeLookupSvc - ok
15:50:16.0275 4760 [ ABCF9C80EAACE03021BB7F450EB8993F ] afcdp C:\Windows\system32\DRIVERS\afcdp.sys
15:50:16.0299 4760 afcdp - ok
15:50:16.0411 4760 [ C390AD88DCACA99A7FDA88658BC96D84 ] afcdpsrv C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
15:50:16.0470 4760 afcdpsrv - ok
15:50:16.0650 4760 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
15:50:16.0688 4760 AFD - ok
15:50:16.0882 4760 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
15:50:16.0899 4760 agp440 - ok
15:50:17.0010 4760 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
15:50:17.0029 4760 ALG - ok
15:50:17.0171 4760 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
15:50:17.0187 4760 aliide - ok
15:50:17.0227 4760 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
15:50:17.0243 4760 amdide - ok
15:50:17.0345 4760 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
15:50:17.0362 4760 AmdK8 - ok
15:50:17.0371 4760 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
15:50:17.0389 4760 AmdPPM - ok
15:50:17.0443 4760 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
15:50:17.0459 4760 amdsata - ok
15:50:17.0597 4760 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
15:50:17.0614 4760 amdsbs - ok
15:50:17.0725 4760 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
15:50:17.0745 4760 amdxata - ok
15:50:17.0762 4760 ANIWConnService - ok
15:50:17.0951 4760 [ 4CCF421E6C4B2A4CBCE000715911F7CC ] anodlwf C:\Windows\system32\DRIVERS\anodlwfx.sys
15:50:17.0968 4760 anodlwf - ok
15:50:18.0139 4760 [ 107AB19CC1D40B9D04537F6EEAAC34C9 ] APC Data Service C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe
15:50:18.0152 4760 APC Data Service - ok
15:50:18.0249 4760 [ C7F8C8080B055B3DE9A8141DFD8E308A ] APC UPS Service C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe
15:50:18.0268 4760 APC UPS Service - ok
15:50:18.0554 4760 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
15:50:18.0607 4760 AppID - ok
15:50:18.0630 4760 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
15:50:18.0664 4760 AppIDSvc - ok
15:50:18.0685 4760 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
15:50:18.0722 4760 Appinfo - ok
15:50:19.0032 4760 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:50:19.0046 4760 Apple Mobile Device - ok
15:50:19.0187 4760 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
15:50:19.0318 4760 AppMgmt - ok
15:50:19.0531 4760 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
15:50:19.0548 4760 arc - ok
15:50:19.0575 4760 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
15:50:19.0593 4760 arcsas - ok
15:50:20.0021 4760 [ 108FB6DDB69E537A2EA53F425363FAE5 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
15:50:20.0041 4760 aspnet_state - ok
15:50:20.0131 4760 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
15:50:20.0186 4760 AsyncMac - ok
15:50:20.0253 4760 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
15:50:20.0267 4760 atapi - ok
15:50:20.0340 4760 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:50:20.0455 4760 AudioEndpointBuilder - ok
15:50:20.0482 4760 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
15:50:20.0531 4760 AudioSrv - ok
15:50:20.0566 4760 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
15:50:20.0598 4760 AxInstSV - ok
15:50:20.0686 4760 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
15:50:20.0717 4760 b06bdrv - ok
15:50:21.0320 4760 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
15:50:21.0340 4760 b57nd60a - ok
15:50:21.0546 4760 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
15:50:21.0563 4760 BDESVC - ok
15:50:21.0701 4760 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
15:50:22.0095 4760 Beep - ok
15:50:22.0278 4760 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
15:50:22.0318 4760 BFE - ok
15:50:22.0451 4760 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
15:50:22.0492 4760 BITS - ok
15:50:22.0620 4760 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
15:50:22.0769 4760 blbdrive - ok
15:50:22.0851 4760 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
15:50:22.0867 4760 Bonjour Service - ok
15:50:22.0989 4760 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
15:50:23.0072 4760 bowser - ok
15:50:23.0087 4760 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:50:23.0196 4760 BrFiltLo - ok
15:50:23.0220 4760 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:50:23.0239 4760 BrFiltUp - ok
15:50:23.0264 4760 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
15:50:23.0316 4760 Browser - ok
15:50:23.0346 4760 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
15:50:23.0371 4760 Brserid - ok
15:50:23.0377 4760 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
15:50:23.0398 4760 BrSerWdm - ok
15:50:23.0409 4760 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
15:50:23.0471 4760 BrUsbMdm - ok
15:50:23.0476 4760 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
15:50:23.0516 4760 BrUsbSer - ok
15:50:23.0524 4760 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
15:50:23.0547 4760 BTHMODEM - ok
15:50:23.0622 4760 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
15:50:23.0726 4760 bthserv - ok
15:50:23.0746 4760 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
15:50:23.0836 4760 cdfs - ok
15:50:23.0895 4760 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
15:50:23.0960 4760 cdrom - ok
15:50:24.0017 4760 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
15:50:24.0085 4760 CertPropSvc - ok
15:50:24.0106 4760 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
15:50:24.0162 4760 circlass - ok
15:50:24.0188 4760 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
15:50:24.0208 4760 CLFS - ok
15:50:25.0473 4760 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:50:25.0488 4760 clr_optimization_v2.0.50727_32 - ok
15:50:25.0530 4760 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:50:25.0545 4760 clr_optimization_v2.0.50727_64 - ok
15:50:25.0710 4760 [ 6D7C8A951AF6AD6835C029B3CB88D333 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:50:25.0729 4760 clr_optimization_v4.0.30319_32 - ok
15:50:25.0804 4760 [ 86329C35FF23CFEF0FB6C0023BA06BCE ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:50:25.0823 4760 clr_optimization_v4.0.30319_64 - ok
15:50:25.0851 4760 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
15:50:25.0875 4760 CmBatt - ok
15:50:25.0908 4760 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
15:50:25.0923 4760 cmdide - ok
15:50:26.0004 4760 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
15:50:26.0031 4760 CNG - ok
15:50:26.0072 4760 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
15:50:26.0087 4760 Compbatt - ok
15:50:26.0155 4760 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
15:50:26.0225 4760 CompositeBus - ok
15:50:26.0303 4760 COMSysApp - ok
15:50:26.0338 4760 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
15:50:26.0354 4760 crcdisk - ok
15:50:26.0526 4760 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
15:50:26.0593 4760 CryptSvc - ok
15:50:26.0641 4760 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
15:50:26.0679 4760 CSC - ok
15:50:26.0757 4760 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
15:50:26.0788 4760 CscService - ok
15:50:26.0962 4760 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
15:50:27.0002 4760 DcomLaunch - ok
15:50:27.0099 4760 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
15:50:27.0191 4760 defragsvc - ok
15:50:27.0314 4760 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
15:50:27.0449 4760 DfsC - ok
15:50:27.0489 4760 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
15:50:27.0510 4760 Dhcp - ok
15:50:27.0531 4760 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
15:50:27.0578 4760 discache - ok
15:50:27.0701 4760 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
15:50:27.0717 4760 Disk - ok
15:50:27.0896 4760 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
15:50:27.0937 4760 Dnscache - ok
15:50:28.0031 4760 [ 6F865DE0687B6EC045F78CE9656D3626 ] DNSCrypt C:\Program Files (x86)\OpenDNS\DNSCrypt\OpenDNSCryptService.exe
15:50:28.0038 4760 DNSCrypt ( UnsignedFile.Multi.Generic ) - warning
15:50:28.0038 4760 DNSCrypt - detected UnsignedFile.Multi.Generic (1)
15:50:28.0058 4760 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
15:50:28.0100 4760 dot3svc - ok
15:50:28.0139 4760 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
15:50:28.0184 4760 DPS - ok
15:50:28.0218 4760 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
15:50:28.0246 4760 drmkaud - ok
15:50:28.0293 4760 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
15:50:28.0318 4760 DXGKrnl - ok
15:50:28.0357 4760 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
15:50:28.0392 4760 EapHost - ok
15:50:28.0522 4760 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
15:50:28.0720 4760 ebdrv - ok
15:50:28.0818 4760 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
15:50:28.0871 4760 EFS - ok
15:50:29.0001 4760 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
15:50:29.0023 4760 ehRecvr - ok
15:50:29.0065 4760 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
15:50:29.0087 4760 ehSched - ok
15:50:29.0131 4760 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
15:50:29.0169 4760 elxstor - ok
15:50:29.0197 4760 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
15:50:29.0214 4760 ErrDev - ok
15:50:29.0357 4760 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
15:50:29.0398 4760 EventSystem - ok
15:50:29.0445 4760 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
15:50:29.0502 4760 exfat - ok
15:50:29.0522 4760 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
15:50:29.0562 4760 fastfat - ok
15:50:29.0687 4760 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
15:50:29.0763 4760 Fax - ok
15:50:29.0784 4760 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
15:50:29.0802 4760 fdc - ok
15:50:29.0863 4760 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
15:50:29.0900 4760 fdPHost - ok
15:50:29.0918 4760 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
15:50:29.0981 4760 FDResPub - ok
15:50:30.0012 4760 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
15:50:30.0036 4760 FileInfo - ok
15:50:30.0073 4760 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
15:50:30.0141 4760 Filetrace - ok
15:50:30.0167 4760 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
15:50:30.0186 4760 flpydisk - ok
15:50:30.0270 4760 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
15:50:30.0292 4760 FltMgr - ok
15:50:30.0469 4760 [ F0CC1A9106F9FB0F704F6ED95622B43E ] fltsrv C:\Windows\system32\DRIVERS\fltsrv.sys
15:50:30.0486 4760 fltsrv - ok
15:50:30.0531 4760 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
15:50:30.0558 4760 FontCache - ok
15:50:30.0689 4760 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:50:30.0703 4760 FontCache3.0.0.0 - ok
15:50:30.0855 4760 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
15:50:30.0871 4760 FsDepends - ok
15:50:30.0924 4760 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
15:50:30.0939 4760 Fs_Rec - ok
15:50:31.0026 4760 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
15:50:31.0047 4760 fvevol - ok
15:50:31.0126 4760 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
15:50:31.0142 4760 gagp30kx - ok
15:50:31.0207 4760 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:50:31.0219 4760 GEARAspiWDM - ok
15:50:31.0258 4760 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
15:50:31.0305 4760 gpsvc - ok
15:50:31.0405 4760 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:50:31.0420 4760 gupdate - ok
15:50:31.0425 4760 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:50:31.0437 4760 gupdatem - ok
15:50:31.0573 4760 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
15:50:31.0795 4760 hcw85cir - ok
15:50:31.0897 4760 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:50:31.0977 4760 HdAudAddService - ok
15:50:32.0126 4760 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
15:50:32.0146 4760 HDAudBus - ok
15:50:32.0179 4760 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
15:50:32.0195 4760 HidBatt - ok
15:50:32.0296 4760 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
15:50:32.0321 4760 HidBth - ok
15:50:32.0346 4760 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
15:50:32.0388 4760 HidIr - ok
15:50:32.0412 4760 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
15:50:32.0485 4760 hidserv - ok
15:50:32.0852 4760 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
15:50:32.0884 4760 HidUsb - ok
15:50:32.0963 4760 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
15:50:33.0015 4760 hkmsvc - ok
15:50:33.0073 4760 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:50:33.0091 4760 HomeGroupListener - ok
15:50:33.0141 4760 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:50:33.0159 4760 HomeGroupProvider - ok
15:50:33.0194 4760 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
15:50:33.0209 4760 HpSAMD - ok
15:50:33.0269 4760 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
15:50:33.0367 4760 HTTP - ok
15:50:33.0419 4760 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
15:50:33.0433 4760 hwpolicy - ok
15:50:33.0689 4760 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
15:50:33.0764 4760 i8042prt - ok
15:50:33.0837 4760 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
15:50:33.0858 4760 iaStorV - ok
15:50:34.0203 4760 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:50:34.0243 4760 idsvc - ok
15:50:34.0382 4760 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
15:50:34.0398 4760 iirsp - ok
15:50:34.0435 4760 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
15:50:34.0490 4760 IKEEXT - ok
15:50:34.0526 4760 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
15:50:34.0565 4760 intelide - ok
15:50:34.0599 4760 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
15:50:35.0476 4760 intelppm - ok
15:50:35.0719 4760 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
15:50:38.0367 4760 IPBusEnum - ok
15:50:38.0471 4760 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:50:38.0689 4760 IpFilterDriver - ok
15:50:38.0809 4760 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
15:50:38.0879 4760 iphlpsvc - ok
15:50:39.0130 4760 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
15:50:39.0214 4760 IPMIDRV - ok
15:50:39.0368 4760 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
15:50:39.0440 4760 IPNAT - ok
15:50:39.0729 4760 [ 0F261EC4F514926177C70C1832374231 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
15:50:39.0752 4760 iPod Service - ok
15:50:39.0908 4760 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
15:50:39.0932 4760 IRENUM - ok
15:50:39.0972 4760 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
15:50:39.0995 4760 isapnp - ok
15:50:40.0257 4760 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
15:50:40.0294 4760 iScsiPrt - ok
15:50:40.0330 4760 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
15:50:40.0347 4760 kbdclass - ok
15:50:40.0432 4760 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
15:50:40.0648 4760 kbdhid - ok
15:50:40.0691 4760 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
15:50:40.0762 4760 KeyIso - ok
15:50:40.0951 4760 [ E3CF421210EBDDACB4590AE67A0226DC ] KeyScrambler C:\Windows\system32\drivers\keyscrambler.sys
15:50:41.0010 4760 KeyScrambler - ok
15:50:41.0029 4760 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
15:50:41.0045 4760 KSecDD - ok
15:50:41.0101 4760 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
15:50:41.0119 4760 KSecPkg - ok
15:50:41.0192 4760 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
15:50:41.0228 4760 ksthunk - ok
15:50:41.0268 4760 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
15:50:41.0396 4760 KtmRm - ok
15:50:41.0561 4760 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
15:50:41.0698 4760 LanmanServer - ok
15:50:41.0947 4760 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:50:42.0037 4760 LanmanWorkstation - ok
15:50:42.0090 4760 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
15:50:42.0228 4760 lltdio - ok
15:50:42.0267 4760 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
15:50:42.0349 4760 lltdsvc - ok
15:50:42.0377 4760 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
15:50:42.0539 4760 lmhosts - ok
15:50:42.0639 4760 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
15:50:42.0657 4760 LSI_FC - ok
15:50:42.0694 4760 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
15:50:42.0710 4760 LSI_SAS - ok
15:50:43.0016 4760 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:50:43.0031 4760 LSI_SAS2 - ok
15:50:43.0037 4760 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:50:43.0056 4760 LSI_SCSI - ok
15:50:43.0897 4760 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
15:50:43.0933 4760 luafv - ok
15:50:44.0138 4760 [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
15:50:44.0152 4760 MBAMProtector - ok
15:50:44.0210 4760 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
15:50:44.0227 4760 MBAMScheduler - ok
15:50:44.0318 4760 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
15:50:44.0337 4760 MBAMService - ok
15:50:44.0387 4760 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
15:50:44.0407 4760 Mcx2Svc - ok
15:50:44.0628 4760 [ 7CF1B716372B89568AE4C0FE769F5869 ] MDM C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
15:50:44.0638 4760 MDM ( UnsignedFile.Multi.Generic ) - warning
15:50:44.0638 4760 MDM - detected UnsignedFile.Multi.Generic (1)
15:50:44.0698 4760 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
15:50:44.0712 4760 megasas - ok
15:50:44.0862 4760 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
15:50:44.0881 4760 MegaSR - ok
15:50:45.0006 4760 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
15:50:45.0043 4760 MMCSS - ok
15:50:45.0069 4760 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
15:50:45.0106 4760 Modem - ok
15:50:45.0214 4760 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
15:50:45.0231 4760 monitor - ok
15:50:45.0313 4760 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
15:50:45.0329 4760 mouclass - ok
15:50:45.0375 4760 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
15:50:45.0391 4760 mouhid - ok
15:50:45.0412 4760 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
15:50:45.0427 4760 mountmgr - ok
15:50:45.0470 4760 [ 5C5E45DDABEFBC9F564F1D5C83258B8F ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
15:50:45.0483 4760 MozillaMaintenance - ok
15:50:45.0815 4760 [ F8A10560B35C66F9DE212F03DAD5BFA7 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
15:50:45.0836 4760 MpFilter - ok
15:50:45.0857 4760 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
15:50:45.0875 4760 mpio - ok
15:50:45.0956 4760 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
15:50:45.0992 4760 mpsdrv - ok
15:50:46.0427 4760 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
15:50:46.0475 4760 MpsSvc - ok
15:50:46.0534 4760 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
15:50:46.0557 4760 MRxDAV - ok
15:50:46.0638 4760 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
15:50:46.0788 4760 mrxsmb - ok
15:50:46.0864 4760 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:50:46.0954 4760 mrxsmb10 - ok
15:50:46.0975 4760 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:50:47.0018 4760 mrxsmb20 - ok
15:50:47.0086 4760 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
15:50:47.0104 4760 msahci - ok
15:50:47.0147 4760 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
15:50:47.0166 4760 msdsm - ok
15:50:47.0212 4760 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
15:50:47.0235 4760 MSDTC - ok
15:50:47.0331 4760 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
15:50:47.0373 4760 Msfs - ok
15:50:47.0406 4760 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
15:50:47.0456 4760 mshidkmdf - ok
15:50:47.0510 4760 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
15:50:47.0531 4760 msisadrv - ok
15:50:47.0575 4760 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
15:50:47.0761 4760 MSiSCSI - ok
15:50:47.0778 4760 msiserver - ok
15:50:47.0897 4760 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
15:50:47.0938 4760 MSKSSRV - ok
15:50:48.0038 4760 [ E07DEC52FF801841BA9B6878A60304FB ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe
15:50:48.0057 4760 MsMpSvc - ok
15:50:48.0085 4760 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
15:50:48.0174 4760 MSPCLOCK - ok
15:50:48.0179 4760 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
15:50:48.0241 4760 MSPQM - ok
15:50:48.0275 4760 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
15:50:48.0297 4760 MsRPC - ok
15:50:48.0460 4760 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
15:50:48.0477 4760 mssmbios - ok
15:50:48.0572 4760 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
15:50:48.0606 4760 MSTEE - ok
15:50:48.0611 4760 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
15:50:48.0630 4760 MTConfig - ok
15:50:48.0743 4760 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
15:50:48.0759 4760 Mup - ok
15:50:48.0800 4760 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
15:50:48.0870 4760 napagent - ok
15:50:48.0935 4760 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
15:50:49.0131 4760 NativeWifiP - ok
15:50:49.0379 4760 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
15:50:49.0416 4760 NDIS - ok
15:50:49.0586 4760 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
15:50:49.0700 4760 NdisCap - ok
15:50:49.0985 4760 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
15:50:50.0052 4760 NdisTapi - ok
15:50:50.0185 4760 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
15:50:50.0229 4760 Ndisuio - ok
15:50:50.0338 4760 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
15:50:50.0407 4760 NdisWan - ok
15:50:50.0569 4760 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
15:50:50.0632 4760 NDProxy - ok
15:50:50.0673 4760 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
15:50:50.0708 4760 NetBIOS - ok
15:50:50.0790 4760 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
15:50:50.0826 4760 NetBT - ok
15:50:50.0908 4760 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
15:50:50.0923 4760 Netlogon - ok
15:50:51.0176 4760 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
15:50:51.0295 4760 Netman - ok
15:50:51.0344 4760 [ 5243CFC2E7161C91C2B355240035B9E4 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:50:51.0362 4760 NetMsmqActivator - ok
15:50:51.0380 4760 [ 5243CFC2E7161C91C2B355240035B9E4 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:50:51.0397 4760 NetPipeActivator - ok
15:50:51.0407 4760 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
15:50:51.0447 4760 netprofm - ok
15:50:51.0550 4760 [ 26672F93749AC9FD28DA1B0F94EFA78D ] netr28ux C:\Windows\system32\DRIVERS\netr28ux.sys
15:50:51.0597 4760 netr28ux - ok
15:50:51.0606 4760 [ 5243CFC2E7161C91C2B355240035B9E4 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:50:51.0626 4760 NetTcpActivator - ok
15:50:51.0631 4760 [ 5243CFC2E7161C91C2B355240035B9E4 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:50:51.0648 4760 NetTcpPortSharing - ok
15:50:51.0688 4760 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
15:50:51.0703 4760 nfrd960 - ok
15:50:51.0778 4760 [ 162100E0BC8377710F9D170631921C03 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
15:50:51.0795 4760 NisDrv - ok
15:50:51.0936 4760 [ C6E15F2F95F9C0A6098D43510B604E52 ] NisSrv C:\Program Files\Microsoft Security Client\NisSrv.exe
15:50:51.0957 4760 NisSrv - ok
15:50:52.0056 4760 [ E7613E62899EE7E845289D2FFD71074C ] NitroDriverReadSpool8 C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
15:50:52.0071 4760 NitroDriverReadSpool8 - ok
15:50:52.0105 4760 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
15:50:52.0128 4760 NlaSvc - ok
15:50:52.0736 4760 [ FCF99CBAC69879CDF87780EFFA41E87B ] nlsX86cc C:\Windows\SysWOW64\NLSSRV32.EXE
15:50:52.0753 4760 nlsX86cc - ok
15:50:52.0996 4760 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
15:50:53.0097 4760 Npfs - ok
15:50:53.0294 4760 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
15:50:53.0332 4760 nsi - ok
15:50:53.0412 4760 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
15:50:53.0541 4760 nsiproxy - ok
15:50:54.0224 4760 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
15:50:54.0343 4760 Ntfs - ok
15:50:54.0405 4760 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
15:50:54.0440 4760 Null - ok
15:50:55.0102 4760 [ E55CAB397F77D5208DB18A78B1B7C0D5 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:50:55.0316 4760 nvlddmkm - ok
15:50:55.0487 4760 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
15:50:55.0552 4760 nvraid - ok
15:50:55.0617 4760 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
15:50:55.0649 4760 nvstor - ok
15:50:55.0713 4760 [ 43BC8151893AE6AFE42E149D663C2221 ] nvsvc C:\Windows\system32\nvvsvc.exe
15:50:55.0740 4760 nvsvc - ok
15:50:55.0869 4760 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
15:50:55.0885 4760 nv_agp - ok
15:50:56.0056 4760 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:50:56.0072 4760 odserv - ok
15:50:56.0103 4760 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
15:50:56.0150 4760 ohci1394 - ok
15:50:56.0290 4760 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:50:56.0306 4760 ose - ok
15:50:56.0353 4760 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
15:50:56.0477 4760 p2pimsvc - ok
15:50:56.0587 4760 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
