Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Visrus/Malware in Ext HDD and on Laptop start up - Help remove it plea

Started by Dave_83 , Jun 01 2013 01:59 AM

  • This topic is locked This topic is locked

#1
Dave_83
Posted 01 June 2013 - 01:59 AM

Dave_83

    Member

  • Member
  • PipPip
  • 75 posts
hi there,

I used a pen drive to remove virus from it, but, it seems it has affected my Laptop and a External 1TB Hard disk.

On Laptop startup i see these two files running > C454.js and 9016.js

And in my ext hard disk, i see folder with numbers on it and a "autorun.inf" file, which when deleted, recreates back.....all my folders in EXT hard disk are hidden and i cannot uncheck hidden from the properties of a folder.

Please someone help me with this issue.
  • 0

Advertisements

#2
Essexboy
Posted 01 June 2013 - 05:57 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there first we will cure the infected USB

Download McShield to your desktop and install
It will initially run a scan and show the result as a toaster by the system clock
Then in the control centre select scanner and tick unhide items on flash drives
Posted Image
Plug in the drive and McShield will start a scan

Then get the log which will be here :

Start > all programs > MCShield > logs > all scans

And post that

THEN

Download OTL to your Desktop
Secondary link
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

    Posted Image
  • Select All Users
  • Under the Custom Scan box paste this in

    netsvcs
    BASESERVICES
    %SYSTEMDRIVE%\*.exe
    /md5start
    services.*
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    dir C:\ /S /A:L /C
    CREATERESTOREPOINT
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

  • 0

#3
Dave_83
Posted 01 June 2013 - 06:09 AM

Dave_83

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts
Hi Essexboy,

I don't have the pen drive now, it's a friends pen drive.

But since my laptop and ext hdd has got affected by it, now i have to clear these out, could you help please, thanks :)
  • 0

#4
Essexboy
Posted 01 June 2013 - 06:11 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Yes run McShield with the external drive connected and then run OTL please
  • 0

#5
Dave_83
Posted 01 June 2013 - 06:42 AM

Dave_83

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts
Will post OTL scans in a while, Below is MC Shield scan details >

>>> MCShield AllScans.txt <<<



>>> MCShield ::Anti-Malware Tool:: v 2.6.3.21 / DB: 2013.5.30.1 / Windows 7 <<<


01-06-2013 18:07:45 > Drive C: - scan started (WINDOWS ~72 GB, NTFS HDD )...



=> The drive is clean.


01-06-2013 18:07:45 > Drive D: - scan started (Personal ~100 GB, NTFS HDD )...



=> The drive is clean.


01-06-2013 18:07:45 > Drive E: - scan started (Others ~100 GB, NTFS HDD )...



=> The drive is clean.


01-06-2013 18:07:45 > Drive F: - scan started (RECOVERY PARTITION ~15 GB, NTFS HDD )...


>>> F:\RECOVERY PARTITION (F).lnk - Suspicious > Renamed. (MD5: 3fdff38f0a7da37fbe4b2564984712e9)

> Resetting attributes: F:\VProRecovery < Successful.


=> Suspicious files : 1/1 renamed.
=> Hidden folders : 1/1 unhidden.

____________________________________________

::::: Scan duration: 1sec ::::::::::::::::::
____________________________________________

01-06-2013 18:07:46 > Drive I: - scan started (My Passport - Sharath ~931 GB, NTFS HDD )...

>>> I:\autorun.inf > Suspicious > Renamed.

>>> I:\$RECYCLE.BIN.lnk - Malware > Deleted. (13.06.01. 18.07 $RECYCLE.BIN.lnk.134060; MD5: f8b5ed9f27b50288bd16783a938361a0)

>>> I:\AUTORUN.lnk - Malware > Deleted. (13.06.01. 18.07 AUTORUN.lnk.51201; MD5: e73d1fb1f208d16d5a3db5dcd48bdd43)

>>> I:\DATABASES - from ugconcepts.lnk - Malware > Deleted. (13.06.01. 18.07 DATABASES - from ugconcepts.lnk.503042; MD5: b7468c3da17aee2912581e797f526cfa)

>>> I:\Elec_2012.lnk - Malware > Deleted. (13.06.01. 18.07 Elec_2012.lnk.367092; MD5: 55bad41204ce89b288c441fe0343e686)

>>> I:\EXT HD Software.lnk - Malware > Deleted. (13.06.01. 18.07 EXT HD Software.lnk.650306; MD5: cb1e5ce64d1e3a85138f0bd3d1a3d270)

>>> I:\Fonts.lnk - Malware > Deleted. (13.06.01. 18.07 Fonts.lnk.738348; MD5: 388eceffd4fe26cb949bc886b86ecd88)

>>> I:\Freelance backup.lnk - Malware > Deleted. (13.06.01. 18.07 Freelance backup.lnk.208643; MD5: e56f97c79f04234ec9f69e4abd1d462d)

>>> I:\JUSTEAT BKP.lnk - Malware > Deleted. (13.06.01. 18.07 JUSTEAT BKP.lnk.673123; MD5: 402fb9b3062ef911dc5fc609dcf77c5f)

>>> I:\Lappy Desktop Files.lnk - Malware > Deleted. (13.06.01. 18.07 Lappy Desktop Files.lnk.14105; MD5: 97fd803e6a06ed028a2b325b9e6466fe)

>>> I:\mahesh.lnk - Malware > Deleted. (13.06.01. 18.07 mahesh.lnk.741890; MD5: b67bb435353e8c1a06628665d016eb45)

>>> I:\Movies and TV Series.lnk - Malware > Deleted. (13.06.01. 18.07 Movies and TV Series.lnk.699482; MD5: 2447e5d78106d61ec483f67ddf015f45)

>>> I:\Museo.lnk - Malware > Deleted. (13.06.01. 18.07 Museo.lnk.702073; MD5: 22d768cfb5aaf2c2cf52e64e9353c788)

>>> I:\My Shared Folder.lnk - Malware > Deleted. (13.06.01. 18.07 My Shared Folder.lnk.428720; MD5: 767d4afc17d765737de7da1071a7a260)

>>> I:\new files from laptop.lnk - Malware > Deleted. (13.06.01. 18.07 new files from laptop.lnk.327406; MD5: 2ae74d3cce2cea2a5d171192bd33cc73)