15:50:56.0618 4760 p2psvc - ok
15:50:56.0977 4760 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
15:50:57.0070 4760 Parport - ok
15:50:57.0148 4760 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
15:50:57.0164 4760 partmgr - ok
15:50:57.0211 4760 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
15:50:57.0226 4760 PcaSvc - ok
15:50:57.0273 4760 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
15:50:57.0289 4760 pci - ok
15:50:57.0382 4760 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
15:50:57.0398 4760 pciide - ok
15:50:57.0429 4760 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
15:50:57.0460 4760 pcmcia - ok
15:50:57.0476 4760 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
15:50:57.0491 4760 pcw - ok
15:50:57.0897 4760 [ A1688A4FB2EC49D040C027EF6DC7A87B ] PDF Architect Helper Service C:\Program Files (x86)\PDF Architect\HelperService.exe
15:50:57.0928 4760 PDF Architect Helper Service - ok
15:50:57.0991 4760 [ E23FF9B2F8EEAB2BDDA681C21C48E843 ] PDF Architect Service C:\Program Files (x86)\PDF Architect\ConversionService.exe
15:50:58.0006 4760 PDF Architect Service - ok
15:50:58.0100 4760 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
15:50:58.0178 4760 PEAUTH - ok
15:50:58.0318 4760 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
15:50:58.0365 4760 PeerDistSvc - ok
15:50:58.0396 4760 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
15:50:58.0459 4760 PerfHost - ok
15:50:58.0583 4760 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
15:50:58.0755 4760 pla - ok
15:50:58.0942 4760 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
15:50:58.0958 4760 PlugPlay - ok
15:50:59.0020 4760 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
15:50:59.0051 4760 PNRPAutoReg - ok
15:50:59.0129 4760 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
15:50:59.0145 4760 PNRPsvc - ok
15:50:59.0239 4760 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
15:50:59.0285 4760 PolicyAgent - ok
15:50:59.0317 4760 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
15:50:59.0363 4760 Power - ok
15:50:59.0629 4760 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
15:50:59.0675 4760 PptpMiniport - ok
15:50:59.0691 4760 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
15:50:59.0738 4760 Processor - ok
15:50:59.0800 4760 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
15:50:59.0816 4760 ProfSvc - ok
15:50:59.0831 4760 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
15:50:59.0847 4760 ProtectedStorage - ok
15:50:59.0909 4760 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
15:50:59.0941 4760 Psched - ok
15:50:59.0987 4760 [ FB46E9A827A8799EBD7BFA9128C91F37 ] PSI C:\Windows\system32\DRIVERS\psi_mf.sys
15:51:00.0034 4760 PSI - ok
15:51:00.0112 4760 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
15:51:00.0175 4760 ql2300 - ok
15:51:00.0175 4760 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
15:51:00.0190 4760 ql40xx - ok
15:51:00.0237 4760 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
15:51:00.0253 4760 QWAVE - ok
15:51:00.0533 4760 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
15:51:00.0611 4760 QWAVEdrv - ok
15:51:00.0845 4760 [ B988A1B977B837E563312D935553F271 ] RAMDiskVE C:\Windows\system32\Drivers\RAMDiskVE.sys
15:51:00.0877 4760 RAMDiskVE - ok
15:51:01.0111 4760 [ E3AE78C0F00A5E3792A1A3BCA33B6DF3 ] RapportCerberus_50414 C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_50414.sys
15:51:01.0126 4760 RapportCerberus_50414 - ok
15:51:01.0251 4760 [ 5D64E78BC24FF8ADCD1647612B5A0CDF ] RapportEI64 C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys
15:51:01.0267 4760 RapportEI64 - ok
15:51:01.0360 4760 [ EE86BA861726741F03A786EEC847A0F7 ] RapportIaso c:\programdata\trusteer\rapport\store\exts\rapportms\baseline\rapportiaso64.sys
15:51:01.0376 4760 RapportIaso - ok
15:51:01.0610 4760 [ 9B0E9AF5C264521C635A3C3CB966AF85 ] RapportMgmtService C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
15:51:01.0641 4760 RapportMgmtService - ok
15:51:01.0781 4760 [ 1A954C2633BCCA3F48F85D57E5CA3561 ] RapportPG64 C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys
15:51:01.0828 4760 RapportPG64 - ok
15:51:01.0875 4760 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
15:51:02.0062 4760 RasAcd - ok
15:51:02.0125 4760 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
15:51:02.0171 4760 RasAgileVpn - ok
15:51:02.0218 4760 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
15:51:02.0421 4760 RasAuto - ok
15:51:02.0483 4760 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
15:51:02.0530 4760 Rasl2tp - ok
15:51:02.0577 4760 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
15:51:02.0717 4760 RasMan - ok
15:51:02.0842 4760 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
15:51:02.0905 4760 RasPppoe - ok
15:51:02.0951 4760 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
15:51:02.0998 4760 RasSstp - ok
15:51:03.0107 4760 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
15:51:03.0154 4760 rdbss - ok
15:51:03.0217 4760 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
15:51:03.0232 4760 rdpbus - ok
15:51:03.0263 4760 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
15:51:03.0310 4760 RDPCDD - ok
15:51:03.0388 4760 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
15:51:03.0404 4760 RDPDR - ok
15:51:03.0497 4760 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
15:51:03.0544 4760 RDPENCDD - ok
15:51:03.0575 4760 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
15:51:03.0622 4760 RDPREFMP - ok
15:51:03.0919 4760 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
15:51:03.0934 4760 RdpVideoMiniport - ok
15:51:03.0997 4760 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
15:51:04.0028 4760 RDPWD - ok
15:51:04.0059 4760 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
15:51:04.0075 4760 rdyboost - ok
15:51:04.0153 4760 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
15:51:04.0199 4760 RemoteAccess - ok
15:51:04.0231 4760 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
15:51:04.0277 4760 RemoteRegistry - ok
15:51:04.0340 4760 [ 9C3AC71A9934B884FAC567A8807E9C4D ] Revoflt C:\Windows\system32\DRIVERS\revoflt.sys
15:51:04.0371 4760 Revoflt - ok
15:51:04.0418 4760 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
15:51:04.0449 4760 RpcEptMapper - ok
15:51:04.0511 4760 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
15:51:04.0605 4760 RpcLocator - ok
15:51:04.0839 4760 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
15:51:04.0870 4760 RpcSs - ok
15:51:05.0026 4760 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
15:51:05.0073 4760 rspndr - ok
15:51:05.0167 4760 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
15:51:05.0198 4760 s3cap - ok
15:51:05.0213 4760 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
15:51:05.0229 4760 SamSs - ok
15:51:05.0806 4760 [ 3289766038DB2CB14D07DC84392138D5 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
15:51:05.0822 4760 SASDIFSV - ok
15:51:05.0869 4760 [ 58A38E75F3316A83C23DF6173D41F2B5 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
15:51:05.0869 4760 SASKUTIL - ok
15:51:05.0993 4760 [ CCBF62280DAF6D94A4C73E391CDAC68C ] SbieDrv C:\Program Files\Sandboxie\SbieDrv.sys
15:51:06.0025 4760 SbieDrv - ok
15:51:06.0040 4760 [ 8A1F63C6EC01C56C9EC4C681E593FE34 ] SbieSvc C:\Program Files\Sandboxie\SbieSvc.exe
15:51:06.0056 4760 SbieSvc - ok
15:51:06.0118 4760 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
15:51:06.0134 4760 sbp2port - ok
15:51:06.0149 4760 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
15:51:06.0196 4760 SCardSvr - ok
15:51:06.0227 4760 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
15:51:06.0259 4760 scfilter - ok
15:51:06.0337 4760 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
15:51:06.0383 4760 Schedule - ok
15:51:06.0430 4760 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
15:51:06.0461 4760 SCPolicySvc - ok
15:51:06.0571 4760 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
15:51:06.0586 4760 SDRSVC - ok
15:51:06.0695 4760 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
15:51:06.0742 4760 secdrv - ok
15:51:06.0773 4760 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
15:51:06.0820 4760 seclogon - ok
15:51:06.0945 4760 [ 306F9390976E41063D21AB9AB6D48122 ] Secunia PSI Agent C:\Program Files (x86)\Secunia\PSI\PSIA.exe
15:51:06.0976 4760 Secunia PSI Agent - ok
15:51:07.0070 4760 [ 29C852880E9634F8C6BD77A4E68B5B34 ] Secunia Update Agent C:\Program Files (x86)\Secunia\PSI\sua.exe
15:51:07.0382 4760 Secunia Update Agent - ok
15:51:07.0413 4760 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
15:51:07.0507 4760 SENS - ok
15:51:07.0522 4760 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
15:51:07.0569 4760 SensrSvc - ok
15:51:07.0616 4760 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
15:51:07.0678 4760 Serenum - ok
15:51:07.0709 4760 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
15:51:07.0772 4760 Serial - ok
15:51:07.0787 4760 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
15:51:07.0943 4760 sermouse - ok
15:51:07.0990 4760 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
15:51:08.0021 4760 SessionEnv - ok
15:51:08.0115 4760 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
15:51:08.0302 4760 sffdisk - ok
15:51:08.0349 4760 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
15:51:08.0380 4760 sffp_mmc - ok
15:51:08.0489 4760 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
15:51:08.0505 4760 sffp_sd - ok
15:51:08.0552 4760 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
15:51:08.0567 4760 sfloppy - ok
15:51:08.0583 4760 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
15:51:08.0630 4760 SharedAccess - ok
15:51:08.0661 4760 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:51:08.0708 4760 ShellHWDetection - ok
15:51:08.0739 4760 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:51:08.0755 4760 SiSRaid2 - ok
15:51:08.0786 4760 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
15:51:08.0801 4760 SiSRaid4 - ok
15:51:09.0004 4760 [ 3740B83AEC21D981065D7E819BD7E878 ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
15:51:09.0051 4760 Skype C2C Service - ok
15:51:09.0254 4760 [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
15:51:09.0269 4760 SkypeUpdate - ok
15:51:09.0301 4760 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
15:51:09.0332 4760 Smb - ok
15:51:09.0394 4760 [ FDB6E127DF739D4911319F0C8D339CAF ] snapman C:\Windows\system32\DRIVERS\snapman.sys
15:51:09.0410 4760 snapman - ok
15:51:09.0457 4760 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
15:51:09.0472 4760 SNMPTRAP - ok
15:51:09.0597 4760 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
15:51:09.0613 4760 spldr - ok
15:51:09.0722 4760 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
15:51:09.0737 4760 Spooler - ok
15:51:09.0909 4760 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
15:51:10.0049 4760 sppsvc - ok
15:51:10.0127 4760 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
15:51:10.0190 4760 sppuinotify - ok
15:51:10.0221 4760 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
15:51:10.0252 4760 srv - ok
15:51:10.0315 4760 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
15:51:10.0439 4760 srv2 - ok
15:51:10.0533 4760 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
15:51:10.0580 4760 srvnet - ok
15:51:10.0642 4760 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
15:51:10.0689 4760 SSDPSRV - ok
15:51:10.0705 4760 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
15:51:10.0783 4760 SstpSvc - ok
15:51:10.0892 4760 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
15:51:11.0017 4760 stexstor - ok
15:51:11.0048 4760 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
15:51:11.0110 4760 stisvc - ok
15:51:11.0173 4760 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
15:51:11.0188 4760 storflt - ok
15:51:11.0204 4760 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
15:51:11.0219 4760 storvsc - ok
15:51:11.0251 4760 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
15:51:11.0266 4760 swenum - ok
15:51:11.0313 4760 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
15:51:11.0360 4760 swprv - ok
15:51:11.0687 4760 [ 378EB8E20B3E91A89150688EA6CEE843 ] syncagentsrv C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
15:51:11.0781 4760 syncagentsrv - ok
15:51:11.0828 4760 Synth3dVsc - ok
15:51:11.0890 4760 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
15:51:11.0921 4760 SysMain - ok
15:51:11.0937 4760 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:51:12.0124 4760 TabletInputService - ok
15:51:12.0187 4760 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
15:51:12.0218 4760 TapiSrv - ok
15:51:12.0280 4760 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
15:51:12.0311 4760 TBS - ok
15:51:12.0452 4760 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
15:51:12.0545 4760 Tcpip - ok
15:51:12.0623 4760 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
15:51:12.0670 4760 TCPIP6 - ok
15:51:12.0717 4760 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
15:51:12.0889 4760 tcpipreg - ok
15:51:12.0920 4760 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
15:51:12.0935 4760 TDPIPE - ok
15:51:13.0107 4760 [ 843DAFC2CD4ED5D57FA40FD2000C6296 ] tdrpman C:\Windows\system32\DRIVERS\tdrpman.sys
15:51:13.0154 4760 tdrpman - ok
15:51:13.0201 4760 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
15:51:13.0263 4760 TDTCP - ok
15:51:13.0341 4760 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
15:51:13.0388 4760 tdx - ok
15:51:13.0419 4760 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
15:51:13.0450 4760 TermDD - ok
15:51:13.0528 4760 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
15:51:13.0575 4760 TermService - ok
15:51:13.0606 4760 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
15:51:13.0653 4760 Themes - ok
15:51:13.0684 4760 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
15:51:13.0747 4760 THREADORDER - ok
15:51:13.0825 4760 [ 31C9790525705B292F3B30F6676873CD ] tib_mounter C:\Windows\system32\DRIVERS\tib_mounter.sys
15:51:13.0871 4760 tib_mounter - ok
15:51:13.0934 4760 [ DBCC20C02E8A3E43B03C304A4E40A84F ] TPM C:\Windows\system32\drivers\tpm.sys
15:51:14.0027 4760 TPM - ok
15:51:14.0090 4760 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
15:51:14.0168 4760 TrkWks - ok
15:51:14.0199 4760 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:51:14.0246 4760 TrustedInstaller - ok
15:51:14.0277 4760 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
15:51:14.0324 4760 tssecsrv - ok
15:51:14.0371 4760 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
15:51:14.0387 4760 TsUsbFlt - ok
15:51:14.0403 4760 tsusbhub - ok
15:51:14.0481 4760 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
15:51:14.0528 4760 tunnel - ok
15:51:14.0574 4760 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
15:51:14.0637 4760 uagp35 - ok
15:51:14.0668 4760 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
15:51:14.0793 4760 udfs - ok
15:51:14.0840 4760 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
15:51:14.0886 4760 UI0Detect - ok
15:51:14.0918 4760 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
15:51:14.0933 4760 uliagpkx - ok
15:51:14.0996 4760 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
15:51:15.0027 4760 umbus - ok
15:51:15.0058 4760 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
15:51:15.0136 4760 UmPass - ok
15:51:15.0167 4760 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
15:51:15.0308 4760 UmRdpService - ok
15:51:15.0339 4760 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
15:51:15.0448 4760 upnphost - ok
15:51:15.0495 4760 [ 43228F8EDD1B0BCDD3145AD246E63D39 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
15:51:15.0557 4760 USBAAPL64 - ok
15:51:15.0588 4760 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
15:51:15.0604 4760 usbccgp - ok
15:51:15.0682 4760 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
15:51:15.0713 4760 usbcir - ok
15:51:15.0729 4760 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
15:51:15.0744 4760 usbehci - ok
15:51:15.0822 4760 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
15:51:15.0869 4760 usbhub - ok
15:51:15.0932 4760 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
15:51:15.0947 4760 usbohci - ok
15:51:16.0025 4760 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
15:51:16.0056 4760 usbprint - ok
15:51:16.0088 4760 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
15:51:16.0119 4760 usbscan - ok
15:51:16.0197 4760 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:51:16.0306 4760 USBSTOR - ok
15:51:16.0337 4760 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
15:51:16.0400 4760 usbuhci - ok
15:51:16.0478 4760 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
15:51:16.0556 4760 UxSms - ok
15:51:16.0571 4760 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
15:51:16.0602 4760 VaultSvc - ok
15:51:16.0680 4760 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
15:51:16.0696 4760 vdrvroot - ok
15:51:16.0743 4760 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
15:51:16.0805 4760 vds - ok
15:51:16.0852 4760 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
15:51:16.0883 4760 vga - ok
15:51:16.0930 4760 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
15:51:16.0961 4760 VgaSave - ok
15:51:17.0008 4760 VGPU - ok
15:51:17.0055 4760 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
15:51:17.0086 4760 vhdmp - ok
15:51:17.0102 4760 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
15:51:17.0117 4760 viaide - ok
15:51:17.0180 4760 [ 927CBC96C4635F235301411E530FB56E ] vididr C:\Windows\system32\DRIVERS\vididr.sys
15:51:17.0195 4760 vididr - ok
15:51:17.0289 4760 [ 88B4E5C396003BCF479CA4D9BE851D57 ] vidsflt C:\Windows\system32\DRIVERS\vidsflt.sys
15:51:17.0304 4760 vidsflt - ok
15:51:17.0351 4760 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
15:51:17.0382 4760 vmbus - ok
15:51:17.0382 4760 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
15:51:17.0445 4760 VMBusHID - ok
15:51:17.0476 4760 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
15:51:17.0492 4760 volmgr - ok
15:51:17.0523 4760 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
15:51:17.0554 4760 volmgrx - ok
15:51:17.0585 4760 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
15:51:17.0601 4760 volsnap - ok
15:51:17.0632 4760 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
15:51:17.0648 4760 vsmraid - ok
15:51:17.0694 4760 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
15:51:17.0788 4760 VSS - ok
15:51:17.0819 4760 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
15:51:17.0850 4760 vwifibus - ok
15:51:17.0882 4760 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
15:51:17.0960 4760 vwififlt - ok
15:51:18.0006 4760 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
15:51:18.0053 4760 W32Time - ok
15:51:18.0100 4760 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
15:51:18.0209 4760 WacomPen - ok
15:51:18.0303 4760 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
15:51:18.0334 4760 WANARP - ok
15:51:18.0365 4760 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
15:51:18.0443 4760 Wanarpv6 - ok
15:51:18.0615 4760 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
15:51:18.0677 4760 WatAdminSvc - ok
15:51:18.0724 4760 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
15:51:18.0786 4760 wbengine - ok
15:51:18.0818 4760 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
15:51:18.0833 4760 WbioSrvc - ok
15:51:18.0974 4760 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
15:51:19.0379 4760 wcncsvc - ok
15:51:19.0426 4760 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:51:19.0442 4760 WcsPlugInService - ok
15:51:19.0457 4760 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
15:51:19.0473 4760 Wd - ok
15:51:19.0535 4760 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
15:51:19.0566 4760 Wdf01000 - ok
15:51:19.0644 4760 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
15:51:19.0676 4760 WdiServiceHost - ok
15:51:19.0676 4760 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
15:51:19.0707 4760 WdiSystemHost - ok
15:51:19.0754 4760 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
15:51:19.0785 4760 WebClient - ok
15:51:19.0832 4760 [ D5BA7D43FA2EF656BF7E98A188391E40 ] Wecsvc C:\Windows\system32\wecsvc.dll
15:51:19.0863 4760 Wecsvc - ok
15:51:19.0910 4760 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
15:51:19.0988 4760 wercplsupport - ok
15:51:20.0112 4760 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
15:51:20.0175 4760 WerSvc - ok
15:51:20.0456 4760 [ 19F78853CF7E4E567CCD87D67693031B ] wfcs C:\Program Files\Windows Firewall Control\wfcs.exe
15:51:20.0471 4760 wfcs - ok
15:51:20.0721 4760 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
15:51:20.0830 4760 WfpLwf - ok
15:51:20.0986 4760 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
15:51:21.0017 4760 WIMMount - ok
15:51:21.0048 4760 WinDefend - ok
15:51:21.0189 4760 WinHttpAutoProxySvc - ok
15:51:21.0438 4760 [ 136760C1E9697BAF4ECDEAE5590A0806 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
15:51:21.0454 4760 Winmgmt - ok
15:51:21.0610 4760 [ 3BB6B401A780BF434C8F58137DE10BF7 ] WinRM C:\Windows\system32\WsmSvc.dll
15:51:21.0735 4760 WinRM - ok
15:51:22.0000 4760 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
15:51:22.0047 4760 WinUsb - ok
15:51:22.0094 4760 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
15:51:22.0125 4760 Wlansvc - ok
15:51:22.0250 4760 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
15:51:22.0281 4760 WmiAcpi - ok
15:51:22.0328 4760 [ 4DF841632B62A7CF19A79A05046A8AB1 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
15:51:22.0343 4760 wmiApSrv - ok
15:51:22.0452 4760 WMPNetworkSvc - ok
15:51:22.0530 4760 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
15:51:22.0546 4760 WPCSvc - ok
15:51:22.0577 4760 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
15:51:22.0608 4760 WPDBusEnum - ok
15:51:22.0655 4760 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
15:51:22.0686 4760 ws2ifsl - ok
15:51:22.0718 4760 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
15:51:22.0764 4760 wscsvc - ok
15:51:22.0780 4760 WSearch - ok
15:51:22.0952 4760 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
15:51:22.0998 4760 wuauserv - ok
15:51:23.0045 4760 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
15:51:23.0061 4760 WudfPf - ok
15:51:23.0108 4760 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
15:51:23.0123 4760 WUDFRd - ok
15:51:23.0201 4760 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
15:51:23.0217 4760 wudfsvc - ok
15:51:23.0248 4760 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
15:51:23.0264 4760 WwanSvc - ok
15:51:23.0435 4760 [ 8A5273D9048FB6B75EE5181C3E5D74B0 ] xrdd.exe C:\Program Files (x86)\X-Rite\Devices\Services\xrdd.exe
15:51:23.0451 4760 xrdd.exe - ok
15:51:23.0561 4760 [ A107BDCFE7CF82CF60F2653C5F2FF3A8 ] ZoneAlarmBackup Service C:\ZoneAlarmBackup\ZABackup Service.exe
15:51:23.0561 4760 ZoneAlarmBackup Service ( UnsignedFile.Multi.Generic ) - warning
15:51:23.0561 4760 ZoneAlarmBackup Service - detected UnsignedFile.Multi.Generic (1)
15:51:23.0670 4760 ================ Scan global ===============================
15:51:23.0717 4760 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
15:51:24.0497 4760 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
15:51:24.0513 4760 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
15:51:24.0575 4760 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
15:51:24.0637 4760 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
15:51:24.0637 4760 [Global] - ok
15:51:24.0637 4760 ================ Scan MBR ==================================
15:51:24.0653 4760 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
15:51:25.0495 4760 \Device\Harddisk0\DR0 - ok
15:51:25.0511 4760 [ E64B2A49894D1FD5A0201870E3E41A51 ] \Device\Harddisk1\DR1
15:51:25.0636 4760 \Device\Harddisk1\DR1 - ok
15:51:25.0651 4760 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk2\DR0
15:51:25.0651 4760 \Device\Harddisk2\DR0 - ok
15:51:25.0651 4760 ================ Scan VBR ==================================
15:51:25.0651 4760 [ 91CA6712131845DC78D6C19C878AE51F ] \Device\Harddisk0\DR0\Partition1
15:51:25.0651 4760 \Device\Harddisk0\DR0\Partition1 - ok
15:51:25.0667 4760 [ 7301DD4F2B4EB4E2334F7ADD5BC9F278 ] \Device\Harddisk1\DR1\Partition1
15:51:25.0667 4760 \Device\Harddisk1\DR1\Partition1 - ok
15:51:25.0667 4760 [ 003AE4F014B88F19131378200011555F ] \Device\Harddisk2\DR0\Partition1
15:51:25.0667 4760 \Device\Harddisk2\DR0\Partition1 - ok
15:51:25.0667 4760 ============================================================
15:51:25.0667 4760 Scan finished
15:51:25.0667 4760 ============================================================
15:51:25.0714 2944 Detected object count: 3
15:51:25.0714 2944 Actual detected object count: 3
15:51:52.0193 2944 DNSCrypt ( UnsignedFile.Multi.Generic ) - skipped by user
15:51:52.0193 2944 DNSCrypt ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:51:52.0193 2944 MDM ( UnsignedFile.Multi.Generic ) - skipped by user
15:51:52.0193 2944 MDM ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:51:52.0193 2944 ZoneAlarmBackup Service ( UnsignedFile.Multi.Generic ) - skipped by user
15:51:52.0193 2944 ZoneAlarmBackup Service ( UnsignedFile.Multi.Generic ) - User select action: Skip

----------------------------------
ESET online Scanner log
------------------------------------
C:\$Recycle.Bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RFT65PW.exe a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Users\Sundars\Downloads\SetupImgBurn_2.5.7.0.exe a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
D:\DownloadSW\IDRIVE\G970X DRIVERS\SetupBatteryCare.zip Win32/OpenCandy application deleted - quarantined
D:\DownloadSW\Utility\FreeStudio.exe multiple threats cleaned by deleting - quarantined
F:\Windows TMP\is-81AGD.tmp\OCSetupHlp.dll Win32/OpenCandy application cleaned by deleting - quarantined

Attached Thumbnails

  • VTRHash1.jpg

  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,799 posts
  • MVP
What date and approximate time did you click on your attachment?

Copy the text in the code box by highlighting and Ctrl + c

:OTL
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C6FE4E93-3C13-4C10-AE40-508A39FC0C1A}: NameServer = 127.0.0.1
[2013/01/29 10:56:46 | 000,000,000 | -H-D | C] -- C:\ProgramData\~0

:files
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000

:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]


then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it into a reply.
It appears that Old Timer is now hiding the log in c:\_OTL\MovedFiles\02272013-some number.log so look there if you don't see it.



Download aswMBR.exe to your desktop.
Right click aswMBR.exe and Run as Administrator
uncheck trace disk IO calls
Click the "Scan" button to start scan (Accept the Avast Engine)
On completion of the scan if the Fix button is enabled (not the FixMBR button) press it and then run a new scan and click save log, save it to your desktop and post in your next reply
If the Fix button is not enabled then just click save log, save it to your desktop and post in your next reply

ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Download the adwCleaner

  • Run the Tool
    Windows Vista and Windows 7 users:
    Right click in the adwCleaner.exe and select the option
    Posted Image
  • Select the Delete button.
  • When the scan completes, it will open a notepad windows.
  • Please, copy the content of this file in your next reply.

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc  /scannow

(Does this complain that it could not fix all of your files?)


Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.

Reboot


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application. VEW will overwrite the log at C:\vew.txt each time it runs so either post your System results before running VEW for Applications or copy the file c:\vew.txt to a new location.


Copy the text in the code box:

DRIVES
nnetsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\assembly\GAC_32\*.ini
%systemroot%\assembly\GAC_64\*.ini
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
pnrpnsp.dll 
nwprovau.dll
nlaapi.dll
napinsp.dll
mswsock.dll
winrnr.dll
wshelper.dll
services.exe
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemdrive%\$Recycle.Bin|@;true;true;true /fp
%systemroot%\system32\drivers\*.sys /lockedfiles
hklm\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls /rs 
hkcu\SOFTWARE\APPDATALOW /rs
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.



Download, Save and Run (win 7 or Vista => Right click and Run as Admin.) farbar service scanner

Posted Image

Tick "All" options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.

Ron
  • 0

#3
SSri09

SSri09

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 144 posts
Many thanks for your help!

What date and approximate time did you click on your attachment?


Sorry. I should have mentioned in my post. It was yesterday between 14:00 and 17:00. I did all those scans immediately after that incident.

All logs are posted as separately for convenience. I am unable to complete the final OTL scan logs as it is stuck on one registry (HKEY_Local_Machine/Software/Microsoft/Windows NT/Current Version/Perflib/log/help.... I think the keys pertain to the performance library help logs. It got stuck initially for about 30 minutes and hung. I cancelled and rerunning. It is stuck on this key for about 20 minutes.
  • 0

#4
SSri09

SSri09

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 144 posts

:OTL
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C6FE4E93-3C13-4C10-AE40-508A39FC0C1A}: NameServer = 127.0.0.1
[2013/01/29 10:56:46 | 000,000,000 | -H-D | C] -- C:\ProgramData\~0

:files
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000

:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]


========== OTL ==========
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C6FE4E93-3C13-4C10-AE40-508A39FC0C1A}\\NameServer| /E : value set successfully!
C:\ProgramData\~0 folder moved successfully.
========== FILES ==========
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RY5ANLX folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RY4MAPM\_ folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RY4MAPM\z folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RY4MAPM\y folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RY4MAPM\x folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RY4MAPM\WatchLists folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RY4MAPM\w folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RY4MAPM\v folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RY4MAPM\u folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RY4MAPM\t folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RY4MAPM\Scripts folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RY4MAPM\s folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RY4MAPM\r folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RY4MAPM\q folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RY4MAPM\p folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RY4MAPM\o folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RY4MAPM\n folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RY4MAPM\m folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RY4MAPM\Layouts folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RY4MAPM\l folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RY4MAPM\k folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RY4MAPM\j folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RY4MAPM\i folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RY4MAPM\h folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RY4MAPM\g folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RY4MAPM\f folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RY4MAPM\e folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RY4MAPM\d folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RY4MAPM\c folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RY4MAPM\b folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RY4MAPM\a folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RY4MAPM\9 folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RY4MAPM\8 folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RY4MAPM\7 folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RY4MAPM\6 folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RY4MAPM\5 folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RY4MAPM\4 folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RY4MAPM\3 folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RY4MAPM\2 folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RY4MAPM\1 folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RY4MAPM\0 folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RY4MAPM folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RWRYYJ8\Systems folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RWRYYJ8\Report Charts folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RWRYYJ8\Indicators folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RWRYYJ8\Include folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RWRYYJ8\Formulas\Trading System Testing\Trailing Stop\Unchanged Trail Stop folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RWRYYJ8\Formulas\Trading System Testing\Trailing Stop folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RWRYYJ8\Formulas\Trading System Testing\Test further - Good result folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RWRYYJ8\Formulas\Trading System Testing folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RWRYYJ8\Formulas\TPSig_optimise results folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RWRYYJ8\Formulas\TPQuant - Testing folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RWRYYJ8\Formulas\Times Cycles\Spectral folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RWRYYJ8\Formulas\Times Cycles\Include folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RWRYYJ8\Formulas\Times Cycles\Fractal Dimension folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RWRYYJ8\Formulas\Times Cycles\Ehler folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RWRYYJ8\Formulas\Times Cycles folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RWRYYJ8\Formulas\Temp folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RWRYYJ8\Formulas\Systems folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RWRYYJ8\Formulas\Report Charts folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RWRYYJ8\Formulas\Quantech - Shortlisted for use\Short List folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RWRYYJ8\Formulas\Quantech - Shortlisted for use\Near Final - check again folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RWRYYJ8\Formulas\Quantech - Shortlisted for use\IMPORTANT - EXPLORE AGAIN folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RWRYYJ8\Formulas\Quantech - Shortlisted for use\Further Testing folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RWRYYJ8\Formulas\Quantech - Shortlisted for use\CHECK AND FINE TUNE - 29 NOV 2012 folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RWRYYJ8\Formulas\Quantech - Shortlisted for use\Almot Final folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RWRYYJ8\Formulas\Quantech - Shortlisted for use folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RWRYYJ8\Formulas\Quant System - Bandy Book\QTS_Book_Code folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RWRYYJ8\Formulas\Quant System - Bandy Book folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RWRYYJ8\Formulas\Quant Models - Not USED IN ABROKER folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RWRYYJ8\Formulas\Indicators folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RWRYYJ8\Formulas\Include folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RWRYYJ8\Formulas\Hurst folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RWRYYJ8\Formulas\For Trading Test - 30 Nov 2012 folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RWRYYJ8\Formulas\ExportData folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RWRYYJ8\Formulas\Equity folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RWRYYJ8\Formulas\Drag-drop folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RWRYYJ8\Formulas\Custom\Quant System folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RWRYYJ8\Formulas\Custom\Lucas folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RWRYYJ8\Formulas\Custom\EW folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RWRYYJ8\Formulas\Custom\Cycle folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RWRYYJ8\Formulas\Custom\backtesting example folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RWRYYJ8\Formulas\Custom\Autotrade-Text-P&L folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RWRYYJ8\Formulas\Custom folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RWRYYJ8\Formulas\Basic Charts folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RWRYYJ8\Formulas\Bands folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RWRYYJ8\Formulas\backtesting example folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RWRYYJ8\Formulas\Averages folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RWRYYJ8\Formulas\ACCOUNT folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RWRYYJ8\Formulas\ABQuantAFL folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RWRYYJ8\Formulas folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RWRYYJ8\Exploration folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RWRYYJ8\Equity folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RWRYYJ8\Drag-drop folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RWRYYJ8\Custom folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RWRYYJ8\Basic Charts folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RWRYYJ8\Bands folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RWRYYJ8\Averages folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RWRYYJ8 folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RW0K5JI folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RTC7SHC\Tools\EZ_SireFix folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RTC7SHC\Tools folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RTC7SHC folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RSFYH16\_ folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RSFYH16\z folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RSFYH16\y folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RSFYH16\x folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RSFYH16\WatchLists folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RSFYH16\w folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RSFYH16\v folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RSFYH16\u folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RSFYH16\t folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RSFYH16\s folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RSFYH16\r folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RSFYH16\q folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RSFYH16\p folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RSFYH16\o folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RSFYH16\n folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RSFYH16\m folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RSFYH16\Layouts folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RSFYH16\l folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RSFYH16\k folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RSFYH16\j folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RSFYH16\i folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RSFYH16\h folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RSFYH16\g folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RSFYH16\f folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RSFYH16\e folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RSFYH16\d folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RSFYH16\c folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RSFYH16\b folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RSFYH16\a folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RSFYH16\9 folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RSFYH16\8 folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RSFYH16\7 folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RSFYH16\6 folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RSFYH16\5 folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RSFYH16\4 folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RSFYH16\3 folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RSFYH16\2 folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RSFYH16\1 folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RSFYH16\0 folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RSFYH16 folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RRDSQ7B folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RPIYC1Q\Notes folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RPIYC1Q\Layouts folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RPIYC1Q\Formulas\Drag-drop folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RPIYC1Q\Formulas\Custom folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RPIYC1Q\Formulas folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RPIYC1Q\Data\WatchLists folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RPIYC1Q\Data\Layouts folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RPIYC1Q\Data folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RPIYC1Q folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RPFMBJD\Drag-drop folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RPFMBJD\Custom folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RPFMBJD folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RN4BYM3 folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RLD5T4G folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RK6OO70\VBBandWrapNewSL051212-20121206062532426 folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RK6OO70\TEST-20130129071022003 folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RK6OO70\TEST-20130121071122679 folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RK6OO70\TEST-20121206062953988 folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RK6OO70\ATR TRADE-20121018084430640 folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RK6OO70 folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RJWHK5S folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RIBI24W folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RHMNYBZ folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RFIREYL\WatchLists folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RFIREYL\Layouts folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RFIREYL folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RDATOBM folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RC65CCW\Futures-PremiumData\_ folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RC65CCW\Futures-PremiumData\z folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RC65CCW\Futures-PremiumData\y folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RC65CCW\Futures-PremiumData\x folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RC65CCW\Futures-PremiumData\WatchLists folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RC65CCW\Futures-PremiumData\w folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RC65CCW\Futures-PremiumData\v folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RC65CCW\Futures-PremiumData\u folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RC65CCW\Futures-PremiumData\t folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RC65CCW\Futures-PremiumData\Scripts folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RC65CCW\Futures-PremiumData\s folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RC65CCW\Futures-PremiumData\r folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RC65CCW\Futures-PremiumData\q folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RC65CCW\Futures-PremiumData\p folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RC65CCW\Futures-PremiumData\o folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RC65CCW\Futures-PremiumData\n folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RC65CCW\Futures-PremiumData\m folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RC65CCW\Futures-PremiumData\Layouts folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RC65CCW\Futures-PremiumData\l folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RC65CCW\Futures-PremiumData\k folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RC65CCW\Futures-PremiumData\j folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RC65CCW\Futures-PremiumData\i folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RC65CCW\Futures-PremiumData\h folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RC65CCW\Futures-PremiumData\g folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RC65CCW\Futures-PremiumData\f folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RC65CCW\Futures-PremiumData\e folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RC65CCW\Futures-PremiumData\d folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RC65CCW\Futures-PremiumData\c folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RC65CCW\Futures-PremiumData\b folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RC65CCW\Futures-PremiumData\a folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RC65CCW\Futures-PremiumData\9 folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RC65CCW\Futures-PremiumData\8 folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RC65CCW\Futures-PremiumData\7 folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RC65CCW\Futures-PremiumData\6 folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RC65CCW\Futures-PremiumData\5 folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RC65CCW\Futures-PremiumData\4 folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RC65CCW\Futures-PremiumData\3 folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RC65CCW\Futures-PremiumData\2 folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RC65CCW\Futures-PremiumData\1 folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RC65CCW\Futures-PremiumData\0 folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RC65CCW\Futures-PremiumData folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RC65CCW folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$R91AM1I\Sample Album folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$R91AM1I folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$R1014B6 folder moved successfully.
C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000 folder moved successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Public

User: Sundars
->Flash cache emptied: 506 bytes

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Public

User: Sundars
->Java cache emptied: 38852751 bytes

Total Java Files Cleaned = 37.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 02282013_083437
  • 0

#5
SSri09

SSri09

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 144 posts

aswmbr


aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-02-28 09:00:35
-----------------------------
09:00:35.875 OS Version: Windows x64 6.1.7601 Service Pack 1
09:00:35.875 Number of processors: 4 586 0x170A
09:00:35.875 ComputerName: SUNDARS-PC UserName: Sundars
09:00:37.482 Initialize success
09:01:16.447 AVAST engine defs: 13022800
09:01:44.589 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
09:01:44.589 Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 8
09:01:44.589 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
09:01:44.589 Disk 1 Vendor: Intel___ 1.0. Size: 1430812MB BusType: 8
09:01:44.589 Disk 2 \Device\Harddisk2\DR0 -> \Device\0000000a
09:01:44.589 Disk 2 Vendor: ( Size: 4092MB BusType: 0
09:01:44.683 Disk 0 MBR read successfully
09:01:44.683 Disk 0 MBR scan
09:01:44.698 Disk 0 Windows 7 default MBR code
09:01:44.698 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476937 MB offset 63
09:01:45.666 Disk 0 scanning C:\Windows\system32\drivers
09:01:58.941 Service scanning
09:02:33.355 Modules scanning
09:02:34.431 AVAST engine scan C:\Windows
09:02:37.957 AVAST engine scan C:\Windows\system32
09:08:11.517 AVAST engine scan C:\Windows\system32\drivers
09:08:36.477 AVAST engine scan C:\Users\Sundars
09:13:54.266 AVAST engine scan C:\ProgramData
09:16:09.722 Scan finished successfully
09:16:56.772 Disk 0 MBR has been saved successfully to "C:\Users\Sundars\Desktop\GeeksFeb13\MBR.dat"
09:16:56.787 The log file has been saved successfully to "C:\Users\Sundars\Desktop\GeeksFeb13\aswMBR1.txt"