>>> I:\NEW MUSC.lnk - Malware > Deleted. (13.06.01. 18.07 NEW MUSC.lnk.834611; MD5: 9b8a11653a82eb4d638298a3a96fbaf2)

>>> I:\OFFICE FILES BKP.lnk - Malware > Deleted. (13.06.01. 18.07 OFFICE FILES BKP.lnk.312997; MD5: 89d1855d1116bf60471cf0ea4f6e0a84)

>>> I:\PEN DRIVE FILES - DO NOT DELETE.lnk - Malware > Deleted. (13.06.01. 18.07 PEN DRIVE FILES - DO NOT DELETE.lnk.222047; MD5: 1b7e0c8975cdeae1bf6db19b9e8c304c)

>>> I:\Personal.lnk - Malware > Deleted. (13.06.01. 18.07 Personal.lnk.26055; MD5: a0c5ffdd332f43ad9f156e58bf85de9d)

>>> I:\PERSONAL FILES FROM DESKTOP.lnk - Malware > Deleted. (13.06.01. 18.07 PERSONAL FILES FROM DESKTOP.lnk.958239; MD5: 44cbf4b1a768a4b1949ab8457c09c5f9)

>>> I:\POSTER PRINT.lnk - Malware > Deleted. (13.06.01. 18.07 POSTER PRINT.lnk.302633; MD5: 962f7a31209fe8272a704ee683c0502a)

>>> I:\RECYCLER.lnk - Malware > Deleted. (13.06.01. 18.07 RECYCLER.lnk.738293; MD5: 6b642e7a2cee72ffd7666fc568b4d496)

>>> I:\Softwares.lnk - Malware > Deleted. (13.06.01. 18.07 Softwares.lnk.509940; MD5: a555531096562fe04713af063c0b497f)

>>> I:\STUDY.lnk - Malware > Deleted. (13.06.01. 18.07 STUDY.lnk.132682; MD5: 5675214859a33b3999bd085606ea39da)

>>> I:\System Volume Information.lnk - Malware > Deleted. (13.06.01. 18.07 System Volume Information.lnk.280767; MD5: 854eb920680856adfd3f8250ade335c3)

>>> I:\TORRENT DOWNLOADS.lnk - Malware > Deleted. (13.06.01. 18.07 TORRENT DOWNLOADS.lnk.836513; MD5: 3a56a7ed45942418ac4adacb99abb61c)

>>> I:\Toshiba laptop bkp.lnk - Malware > Deleted. (13.06.01. 18.07 Toshiba laptop bkp.lnk.247903; MD5: b6f9777f64b65f6330888275ada28b30)

>>> I:\Windows 7.lnk - Malware > Deleted. (13.06.01. 18.07 Windows 7.lnk.951417; MD5: 9725763dc192ffb8bb09b786cb7f5014)

> Resetting attributes: I:\AUTORUN < Successful.

> Resetting attributes: I:\DATABASES - from ugconcepts < Successful.

> Resetting attributes: I:\Elec_2012 < Successful.

> Resetting attributes: I:\EXT HD Software < Successful.

> Resetting attributes: I:\Fonts < Successful.

> Resetting attributes: I:\Freelance backup < Successful.

> Resetting attributes: I:\JUSTEAT BKP < Successful.

> Resetting attributes: I:\Lappy Desktop Files < Successful.

> Resetting attributes: I:\mahesh < Successful.

> Resetting attributes: I:\Movies and TV Series < Successful.

> Resetting attributes: I:\Museo < Successful.

> Resetting attributes: I:\My Shared Folder < Successful.

> Resetting attributes: I:\new files from laptop < Successful.

> Resetting attributes: I:\NEW MUSC < Successful.

> Resetting attributes: I:\OFFICE FILES BKP < Successful.

> Resetting attributes: I:\PEN DRIVE FILES - DO NOT DELETE < Successful.

> Resetting attributes: I:\Personal < Successful.

> Resetting attributes: I:\PERSONAL FILES FROM DESKTOP < Successful.

> Resetting attributes: I:\POSTER PRINT < Successful.

> Resetting attributes: I:\Softwares < Successful.

> Resetting attributes: I:\STUDY < Successful.

> Resetting attributes: I:\TORRENT DOWNLOADS < Successful.

> Resetting attributes: I:\Toshiba laptop bkp < Successful.

> Resetting attributes: I:\Windows 7 < Successful.


=> Malicious files : 27/27 deleted.
=> Suspicious files : 1/1 renamed.
=> Hidden folders : 24/24 unhidden.

____________________________________________

::::: Scan duration: 2sec ::::::::::::::::::
____________________________________________




>>> MCShield ::Anti-Malware Tool:: v 2.6.3.21 / DB: 2013.5.30.1 / Windows 7 <<<


01-06-2013 18:09:24 > Drive I: - scan started (My Passport - Sharath ~931 GB, NTFS HDD )...



=> The drive is clean.
  • 0

#6
Dave_83
Posted 01 June 2013 - 07:04 AM

Dave_83

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts
I could not find any Extras.txt on desktop

Below is the OTL.txt scan details >

OTL logfile created on: 01-06-2013 18:19:30 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\SHARATH\Desktop
64bit- Home Basic Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00004009 | Country: India | Language: ENN | Date Format: dd-MM-yyyy

7.98 Gb Total Physical Memory | 6.07 Gb Available Physical Memory | 76.07% Memory free
15.96 Gb Paging File | 13.72 Gb Available in Paging File | 85.92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 71.80 Gb Total Space | 10.17 Gb Free Space | 14.17% Space Free | Partition Type: NTFS
Drive D: | 100.01 Gb Total Space | 64.95 Gb Free Space | 64.95% Space Free | Partition Type: NTFS
Drive E: | 100.01 Gb Total Space | 85.22 Gb Free Space | 85.22% Space Free | Partition Type: NTFS
Drive F: | 14.98 Gb Total Space | 1.05 Gb Free Space | 7.01% Space Free | Partition Type: NTFS
Drive I: | 931.48 Gb Total Space | 247.77 Gb Free Space | 26.60% Space Free | Partition Type: NTFS