Combofix

ComboFix 13-02-26.01 - Sundars 28/02/2013 9:27.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.28671.21425 [GMT 0:00]
Running from: c:\users\Sundars\Desktop\GeeksFeb13\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
ADS - Windows: deleted 192 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Sundars\ResourceReader.dll
.
.
((((((((((((((((((((((((( Files Created from 2013-01-28 to 2013-02-28 )))))))))))))))))))))))))))))))
.
.
2013-02-28 09:32 . 2013-02-28 09:32 -------- d-----w- c:\users\Sundars\AppData\Local\temp
2013-02-28 09:32 . 2013-02-28 09:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-02-28 09:19 . 2013-02-28 09:19 -------- d-----w- c:\program files\WhoCrashed
2013-02-28 08:34 . 2013-02-28 08:34 -------- d-----w- C:\_OTL
2013-02-28 03:29 . 2013-02-08 00:28 9162192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1DCB53B6-5695-4423-9C6D-D65BF9A64984}\mpengine.dll
2013-02-27 21:10 . 2013-02-27 21:10 -------- d-----w- c:\users\Sundars\AppData\Local\Zemana
2013-02-27 21:10 . 2013-02-27 21:10 45368 ----a-w- c:\windows\system32\drivers\AntiLog64.sys
2013-02-27 21:10 . 2013-02-27 21:10 -------- dc-h--w- c:\programdata\{A62AB9D5-FDCF-49B1-9F0A-F80A3E614529}
2013-02-27 21:10 . 2013-02-27 21:10 -------- d-----w- c:\program files (x86)\AntiLogger
2013-02-26 18:15 . 2013-02-08 00:28 9162192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-02-24 16:56 . 2013-02-24 16:56 -------- d-----w- c:\users\Sundars\AppData\Roaming\PDF Architect
2013-02-24 16:08 . 2013-02-24 16:08 -------- d-----w- c:\program files (x86)\PDF Architect
2013-02-24 16:08 . 2013-02-24 16:08 -------- d-----w- c:\users\Sundars\AppData\Roaming\pdfforge
2013-02-24 16:07 . 2012-05-05 10:54 137000 ----a-w- c:\windows\SysWow64\MSMAPI32.OCX
2013-02-24 16:06 . 2013-01-11 11:39 103936 ----a-w- c:\windows\system32\pdfcmon.dll
2013-02-24 16:06 . 2013-02-24 16:08 -------- d-----w- c:\program files (x86)\PDFCreator
2013-02-24 16:06 . 2012-05-05 10:54 23552 ----a-w- c:\windows\SysWow64\MSMPIDE.DLL
2013-02-22 03:35 . 2013-02-22 03:35 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-02-22 03:34 . 2013-02-22 03:34 310688 ----a-w- c:\windows\system32\javaws.exe
2013-02-22 03:34 . 2013-02-22 03:34 108448 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2013-02-22 03:34 . 2013-02-22 03:34 188832 ----a-w- c:\windows\system32\javaw.exe
2013-02-22 03:34 . 2013-02-22 03:34 188320 ----a-w- c:\windows\system32\java.exe
2013-02-22 03:34 . 2013-02-22 03:34 -------- d-----w- c:\program files\Java
2013-02-15 22:31 . 2013-02-15 22:31 186432 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2013-02-15 22:31 . 2013-02-15 22:31 186432 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2013-02-15 03:03 . 2013-01-09 01:10 996352 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-15 03:03 . 2013-01-08 22:01 768000 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-14 11:18 . 2013-02-28 08:07 -------- d-----w- c:\program files\AmiBroker
2013-02-14 11:13 . 2013-01-05 05:53 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-02-14 11:13 . 2013-01-05 05:00 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-02-14 11:13 . 2013-01-05 05:00 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-02-14 11:13 . 2013-01-04 03:26 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-02-14 11:12 . 2013-01-04 05:46 215040 ----a-w- c:\windows\system32\winsrv.dll
2013-02-14 11:12 . 2013-01-04 04:51 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-02-14 11:12 . 2013-01-04 02:47 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-02-14 11:12 . 2013-01-04 02:47 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-02-14 11:12 . 2013-01-04 02:47 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-02-14 11:12 . 2013-01-04 02:47 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-02-14 11:12 . 2013-01-03 06:00 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-02-14 11:12 . 2013-01-03 06:00 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2013-02-14 08:49 . 2013-02-14 08:49 -------- d-----w- c:\programdata\VS Revo Group
2013-02-11 21:15 . 2013-02-11 21:15 -------- d-----w- c:\users\Sundars\AppData\Roaming\MAPILab Ltd
2013-02-11 21:09 . 2013-02-11 21:09 69632 ----a-r- c:\users\Sundars\AppData\Roaming\Microsoft\Installer\{B008D66F-B796-4C06-B707-932F0B225531}\NewShortcut3_B008D66FB7964C06B707932F0B225531.exe
2013-02-11 21:09 . 2013-02-11 21:09 65536 ----a-r- c:\users\Sundars\AppData\Roaming\Microsoft\Installer\{B008D66F-B796-4C06-B707-932F0B225531}\NewShortcut4_B008D66FB7964C06B707932F0B225531.exe
2013-02-11 21:09 . 2013-02-11 21:09 40960 ----a-r- c:\users\Sundars\AppData\Roaming\Microsoft\Installer\{B008D66F-B796-4C06-B707-932F0B225531}\NewShortcut3_B008D66FB7964C06B707932F0B225531_1.exe
2013-02-11 21:09 . 2013-02-11 21:09 1816316 ----a-r- c:\users\Sundars\AppData\Roaming\Microsoft\Installer\{B008D66F-B796-4C06-B707-932F0B225531}\tour1.exe_B008D66FB7964C06B707932F0B225531.exe
2013-02-11 21:09 . 2013-02-11 21:09 65536 ----a-r- c:\users\Sundars\AppData\Roaming\Microsoft\Installer\{B008D66F-B796-4C06-B707-932F0B225531}\ARPPRODUCTICON.exe
2013-02-11 21:09 . 2013-02-11 21:09 -------- d-----w- c:\program files (x86)\MAPILab Ltd
2013-02-11 21:09 . 2013-02-11 21:09 -------- d-----w- c:\program files (x86)\Common Files\Outlook Security Manager
2013-02-11 21:09 . 2013-02-11 21:09 -------- d-----w- c:\program files (x86)\Common Files\MAPILab Ltd
2013-02-11 21:08 . 2013-02-11 21:08 -------- d-----w- c:\windows\Downloaded Installations
2013-02-07 14:22 . 2013-02-07 14:22 -------- d-----w- c:\users\Sundars\AppData\Roaming\FEXTrader
2013-02-07 14:19 . 2013-02-26 23:01 -------- d-----w- c:\program files (x86)\AlpariUK
2013-02-04 16:46 . 2013-02-04 16:46 -------- d-----w- c:\users\Sundars\AppData\Roaming\Saxo Bank
2013-02-04 16:46 . 2013-02-04 16:46 -------- d-----w- c:\users\Sundars\AppData\Local\Saxo Bank
2013-01-31 20:20 . 2013-01-31 20:20 -------- d-----w- c:\program files (x86)\Saxo Bank
2013-01-29 13:46 . 2013-01-29 13:46 -------- d-----w- c:\users\Sundars\AppData\Roaming\FXTS2
2013-01-29 13:46 . 2013-01-29 13:46 -------- dc-h--w- c:\programdata\{38A62063-1033-4FC5-9C3A-95CC87213C6E}
2013-01-29 10:56 . 2013-01-29 13:46 -------- d-----w- c:\program files (x86)\Candleworks
2013-01-29 10:56 . 2013-01-29 10:56 -------- d-----w- c:\users\Sundars\AppData\Local\PackageAware
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-27 23:15 . 2012-08-30 10:58 71024 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-27 23:15 . 2012-08-30 10:58 691568 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-02-22 03:35 . 2012-09-15 19:20 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-02-22 03:35 . 2012-09-15 19:20 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-02-22 03:34 . 2012-09-15 19:23 963488 ----a-w- c:\windows\system32\deployJava1.dll
2013-02-22 03:34 . 2012-09-15 19:23 1085344 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-02-15 03:04 . 2012-08-27 21:47 70004024 ----a-w- c:\windows\system32\MRT.exe
2013-01-30 10:53 . 2012-08-27 21:27 273840 ------w- c:\windows\system32\MpSigStub.exe
2013-01-20 15:59 . 2013-01-20 15:59 230320 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-01-20 15:59 . 2011-11-15 13:30 130008 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2013-01-14 10:40 . 2013-01-14 10:40 70152 ----a-w- c:\windows\SysWow64\NLSSRV32.EXE
2013-01-14 10:40 . 2013-01-16 18:13 29704 ----a-w- c:\windows\system32\nitrolocalmon2.dll
2013-01-14 10:40 . 2013-01-16 18:13 17928 ----a-w- c:\windows\system32\nitrolocalui2.dll
2013-01-04 04:43 . 2013-02-14 11:12 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-12-16 17:11 . 2012-12-22 03:00 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-22 03:00 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-22 03:00 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-22 03:00 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-14 16:49 . 2012-08-27 21:01 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-12 07:28 . 2012-12-12 07:28 86016 ----a-w- c:\windows\SysWow64\NtDirect.dll
2012-12-01 18:52 . 2012-12-01 18:52 13338112 ----a-w- c:\users\Sundars\PCPE_3.0.1.msi
2012-12-01 18:52 . 2012-12-01 18:52 626688 ----a-w- c:\users\Sundars\msvcr80.dll
2012-12-01 18:52 . 2012-12-01 18:52 21880 ----a-w- c:\users\Sundars\grm_res.dll
2012-12-01 18:52 . 2012-12-01 18:52 21880 ----a-w- c:\users\Sundars\fr_res.dll
2012-12-01 18:52 . 2012-12-01 18:52 21368 ----a-w- c:\users\Sundars\pt_res.dll
2012-12-01 18:52 . 2012-12-01 18:52 21368 ----a-w- c:\users\Sundars\it_res.dll
2012-12-01 18:52 . 2012-12-01 18:52 21368 ----a-w- c:\users\Sundars\es_res.dll
2012-12-01 18:52 . 2012-12-01 18:52 21368 ----a-w- c:\users\Sundars\en_res.dll
2012-12-01 18:52 . 2012-12-01 18:52 20856 ----a-w- c:\users\Sundars\ru_res.dll
2012-12-01 18:52 . 2012-12-01 18:52 20344 ----a-w- c:\users\Sundars\jp_res.dll
2012-12-01 18:52 . 2012-12-01 18:52 19832 ----a-w- c:\users\Sundars\zh_res.dll
2012-12-01 18:52 . 2012-12-01 18:52 13923704 ----a-w- c:\users\Sundars\PCPE Setup.exe
2012-12-01 18:52 . 2012-12-01 18:52 1079808 ----a-w- c:\users\Sundars\mfc80u.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm Backup Startup"="c:\zonealarmbackup\ZABackupStartup.exe" [2010-03-11 177680]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2012-12-16 765200]
"OpenDNS Updater"="c:\program files (x86)\OpenDNS Updater\OpenDNSUpdater.exe" [2010-06-16 839680]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-11-01 5629312]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-01-08 18705664]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"ANIWZCS2Service"="c:\program files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2009-10-19 102400]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"Display"="c:\program files (x86)\APC\PowerChute Personal Edition\DataCollectionLauncher.exe" [2012-01-24 284024]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"AntiLogger"="c:\program files (x86)\AntiLogger\AntiLogger.exe" [2012-12-04 14597616]
.
c:\users\Sundars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Sundars\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-1-20 28539272]
VTHash - Shortcut.lnk - c:\program files (x86)\Boredom Software\VT Hash Check\VTHash.exe [2012-10-25 5834896]
ZoneAlarm Backup Tray.lnk - c:\zonealarmbackup\ZABackupReg2ini.exe [2012-8-29 280080]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
APC UPS Status.lnk - c:\program files (x86)\APC\PowerChute Personal Edition\Display.exe [2012-1-24 271736]
OpenDNSCrypt.lnk - c:\windows\Installer\{DEF3592F-0751-4632-9875-8BF9AD602898}\_7245386387960A1D7D5229.exe [2012-9-26 4710]
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2012-11-26 573024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-07-08 123856]
R2 DNSCrypt;OpenDNSCrypt;c:\program files (x86)\OpenDNS\DNSCrypt\OpenDNSCryptService.exe [2012-08-31 14336]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2012-11-26 659040]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 31800]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-08-27 1255736]
S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys [2012-09-04 155272]
S0 tib_mounter;Acronis TIB Mounter;c:\windows\system32\DRIVERS\tib_mounter.sys [2012-09-04 1093256]
S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys [2012-09-04 228488]
S0 vidsflt;Acronis Disk Storage Filter;c:\windows\system32\DRIVERS\vidsflt.sys [2012-09-04 166024]
S1 anodlwf;ANOD Network Security Filter driver;c:\windows\system32\DRIVERS\anodlwfx.sys [2009-03-06 15872]
S1 AntiLog32;AntiLog32;c:\windows\system32\drivers\AntiLog64.sys [2013-02-27 45368]
S1 RapportCerberus_50414;RapportCerberus_50414;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_50414.sys [2013-02-15 585944]
S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2013-02-13 228760]
S1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2013-02-13 357272]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672]
S2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2012-09-04 3696632]
S2 ANIWConnService;ANIWConn Service;c:\windows\system32\ANIWConnService.exe [x]
S2 APC Data Service;APC Data Service;c:\program files (x86)\APC\PowerChute Personal Edition\dataserv.exe [2012-01-24 21880]
S2 NitroDriverReadSpool8;NitroPDFDriverCreatorReadSpool8;c:\program files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [2013-01-14 230408]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\NLSSRV32.EXE [2013-01-14 70152]
S2 PDF Architect Helper Service;PDF Architect Helper Service;c:\program files (x86)\PDF Architect\HelperService.exe [2013-01-09 1324104]
S2 PDF Architect Service;PDF Architect Service;c:\program files (x86)\PDF Architect\ConversionService.exe [2013-01-09 795208]
S2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2013-02-13 1124184]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2012-11-26 1225312]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-11-22 3290304]
S2 syncagentsrv;Acronis Sync Agent Service;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [2012-08-18 7017896]
S2 wfcs;Windows Firewall Control Service;c:\program files\Windows Firewall Control\wfcs.exe [2012-09-15 142488]
S2 xrdd.exe;X-Rite Device Services Manager;c:\program files (x86)\X-Rite\Devices\Services\xrdd.exe [2012-03-08 203600]
S2 ZoneAlarmBackup Service;ZoneAlarmBackup Service;c:\zonealarmbackup\ZABackup Service.exe [2012-03-27 143360]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2012-09-04 367200]
S3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2011-12-15 222904]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 17976]
S3 RAMDiskVE;RAMDiskVE;c:\windows\system32\Drivers\RAMDiskVE.sys [2012-09-06 73040]
S3 RapportIaso;RapportIaso;c:\programdata\trusteer\rapport\store\exts\rapportms\baseline\rapportiaso64.sys [2013-02-15 175352]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - RAPPORTIASO
*Deregistered* - aswMBR
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-30 23:15]
.
2013-02-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-03 14:37]
.
2013-02-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-03 14:37]
.
2013-02-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1436455705-2035571507-3517363761-1000Core.job
- c:\users\Sundars\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-14 14:37]
.
2013-02-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1436455705-2035571507-3517363761-1000UA.job
- c:\users\Sundars\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-14 14:37]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Sundars\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Sundars\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Sundars\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Sundars\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-07 1875048]
"Eraser"="c:\progra~1\Eraser\Eraser.exe" [2012-05-22 980920]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 208.67.222.222 208.67.220.220
TCP: Interfaces\{34D1FD84-4DBD-4397-A083-ECBEAD716994}: NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{C6FE4E93-3C13-4C10-AE40-508A39FC0C1A}: NameServer = 127.0.0.1
FF - ProfilePath -
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - c:\users\Sundars\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - c:\users\Sundars\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - c:\users\Sundars\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - c:\users\Sundars\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
ShellIconOverlayIdentifiers-{934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} - (no file)
ShellIconOverlayIdentifiers-{00F848DC-B1D4-4892-9C25-CAADC86A215D} - (no file)
ShellIconOverlayIdentifiers-{71573297-552E-46fc-BE3D-3DFAF88D47B7} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-02-28 09:34:59
ComboFix-quarantined-files.txt 2013-02-28 09:34
.
Pre-Run: 400,868,077,568 bytes free
Post-Run: 400,310,992,896 bytes free
.
- - End Of File - - BFE20ECD34A08933558E2543E5FBC0A4
  • 0

#6
SSri09

SSri09

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 144 posts

adw cleaner

# AdwCleaner v2.113 - Logfile created 02/28/2013 at 09:53:22
# Updated 23/02/2013 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : Sundars - SUNDARS-PC
# Boot Mode : Normal
# Running from : C:\Users\Sundars\Desktop\GeeksFeb13\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\Sundars\AppData\Roaming\pdfforge

***** [Registry] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16464

[OK] Registry is clean.

-\\ Mozilla Firefox v19.0 (en-GB)

-\\ Google Chrome v25.0.1364.97

File : C:\Users\Sundars\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S2].txt - [1310 octets] - [28/02/2013 09:53:22]

########## EOF - C:\AdwCleaner[S2].txt - [1370 octets] ##########
  • 0

#7
SSri09

SSri09

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 144 posts

sfc /scannnow



It could not fix all errors. The logs are too big to post. The site did not allow me to post it for length reasons. I am attaching the log of sfc scannow as a txt.

VEW System


Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 28/02/2013 10:18:25

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 28/02/2013 10:15:11
Type: Warning Category: 0
Event: 4 Source: b57nd60a
Broadcom NetXtreme Gigabit Ethernet #2: The network link is down. Check to make sure the network cable is properly connected.

Log: 'System' Date/Time: 28/02/2013 10:13:31
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.


Vew App


Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 28/02/2013 10:19:36

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FSS


Farbar Service Scanner Version: 20-02-2013
Ran by Sundars (administrator) on 28-02-2013 at 11:21:47
Running from "C:\Users\Sundars\Desktop\GeeksFeb13"
Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

OTL scan


It is still scanning but past the perflib/log/help...key....I will post these logs when the scan is complete.

thanks
  • 0

#8
SSri09

SSri09

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 144 posts
The sfc scannow log is attached. The txt file size is about 5mb. I am therefore attaching as a zip file. You may download if you think it is relevant. thanks.

Attached Files


  • 0

#9
SSri09

SSri09

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 144 posts
Is the OTL scan (extra registry - all) expected to take a lot of time plesae? It is stuck in HKLM/System/CCS/Ser/rdyboost/para/Bootplan for more than 45 minutes....!
  • 0

#10
SSri09

SSri09

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 144 posts
It is still stuck on the same key!
  • 0

Advertisements


#11
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,799 posts
  • MVP
OK. Sorry about the OTL scan hanging. I modified it recently and I guess it didn't like my change.

SFC is complaining about ramdisk.sys. Says it's missing. Let's try another custom OTL scan but without my recent changes.

Download OTL from
http://www.geekstogo...timers-list-it/
and Save it to your desktop.


Copy the text in the code box:

DRIVES
nnetsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\assembly\GAC_32\*.ini
%systemroot%\assembly\GAC_64\*.ini
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
ramdisk.sys
rsvpsp.dll
pnrpnsp.dll 
nwprovau.dll
nlaapi.dll
napinsp.dll
mswsock.dll
winrnr.dll
wshelper.dll
services.exe
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
user32.dll
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%ProgramFiles%\WINDOWS NT\*.* /s
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.
  • 0

#12
SSri09

SSri09

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 144 posts
Thanks. The logs are

OTL


OTL logfile created on: 28/02/2013 17:19:47 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Sundars\Desktop\GeeksFeb13
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

28.00 Gb Total Physical Memory | 20.31 Gb Available Physical Memory | 72.54% Memory free
56.00 Gb Paging File | 48.34 Gb Available in Paging File | 86.32% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.76 Gb Total Space | 372.80 Gb Free Space | 80.04% Space Free | Partition Type: NTFS
Drive D: | 1397.27 Gb Total Space | 1268.05 Gb Free Space | 90.75% Space Free | Partition Type: NTFS
Drive F: | 3.99 Gb Total Space | 3.28 Gb Free Space | 82.26% Space Free | Partition Type: NTFS
Drive G: | 1.88 Gb Total Space | 1.62 Gb Free Space | 86.24% Space Free | Partition Type: NTFS

Computer Name: SUNDARS-PC | User Name: Sundars | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/02/28 17:14:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sundars\Desktop\GeeksFeb13\OTL.exe
PRC - [2013/02/13 09:18:54 | 002,115,416 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
PRC - [2013/02/13 09:18:54 | 001,124,184 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2013/01/20 19:29:18 | 028,539,272 | ---- | M] (Dropbox, Inc.) -- C:\Users\Sundars\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013/01/14 10:40:56 | 000,070,152 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\NLSSRV32.EXE
PRC - [2012/12/18 14:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/12/04 16:25:57 | 014,597,616 | ---- | M] (Zemana Ltd.) -- C:\Program Files (x86)\AntiLogger\AntiLogger.exe
PRC - [2012/11/26 14:09:22 | 001,225,312 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psia.exe
PRC - [2012/11/26 14:09:20 | 000,573,024 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
PRC - [2012/09/04 18:06:07 | 003,696,632 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2012/08/31 09:03:00 | 000,537,918 | ---- | M] () -- C:\Program Files (x86)\OpenDNS\DNSCrypt\dnscrypt-proxy.exe
PRC - [2012/08/31 09:03:00 | 000,098,072 | ---- | M] (OpenDNS) -- C:\Program Files (x86)\OpenDNS\DNSCrypt\OpenDNSInterface.exe
PRC - [2012/08/31 09:03:00 | 000,014,336 | ---- | M] () -- C:\Program Files (x86)\OpenDNS\DNSCrypt\OpenDNSCryptService.exe
PRC - [2012/08/18 20:23:46 | 007,017,896 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
PRC - [2012/03/27 14:23:38 | 000,143,360 | ---- | M] (Pro Softnet Corporation) -- C:\ZoneAlarmBackup\ZABackup Service.exe
PRC - [2012/03/27 14:21:12 | 000,036,864 | ---- | M] (Pro Softnet Corp.) -- C:\ZoneAlarmBackup\ZABackupBackground.exe
PRC - [2012/03/27 14:14:46 | 001,994,752 | ---- | M] (Pro Softnet Corp.) -- C:\ZoneAlarmBackup\ZABackupTray.exe
PRC - [2012/03/08 11:25:18 | 000,203,600 | ---- | M] (X-Rite Inc.) -- C:\Program Files (x86)\X-Rite\Devices\Services\xrdd.exe
PRC - [2012/01/24 16:21:22 | 000,021,880 | ---- | M] (Schneider Electric) -- C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe
PRC - [2012/01/24 16:11:56 | 000,705,912 | ---- | M] (Schneider Electric) -- C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe
PRC - [2012/01/24 16:06:48 | 000,673,144 | ---- | M] (Schneider Electric) -- C:\Program Files (x86)\APC\PowerChute Personal Edition\apcsystray.exe
PRC - [2010/06/16 21:42:58 | 000,839,680 | ---- | M] () -- C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe
PRC - [2009/10/19 18:53:02 | 000,102,400 | ---- | M] (Wireless Service) -- C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe
PRC - [2009/02/11 17:57:14 | 000,147,456 | ---- | M] () -- C:\Windows\SysWOW64\ANIWConnService.exe


========== Modules (No Company Name) ==========

MOD - [2013/02/15 03:32:58 | 000,557,368 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
MOD - [2013/02/15 03:31:02 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\7ff638de44686eab4afaa8b3c8a9cfca\System.ServiceProcess.ni.dll
MOD - [2013/02/15 03:30:30 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll
MOD - [2013/01/10 03:37:10 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll
MOD - [2013/01/10 03:30:55 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013/01/10 03:30:51 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013/01/10 03:30:48 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013/01/10 03:30:36 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013/01/10 03:30:31 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2012/08/27 20:15:27 | 008,007,680 | ---- | M] () -- C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
MOD - [2012/06/27 14:09:06 | 000,557,056 | ---- | M] () -- C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
MOD - [2012/05/30 19:06:48 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/05/30 19:06:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/06/16 21:42:58 | 000,839,680 | ---- | M] () -- C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe
MOD - [2009/10/19 17:57:04 | 000,270,336 | ---- | M] () -- C:\Windows\SysWOW64\wlanapp.dll
MOD - [2009/06/01 13:23:24 | 000,315,392 | ---- | M] () -- C:\Windows\SysWOW64\ANIOApi.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/01/27 11:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/01/27 11:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/01/14 10:40:50 | 000,230,408 | ---- | M] (Nitro PDF Software) [Auto | Stopped] -- C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe -- (NitroDriverReadSpool8)
SRV:64bit: - [2012/12/16 11:25:38 | 000,123,664 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV:64bit: - [2012/09/15 08:03:10 | 000,142,488 | ---- | M] (BiniSoft.org) [Auto | Running] -- C:\Program Files\Windows Firewall Control\wfcs.exe -- (wfcs)
SRV:64bit: - [2012/07/11 18:54:58 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2009/07/14 01:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 01:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013/02/27 23:15:18 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/02/16 00:34:06 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/02/13 09:18:54 | 001,124,184 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2013/01/14 10:40:56 | 000,070,152 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2013/01/09 17:36:06 | 000,795,208 | ---- | M] (pdfforge GbR) [Auto | Stopped] -- C:\Program Files (x86)\PDF Architect\ConversionService.exe -- (PDF Architect Service)
SRV - [2013/01/09 17:34:26 | 001,324,104 | ---- | M] (pdfforge GbR) [Auto | Stopped] -- C:\Program Files (x86)\PDF Architect\HelperService.exe -- (PDF Architect Helper Service)
SRV - [2013/01/08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/12/18 14:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/11/26 14:09:22 | 001,225,312 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2012/11/26 14:09:20 | 000,659,040 | ---- | M] (Secunia) [Auto | Stopped] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2012/11/22 10:29:16 | 003,290,304 | ---- | M] (Skype Technologies S.A.) [Auto | Stopped] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/09/04 18:06:07 | 003,696,632 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2012/08/31 09:03:00 | 000,014,336 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\OpenDNS\DNSCrypt\OpenDNSCryptService.exe -- (DNSCrypt)
SRV - [2012/08/23 03:53:18 | 001,126,912 | ---- | M] (Acronis) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2012/08/18 20:23:46 | 007,017,896 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe -- (syncagentsrv)
SRV - [2012/07/09 00:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012/03/27 14:23:38 | 000,143,360 | ---- | M] (Pro Softnet Corporation) [Auto | Running] -- C:\ZoneAlarmBackup\ZABackup Service.exe -- (ZoneAlarmBackup Service)
SRV - [2012/03/08 11:25:18 | 000,203,600 | ---- | M] (X-Rite Inc.) [Auto | Running] -- C:\Program Files (x86)\X-Rite\Devices\Services\xrdd.exe -- (xrdd.exe)
SRV - [2012/01/24 16:21:22 | 000,021,880 | ---- | M] (Schneider Electric) [Auto | Running] -- C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe -- (APC Data Service)
SRV - [2012/01/24 16:11:56 | 000,705,912 | ---- | M] (Schneider Electric) [Auto | Running] -- C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe -- (APC UPS Service)
SRV - [2009/06/10 21:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/02/11 17:57:14 | 000,147,456 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\ANIWConnService.exe -- (ANIWConnService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/02/27 21:10:41 | 000,045,368 | ---- | M] (Zemana Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AntiLog64.sys -- (AntiLog32)
DRV:64bit: - [2013/01/20 15:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/12/16 11:25:34 | 000,202,632 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV:64bit: - [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/09/28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/09/06 09:52:36 | 000,073,040 | ---- | M] (Dataram, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RAMDiskVE.sys -- (RAMDiskVE)
DRV:64bit: - [2012/09/04 18:06:10 | 000,367,200 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\afcdp.sys -- (afcdp)
DRV:64bit: - [2012/09/04 18:06:03 | 001,340,040 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpman.sys -- (tdrpman)
DRV:64bit: - [2012/09/04 18:06:00 | 001,093,256 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tib_mounter.sys -- (tib_mounter)
DRV:64bit: - [2012/09/04 18:05:54 | 000,228,488 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vididr.sys -- (vididr)
DRV:64bit: - [2012/09/04 18:05:53 | 000,166,024 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vidsflt.sys -- (vidsflt)
DRV:64bit: - [2012/09/04 18:05:48 | 000,340,104 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
DRV:64bit: - [2012/09/04 18:05:45 | 000,155,272 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fltsrv.sys -- (fltsrv)
DRV:64bit: - [2012/08/23 14:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 14:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 06:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/12/15 00:46:42 | 000,222,904 | ---- | M] (QFX Software Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\keyscrambler.sys -- (KeyScrambler)
DRV:64bit: - [2011/07/22 16:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 21:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/03/11 06:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 06:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 04:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/09/01 08:30:58 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI)
DRV:64bit: - [2009/12/30 10:21:26 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt)
DRV:64bit: - [2009/08/05 20:59:48 | 000,987,648 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2009/07/14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 23:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/06/10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 20:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/06 17:10:10 | 000,015,872 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\anodlwfx.sys -- (anodlwf)
DRV - [2013/02/15 03:32:58 | 000,175,352 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Running] -- c:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportIaso64.sys -- (RapportIaso)
DRV - [2013/02/15 03:32:55 | 000,585,944 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_50414.sys -- (RapportCerberus_50414)
DRV - [2013/02/13 09:19:12 | 000,357,272 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys -- (RapportPG64)
DRV - [2013/02/13 09:19:12 | 000,228,760 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys -- (RapportEI64)
DRV - [2009/07/14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 38 1B 4A 1F 7E CC CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_171.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Sundars\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Sundars\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013/02/24 16:08:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/02/24 18:03:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/02/24 18:04:05 | 000,000,000 | ---D | M]

[2012/08/27 21:00:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sundars\AppData\Roaming\Mozilla\Extensions
[2013/02/24 18:03:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/12/07 21:34:10 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/02/16 00:34:54 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013/01/18 22:56:20 | 000,171,584 | ---- | M] (Tracker Software Products (Canada) Ltd.) -- C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
[2013/02/16 04:40:51 | 000,001,738 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
[2013/02/16 04:40:51 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013/02/16 04:40:51 | 000,001,148 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
[2013/02/16 04:40:52 | 000,001,379 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
[2013/02/16 04:40:52 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
[2013/02/16 04:40:52 | 000,001,334 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Sundars\AppData\Local\Google\Chrome\Application\25.0.1364.97\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Sundars\AppData\Local\Google\Chrome\Application\25.0.1364.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Sundars\AppData\Local\Google\Chrome\Application\25.0.1364.97\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: PDF-XChange Viewer (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U9 (Disabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility for IJ (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Disabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - Extension: Entanglement = C:\Users\Sundars\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: WOT = C:\Users\Sundars\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\1.4.9_0\
CHR - Extension: Abine TACO = C:\Users\Sundars\AppData\Local\Google\Chrome\User Data\Default\Extensions\cadbkmipeldjmjfcpcjibfjgflahmphk\1.50_0\
CHR - Extension: Adblock Plus = C:\Users\Sundars\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.3.4_0\
CHR - Extension: DoNotTrackMe = C:\Users\Sundars\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd\2.2.8.109_0\
CHR - Extension: LastPass = C:\Users\Sundars\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\2.0.20_0\
CHR - Extension: Poppit = C:\Users\Sundars\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: FlashControl = C:\Users\Sundars\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfidmkgnfgnkihnjeklbekckimkipmoe\3.0.16_0\
CHR - Extension: Google Mail Checker = C:\Users\Sundars\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\4.4.0_0\

O1 HOSTS File: ([2013/02/28 09:32:25 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files (x86)\KeyScrambler\x64\KeyScramblerIE.dll (QFX Software Corporation)
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O2 - BHO: (PDF Architect Helper) - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (PDF Architect Toolbar) - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll (pdfforge GbR)
O4:64bit: - HKLM..\Run: [Eraser] C:\Program Files\Eraser\Eraser.exe (The Eraser Project)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ANIWZCS2Service] C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Wireless Service)
O4 - HKLM..\Run: [AntiLogger] C:\Program Files (x86)\AntiLogger\AntiLogger.exe (Zemana Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Display] C:\Program Files (x86)\APC\PowerChute Personal Edition\DataCollectionLauncher.exe (Schneider Electric)
O4 - HKCU..\Run: [OpenDNS Updater] C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe ()
O4 - HKCU..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [ZoneAlarm Backup Startup] C:\ZoneAlarmBackup\ZABackupStartup.exe (Pro Softnet Corporation)
O4 - Startup: C:\Users\Sundars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Sundars\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Sundars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\VTHash - Shortcut.lnk = C:\Program Files (x86)\Boredom Software\VT Hash Check\VTHash.exe (Boredom Software)
O4 - Startup: C:\Users\Sundars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZoneAlarm Backup Tray.lnk = C:\ZoneAlarmBackup\ZABackupReg2ini.exe (Pro Softnet Corp.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9:64bit: - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files (x86)\KeyScrambler\x64\KeyScramblerIE.dll (QFX Software Corporation)
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.6.2.cab (DLM Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.67.222.222 208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{34D1FD84-4DBD-4397-A083-ECBEAD716994}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C6FE4E93-3C13-4C10-AE40-508A39FC0C1A}: DhcpNameServer = 208.67.222.222 208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C6FE4E93-3C13-4C10-AE40-508A39FC0C1A}: NameServer = 127.0.0.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Windows Firewall Control.lnk - C:\Program Files\Windows Firewall Control\wfc.exe - (BiniSoft.org)
MsConfig:64bit - StartUpFolder: C:^Users^Sundars^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ERUNT AutoBackup.lnk - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE - ()
MsConfig:64bit - StartUpReg: DrayTek Vigor N61 802.11n Wireless USB Adapter - hkey= - key= - C:\Program Files (x86)\DrayTek Vigor N61\WlanMon.exe ()
MsConfig:64bit - StartUpReg: Skype - hkey= - key= - C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig:64bit - State: "services" - Reg Error: Key error.
MsConfig:64bit - State: "startup" - Reg Error: Key error.
MsConfig:64bit - State: "bootini" - Reg Error: Key error.

SafeBootMin:64bit: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com)
SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: MsMpSvc - C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:64bit: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com)
SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: MsMpSvc - C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1} - .NET Framework
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1} - .NET Framework
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: msacm.bdmpeg - bdmpega64.acm ()
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L)
Drivers32:64bit: vidc.mjpg - bdmjpeg64.dll ()
Drivers32:64bit: vidc.mpeg - bdmpegv64.dll ()
Drivers32: msacm.bdmpeg - C:\Windows\SysWow64\bdmpega.acm ()
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L)
Drivers32: vidc.mjpg - C:\Windows\SysWow64\bdmjpeg.dll ()
Drivers32: vidc.mpeg - C:\Windows\SysWow64\bdmpegv.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2049/12/01 21:46:58 | 000,000,000 | ---D | C] -- C:\Users\Sundars\Documents\Shri Jyoti Star
[2013/02/28 09:36:22 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/02/28 09:35:01 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/02/28 09:35:01 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Local\temp
[2013/02/28 09:26:53 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/02/28 09:26:53 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/02/28 09:26:53 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/02/28 09:26:46 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/02/28 09:19:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WhoCrashed
[2013/02/28 09:19:32 | 000,000,000 | ---D | C] -- C:\Program Files\WhoCrashed
[2013/02/28 08:34:37 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/02/27 21:10:41 | 000,045,368 | ---- | C] (Zemana Ltd.) -- C:\Windows\SysNative\drivers\AntiLog64.sys
[2013/02/27 21:10:41 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Local\Zemana
[2013/02/27 21:10:40 | 000,000,000 | -H-D | C] -- C:\ProgramData\{A62AB9D5-FDCF-49B1-9F0A-F80A3E614529}
[2013/02/27 21:10:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AntiLogger
[2013/02/27 21:10:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AntiLogger
[2013/02/27 15:50:32 | 000,000,000 | ---D | C] -- C:\Users\Sundars\Desktop\GeeksFeb13
[2013/02/26 23:01:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AlpariUK
[2013/02/24 16:56:45 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Roaming\PDF Architect
[2013/02/24 16:08:36 | 000,000,000 | ---D | C] -- C:\Users\Sundars\Documents\PDF Architect Files
[2013/02/24 16:08:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Architect
[2013/02/24 16:08:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDF Architect
[2013/02/24 16:08:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
[2013/02/24 16:07:57 | 000,137,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSMAPI32.OCX
[2013/02/24 16:06:25 | 000,103,936 | ---- | C] (pdfforge GbR) -- C:\Windows\SysNative\pdfcmon.dll
[2013/02/24 16:06:24 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSMPIDE.DLL
[2013/02/24 16:06:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDFCreator
[2013/02/22 03:35:45 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013/02/22 03:35:30 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013/02/22 03:35:30 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013/02/22 03:35:30 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/02/22 03:34:29 | 000,310,688 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2013/02/22 03:34:18 | 000,188,832 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2013/02/22 03:34:18 | 000,188,320 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2013/02/22 03:34:18 | 000,108,448 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2013/02/22 03:34:08 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013/02/15 03:00:41 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/02/15 03:00:41 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/02/15 03:00:39 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/02/15 03:00:39 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/02/15 03:00:38 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/02/15 03:00:38 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/02/15 03:00:38 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/02/15 03:00:38 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/02/15 03:00:37 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/02/15 03:00:37 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/02/15 03:00:37 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/02/15 03:00:36 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/02/15 03:00:35 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/02/15 03:00:35 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/02/15 03:00:35 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/02/14 11:18:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AmiBroker x64
[2013/02/14 11:18:13 | 000,000,000 | ---D | C] -- C:\Program Files\AmiBroker
[2013/02/14 11:13:32 | 005,553,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/02/14 11:13:31 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013/02/14 11:13:30 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013/02/14 11:12:22 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013/02/14 11:12:21 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013/02/14 11:12:21 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013/02/14 11:12:21 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013/02/14 11:12:21 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013/02/14 11:12:20 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013/02/14 11:12:13 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2013/02/14 08:49:46 | 000,000,000 | ---D | C] -- C:\ProgramData\VS Revo Group
[2013/02/11 21:15:11 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Roaming\MAPILab Ltd
[2013/02/11 21:09:18 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MAPILab
[2013/02/11 21:09:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Outlook Security Manager
[2013/02/11 21:09:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MAPILab Ltd
[2013/02/11 21:09:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MAPILab Ltd
[2013/02/11 21:08:47 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[2013/02/11 20:30:54 | 000,000,000 | --SD | C] -- C:\Users\Sundars\Documents\My Data Sources
[2013/02/11 18:51:50 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Sundars\Desktop\TDSSKiller.exe
[2013/02/07 14:22:53 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Roaming\FEXTrader
[2013/02/07 14:19:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AlpariUK
[2013/02/04 16:46:06 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Roaming\Saxo Bank
[2013/02/04 16:46:04 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Local\Saxo Bank
[2013/01/31 20:20:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Saxo Bank
[2013/01/31 20:20:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Saxo Bank
[2012/12/01 18:52:03 | 013,923,704 | ---- | C] (Schneider Electric) -- C:\Users\Sundars\PCPE Setup.exe
[2012/12/01 18:52:03 | 001,079,808 | ---- | C] (Microsoft Corporation) -- C:\Users\Sundars\mfc80u.dll
[2012/12/01 18:52:03 | 000,626,688 | ---- | C] (Microsoft Corporation) -- C:\Users\Sundars\msvcr80.dll
[2012/12/01 18:52:03 | 000,021,880 | ---- | C] (Schneider Electric) -- C:\Users\Sundars\grm_res.dll
[2012/12/01 18:52:03 | 000,021,880 | ---- | C] (Schneider Electric) -- C:\Users\Sundars\fr_res.dll
[2012/12/01 18:52:03 | 000,021,368 | ---- | C] (Schneider Electric) -- C:\Users\Sundars\pt_res.dll
[2012/12/01 18:52:03 | 000,021,368 | ---- | C] (Schneider Electric) -- C:\Users\Sundars\it_res.dll
[2012/12/01 18:52:03 | 000,021,368 | ---- | C] (Schneider Electric) -- C:\Users\Sundars\es_res.dll
[2012/12/01 18:52:03 | 000,021,368 | ---- | C] (Schneider Electric) -- C:\Users\Sundars\en_res.dll
[2012/12/01 18:52:03 | 000,020,856 | ---- | C] (Schneider Electric) -- C:\Users\Sundars\ru_res.dll
[2012/12/01 18:52:03 | 000,020,344 | ---- | C] (Schneider Electric) -- C:\Users\Sundars\jp_res.dll
[2012/12/01 18:52:03 | 000,019,832 | ---- | C] (Schneider Electric) -- C:\Users\Sundars\zh_res.dll
[2012/11/19 15:14:34 | 000,498,352 | ---- | C] (Norgate Investor Services Pty Ltd) -- C:\Users\Sundars\AppData\Roaming\ngUninstaller.exe