Computer Name: SHARATH-VAIO | User Name: SHARATH | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013-06-01 18:15:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\SHARATH\Desktop\OTL_2.exe
PRC - [2013-05-07 15:54:31 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013-05-03 22:10:00 | 000,216,968 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler.exe
PRC - [2013-04-05 01:06:12 | 000,607,744 | ---- | M] (MyCity) -- C:\Program Files (x86)\MCShield\MCShieldRTM.exe
PRC - [2013-03-30 22:04:02 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013-03-30 22:02:48 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2013-03-18 17:47:58 | 000,448,736 | ---- | M] (Sony) -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
PRC - [2013-02-04 17:13:54 | 000,070,832 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
PRC - [2012-07-28 02:21:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012-03-19 17:08:47 | 002,666,880 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2011-12-16 13:21:12 | 000,246,688 | R--- | M] (Western Digital) -- C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
PRC - [2011-12-16 13:21:10 | 001,687,968 | R--- | M] (Western Digital) -- C:\Program Files (x86)\Western Digital\WD Apps\WDDriveAutoUnlock.exe
PRC - [2011-04-30 05:50:18 | 000,146,592 | ---- | M] (Atheros) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
PRC - [2011-03-06 05:12:36 | 000,180,928 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2011-03-06 05:12:36 | 000,064,704 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
PRC - [2011-02-24 02:35:04 | 000,105,024 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
PRC - [2011-02-18 23:49:06 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011-02-16 00:17:02 | 002,757,312 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
PRC - [2011-02-15 01:53:50 | 000,044,736 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Care\VCService.exe
PRC - [2011-02-02 01:50:48 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011-02-02 01:50:46 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2011-01-29 18:06:18 | 000,081,016 | ---- | M] (Sony of America Corporation) -- C:\Program Files\Sony\VAIO Care\listener.exe
PRC - [2010-11-27 13:25:42 | 000,648,032 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
PRC - [2010-11-27 13:25:42 | 000,398,176 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2010-09-14 07:02:32 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010-09-14 07:02:30 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010-05-25 19:58:58 | 000,263,600 | ---- | M] (Tonec Inc.) -- C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
PRC - [2010-03-10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2009-12-22 14:47:04 | 000,225,280 | ---- | M] () -- C:\ProgramData\DatacardService\DCService.exe
PRC - [2009-12-22 14:43:06 | 000,241,664 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DatacardService\DCSHelper.exe
PRC - [2009-11-09 00:18:00 | 000,065,216 | ---- | M] (WordWeb Software) -- C:\Program Files (x86)\WordWeb\wweb32.exe
PRC - [2009-10-01 21:32:04 | 004,584,288 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe


========== Modules (No Company Name) ==========

MOD - [2013-02-04 17:13:54 | 000,070,832 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
MOD - [2012-11-07 16:25:36 | 000,204,288 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\MExplorer.dll
MOD - [2012-09-28 10:06:06 | 000,594,432 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\PhoneUpdate.dll
MOD - [2012-04-30 10:57:42 | 000,039,936 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\TMonitorAPI.dll
MOD - [2011-08-13 09:43:54 | 000,475,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\0acaaa18864b8ce389d6756876a269bc\IAStorUtil.ni.dll
MOD - [2011-08-13 09:43:54 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\e38d1efe292b58ac295f4db70c873016\IAStorCommon.ni.dll
MOD - [2011-07-13 21:06:55 | 000,347,920 | ---- | M] () -- C:\Program Files (x86)\WordWeb\wwextdb.dll
MOD - [2011-07-13 21:06:53 | 000,022,800 | ---- | M] () -- C:\Program Files (x86)\WordWeb\WUCNT.dll
MOD - [2011-07-07 14:54:36 | 000,233,984 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\Report.dll
MOD - [2010-11-21 09:19:13 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\5cae93d923c8378370758489e5535820\System.Runtime.Remoting.ni.dll
MOD - [2010-11-21 09:18:49 | 012,432,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd5168c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni.dll
MOD - [2010-11-21 09:18:42 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll
MOD - [2010-11-21 09:18:30 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf293040f3a93afa1ea782487acae816\WindowsBase.ni.dll
MOD - [2010-11-21 09:18:25 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\461d3b6b3f43e6fbe6c897d5936e17e4\System.Xml.ni.dll
MOD - [2010-11-21 09:18:22 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bc09ad2d49d8535371845cd7532f9271\System.Configuration.ni.dll
MOD - [2010-11-21 09:18:21 | 007,963,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll
MOD - [2010-11-21 09:18:14 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
MOD - [2010-01-11 15:44:54 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\VObject.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013-05-24 01:42:02 | 000,143,120 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2012-02-08 23:00:12 | 000,343,032 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe -- (NitroReaderDriverReadSpool2)
SRV:64bit: - [2011-12-15 11:40:08 | 001,977,224 | R--- | M] (Western Digital ) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WDFME.exe -- (WDFMEService)
SRV:64bit: - [2011-12-15 11:40:08 | 001,338,264 | R--- | M] (Western Digital ) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe -- (WDRulesService)
SRV:64bit: - [2011-12-15 11:40:06 | 000,319,384 | R--- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe -- (WDDMService)
SRV:64bit: - [2011-09-26 12:05:14 | 000,405,504 | ---- | M] () [Auto | Running] -- C:\Program Files\Reliance Netconnect+\bin\MonServiceUDisk.exe -- (UDisk Monitor)
SRV:64bit: - [2011-05-20 07:45:44 | 000,549,616 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV:64bit: - [2011-03-30 21:39:12 | 001,021,112 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\VAIO Update 5\VUAgent.exe -- (VUAgent)
SRV:64bit: - [2011-02-28 22:59:18 | 000,852,160 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Smart Network\VSNService.exe -- (VSNService)
SRV:64bit: - [2011-02-19 10:45:06 | 000,099,104 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper)
SRV:64bit: - [2011-02-19 10:32:08 | 000,385,336 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe -- (VcmINSMgr)
SRV:64bit: - [2011-02-15 01:53:50 | 000,044,736 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\VAIO Care\VCService.exe -- (VCService)
SRV:64bit: - [2011-01-29 18:06:18 | 000,259,192 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe -- (SampleCollector)
SRV:64bit: - [2011-01-21 00:57:18 | 000,286,936 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe -- (SpfService)
SRV:64bit: - [2010-09-23 06:40:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009-07-14 07:11:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013-05-17 15:45:39 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013-05-15 00:46:34 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013-03-30 22:04:02 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013-03-30 22:02:48 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013-02-28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013-02-04 17:43:22 | 000,155,824 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2012-07-28 02:21:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012-03-19 17:08:47 | 002,666,880 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2011-12-16 13:21:12 | 000,246,688 | R--- | M] (Western Digital) [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe -- (WDDriveService)
SRV - [2011-04-30 05:50:18 | 000,146,592 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent)
SRV - [2011-04-30 05:49:22 | 000,091,296 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2011-03-29 11:43:25 | 002,361,344 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2011-03-06 05:12:36 | 000,064,704 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2011-02-24 02:35:04 | 000,105,024 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
SRV - [2011-02-22 01:25:08 | 000,113,824 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp)
SRV - [2011-02-22 01:25:08 | 000,067,232 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs)
SRV - [2011-02-18 23:49:06 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011-02-02 01:50:48 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011-02-02 01:50:46 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2011-01-21 00:46:26 | 000,887,000 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2010-11-27 13:25:42 | 000,398,176 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2010-09-14 07:02:32 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010-03-19 02:46:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010-03-18 23:49:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010-03-10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2010-02-19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009-12-22 14:47:04 | 000,225,280 | ---- | M] () [Auto | Running] -- C:\ProgramData\DatacardService\DCService.exe -- (DCService.exe)
SRV - [2009-10-01 21:32:04 | 004,584,288 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe -- (Norton Ghost)
SRV - [2009-09-21 20:25:34 | 001,571,336 | ---- | M] (Symantec) [On_Demand | Stopped] -- C:\Program Files (x86)\Norton Ghost\Shared\Drivers\GenericMountHelper.exe -- (GenericMount Helper Service)
SRV - [2009-09-21 20:19:22 | 002,963,960 | ---- | M] (Symantec) [On_Demand | Running] -- C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe -- (SymSnapService)
SRV - [2009-06-11 02:53:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2005-01-27 18:16:58 | 000,856,064 | ---- | M] (Nero AG) [Auto | Stopped] -- C:\Program Files (x86)\Ahead\InCD\InCDsrv.exe -- (InCDsrv)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013-05-13 15:43:10 | 000,120,704 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2013-03-30 22:04:28 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2013-03-30 22:04:28 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2013-03-30 22:04:28 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011-12-16 21:23:01 | 000,035,112 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV:64bit: - [2011-07-22 21:56:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011-07-13 03:25:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011-06-09 21:20:58 | 000,153,248 | ---- | M] (Tonec Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\idmwfp.sys -- (IDMWFP)
DRV:64bit: - [2011-04-30 05:49:36 | 000,288,416 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2011-04-30 05:49:36 | 000,283,296 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2011-04-30 05:49:36 | 000,166,048 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2011-04-30 05:49:36 | 000,109,216 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_avdt.sys -- (btath_avdt)
DRV:64bit: - [2011-04-30 05:49:36 | 000,059,040 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2011-04-30 05:49:36 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2011-04-30 05:49:36 | 000,029,344 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2011-04-30 05:49:34 | 000,259,232 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2011-04-30 05:49:34 | 000,051,872 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AthDfu.sys -- (ATHDFU)
DRV:64bit: - [2011-03-29 14:44:07 | 000,173,160 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011-03-29 12:21:30 | 000,425,064 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011-03-29 11:45:05 | 000,335,464 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2011-03-29 09:27:20 | 001,581,184 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2011-03-11 12:11:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011-03-11 12:11:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011-02-22 20:57:05 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011-02-17 08:36:44 | 000,316,024 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2011-02-16 18:20:45 | 002,377,216 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010-11-21 08:54:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010-11-21 08:53:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010-11-21 08:53:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010-11-21 08:53:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010-11-04 10:15:54 | 000,120,704 | ---- | M] (ZTEMT Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT_ZTEMT_U_USBSER.sys -- (ztemtusbser)
DRV:64bit: - [2010-10-20 05:04:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010-04-27 01:50:29 | 000,012,032 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP)
DRV:64bit: - [2009-11-09 08:58:08 | 000,091,568 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2009-10-01 22:03:40 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV:64bit: - [2009-09-21 20:40:14 | 000,020,528 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vproeventmonitor.sys -- (VProEventMonitor)
DRV:64bit: - [2009-09-21 20:26:10 | 000,054,320 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GenericMount.sys -- (GenericMount)
DRV:64bit: - [2009-09-21 20:20:42 | 000,170,032 | ---- | M] (StorageCraft) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\symsnap.sys -- (symsnap)
DRV:64bit: - [2009-07-14 07:22:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009-07-14 07:18:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009-07-14 07:17:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009-07-14 07:15:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009-06-11 02:05:02 | 000,281,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\e1y60x64.sys -- (e1yexpress)
DRV:64bit: - [2009-06-11 02:04:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009-06-11 02:04:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009-06-11 02:04:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009-06-11 02:01:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009-05-27 03:02:04 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV:64bit: - [2009-02-13 12:02:52 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2008-06-27 07:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV - [2011-08-26 15:11:26 | 000,035,256 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlocker.sys -- (IObitUnlocker)
DRV - [2009-07-14 06:49:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005-01-27 22:37:28 | 000,027,776 | ---- | M] (Nero AG) [Kernel | System | Stopped] -- C:\Windows\SysWow64\drivers\InCDrm.sys -- (incdrm)
DRV - [2005-01-27 18:08:08 | 000,008,704 | ---- | M] (Nero AG) [Recognizer | System | Unknown] -- C:\Windows\SysWow64\drivers\InCDrec.sys -- (InCDrec)
DRV - [2005-01-27 18:08:02 | 000,099,200 | ---- | M] (Nero AG) [File_System | Disabled | Stopped] -- C:\Windows\SysWow64\drivers\InCDfs.sys -- (InCDfs)
DRV - [2005-01-27 18:07:34 | 000,028,928 | ---- | M] (Nero AG) [Kernel | System | Stopped] -- C:\Windows\SysWOW64\drivers\InCDpass.sys -- (InCDPass)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://websearch.just-browse.info/
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.jus...q={searchTerms}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