========== Files - Modified Within 30 Days ==========

[2013/02/28 17:16:27 | 000,007,622 | ---- | M] () -- C:\Users\Sundars\AppData\Local\Resmon.ResmonCfg
[2013/02/28 17:15:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/02/28 16:53:13 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1436455705-2035571507-3517363761-1000UA.job
[2013/02/28 16:52:14 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/02/28 12:52:52 | 000,012,892 | ---- | M] () -- C:\Windows\Sandboxie.ini
[2013/02/28 10:23:04 | 000,013,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/02/28 10:23:04 | 000,013,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/02/28 10:16:01 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/02/28 10:15:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/02/28 10:15:09 | 1073,221,627 | -HS- | M] () -- C:\hiberfil.sys
[2013/02/28 09:32:25 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/02/28 09:19:33 | 000,000,836 | ---- | M] () -- C:\Users\Sundars\Desktop\WhoCrashed.lnk
[2013/02/28 06:43:26 | 000,785,302 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/02/28 06:43:26 | 000,668,644 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/02/28 06:43:26 | 000,126,260 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/02/28 02:53:00 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1436455705-2035571507-3517363761-1000Core.job
[2013/02/27 23:16:13 | 000,000,018 | ---- | M] () -- C:\UserName.ini
[2013/02/27 23:15:17 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/02/27 23:15:17 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/02/27 21:10:41 | 000,045,368 | ---- | M] (Zemana Ltd.) -- C:\Windows\SysNative\drivers\AntiLog64.sys
[2013/02/27 21:10:39 | 000,000,913 | ---- | M] () -- C:\Users\Public\Desktop\AntiLogger.lnk
[2013/02/27 15:49:45 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Sundars\Desktop\TDSSKiller.exe
[2013/02/27 11:55:39 | 000,209,403 | ---- | M] () -- C:\Users\Sundars\Desktop\Saxo.cs2
[2013/02/27 03:01:10 | 000,002,155 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/02/26 23:01:25 | 000,001,909 | ---- | M] () -- C:\Users\Public\Desktop\AlpariDirect.lnk
[2013/02/26 22:57:27 | 000,209,042 | ---- | M] () -- C:\Users\Sundars\Desktop\Saxo.bs2
[2013/02/26 22:20:46 | 000,202,176 | ---- | M] () -- C:\Users\Sundars\Desktop\Saxo_Simulation.cs2
[2013/02/26 22:20:46 | 000,202,176 | ---- | M] () -- C:\Users\Sundars\Desktop\Saxo_Live.cs2
[2013/02/25 14:10:29 | 011,680,494 | ---- | M] () -- C:\Users\Sundars\Desktop\Millard_Cycles-A Tribute to J. M. Hurst.pdf
[2013/02/25 09:49:58 | 006,004,403 | ---- | M] () -- C:\Users\Sundars\Desktop\Balan , Robert - Elliott Wave Principle Forex.pdf
[2013/02/25 09:45:35 | 000,566,110 | ---- | M] () -- C:\Users\Sundars\Desktop\Vedic Astrology and Rasi Characteristics.pdf
[2013/02/25 09:43:54 | 000,119,885 | ---- | M] () -- C:\Users\Sundars\Desktop\JYOTISH VEDIC ASTROLOGY Brihat Jatak.pdf
[2013/02/25 09:36:29 | 018,322,616 | ---- | M] () -- C:\Users\Sundars\Desktop\fundamentals of vedic astro. by Bepin Bihari.pdf
[2013/02/25 09:32:31 | 000,294,327 | ---- | M] () -- C:\Users\Sundars\Desktop\JYOTISH VEDIC ASTROLOGY Bhrigu Sutras.pdf
[2013/02/24 23:15:35 | 000,989,704 | ---- | M] () -- C:\Users\Sundars\Desktop\Narayana Dasa - S. Rath [Chi].pdf
[2013/02/24 18:04:21 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/02/24 16:37:27 | 000,001,121 | ---- | M] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2013/02/24 16:37:27 | 000,000,909 | ---- | M] () -- C:\Users\Sundars\Desktop\AmiBroker x64.lnk
[2013/02/24 16:08:47 | 000,000,997 | ---- | M] () -- C:\Users\Sundars\Desktop\PDF Architect.lnk
[2013/02/24 16:08:01 | 000,001,035 | ---- | M] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[2013/02/23 17:55:22 | 000,002,380 | ---- | M] () -- C:\Users\Sundars\Desktop\Google Chrome.lnk
[2013/02/22 03:35:24 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/02/22 03:35:22 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013/02/22 03:35:22 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013/02/22 03:35:22 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013/02/22 03:35:21 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2013/02/22 03:35:21 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013/02/22 03:34:12 | 000,108,448 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2013/02/22 03:34:11 | 000,310,688 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2013/02/22 03:34:11 | 000,188,832 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2013/02/22 03:34:10 | 001,085,344 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2013/02/22 03:34:10 | 000,963,488 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2013/02/22 03:34:10 | 000,188,320 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2013/02/15 03:26:42 | 000,424,808 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/02/08 17:49:13 | 000,001,062 | ---- | M] () -- C:\Users\Public\Desktop\PDF-Viewer.lnk
[2013/02/03 12:42:22 | 000,001,053 | ---- | M] () -- C:\Users\Sundars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013/02/03 12:42:01 | 000,001,025 | ---- | M] () -- C:\Users\Sundars\Desktop\Dropbox.lnk
[2013/01/31 20:20:31 | 000,002,068 | ---- | M] () -- C:\Users\Public\Desktop\SaxoTrader.lnk

========== Files Created - No Company Name ==========

[2013/02/28 15:24:07 | 000,007,622 | ---- | C] () -- C:\Users\Sundars\AppData\Local\Resmon.ResmonCfg
[2013/02/28 09:26:53 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/02/28 09:26:53 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/02/28 09:26:53 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/02/28 09:26:53 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/02/28 09:26:53 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/02/28 09:19:33 | 000,000,836 | ---- | C] () -- C:\Users\Sundars\Desktop\WhoCrashed.lnk
[2013/02/27 21:10:39 | 000,000,913 | ---- | C] () -- C:\Users\Public\Desktop\AntiLogger.lnk
[2013/02/26 22:53:48 | 000,202,176 | ---- | C] () -- C:\Users\Sundars\Desktop\Saxo_Live.cs2
[2013/02/26 22:20:53 | 000,202,176 | ---- | C] () -- C:\Users\Sundars\Desktop\Saxo_Simulation.cs2
[2013/02/25 14:09:57 | 011,680,494 | ---- | C] () -- C:\Users\Sundars\Desktop\Millard_Cycles-A Tribute to J. M. Hurst.pdf
[2013/02/25 09:49:41 | 006,004,403 | ---- | C] () -- C:\Users\Sundars\Desktop\Balan , Robert - Elliott Wave Principle Forex.pdf
[2013/02/25 09:45:30 | 000,566,110 | ---- | C] () -- C:\Users\Sundars\Desktop\Vedic Astrology and Rasi Characteristics.pdf
[2013/02/25 09:43:52 | 000,119,885 | ---- | C] () -- C:\Users\Sundars\Desktop\JYOTISH VEDIC ASTROLOGY Brihat Jatak.pdf
[2013/02/25 09:35:30 | 018,322,616 | ---- | C] () -- C:\Users\Sundars\Desktop\fundamentals of vedic astro. by Bepin Bihari.pdf
[2013/02/25 09:32:28 | 000,294,327 | ---- | C] () -- C:\Users\Sundars\Desktop\JYOTISH VEDIC ASTROLOGY Bhrigu Sutras.pdf
[2013/02/24 23:15:34 | 000,989,704 | ---- | C] () -- C:\Users\Sundars\Desktop\Narayana Dasa - S. Rath [Chi].pdf
[2013/02/24 16:08:47 | 000,000,997 | ---- | C] () -- C:\Users\Sundars\Desktop\PDF Architect.lnk
[2013/02/24 16:08:01 | 000,001,035 | ---- | C] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[2013/02/14 11:18:18 | 000,000,909 | ---- | C] () -- C:\Users\Sundars\Desktop\AmiBroker x64.lnk
[2013/02/14 11:14:30 | 000,001,121 | ---- | C] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2013/02/07 14:19:57 | 000,001,909 | ---- | C] () -- C:\Users\Public\Desktop\AlpariDirect.lnk
[2013/02/04 16:53:52 | 000,209,403 | ---- | C] () -- C:\Users\Sundars\Desktop\Saxo.cs2
[2013/02/04 16:53:52 | 000,209,042 | ---- | C] () -- C:\Users\Sundars\Desktop\Saxo.bs2
[2013/01/31 20:20:31 | 000,002,068 | ---- | C] () -- C:\Users\Public\Desktop\SaxoTrader.lnk
[2013/01/22 22:56:57 | 000,000,115 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2012/12/12 07:28:24 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\NtDirect.dll
[2012/12/10 21:48:05 | 000,000,208 | ---- | C] () -- C:\Windows\SJDemo.INI
[2012/12/01 18:52:05 | 013,338,112 | ---- | C] () -- C:\Users\Sundars\PCPE_3.0.1.msi
[2012/10/01 19:05:07 | 000,000,079 | ---- | C] () -- C:\Users\Sundars\AppData\Local\CrystalDiskMark30.ini
[2012/09/18 13:03:30 | 000,012,892 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2012/09/17 20:32:41 | 000,197,800 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2012/09/13 18:24:38 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\ANIWConnService.exe
[2012/09/13 18:24:28 | 000,270,336 | ---- | C] () -- C:\Windows\SysWow64\wlanapp.dll
[2012/09/13 18:24:28 | 000,217,088 | ---- | C] () -- C:\Windows\SysWow64\aIPH.dll
[2012/09/13 18:24:28 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\AQCKGen.dll
[2012/09/13 18:24:28 | 000,045,115 | ---- | C] () -- C:\Windows\SysWow64\ANICtl.dll
[2012/09/13 18:24:01 | 000,315,392 | ---- | C] () -- C:\Windows\SysWow64\ANIOApi.dll
[2012/09/13 18:24:00 | 000,733,184 | ---- | C] () -- C:\Windows\SysWow64\ANIOWPS.dll
[2012/09/13 18:24:00 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\ANIWPS.exe
[2012/08/31 06:25:37 | 000,005,544 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/08/29 21:45:01 | 000,026,128 | ---- | C] () -- C:\Windows\SysWow64\ZABackupXceedCryReg.exe
[2012/08/29 21:45:00 | 000,441,705 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll
[2012/08/29 21:45:00 | 000,055,808 | ---- | C] () -- C:\Windows\SysWow64\zlib1.dll
[2012/08/27 20:42:08 | 000,769,284 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/09/19 07:07:46 | 000,015,360 | ---- | C] () -- C:\Windows\SysWow64\bdmjpeg.dll
[2011/09/19 07:07:32 | 000,058,368 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll

========== ZeroAccess Check ==========

[2009/07/14 04:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 05:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 04:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/08/21 13:11:31 | 000,857,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/08/21 13:37:44 | 000,636,928 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/08/21 13:08:38 | 000,453,120 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Custom Scans ==========

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: SCSI
Media Type: Fixed hard disk media
Model: WDC WD5000AAKS-00A7B2
Partitions: 1
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE1 - Fixed hard disk media
Interface type: SCSI
Media Type: Fixed hard disk media
Model: Volume0
Partitions: 1
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE2 - Fixed hard disk media
Interface type:
Media Type: Fixed hard disk media
Model:
Partitions: 1
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE3 - Removable Media
Interface type: USB
Media Type: Removable Media
Model: PEAK III Flash Drive USB Device
Partitions: 1
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 466.00GB
Starting Offset: 32256
Hidden sectors: 0


DeviceID: Disk #1, Partition #0
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 1,397.00GB
Starting Offset: 32256
Hidden sectors: 0


DeviceID: Disk #2, Partition #0
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 4.00GB
Starting Offset: 65536
Hidden sectors: 0


DeviceID: Disk #3, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 2.00GB
Starting Offset: 32256
Hidden sectors: 0


< %SYSTEMDRIVE%\*.exe >

< %systemroot%\assembly\GAC_32\*.ini >

< %systemroot%\assembly\GAC_64\*.ini >

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*.exe >

< %APPDATA%\*. >
[2012/09/04 18:07:09 | 000,000,000 | ---D | M] -- C:\Users\Sundars\AppData\Roaming\Acronis
[2012/08/28 18:13:13 | 000,000,000 | ---D | M] -- C:\Users\Sundars\AppData\Roaming\Adobe
[2012/10/09 17:22:58 | 000,000,000 | ---D | M] -- C:\Users\Sundars\AppData\Roaming\Apple Computer
[2012/09/04 22:32:11 | 000,000,000 | ---D | M] -- C:\Users\Sundars\AppData\Roaming\BANDISOFT
[2012/10/25 20:02:47 | 000,000,000 | ---D | M] -- C:\Users\Sundars\AppData\Roaming\Boredom Software
[2013/02/26 11:14:17 | 000,000,000 | ---D | M] -- C:\Users\Sundars\AppData\Roaming\Canon
[2012/11/09 21:46:37 | 000,000,000 | ---D | M] -- C:\Users\Sundars\AppData\Roaming\Download Manager
[2013/01/16 18:10:44 | 000,000,000 | ---D | M] -- C:\Users\Sundars\AppData\Roaming\Downloaded Installations
[2012/10/06 23:36:00 | 000,000,000 | ---D | M] -- C:\Users\Sundars\AppData\Roaming\DriverCure
[2013/02/28 10:16:29 | 000,000,000 | ---D | M] -- C:\Users\Sundars\AppData\Roaming\Dropbox
[2013/02/07 14:22:53 | 000,000,000 | ---D | M] -- C:\Users\Sundars\AppData\Roaming\FEXTrader
[2013/01/16 18:14:01 | 000,000,000 | ---D | M] -- C:\Users\Sundars\AppData\Roaming\FileOpen
[2013/01/29 13:46:50 | 000,000,000 | ---D | M] -- C:\Users\Sundars\AppData\Roaming\FXTS2
[2012/08/27 19:54:31 | 000,000,000 | ---D | M] -- C:\Users\Sundars\AppData\Roaming\Identities
[2012/11/14 22:07:35 | 000,000,000 | ---D | M] -- C:\Users\Sundars\AppData\Roaming\ImgBurn
[2012/09/13 18:23:27 | 000,000,000 | ---D | M] -- C:\Users\Sundars\AppData\Roaming\InstallShield
[2012/08/30 17:42:05 | 000,000,000 | ---D | M] -- C:\Users\Sundars\AppData\Roaming\iVideoConverter
[2012/08/30 10:58:22 | 000,000,000 | ---D | M] -- C:\Users\Sundars\AppData\Roaming\Macromedia
[2012/08/27 21:01:34 | 000,000,000 | ---D | M] -- C:\Users\Sundars\AppData\Roaming\Malwarebytes
[2013/02/11 21:15:11 | 000,000,000 | ---D | M] -- C:\Users\Sundars\AppData\Roaming\MAPILab Ltd
[2009/07/14 07:45:14 | 000,000,000 | ---D | M] -- C:\Users\Sundars\AppData\Roaming\Media Center Programs
[2013/02/11 20:30:54 | 000,000,000 | --SD | M] -- C:\Users\Sundars\AppData\Roaming\Microsoft
[2012/08/27 21:00:51 | 000,000,000 | ---D | M] -- C:\Users\Sundars\AppData\Roaming\Mozilla
[2013/01/16 18:14:01 | 000,000,000 | ---D | M] -- C:\Users\Sundars\AppData\Roaming\Nitro
[2013/01/16 18:17:57 | 000,000,000 | ---D | M] -- C:\Users\Sundars\AppData\Roaming\Nitro PDF
[2012/09/26 07:59:39 | 000,000,000 | ---D | M] -- C:\Users\Sundars\AppData\Roaming\OpenDNS Updater
[2013/02/24 16:56:46 | 000,000,000 | ---D | M] -- C:\Users\Sundars\AppData\Roaming\PDF Architect
[2012/08/27 21:59:44 | 000,000,000 | ---D | M] -- C:\Users\Sundars\AppData\Roaming\QFX Software
[2013/02/04 16:46:06 | 000,000,000 | ---D | M] -- C:\Users\Sundars\AppData\Roaming\Saxo Bank
[2013/02/28 08:58:15 | 000,000,000 | ---D | M] -- C:\Users\Sundars\AppData\Roaming\Skype
[2012/10/06 23:36:00 | 000,000,000 | ---D | M] -- C:\Users\Sundars\AppData\Roaming\SpeedyPC Software
[2013/01/05 12:16:37 | 000,000,000 | ---D | M] -- C:\Users\Sundars\AppData\Roaming\SUPERAntiSpyware.com
[2012/11/26 21:01:44 | 000,000,000 | ---D | M] -- C:\Users\Sundars\AppData\Roaming\Trading Applications

< MD5 for: ATAPI.SYS >
[2009/07/14 01:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\ERDNT\cache64\atapi.sys
[2009/07/14 01:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/14 01:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/14 01:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/14 01:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

< MD5 for: CSRSS.EXE >
[2009/07/14 01:39:02 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=60C2862B4BF0FD9F582EF344C2B1EC72 -- C:\Windows\SysNative\csrss.exe
[2009/07/14 01:39:02 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=60C2862B4BF0FD9F582EF344C2B1EC72 -- C:\Windows\winsxs\amd64_microsoft-windows-csrss_31bf3856ad364e35_6.1.7600.16385_none_b4d8d57efdc6b4f3\csrss.exe

< MD5 for: EXPLORER.EXE >
[2011/02/26 06:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 05:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/14 01:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 05:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2011/02/26 05:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 06:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\ERDNT\cache86\explorer.exe
[2011/02/25 06:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 06:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 06:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 03:17:10 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/02/25 05:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 05:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/20 04:24:46 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/07/14 01:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2011/02/26 06:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe

< MD5 for: MSWSOCK.DLL >
[2009/07/14 01:15:51 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=11A41F17527ED75D6B758FDD7F4FD00D -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7600.16385_none_b829ad298e9f53ff\mswsock.dll
[2010/11/20 04:27:12 | 000,326,144 | ---- | M] (Microsoft Corporation) MD5=1D5185A4C7E6695431AE4B55C3D7D333 -- C:\Windows\ERDNT\cache64\mswsock.dll
[2010/11/20 04:27:12 | 000,326,144 | ---- | M] (Microsoft Corporation) MD5=1D5185A4C7E6695431AE4B55C3D7D333 -- C:\Windows\SysNative\mswsock.dll
[2010/11/20 04:27:12 | 000,326,144 | ---- | M] (Microsoft Corporation) MD5=1D5185A4C7E6695431AE4B55C3D7D333 -- C:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_16795c7543eb48cf\mswsock.dll
[2010/11/20 03:19:58 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=8999B8631C7FD9F7F9EC3CAFD953BA24 -- C:\Windows\ERDNT\cache86\mswsock.dll
[2010/11/20 03:19:58 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=8999B8631C7FD9F7F9EC3CAFD953BA24 -- C:\Windows\SysWOW64\mswsock.dll
[2010/11/20 03:19:58 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=8999B8631C7FD9F7F9EC3CAFD953BA24 -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_ba5ac0f18b8dd799\mswsock.dll
[2009/07/14 01:41:34 | 000,320,000 | ---- | M] (Microsoft Corporation) MD5=FC76FE3C1E1FDB761244D4F74EF560FD -- C:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7600.16385_none_144848ad46fcc535\mswsock.dll

< MD5 for: NAPINSP.DLL >
[2009/07/14 01:16:02 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0B7E85364CB878E2AD531DB7B601A9E5 -- C:\Windows\SysWOW64\NapiNSP.dll
[2009/07/14 01:16:02 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0B7E85364CB878E2AD531DB7B601A9E5 -- C:\Windows\winsxs\x86_microsoft-windows-n..ider-infrastructure_31bf3856ad364e35_6.1.7600.16385_none_abf396ebf0847c31\NapiNSP.dll
[2009/07/14 01:41:52 | 000,068,096 | ---- | M] (Microsoft Corporation) MD5=58A0CDABEA255616827B1C22C9994466 -- C:\Windows\SysNative\NapiNSP.dll
[2009/07/14 01:41:52 | 000,068,096 | ---- | M] (Microsoft Corporation) MD5=58A0CDABEA255616827B1C22C9994466 -- C:\Windows\winsxs\amd64_microsoft-windows-n..ider-infrastructure_31bf3856ad364e35_6.1.7600.16385_none_0812326fa8e1ed67\NapiNSP.dll

< MD5 for: NLAAPI.DLL >
[2009/07/14 01:16:03 | 000,051,712 | ---- | M] (Microsoft Corporation) MD5=045DB4EAB4FBD23210E85ECC3F464A2E -- C:\Windows\winsxs\wow64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7600.16385_none_cdcf91c058fc0e07\nlaapi.dll
[2012/01/13 07:12:03 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0BA65122FFA7E37564EE86422DBF7AE8 -- C:\Windows\SysWOW64\nlaapi.dll
[2012/01/13 07:12:03 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0BA65122FFA7E37564EE86422DBF7AE8 -- C:\Windows\winsxs\wow64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17964_none_cfca9d84561311f2\nlaapi.dll
[2010/11/20 03:20:32 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=104A1070E90F1C530328E69B49718841 -- C:\Windows\winsxs\wow64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17514_none_d000a58855ea91a1\nlaapi.dll
[2012/10/03 16:29:27 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=11B8C7970C10650827D060AA81BEE63F -- C:\Windows\winsxs\wow64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.22124_none_d07f52216f10753a\nlaapi.dll
[2010/11/20 04:27:24 | 000,070,656 | ---- | M] (Microsoft Corporation) MD5=2DF36F15B2BC1571A6A542A3C2107920 -- C:\Windows\winsxs\amd64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17514_none_c5abfb362189cfa6\nlaapi.dll
[2012/10/03 17:44:21 | 000,070,656 | ---- | M] (Microsoft Corporation) MD5=46BB91A169B9B31FF44EB04C48EC1D41 -- C:\Windows\SysNative\nlaapi.dll
[2012/10/03 17:44:21 | 000,070,656 | ---- | M] (Microsoft Corporation) MD5=46BB91A169B9B31FF44EB04C48EC1D41 -- C:\Windows\winsxs\amd64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17964_none_c575f33221b24ff7\nlaapi.dll
[2009/07/14 01:41:52 | 000,070,144 | ---- | M] (Microsoft Corporation) MD5=86E3822A34D454032D8E88C72AE8CF2D -- C:\Windows\winsxs\amd64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7600.16385_none_c37ae76e249b4c0c\nlaapi.dll
[2012/10/03 17:32:48 | 000,070,656 | ---- | M] (Microsoft Corporation) MD5=C98BCE54F31113D5E736C1097FD086DC -- C:\Windows\winsxs\amd64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.22124_none_c62aa7cf3aafb33f\nlaapi.dll

< MD5 for: PNRPNSP.DLL >
[2009/07/14 01:16:12 | 000,065,024 | ---- | M] (Microsoft Corporation) MD5=5CF640EDDB1E40A5AB1BB743BCDEC610 -- C:\Windows\SysWOW64\pnrpnsp.dll
[2009/07/14 01:16:12 | 000,065,024 | ---- | M] (Microsoft Corporation) MD5=5CF640EDDB1E40A5AB1BB743BCDEC610 -- C:\Windows\winsxs\wow64_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.1.7600.16385_none_d7c8b1ac70865dab\pnrpnsp.dll
[2009/07/14 01:41:53 | 000,086,016 | ---- | M] (Microsoft Corporation) MD5=613C8CE10A5FDE582BA5FA64C4D56AAA -- C:\Windows\SysNative\pnrpnsp.dll
[2009/07/14 01:41:53 | 000,086,016 | ---- | M] (Microsoft Corporation) MD5=613C8CE10A5FDE582BA5FA64C4D56AAA -- C:\Windows\winsxs\amd64_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.1.7600.16385_none_cd74075a3c259bb0\pnrpnsp.dll

< MD5 for: PRINTISOLATIONHOST.EXE >
[2009/07/14 01:39:27 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=22F020C76E339EB2B2187BA73A7E4173 -- C:\Windows\SysNative\PrintIsolationHost.exe
[2009/07/14 01:39:27 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=22F020C76E339EB2B2187BA73A7E4173 -- C:\Windows\winsxs\amd64_microsoft-windows-p..ng-server-isolation_31bf3856ad364e35_6.1.7600.16385_none_f8a40495785334a9\PrintIsolationHost.exe

< MD5 for: SERVICES.EXE >
[2009/07/14 01:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\ERDNT\cache64\services.exe
[2009/07/14 01:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/14 01:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SVCHOST.EXE >
[2012/12/14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/14 01:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache86\svchost.exe
[2009/07/14 01:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/14 01:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/14 01:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\ERDNT\cache64\svchost.exe
[2009/07/14 01:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/14 01:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USER32.DLL >
[2010/11/20 03:08:58 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\ERDNT\cache86\user32.dll
[2010/11/20 03:08:58 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010/11/20 03:08:58 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009/07/14 01:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009/07/14 01:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010/11/20 04:27:28 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\ERDNT\cache64\user32.dll
[2010/11/20 04:27:28 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010/11/20 04:27:28 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll

< MD5 for: USERINIT.EXE >
[2010/11/20 03:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache86\userinit.exe
[2010/11/20 03:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 03:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 01:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/14 01:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 04:25:26 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\ERDNT\cache64\userinit.exe
[2010/11/20 04:25:26 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 04:25:26 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 04:25:32 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\ERDNT\cache64\winlogon.exe
[2010/11/20 04:25:32 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 04:25:32 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/14 01:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012/12/14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

< MD5 for: WINRNR.DLL >
[2009/07/14 01:41:56 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=2E2072EB48238FCA8FBB7A9F5FABAC45 -- C:\Windows\SysNative\winrnr.dll
[2009/07/14 01:41:56 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=2E2072EB48238FCA8FBB7A9F5FABAC45 -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.1.7600.16385_none_b543449669c73e11\winrnr.dll
[2009/07/14 01:16:19 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=5DF5D8CFD9B9573FA3B2C89D9061A240 -- C:\Windows\SysWOW64\winrnr.dll
[2009/07/14 01:16:19 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=5DF5D8CFD9B9573FA3B2C89D9061A240 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.1.7600.16385_none_5924a912b169ccdb\winrnr.dll

< MD5 for: WSHELPER.DLL >
[2009/07/14 01:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\SysWOW64\wshelper.dll
[2009/07/14 01:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\winsxs\wow64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6ace9e67456cc40b\wshelper.dll
[2009/07/14 01:41:58 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=D314DA4B0B8DCD023D547FC568E34FB6 -- C:\Windows\SysNative\wshelper.dll
[2009/07/14 01:41:58 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=D314DA4B0B8DCD023D547FC568E34FB6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\wshelper.dll

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2013/02/16 04:41:19 | 000,865,704 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2013/02/16 04:41:19 | 000,865,704 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2013/02/16 04:41:19 | 000,865,704 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2013/02/16 00:33:51 | 000,917,400 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2013/02/16 00:33:51 | 000,917,400 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2013/02/16 00:33:51 | 000,917,400 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.77B7FGFCAQDBI3U7JPAC5XLMOE\InstallInfo\\ShowIconsCommand: "C:\Users\Sundars\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2013/02/21 05:23:46 | 001,274,320 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.77B7FGFCAQDBI3U7JPAC5XLMOE\InstallInfo\\HideIconsCommand: "C:\Users\Sundars\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2013/02/21 05:23:46 | 001,274,320 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.77B7FGFCAQDBI3U7JPAC5XLMOE\InstallInfo\\ReinstallCommand: "C:\Users\Sundars\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2013/02/21 05:23:46 | 001,274,320 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.77B7FGFCAQDBI3U7JPAC5XLMOE\shell\open\command\\: "C:\Users\Sundars\AppData\Local\Google\Chrome\Application\chrome.exe" [2013/02/21 05:23:46 | 001,274,320 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2012/11/27 16:53:15 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2012/11/27 16:53:15 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2012/11/27 16:53:15 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2013/01/08 22:42:06 | 000,757,280 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" [2013/01/08 22:42:06 | 000,757,280 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS [2013/02/16 04:41:19 | 000,865,704 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS [2013/02/16 04:41:19 | 000,865,704 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL [2013/02/16 04:41:19 | 000,865,704 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE [2013/02/16 00:33:51 | 000,917,400 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -PREFERENCES [2013/02/16 00:33:51 | 000,917,400 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -SAFE-MODE [2013/02/16 00:33:51 | 000,917,400 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.77B7FGFCAQDBI3U7JPAC5XLMOE\InstallInfo\\ShowIconsCommand: "C:\USERS\SUNDARS\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --SHOW-ICONS [2013/02/21 05:23:46 | 001,274,320 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.77B7FGFCAQDBI3U7JPAC5XLMOE\InstallInfo\\HideIconsCommand: "C:\USERS\SUNDARS\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --HIDE-ICONS [2013/02/21 05:23:46 | 001,274,320 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.77B7FGFCAQDBI3U7JPAC5XLMOE\InstallInfo\\ReinstallCommand: "C:\USERS\SUNDARS\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --MAKE-DEFAULT-BROWSER [2013/02/21 05:23:46 | 001,274,320 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.77B7FGFCAQDBI3U7JPAC5XLMOE\shell\open\command\\: "C:\USERS\SUNDARS\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" [2013/02/21 05:23:46 | 001,274,320 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2012/11/27 16:53:09 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2012/11/27 16:53:09 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2012/11/27 16:53:09 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2013/01/08 22:42:06 | 000,757,280 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" [2013/01/08 22:42:06 | 000,757,280 | ---- | M] (Microsoft Corporation)

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %ProgramFiles%\WINDOWS NT\*.* /s >
[2010/11/20 03:17:58 | 004,247,040 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\WINDOWS NT\Accessories\wordpad.exe
[2009/07/14 01:16:20 | 000,194,560 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\WINDOWS NT\Accessories\WordpadFilter.dll
[2009/07/14 02:06:02 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\WINDOWS NT\Accessories\en-US\wordpad.exe.mui
[2009/07/14 01:16:15 | 000,325,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextService.dll
[2009/06/10 21:43:18 | 000,016,212 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceAmharic.txt
[2009/06/10 21:43:18 | 001,272,822 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceArray.txt
[2009/06/10 21:43:18 | 000,980,102 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceDaYi.txt
[2009/06/10 21:43:19 | 001,665,878 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceSimplifiedQuanPin.txt
[2009/06/10 21:43:19 | 001,445,430 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceSimplifiedShuangPin.txt
[2009/06/10 21:43:19 | 001,810,352 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceSimplifiedZhengMa.txt
[2009/06/10 21:43:19 | 000,044,968 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceYi.txt
[2009/07/14 02:05:26 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\WINDOWS NT\TableTextService\en-US\TableTextService.dll.mui

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< End of report >

Extra


OTL Extras logfile created on: 28/02/2013 17:19:47 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Sundars\Desktop\GeeksFeb13
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

28.00 Gb Total Physical Memory | 20.31 Gb Available Physical Memory | 72.54% Memory free
56.00 Gb Paging File | 48.34 Gb Available in Paging File | 86.32% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.76 Gb Total Space | 372.80 Gb Free Space | 80.04% Space Free | Partition Type: NTFS
Drive D: | 1397.27 Gb Total Space | 1268.05 Gb Free Space | 90.75% Space Free | Partition Type: NTFS
Drive F: | 3.99 Gb Total Space | 3.28 Gb Free Space | 82.26% Space Free | Partition Type: NTFS
Drive G: | 1.88 Gb Total Space | 1.62 Gb Free Space | 86.24% Space Free | Partition Type: NTFS

Computer Name: SUNDARS-PC | User Name: Sundars | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm[@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation)
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\SysWow64\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML.77B7FGFCAQDBI3U7JPAC5XLMOE] -- C:\Users\Sundars\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
"PolicyVersion" = 522

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
"DisableNotifications" = 0
"AllowLocalPolicyMerge" = 1
"DefaultInboundAction" = 1
"DefaultOutboundAction" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging]
"LogDroppedPackets" = 1
"LogSuccessfulConnections" = 0
"LogFilePath" = D:\Firewall Logs\Corp Domain\CorpDomFirewall.log -- ()

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile]
"DisableNotifications" = 0
"AllowLocalPolicyMerge" = 1
"AllowLocalIPsecPolicyMerge" = 1
"DefaultInboundAction" = 1
"EnableFirewall" = 1
"DefaultOutboundAction" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile\Logging]
"LogFilePath" = D:\Firewall Logs\Private Domain\Private-firewall.log -- ()
"LogDroppedPackets" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile]
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0
"AllowLocalPolicyMerge" = 1
"AllowLocalIPsecPolicyMerge" = 1
"DefaultInboundAction" = 1
"EnableFirewall" = 1
"DefaultOutboundAction" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\Logging]
"LogFilePath" = D:\Firewall Logs\Pub Domain\pubfirewall.log -- ()
"LogDroppedPackets" = 1
"LogSuccessfulConnections" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
"PolicyVersion" = 522

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
"DisableNotifications" = 0
"AllowLocalPolicyMerge" = 1
"DefaultInboundAction" = 1
"DefaultOutboundAction" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging]
"LogDroppedPackets" = 1
"LogSuccessfulConnections" = 0
"LogFilePath" = D:\Firewall Logs\Corp Domain\CorpDomFirewall.log -- ()