IE - HKU\S-1-5-21-636246028-3416297652-1127146674-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://in.yahoo.com/?fr=fp-yie9
IE - HKU\S-1-5-21-636246028-3416297652-1127146674-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-636246028-3416297652-1127146674-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.in/
IE - HKU\S-1-5-21-636246028-3416297652-1127146674-1000\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found
IE - HKU\S-1-5-21-636246028-3416297652-1127146674-1000\..\SearchScopes,DefaultScope = {5545F46F-FE6C-4DAE-B5FE-57C6EED890C9}
IE - HKU\S-1-5-21-636246028-3416297652-1127146674-1000\..\SearchScopes\{5545F46F-FE6C-4DAE-B5FE-57C6EED890C9}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\S-1-5-21-636246028-3416297652-1127146674-1000\..\SearchScopes\{5CBA97C5-0D9F-4ADB-8E76-BCCA34970FDF}: "URL" = http://in.search.yah...f-8&fr=chr-yie9
IE - HKU\S-1-5-21-636246028-3416297652-1127146674-1000\..\SearchScopes\{A4C2F101-4697-4122-905C-B2A37BDF7944}: "URL" = http://www.flickr.co...q={searchTerms}
IE - HKU\S-1-5-21-636246028-3416297652-1127146674-1000\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.jus...q={searchTerms}
IE - HKU\S-1-5-21-636246028-3416297652-1127146674-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7Bc45c406e-ab73-11d8-be73-000a95be3b12%7D:1.2.5
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - prefs.js..network.proxy.http: "192.168.1.3"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.type: 0
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: ""
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll ( )
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.732: C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.732: C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files (x86)\WordWeb\WCaptureMoz [2012-03-26 09:19:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013-05-17 15:45:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013-05-17 15:45:35 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}: C:\Program Files (x86)\DAP\DAPFireFox [2012-03-02 23:28:41 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\SHARATH\AppData\Roaming\IDM\idmmzcc5 [2012-04-22 21:18:37 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013-05-17 15:45:40 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013-05-17 15:45:35 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Users\SHARATH\AppData\Roaming\IDM\idmmzcc5 [2012-04-22 21:18:37 | 000,000,000 | ---D | M]

[2012-11-21 10:03:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SHARATH\AppData\Roaming\mozilla\Extensions
[2013-05-10 11:50:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SHARATH\AppData\Roaming\mozilla\Firefox\Profiles\msr6f9cm.default-1366977724619\extensions
[2013-05-10 11:50:24 | 001,360,435 | ---- | M] () (No name found) -- C:\Users\SHARATH\AppData\Roaming\mozilla\firefox\profiles\msr6f9cm.default-1366977724619\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi
[2013-05-17 15:45:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013-05-17 15:45:33 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013-05-17 15:45:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013-05-17 15:45:40 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011-12-09 22:53:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll

========== Chrome ==========

CHR - homepage: http://nemrod.se/
CHR - homepage: http://www.google.com/
CHR - Extension: No name found = C:\Users\SHARATH\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\SHARATH\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbameneiokkgbdmiekhjnmfkcnldhhm\0.4.3_0\
CHR - Extension: No name found = C:\Users\SHARATH\AppData\Local\Google\Chrome\User Data\Default\Extensions\fijplnegmhibgjjaaocckopploghjbid\2_0\
CHR - Extension: No name found = C:\Users\SHARATH\AppData\Local\Google\Chrome\User Data\Default\Extensions\igmcemboopcbchcbdefocgmngommpmop\2_0\
CHR - Extension: No name found = C:\Users\SHARATH\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.6.0.11664_0\
CHR - Extension: No name found = C:\Users\SHARATH\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhfjhcbjeaioljbdmiddkmnidgmnolbc\1.3.1.2_0\

O1 HOSTS File: ([2012-11-20 20:40:30 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKU\S-1-5-21-636246028-3416297652-1127146674-1000\..\Toolbar\WebBrowser: (no name) - {687578B9-7132-4A7A-80E4-30EE31099E03} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [WD Quick View] C:\Program Files\Western Digital\WD SmartWare\WDDMStatus.exe (Western Digital Technologies, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [InCD] C:\Program Files (x86)\Ahead\InCD\InCD.exe (Nero AG)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Windows\SysWOW64\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [WD Drive Unlocker] C:\Program Files (x86)\Western Digital\WD Apps\WDDriveAutoUnlock.exe (Western Digital)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-636246028-3416297652-1127146674-1000..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-636246028-3416297652-1127146674-1000..\Run: [GoogleChromeAutoLaunch_4EE56885669B5D07FDBCB4E8D205AE34] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKU\S-1-5-21-636246028-3416297652-1127146674-1000..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - HKU\S-1-5-21-636246028-3416297652-1127146674-1000..\Run: [MCShield Monitor] C:\Program Files (x86)\MCShield\MCShieldRTM.exe (MyCity)
O4 - HKU\S-1-5-21-636246028-3416297652-1127146674-1000..\Run: [Sony PC Companion] C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe (Sony)
O4 - HKU\S-1-5-21-636246028-3416297652-1127146674-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-636246028-3416297652-1127146674-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 4
O8:64bit: - Extra context menu item: &Clean Traces - C:\Program Files (x86)\DAP\Privacy Package\dapcleanerie.htm ()
O8:64bit: - Extra context menu item: &Download with &DAP - C:\Program Files (x86)\DAP\dapextie.htm ()
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Download &all with DAP - C:\Program Files (x86)\DAP\dapextie2.htm ()
O8:64bit: - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8:64bit: - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: &Clean Traces - C:\Program Files (x86)\DAP\Privacy Package\dapcleanerie.htm ()
O8 - Extra context menu item: &Download with &DAP - C:\Program Files (x86)\DAP\dapextie.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Download &all with DAP - C:\Program Files (x86)\DAP\dapextie2.htm ()
O8 - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files (x86)\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files (x86)\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-636246028-3416297652-1127146674-1000\..Trusted Domains: aces.gov.in ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-636246028-3416297652-1127146674-1000\..Trusted Domains: incometaxindiaefiling.gov.in ([]https in Trusted sites)
O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_09)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_09)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BE0C6D8B-956B-46E5-AF87-E4D3337C4E08}: DhcpNameServer = 10.0.0.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (c:\progra~2\mocaflix\sprote~1.dll) - c:\Program Files (x86)\MocaFlix\sprotector.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22:64bit: - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll (Stardock)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012-08-29 15:39:38 | 000,000,000 | ---D | M] - I:\AUTORUN -- [ NTFS ]
O32 - AutoRun File - [2013-06-01 11:24:36 | 000,003,417 | ---- | M] () - I:\autorun.inf.vir -- [ NTFS ]
O33 - MountPoints2\{841b2080-6607-11e1-a568-78843cee444f}\Shell - "" = AutoRun
O33 - MountPoints2\{841b2080-6607-11e1-a568-78843cee444f}\Shell\AutoRun\command - "" = "H:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{a915a10c-8653-11e1-9eb2-ccaf78d262a8}\Shell - "" = AutoRun
O33 - MountPoints2\{a915a10c-8653-11e1-9eb2-ccaf78d262a8}\Shell\AutoRun\command - "" = H:\Setup.exe /Auto
O33 - MountPoints2\{fd60bca1-bb96-11e2-9e49-ccaf78d262a8}\Shell - "" = AutoRun
O33 - MountPoints2\{fd60bca1-bb96-11e2-9e49-ccaf78d262a8}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013-06-01 18:15:51 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\SHARATH\Desktop\OTL_2.exe
[2013-06-01 18:07:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MCShield
[2013-06-01 18:07:11 | 000,000,000 | ---D | C] -- C:\ProgramData\MCShield
[2013-06-01 18:07:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MCShield
[2013-06-01 13:18:20 | 000,000,000 | ---D | C] -- C:\Users\SHARATH\AppData\Roaming\SUPERAntiSpyware.com
[2013-06-01 13:18:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2013-06-01 13:18:11 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2013-05-31 16:38:05 | 000,000,000 | -HSD | C] -- C:\87
[2013-05-31 16:38:05 | 000,000,000 | -HSD | C] -- C:\Users\SHARATH\AppData\Roaming\8600
[2013-05-28 21:07:55 | 000,000,000 | --SD | C] -- C:\Users\SHARATH\Google Drive
[2013-05-28 21:06:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
[2013-05-17 15:45:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013-05-14 23:20:33 | 004,811,793 | ---- | C] (FileZilla Project) -- C:\Users\SHARATH\Desktop\FileZilla_3.7.0.1_win32-setup.exe
[2013-05-13 15:43:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Mobile Partner
[2013-05-13 15:43:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MBlaze
[2013-05-13 15:43:43 | 000,000,000 | ---D | C] -- C:\ProgramData\MBlaze
[2013-05-13 15:43:32 | 001,001,472 | ---- | C] (DiBcom SA) -- C:\Windows\SysNative\drivers\mod7700.sys
[2013-05-13 15:43:32 | 000,249,856 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ewusbnet.sys
[2013-05-13 15:43:32 | 000,120,704 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ewusbmdm.sys
[2013-05-13 15:43:32 | 000,114,560 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ewusbdev.sys
[2013-05-13 15:43:32 | 000,032,768 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\Windows\SysNative\drivers\ewdcsc.sys
[2013-05-13 15:43:32 | 000,013,952 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_usbenumfilter.sys
[2013-05-13 15:43:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MBlaze
[2013-05-07 15:59:16 | 000,083,160 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys

========== Files - Modified Within 30 Days ==========

[2013-06-01 18:15:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\SHARATH\Desktop\OTL_2.exe
[2013-06-01 18:15:01 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013-06-01 18:03:07 | 000,230,991 | ---- | M] () -- C:\Users\SHARATH\Desktop\PVR Cinemas - Epic - 2nd June 2013.pdf
[2013-06-01 17:45:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013-06-01 17:43:26 | 002,616,742 | ---- | M] () -- C:\Users\SHARATH\Desktop\MCShield-Setup.exe
[2013-06-01 17:36:19 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013-06-01 17:36:19 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013-06-01 17:28:46 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013-06-01 17:28:42 | 000,000,410 | -H-- | M] () -- C:\Windows\tasks\OptimizerProUpdaterTask{29A41217-E6FE-4DE2-8FA4-A51B4D21BD46}.job
[2013-06-01 17:28:03 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2013-06-01 17:28:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013-06-01 13:43:25 | 000,027,701 | ---- | M] () -- C:\Users\SHARATH\Desktop\431896_470420063037051_1727245037_n.jpg
[2013-06-01 13:41:07 | 000,058,165 | ---- | M] () -- C:\Users\SHARATH\Desktop\217323_470396049706119_1753651473_n.jpg
[2013-06-01 13:36:06 | 000,028,934 | ---- | M] () -- C:\Users\SHARATH\Desktop\971258_10151473270211840_1393344760_n.jpg
[2013-06-01 13:35:05 | 000,037,299 | ---- | M] () -- C:\Users\SHARATH\Desktop\972018_470431169702607_654966369_n.jpg
[2013-06-01 13:34:25 | 000,017,915 | ---- | M] () -- C:\Users\SHARATH\Desktop\198337_470406523038405_30655581_n.png
[2013-06-01 13:18:14 | 000,001,815 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013-06-01 00:28:23 | 000,687,964 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013-06-01 00:28:23 | 000,132,780 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013-06-01 00:28:22 | 000,810,566 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013-05-31 23:18:40 | 000,028,776 | ---- | M] () -- C:\Users\SHARATH\Desktop\305651_677831902233636_1239750442_n.jpg
[2013-05-31 23:18:29 | 000,027,265 | ---- | M] () -- C:\Users\SHARATH\Desktop\7314_493080607429702_421051039_n.jpg
[2013-05-31 23:16:55 | 000,014,391 | ---- | M] () -- C:\Users\SHARATH\Desktop\9371_10152859011325114_401273643_n.jpg
[2013-05-31 23:16:14 | 000,033,146 | ---- | M] () -- C:\Users\SHARATH\Desktop\295940_10151591266099407_1300679421_n.jpg
[2013-05-31 23:15:31 | 000,096,650 | ---- | M] () -- C:\Users\SHARATH\Desktop\969630_502826473104133_399365092_n.jpg
[2013-05-31 15:35:05 | 000,034,582 | ---- | M] () -- C:\Users\SHARATH\Desktop\983886_502825176437596_467836688_n.png
[2013-05-31 13:07:04 | 000,054,000 | ---- | M] () -- C:\Users\SHARATH\Desktop\971186_492820160789080_203655130_n.jpg
[2013-05-31 13:06:36 | 000,028,396 | ---- | M] () -- C:\Users\SHARATH\Desktop\942062_492820564122373_1391753624_n.jpg
[2013-05-31 13:05:36 | 000,040,929 | ---- | M] () -- C:\Users\SHARATH\Desktop\400423_519330714787335_149753534_n.jpg
[2013-05-31 13:05:18 | 000,033,904 | ---- | M] () -- C:\Users\SHARATH\Desktop\427122_587078774657394_1788785518_n.jpg
[2013-05-31 13:01:38 | 000,036,823 | ---- | M] () -- C:\Users\SHARATH\Desktop\421372_502824806437633_1682872808_n.png
[2013-05-30 19:54:04 | 000,067,319 | ---- | M] () -- C:\Users\SHARATH\Desktop\Wood sculpture by Jeffro Ouitto.jpg
[2013-05-30 19:44:31 | 010,127,651 | ---- | M] () -- C:\Users\SHARATH\Desktop\photo.psd
[2013-05-30 19:44:24 | 001,699,461 | ---- | M] () -- C:\Users\SHARATH\Desktop\photo.png
[2013-05-30 19:44:15 | 000,000,132 | ---- | M] () -- C:\Users\SHARATH\AppData\Roaming\Adobe PNG Format CS6 Prefs
[2013-05-30 19:42:20 | 000,422,422 | ---- | M] () -- C:\Users\SHARATH\Desktop\photo.jpg
[2013-05-30 16:08:28 | 000,001,456 | ---- | M] () -- C:\Users\SHARATH\AppData\Local\Adobe Save for Web 13.0 Prefs
[2013-05-30 15:50:21 | 000,034,051 | ---- | M] () -- C:\Users\SHARATH\Desktop\969298_502458923140888_1811562924_n.png
[2013-05-30 14:57:14 | 000,017,199 | ---- | M] () -- C:\Users\SHARATH\Desktop\251111_677149565635203_1994445410_n.jpg
[2013-05-30 14:37:57 | 000,072,853 | ---- | M] () -- C:\Users\SHARATH\Desktop\971037_492545790816517_855633287_n.jpg
[2013-05-30 12:46:37 | 000,026,316 | ---- | M] () -- C:\Users\SHARATH\Desktop\294211_502458273140953_1563455176_n.png
[2013-05-30 11:02:15 | 011,815,816 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013-05-29 17:23:40 | 000,148,575 | ---- | M] () -- C:\Users\SHARATH\Desktop\bannersforthecampaign.zip
[2013-05-29 14:34:56 | 000,046,268 | ---- | M] () -- C:\Users\SHARATH\Desktop\Human Motorcycle Body paint by Trina Merry.jpg
[2013-05-29 13:20:19 | 000,070,610 | ---- | M] () -- C:\Users\SHARATH\Desktop\878_10151631053773415_1182720862_n.jpg
[2013-05-29 13:12:49 | 000,248,227 | ---- | M] () -- C:\Users\SHARATH\Desktop\TelephoneBill_556531_90113705.pdf
[2013-05-29 12:34:24 | 000,043,988 | ---- | M] () -- C:\Users\SHARATH\Desktop\one picture thounsand words.jpg
[2013-05-28 21:07:55 | 000,001,666 | ---- | M] () -- C:\Users\SHARATH\Desktop\Google Drive.lnk
[2013-05-28 18:46:36 | 000,026,882 | ---- | M] () -- C:\Users\SHARATH\Desktop\408179_474039739352116_1702297948_n.jpg
[2013-05-28 16:07:19 | 000,036,834 | ---- | M] () -- C:\Users\SHARATH\Desktop\581248_501648186555295_455069555_n.jpg
[2013-05-28 12:39:19 | 000,058,436 | ---- | M] () -- C:\Users\SHARATH\Desktop\Sharath Kumar.pdf
[2013-05-28 12:39:14 | 000,103,059 | ---- | M] () -- C:\Users\SHARATH\Desktop\Sharath Kumar_192_14.pdf
[2013-05-28 11:16:11 | 000,047,270 | ---- | M] () -- C:\Users\SHARATH\Desktop\941356_468704919875232_1957387394_n.jpg
[2013-05-28 11:15:43 | 000,070,696 | ---- | M] () -- C:\Users\SHARATH\Desktop\923291_501255166594597_1774141554_n.jpg
[2013-05-27 15:06:09 | 000,219,932 | ---- | M] () -- C:\Users\SHARATH\Desktop\5520XXXX0133XXXX_25-05-2013.PDF
[2013-05-27 13:34:25 | 000,056,202 | ---- | M] () -- C:\Users\SHARATH\Desktop\968990_517720421615031_2012133065_n.jpg
[2013-05-27 13:26:11 | 000,029,547 | ---- | M] () -- C:\Users\SHARATH\Desktop\954876_468298896582501_459624798_n.jpg
[2013-05-27 13:24:42 | 000,033,458 | ---- | M] () -- C:\Users\SHARATH\Desktop\941786_501082276611886_52422508_n.jpg
[2013-05-27 13:23:31 | 000,025,146 | ---- | M] () -- C:\Users\SHARATH\Desktop\264584_501253173261463_2113719258_n.png
[2013-05-27 13:21:52 | 000,023,712 | ---- | M] () -- C:\Users\SHARATH\Desktop\944154_468286679917056_182137900_n.jpg
[2013-05-27 13:21:37 | 000,023,589 | ---- | M] () -- C:\Users\SHARATH\Desktop\581747_501058489947598_392999426_n.jpg
[2013-05-26 03:25:23 | 000,000,360 | ---- | M] () -- C:\Windows\tasks\RegInOut Scheduled Scan - SHARATH.job
[2013-05-17 17:55:56 | 000,002,262 | ---- | M] () -- C:\Users\SHARATH\Desktop\Google Chrome.lnk
[2013-05-17 15:33:12 | 000,178,176 | ---- | M] () -- C:\Users\SHARATH\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013-05-15 00:46:34 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013-05-15 00:46:34 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013-05-14 23:21:23 | 004,811,793 | ---- | M] (FileZilla Project) -- C:\Users\SHARATH\Desktop\FileZilla_3.7.0.1_win32-setup.exe
[2013-05-13 15:43:45 | 000,000,986 | ---- | M] () -- C:\Users\Public\Desktop\MBlaze.lnk
[2013-05-13 15:43:11 | 001,001,472 | ---- | M] (DiBcom SA) -- C:\Windows\SysNative\drivers\mod7700.sys
[2013-05-13 15:43:10 | 000,249,856 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ewusbnet.sys
[2013-05-13 15:43:10 | 000,120,704 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ewusbmdm.sys
[2013-05-13 15:43:10 | 000,114,560 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ewusbdev.sys
[2013-05-13 15:43:10 | 000,032,768 | ---- | M] (Huawei Tech. Co., Ltd.) -- C:\Windows\SysNative\drivers\ewdcsc.sys
[2013-05-13 15:43:10 | 000,013,952 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_usbenumfilter.sys
[2013-05-09 15:38:22 | 000,001,574 | ---- | M] () -- C:\Users\SHARATH\Desktop\Grid Systems in Graphic Design Josef Muller-Brockmann.pdf.lnk
[2013-05-07 15:59:02 | 000,083,160 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys

========== Files Created - No Company Name ==========

[2013-06-01 18:03:06 | 000,230,991 | ---- | C] () -- C:\Users\SHARATH\Desktop\PVR Cinemas - Epic - 2nd June 2013.pdf
[2013-06-01 17:43:28 | 002,616,742 | ---- | C] () -- C:\Users\SHARATH\Desktop\MCShield-Setup.exe
[2013-06-01 13:43:25 | 000,027,701 | ---- | C] () -- C:\Users\SHARATH\Desktop\431896_470420063037051_1727245037_n.jpg
[2013-06-01 13:41:07 | 000,058,165 | ---- | C] () -- C:\Users\SHARATH\Desktop\217323_470396049706119_1753651473_n.jpg
[2013-06-01 13:36:05 | 000,028,934 | ---- | C] () -- C:\Users\SHARATH\Desktop\971258_10151473270211840_1393344760_n.jpg
[2013-06-01 13:35:05 | 000,037,299 | ---- | C] () -- C:\Users\SHARATH\Desktop\972018_470431169702607_654966369_n.jpg
[2013-06-01 13:34:25 | 000,017,915 | ---- | C] () -- C:\Users\SHARATH\Desktop\198337_470406523038405_30655581_n.png
[2013-06-01 13:18:14 | 000,001,815 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013-05-31 23:18:39 | 000,028,776 | ---- | C] () -- C:\Users\SHARATH\Desktop\305651_677831902233636_1239750442_n.jpg
[2013-05-31 23:18:28 | 000,027,265 | ---- | C] () -- C:\Users\SHARATH\Desktop\7314_493080607429702_421051039_n.jpg
[2013-05-31 23:16:54 | 000,014,391 | ---- | C] () -- C:\Users\SHARATH\Desktop\9371_10152859011325114_401273643_n.jpg
[2013-05-31 23:16:13 | 000,033,146 | ---- | C] () -- C:\Users\SHARATH\Desktop\295940_10151591266099407_1300679421_n.jpg
[2013-05-31 23:15:29 | 000,096,650 | ---- | C] () -- C:\Users\SHARATH\Desktop\969630_502826473104133_399365092_n.jpg
[2013-05-31 15:35:04 | 000,034,582 | ---- | C] () -- C:\Users\SHARATH\Desktop\983886_502825176437596_467836688_n.png
[2013-05-31 13:07:04 | 000,054,000 | ---- | C] () -- C:\Users\SHARATH\Desktop\971186_492820160789080_203655130_n.jpg
[2013-05-31 13:06:36 | 000,028,396 | ---- | C] () -- C:\Users\SHARATH\Desktop\942062_492820564122373_1391753624_n.jpg
[2013-05-31 13:05:36 | 000,040,929 | ---- | C] () -- C:\Users\SHARATH\Desktop\400423_519330714787335_149753534_n.jpg
[2013-05-31 13:05:17 | 000,033,904 | ---- | C] () -- C:\Users\SHARATH\Desktop\427122_587078774657394_1788785518_n.jpg
[2013-05-31 13:01:37 | 000,036,823 | ---- | C] () -- C:\Users\SHARATH\Desktop\421372_502824806437633_1682872808_n.png
[2013-05-30 19:54:04 | 000,067,319 | ---- | C] () -- C:\Users\SHARATH\Desktop\Wood sculpture by Jeffro Ouitto.jpg
[2013-05-30 19:44:29 | 010,127,651 | ---- | C] () -- C:\Users\SHARATH\Desktop\photo.psd
[2013-05-30 19:44:11 | 001,699,461 | ---- | C] () -- C:\Users\SHARATH\Desktop\photo.png
[2013-05-30 15:50:20 | 000,034,051 | ---- | C] () -- C:\Users\SHARATH\Desktop\969298_502458923140888_1811562924_n.png
[2013-05-30 14:57:14 | 000,017,199 | ---- | C] () -- C:\Users\SHARATH\Desktop\251111_677149565635203_1994445410_n.jpg
[2013-05-30 14:37:57 | 000,072,853 | ---- | C] () -- C:\Users\SHARATH\Desktop\971037_492545790816517_855633287_n.jpg
[2013-05-30 13:30:01 | 000,422,422 | ---- | C] () -- C:\Users\SHARATH\Desktop\photo.jpg
[2013-05-30 12:46:37 | 000,026,316 | ---- | C] () -- C:\Users\SHARATH\Desktop\294211_502458273140953_1563455176_n.png
[2013-05-29 17:23:22 | 000,148,575 | ---- | C] () -- C:\Users\SHARATH\Desktop\bannersforthecampaign.zip
[2013-05-29 14:34:55 | 000,046,268 | ---- | C] () -- C:\Users\SHARATH\Desktop\Human Motorcycle Body paint by Trina Merry.jpg
[2013-05-29 13:20:18 | 000,070,610 | ---- | C] () -- C:\Users\SHARATH\Desktop\878_10151631053773415_1182720862_n.jpg
[2013-05-29 13:12:49 | 000,248,227 | ---- | C] () -- C:\Users\SHARATH\Desktop\TelephoneBill_556531_90113705.pdf
[2013-05-29 12:34:22 | 000,043,988 | ---- | C] () -- C:\Users\SHARATH\Desktop\one picture thounsand words.jpg
[2013-05-28 21:07:55 | 000,001,666 | ---- | C] () -- C:\Users\SHARATH\Desktop\Google Drive.lnk
[2013-05-28 18:46:35 | 000,026,882 | ---- | C] () -- C:\Users\SHARATH\Desktop\408179_474039739352116_1702297948_n.jpg
[