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile]
"DisableNotifications" = 0
"AllowLocalPolicyMerge" = 1
"AllowLocalIPsecPolicyMerge" = 1
"DefaultInboundAction" = 1
"EnableFirewall" = 1
"DefaultOutboundAction" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile\Logging]
"LogFilePath" = D:\Firewall Logs\Private Domain\Private-firewall.log -- ()
"LogDroppedPackets" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile]
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0
"AllowLocalPolicyMerge" = 1
"AllowLocalIPsecPolicyMerge" = 1
"DefaultInboundAction" = 1
"EnableFirewall" = 1
"DefaultOutboundAction" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\Logging]
"LogFilePath" = D:\Firewall Logs\Pub Domain\pubfirewall.log -- ()
"LogDroppedPackets" = 1
"LogSuccessfulConnections" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DefaultOutboundAction" = 1
"DefaultInboundAction" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DefaultOutboundAction" = 1
"DefaultInboundAction" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DefaultOutboundAction" = 1
"DefaultInboundAction" = 1
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0080B179-9CEC-40A5-A462-0B82343768A9}" = rport=80 | protocol=6 | dir=out | app=c:\program files\internet explorer\iexplore.exe |
"{037817A2-0C36-4F80-BD21-4E9E93B11B83}" = lport=2869 | protocol=6 | dir=in | app=system |
"{0435F557-D1A4-402E-B1F7-3D9E7F648381}" = rport=60020 | protocol=6 | dir=out | app=c:\program files (x86)\dtn\iqfeed\iqconnect.exe |
"{0B304621-B5AE-4C95-9DE1-13FF76A6BBFC}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0BC3C76A-D498-4DC2-892B-EA6D8A22F9CC}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"{0ED09BE7-AE91-4C38-82B5-FC9EA8C190B7}" = rport=5357 | protocol=6 | dir=out | app=c:\windows\system32\svchost.exe |
"{1004C511-AFBE-458B-98D5-833B7DB26337}" = rport=80 | protocol=6 | dir=out | app=%programfiles% (x86)\common files\java\java update\jaucheck.exe |
"{12CF2A8A-9497-417A-9D2E-2F3506289CC2}" = rport=80 | protocol=6 | dir=out | app=%programfiles% (x86)\java\jre7\bin\java.exe |
"{1525DB6D-2600-44F1-A2A9-965CBE65F773}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{17CA3D79-A96C-4BBE-B23E-75A7FCDBC4FD}" = rport=80 | protocol=6 | dir=out | app=%programfiles% (x86)\java\jre7\bin\javaws.exe |
"{19149804-26F3-43C8-B148-CBDBAD23C459}" = rport=80 | protocol=6 | dir=out | app=%programfiles% (x86)\candleworks\fxts2\fxtspp.exe |
"{1C941435-EAAF-43D2-90E6-0ACF03B62B9F}" = rport=139 | protocol=6 | dir=out | app=system |
"{1EDA99A7-9AD4-4AF0-9303-435091387BCB}" = rport=80 | protocol=6 | dir=out | name=custom - sanboxie update |
"{27BFBB78-5FD9-477D-904A-1AB9E0882C54}" = rport=80 | protocol=6 | dir=out | app=%userprofile%\downloads\jre-7u7-windows-i586.exe |
"{2C11ED30-390F-402B-A3F8-A3D1815BBE6B}" = rport=80 | protocol=6 | dir=out | app=%programfiles%\microsoft security client\msseces.exe |
"{2E0D74DE-530B-4CB9-9F2C-7C2979EDDE73}" = rport=80 | protocol=6 | dir=out | app=%programfiles%\tracker software\live update\liveupdate.exe |
"{2FA6246B-3291-43C2-9104-335418D2B2C9}" = rport=443 | protocol=6 | dir=out | app=c:\program files (x86)\malwarebytes' anti-malware\mbamscheduler.exe |
"{37173833-9E91-4523-BB2C-9D0F35330214}" = rport=80 | protocol=6 | dir=out | svc=wuauserv | app=%systemroot%\syswow64\svchost.exe |
"{38A745CD-9C0B-481F-A0F6-2B55D409C8DE}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\apple software update\softwareupdate.exe |
"{3C8CE795-74B8-446F-945B-9143E289DC40}" = lport=138 | protocol=17 | dir=in | app=system |
"{3E10042F-FF69-4A2F-885D-593CF23AB8CB}" = rport=21 | protocol=6 | dir=out | app=ftpcommand |
"{41852DE7-8F6D-4FEB-9118-570AF75F6ED5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{435B5C72-25C2-4F4C-BECB-128217EA84E2}" = rport=80 | protocol=6 | dir=out | app=%programfiles% (x86)\java\jre7\bin\javacpl.exe |
"{460D9863-B5A3-49C7-85EB-1B0A0DEAFF55}" = rport=990 | protocol=6 | dir=out | app=ftps |
"{48215E7D-0375-41A7-85B3-D2A416BA1280}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{487D674D-A0F6-43F4-BE83-7001E3313EF9}" = rport=80 | protocol=6 | dir=out | app=%userprofile%\downloads\chromeinstall-7u7.exe |
"{4951FC49-C199-4CE8-890B-81217AEDC5DE}" = rport=80 | protocol=6 | dir=out | svc=wuauserv | app=%systemroot%\system32\svchost.exe |
"{4F54FEDD-A0E7-47A7-AEE2-67576541E639}" = lport=139 | protocol=6 | dir=in | app=system |
"{4FA3CDD0-5078-45F5-83F0-5C0267DA3BFD}" = lport=445 | protocol=6 | dir=in | app=system |
"{51253AA4-83E7-4D1C-9453-CF0923CCA2D9}" = rport=80 | protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{52F0BEC5-E727-493E-9ED9-8F53C11E1BA8}" = rport=25 | protocol=6 | dir=out | app=%programfiles% (x86)\microsoft office\office12\outlook.exe |
"{55A77A94-5B62-498A-9426-C02BAF3F977B}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\google\update\googleupdate.exe |
"{55BD0BCC-0811-4876-A209-C948E128C403}" = rport=80 | protocol=6 | dir=out | app=%programfiles% (x86)\common files\java\java update\jusched.exe |
"{5AAF81B0-C53F-4746-ACBC-FD09B38AF601}" = rport=443 | protocol=6 | dir=out | app=c:\program files (x86)\trusteer\rapport\bin\rapportmgmtservice.exe |
"{5AC02C1F-54F8-4DE5-817E-4FC269EDA339}" = rport=80 | protocol=6 | dir=out | app=%programfiles% (x86)\itunes\itunes.exe |
"{5DE4A4D2-FA9F-4353-A708-D73DA3A652C4}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\trusteer\rapport\bin\rapportservice.exe |
"{5F3BD7B4-F12D-4F53-9333-8388EC1F3D79}" = rport=80 | protocol=6 | dir=out | app=%programfiles% (x86)\java\jre7\bin\javaw.exe |
"{691532FC-BDE4-4416-9D10-2D58CFF798D8}" = rport=0 | protocol=6 | dir=out | app=ftpdatapass |
"{6C1BA8E5-4A21-45F5-B319-EF1E5CAF2FAA}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{72D52E9A-3F98-49B6-B994-27D898CF3E7E}" = rport=445 | protocol=6 | dir=out | app=system |
"{7647472E-4DD4-4328-B47E-EFC512D8E11C}" = lport=5454 | protocol=6 | dir=in | name=x-rite device services manager |
"{7675492C-551C-4CEA-8D24-47BF6BB555D5}" = rport=123 | protocol=17 | dir=out | svc=w32time | app=%systemroot%\system32\svchost.exe |
"{76D7BFC5-DE32-4D2B-975E-BF311A970C2B}" = rport=123 | protocol=17 | dir=out | svc=w32time | app=%systemroot%\syswow64\svchost.exe |
"{770D90DC-A3EC-4E2A-9BD9-D1A9A381A196}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\malwarebytes' anti-malware\mbamscheduler.exe |
"{77642868-B51E-4862-AE57-8A1241E8ADBA}" = rport=53242 | protocol=17 | dir=out | app=c:\windows\system32\svchost.exe |
"{79727309-7478-4C34-A02A-4FCA4BBC2401}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7ACB291D-24AD-4E50-BB18-18419E47F26E}" = rport=80 | protocol=6 | dir=out | app=%userprofile%\downloads\flashplayer.exe |
"{7F4C80D8-4753-4040-86C6-DC5EF60A84FA}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\mozilla firefox\updater.exe |
"{8100B946-DF54-49CB-9A6C-1178D20ED7B4}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\vs revo group\revo uninstaller\revouninstaller.exe |
"{88ED0056-AB28-4434-9B29-D8B1BC7FB02F}" = lport=137 | protocol=17 | dir=in | app=system |
"{8B2101E0-12C1-4346-9CAA-A39F0E6EBB11}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{8D9FF397-5CD4-41D2-9720-83ED65EF6CD4}" = rport=0 | protocol=17 | dir=out | app=%systemroot%\system32\lsass.exe |
"{8DBDF54A-6044-4280-BD95-A75FE5503C6F}" = rport=80 | protocol=6 | dir=in | app=%programfiles% (x86)\dtn\iqfeed\iqconnect.exe |
"{93E8D073-5DCA-48FF-A7C6-AF87BDE40FCC}" = rport=53 | protocol=17 | dir=out | app=%programfiles% (x86)\opendns\dnscrypt\dnscrypt-proxy.exe |
"{94A3740E-1CBD-4890-92D0-544398794671}" = rport=0 | protocol=6 | dir=in | app=ftpdata |
"{9768C54D-E186-418F-A875-D6E358FA8DBA}" = lport=135 | protocol=6 | dir=in | name=custom network rule - block port 135 & 445 |
"{9931D52F-202A-4B3B-AA60-4DE087F1CBF6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{9DC477C0-F7D9-4366-A090-90FD2940964B}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\imgburn\imgburn.exe |
"{A1199EF9-80D2-4765-9926-6ECDF199968E}" = rport=80 | protocol=6 | dir=out | app=%programfiles% (x86)\alpariuk\alpariukdirect.exe |
"{A1CC236B-EDE1-4BC3-B998-29369803D698}" = rport=443 | protocol=6 | dir=out | app=c:\program files (x86)\trusteer\rapport\bin\rapportservice.exe |
"{A3E44110-D81C-4C40-97A6-AC370F8A58BC}" = rport=80 | protocol=6 | dir=out | app=%programfiles% (x86)\common files\java\java update\jucheck.exe |
"{ACDD36DC-9D27-47EB-90D0-F926A4EB5BE5}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AD288ADA-13A6-4AB7-9F11-667E8037441E}" = rport=53 | protocol=17 | dir=out | svc=dnscache | app=c:\windows\system32\svchost.exe |
"{AD64947C-D997-48B1-BE42-91B8A0D7DE10}" = rport=53 | protocol=17 | dir=out | app=c:\windows\system32\svchost.exe |
"{AEE2927D-0BE7-48AD-B84F-BB9420B413F7}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\google\update\googleupdate.exe |
"{BE35D014-7375-4CF8-96E7-FB48BD4FC589}" = rport=80 | protocol=6 | dir=out | svc=helpsvc | app=%systemroot%\system32\svchost.exe |
"{C1517DCF-0153-411F-B6F7-437EABA15734}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\trusteer\rapport\bin\rapportmgmtservice.exe |
"{C25FDC95-75C8-4B02-A680-A9683369255D}" = rport=1900 | protocol=17 | dir=in | name=custom network rule - block port 1900 |
"{C54F4BEA-6C5D-49A4-A404-106D40F36805}" = rport=137 | protocol=17 | dir=out | app=system |
"{C7AF0FCA-D9E0-46CC-9560-CC3F6374000F}" = rport=21 | protocol=6 | dir=out | app=c:\windows\system32\ftp.exe |
"{CB8C8985-DED2-4AD8-A6DB-9DACB7382757}" = rport=80 | protocol=6 | dir=out | app=c:\windows\explorer.exe |
"{CED1BDAB-355B-43E1-AE4C-B6F2BDACD7D7}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\internet explorer\iexplore.exe |
"{D1FD6188-2C72-4D8D-B00D-4F5DDF1B4C16}" = rport=10243 | protocol=6 | dir=out | app=system |
"{D2E3F49D-5D14-4A30-8692-3D62D9EB66C4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D3D68CB4-1CA5-4CD2-97B5-BD401CAECA3B}" = rport=53 | protocol=17 | dir=out | app=c:\users\sundars\desktop\dnsbench.exe |
"{D69D0BA4-25AA-45D5-B13B-D16F60E7BC56}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DCA478A1-17F1-4837-BCA8-076A2AF54BD5}" = lport=445 | protocol=6 | dir=in | app=system |
"{E5DA8FC4-8E91-479F-8B46-600566B7B709}" = rport=80 | protocol=6 | dir=out | app=%programfiles% (x86)\neosmart technologies\easybcd\easybcd.exe |
"{E606D67D-B1AB-4EE1-A69C-9D2FE4938B7C}" = rport=19105 | protocol=6 | dir=out | app=c:\zonealarmbackup\zabackupclsclient.exe |
"{E7E35D46-CB1B-43FD-BA53-5AA1F210DD54}" = rport=138 | protocol=17 | dir=out | app=system |
"{EDA4A98E-8370-4539-AD6B-72404B071835}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EE6EC7EC-AC60-4DC6-A6CE-A862F8571CF9}" = rport=80 | protocol=6 | dir=out | app=%userprofile%\desktop\dnsbench.exe |
"{EED2690E-C22D-4DD0-9E27-D640DC27DD9F}" = lport=10243 | protocol=6 | dir=in | app=system |
"{EFB25419-6427-4026-863D-0D0ABAF13106}" = rport=5353 | protocol=17 | dir=out | app=c:\program files\bonjour\mdnsresponder.exe |
"{F1465CE8-C087-48DF-9FDC-B822BB36ABE3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{F8629104-F619-49D0-AE1C-6100248D1A28}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\dtn\iqfeed\iqconnect.exe |
"{FA99D32A-DFE9-4A49-8244-3AF34448FA84}" = rport=9300 | protocol=17 | dir=in | app=%programfiles% (x86)\dtn\iqfeed\iqconnect.exe |
"{FAD88354-8E90-48F0-9C06-93B86887956B}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\malwarebytes' anti-malware\mbam.exe |
"{FBA1FFFE-E890-4A05-A650-C5E74DF32FC9}" = rport=443 | protocol=6 | dir=out | app=c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02AE0858-A1D2-4E46-B57B-0B53F51CC875}" = protocol=6 | dir=out | app=system |
"{02F6CF83-B922-4DFA-A538-CE9690B4F467}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{07DE943A-FCCE-4632-8583-9233297F71B3}" = protocol=6 | dir=out | app=c:\program files (x86)\dtn\iqfeed\iqlinklauncher.exe |
"{081C384A-26DC-49A0-BE1C-512FA0F7B368}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0E22F87F-52A2-49DA-BFC4-F82A0BD47882}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1A44AE1D-755F-4204-A097-239793D3B011}" = protocol=6 | dir=out | app=system |
"{1C436F62-F9BB-48E5-9500-734DF5514EA4}" = protocol=41 | dir=out | app=system |
"{1F60ADFE-3A22-45A4-B306-BB7677B1D361}" = protocol=17 | dir=in | app=%programfiles% (x86)\skype\phone\skype.exe |
"{23283D50-1E32-41EB-92A8-8C37E25517B0}" = protocol=6 | dir=in | app=c:\users\sundars\appdata\roaming\dropbox\bin\dropbox.exe |
"{27BD713F-6845-4387-BBFF-E98D8C0B5B20}" = protocol=1 | dir=out | app=any |
"{2AD065AB-674C-4B08-B2A9-5E042F7FE9E3}" = protocol=58 | dir=out | [email protected],-28546 |
"{31AFFA1F-636C-450F-ADD6-E24735461E56}" = protocol=6 | dir=out | app=c:\program files (x86)\dtn\iqfeed\iqlinklauncher.exe |
"{36E58820-6D9D-457A-B352-AF3F0CB53A5E}" = protocol=1 | dir=out | app=any |
"{3ABF56B1-01A2-483B-9B66-AFA61B4AB951}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3BAC2DCA-4022-4E72-BA73-873017E23D51}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3E22B6B3-3727-4519-A3DE-BD48C9488392}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{46C26C40-03DB-4FEC-AC98-FB914BD94B8F}" = protocol=58 | dir=in | [email protected],-28545 |
"{4986A3E3-3510-421C-A080-B6D2C3FC360C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{52AFB3C1-C1A5-491D-A84A-21256767B8BC}" = dir=out | app=c:\windows\system32\svchost.exe |
"{58F648BB-3EA9-4859-8669-E4F47E6EA2E5}" = protocol=6 | dir=out | app=%programfiles% (x86)\skype\phone\skype.exe |
"{6005D19E-3CB0-4A6F-A579-E270439F9869}" = dir=out | app=%programfiles% (x86)\skype\phone\skype.exe |
"{65F4782F-EACD-41DB-9ED5-26393C29DE82}" = protocol=17 | dir=out | app=c:\windows\system32\svchost.exe |
"{72BCEA47-6BB6-4ADE-983B-228641C9302D}" = protocol=1 | dir=out | app=system |
"{734788E0-AFAF-487E-AED0-9298930A1088}" = protocol=17 | dir=out | app=%programfiles% (x86)\dtn\iqfeed\iqconnect.exe |
"{741143EC-C7A7-47A7-B42A-2EFF2ED9B126}" = protocol=1 | dir=out | [email protected],-28544 |
"{7ED03C91-09EB-4076-A2FF-5E7E98C1EFAA}" = dir=out | app=c:\windows\system32\svchost.exe |
"{7F0036D4-EC68-46E5-B69A-42C2C1344461}" = protocol=17 | dir=in | app=c:\users\sundars\appdata\roaming\dropbox\bin\dropbox.exe |
"{8B32DC7A-B6D2-4A37-BE2E-B4EEDA94468D}" = protocol=1 | dir=in | app=system |
"{8D31B319-72A4-41E0-8FBA-86E99DB4EA81}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9568630F-847B-42F1-8ACE-407919AAB359}" = protocol=1 | dir=in | [email protected],-28543 |
"{9C3E662D-983C-48E1-A95A-E3BCEC1256BF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9F5E6F7C-1BAE-48C0-906A-5B84CB0FF752}" = dir=out | app=c:\windows\system32\svchost.exe |
"{A0ADB1FB-9594-4BB7-8AFC-1F713A9E2518}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A1DD282B-58C7-45B4-BEE7-752EA6D3906C}" = dir=out | app=c:\program files\bonjour\mdnsresponder.exe |
"{A6D498CF-E09B-444E-92C0-96E7D1F913DB}" = protocol=6 | dir=out | app=c:\users\sundars\appdata\local\google\chrome\application\chrome.exe |
"{A8535852-4D23-44D2-9DEE-CD01379E81BB}" = protocol=6 | dir=out | app=%programfiles% (x86)\skype\phone\skype.exe |
"{B1823B2B-EDC0-4BC0-837F-A88EEE3007D8}" = dir=out | app=%programfiles% (x86)\skype\phone\skype.exe |
"{B1988050-9ED7-4E08-BCE1-373D183E3673}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B4BC57CD-0FD5-4741-A302-6BBB97016F68}" = dir=out | app=c:\windows\system32\svchost.exe |
"{B8109073-8311-4FAD-A67C-734030419875}" = protocol=6 | dir=in | app=system |
"{C1595049-4E1F-4439-97B2-1E19F1B33573}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{CB76087B-1BA0-4271-8CF5-6DD3F72E2E98}" = protocol=6 | dir=out | app=%programfiles% (x86)\dtn\iqfeed\iqconnect.exe |
"{CCC19B31-EF85-46CA-AF61-A8745EC86EC7}" = protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{D1D6BDA2-327D-4124-A999-7B5CBC25EFBF}" = dir=out | app=localhost |
"{D3BE2D32-9A18-45C7-B6B9-FED10B20B3F6}" = protocol=6 | dir=in | app=%programfiles% (x86)\skype\phone\skype.exe |
"{D61688A1-CA8B-4CF4-BEDF-A2560DA1F10D}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{D6405D40-BAFA-4502-B088-63AC198989EF}" = dir=out | app=c:\users\sundars\appdata\local\google\update\googleupdate.exe |
"{D85495EB-0B42-4E83-959F-0855C57BDBD3}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D8E461AB-C02C-4F03-98C4-CDA6AEB570BC}" = dir=out | app=c:\windows\system32\svchost.exe |
"{DB19B829-055B-4A4E-8806-EEEB69794CB4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DE8F6E81-1B58-4C50-BC81-E216FA32945E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DED7948D-BB40-406E-86D7-D218E54D7025}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E231AF57-69BB-40B9-8E60-7AEA8D2AFCBF}" = protocol=17 | dir=out | app=%programfiles% (x86)\dtn\iqfeed\iqconnect.exe |
"{E7BE0CEA-2882-4E7A-9D41-24999CE84D8A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F44AF056-E079-4E84-B7AD-6C93D96D4425}" = protocol=17 | dir=in | app=system |
"{F97CFC43-DDBB-4A9D-B160-1838A78D4AF9}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"TCP Query User{233BB6F8-395C-4ABB-B0F1-CFBDFB632F0E}C:\program files (x86)\ninjatrader 7\bin64\ninjatrader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ninjatrader 7\bin64\ninjatrader.exe |
"UDP Query User{145BF891-3E97-4094-978C-8DA141CC18AD}C:\program files (x86)\ninjatrader 7\bin64\ninjatrader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ninjatrader 7\bin64\ninjatrader.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04F9B09E-CDB5-46fc-AC30-2E7E7C7A8A34}" = Canon MP800
"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
"{1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1}" = Microsoft .NET Framework 4.5
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417015FF}" = Java 7 Update 15 (64-bit)
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 3.0.1
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E5159B4-A519-41EF-80EF-AD58371515DF}" = Eraser 6.0.10.2620
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5
"{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer
"{AAE9AB32-071F-46AF-B0C3-F936E6345F4A}" = Nitro Pro 8
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D0CB24F4-084F-40DE-B6B9-A03626E682F0}" = iCloud
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client
"{F92F0AAB-2EF6-412C-8BF4-0B11EB535280}_is1" = PDF-XChange 2012 Pro
"AmiBroker64_is1" = AmiBroker 5.60.3 x64
"CCleaner" = CCleaner
"CrystalDiskMark_is1" = CrystalDiskMark 3.0.1c
"Microsoft Security Client" = Microsoft Security Essentials
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"Sandboxie" = Sandboxie 3.76 (64-bit)
"WhoCrashed_is1" = WhoCrashed 4.01
"Windows Firewall Control" = Windows Firewall Control

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{014534FF-1D46-4A77-9B48-29EFD145995B}" = AntiLogger
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{1E579B65-503B-4184-B481-5138124BEE1D}_is1" = VT Hash Check 1.2
"{26A24AE4-039D-4CA4-87B4-2F83217015FF}" = Java 7 Update 15
"{272E80B6-9579-421F-8B8E-6E8855FA1F91}" = Vigor N61 802.11n Wireless USB Adapter
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{3577E42B-3347-4EB8-BFDA-D36E8ED3C519}" = Windows 7 USB/DVD Download Tool
"{45EECCAE-403C-44CE-AE2F-6028617B63F8}" = X-Rite Device Services Manager
"{494367EC-82A9-4C0D-A788-74A967998E8C}" = FXCM Trading Station
"{49C14B93-58AD-4178-B52C-750D54CE618D}" = SaxoTrader
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C590030-7469-453E-8589-D15DA9D03F52}" = ANIWZCS2 Service
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{80A07844-CA64-4DE4-AB61-D37DDBE8074F}" = PDF Architect
"{8ED262EE-FC73-47A9-BB86-D92223246881}" = PowerChute Personal Edition 3.0.2
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_PROR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.6)
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B008D66F-B796-4C06-B707-932F0B225531}" = Mail Merge Toolkit
"{B3314ED3-506E-40BE-BBB0-104E719AE44B}" = AlpariUK
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BB2338E5-3156-49D3-B539-7E6EF5BC3ECF}" = NinjaTrader 7
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{DEF3592F-0751-4632-9875-8BF9AD602898}" = DNSCrypt
"{E04FD66D-ADDD-48A0-B766-4111945C09D4}" = RAMDisk
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{FBD7AFBB-8D94-4207-A013-CAF1BBA51AB3}" = Microsoft .NET Framework 3.5 SP1 Setup
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AntiLogger" = AntiLogger
"Bandicam" = Bandicam
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"CanonMyPrinter" = Canon My Printer
"EasyBCD" = EasyBCD 2.1.2
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"ERUNT_is1" = ERUNT 1.1j
"ESET Online Scanner" = ESET Online Scanner v3
"FXCM Trading Station" = FXCM Trading Station
"ImgBurn" = ImgBurn
"IQFeed Client" = IQFeed Client 4.9.0.3
"Jagannatha Hora_is1" = Jagannatha Hora 7.64
"KeyScrambler" = KeyScrambler
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"Mozilla Firefox 19.0 (x86 en-GB)" = Mozilla Firefox 19.0 (x86 en-GB)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator 2.0" = Canon MP Navigator 2.0
"OpenDNS Updater" = OpenDNS Updater 2.2.1
"PROR" = Microsoft Office Professional 2007
"Rapport_msi" = Rapport
"Revo Uninstaller" = Revo Uninstaller 1.94
"Secunia PSI" = Secunia PSI (3.0.0.6001)
"TaxCalc 2007" = TaxCalc 2007
"TaxCalc 2011" = TaxCalc 2011
"TaxCalc 2012" = TaxCalc 2012
"WinX Free AVI to FLV Converter_is1" = WinX Free AVI to FLV Converter 4.1.11
"ZoneAlarm Backup Powered by IDrive_is1" = ZoneAlarm Backup Powered by IDrive version 1.0.5 March 01, 2011

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"DataTools" = DataTools
"DataUpdater" = Premium Data
"Dropbox" = Dropbox
"fx2" = Premium Forex
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 28/02/2013 06:51:29 | Computer Name = Sundars-PC | Source = Application Hang | ID = 1002
Description = The program OTL.exe version 3.2.69.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: e7c Start Time:
01ce159d349a219c Termination Time: 0 Application Path: C:\Users\Sundars\Desktop\GeeksFeb13\OTL.exe

Report
Id: 8e7ec266-8194-11e2-8226-00215ac6f264

Error - 28/02/2013 06:53:07 | Computer Name = Sundars-PC | Source = Application Hang | ID = 1002
Description = The program OTL.exe version 3.2.69.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: 16f4 Start Time:
01ce15a1a44dee38 Termination Time: 0 Application Path: C:\Users\Sundars\Desktop\GeeksFeb13\OTL.exe

Report
Id:

Error - 28/02/2013 13:14:03 | Computer Name = Sundars-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\Sundars\Desktop\GeeksFeb13\esetsmartinstaller_enu
(1).exe".Error in manifest or policy file "" on line . A component version required
by the application conflicts with another component version already active. Conflicting
components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 28/02/2013 13:17:32 | Computer Name = Sundars-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "G:\GeeksFeb13\esetsmartinstaller_enu
(1).exe".Error in manifest or policy file "" on line . A component version required
by the application conflicts with another component version already active. Conflicting
components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

[ OSession Events ]
Error - 05/11/2012 06:11:45 | Computer Name = Sundars-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 17
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 28/02/2013 12:23:34 | Computer Name = Sundars-PC | Source = Service Control Manager | ID = 7034
Description = The NitroPDFDriverCreatorReadSpool8 service terminated unexpectedly.
It has done this 1 time(s).

Error - 28/02/2013 12:23:42 | Computer Name = Sundars-PC | Source = Service Control Manager | ID = 7034
Description = The Acronis Scheduler2 Service service terminated unexpectedly. It
has done this 1 time(s).

Error - 28/02/2013 12:24:10 | Computer Name = Sundars-PC | Source = Service Control Manager | ID = 7034
Description = The Skype C2C Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 28/02/2013 12:24:19 | Computer Name = Sundars-PC | Source = Service Control Manager | ID = 7034
Description = The PDF Architect Service service terminated unexpectedly. It has
done this 1 time(s).

Error - 28/02/2013 12:24:33 | Computer Name = Sundars-PC | Source = Service Control Manager | ID = 7034
Description = The PDF Architect Helper Service service terminated unexpectedly.
It has done this 1 time(s).


< End of report >
  • 0

#13
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,799 posts
  • MVP
ramdisk.sys is definitely missing from your PC. I don't think it's really critical but I will ask a friend with a 64 bit version of Win 7 (mine is just the 32 bit) to send it to me. You have a program called RamDisk which I assume is this: http://memory.datara...oftware/ramdisk
Perhaps it removed the Windows version so it would not conflict? Never used it so can't say.

Your Adobe Reader X (10.1.6) is out of date. You need to uninstall it then go to adobe.com and get the latest Reader which is XI something. Lots of exploits make use of flaws in Reader so it and Flash and Java need to be kept up-to-date. When you start to download wait a second to let it offer you the optional foistware then uncheck it. They offer worthless stuff like the Ask or Yahoo toolbars, McAfee Security Scan and sometimes even the not so worthless Chrome browser but it slows the download and install up something awful. Once you download and install it:
Disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program.


If adwcleaner didn't get it you can uninstall Skype Click to Call. This is that annoying thing that converts any 10 digit number in your browser into a telephone number.

I was worried about this line:

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C6FE4E93-3C13-4C10-AE40-508A39FC0C1A}: NameServer = 127.0.0.1

but with a little more research it must be from DNSCrypt so nothing bad.

Otherwise I don't see anything to worry about. The stuff that ESET found is mostly adware and does not seem to be related to your email attachment.

C:\$Recycle.Bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RFT65PW.exe a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Users\Sundars\Downloads\SetupImgBurn_2.5.7.0.exe a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
D:\DownloadSW\IDRIVE\G970X DRIVERS\SetupBatteryCare.zip Win32/OpenCandy application deleted - quarantined
D:\DownloadSW\Utility\FreeStudio.exe multiple threats cleaned by deleting - quarantined
F:\Windows TMP\is-81AGD.tmp\OCSetupHlp.dll Win32/OpenCandy application cleaned by deleting - quarantined


The first two are just the ask toolbar. Everything you download is trying to get you to install it. Even Avira anti-virus.
The 3rd and the last one are OpenCandy which is usually included with other downloads and offers a variety of optional adware including the ask toolbar.

The fourth one is FreeStudio which you it appears you downloaded intentionally is usually clean but sometimes a site will add stuff to it. I think this one:
http://www.fileclust...ree-Studio.html
is clean.

If you run aswMBR again you can change the Quickscan to C:\ then it will scan your whole drive and not just selected folders. Repeat for each drive. This will probably take a very long time.

Are you having any problems?
  • 0

#14
SSri09

SSri09

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 144 posts

ramdisk.sys is definitely missing from your PC.


Perhaps, the attachment is the reason?

Your Adobe Reader and Java


I will do the needful. I usually keep Java disabled in the browsers. I enable if I need it. Besides, Secunia PSI comes pretty handy.

Skype Click to Cal


I uninstalled it; it keeps coming back. If I can't get rid of it, I will try editing the prefs.js in firefox. Earlier, I got rid of conduit from the prefs.js directly.

Does not seem to be related to your email attachment.


I am surprised the email attachment did not load any malware, unless they are hidden ingeniously. Thanks for the run down on the toolbars; the free studio is a screen video capture software. I never got to use them. It is in lieu of camstudio, which now packs unnecessary bloatware.

I will run aswMBR and post the results. I will let it run overnight.

If you believe the system is fine, it is fine! :thumbsup:

Although the malware may not usually do not transmit to laptop by sync, could I post the OTL logs here after sorting out the workstation please? It would be great if you could kindly have a quick look at them. The laptop syncs the workstation, though not the OS.

Attached Files


  • 0

#15
SSri09

SSri09

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 144 posts
BTW, for the time being, I have decided not to install Adobe Reader. I have noted down your advice on Javascript on Adobe. I will install only if I need the Adobe Reader. I have PDF XChange, which I am happy about.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP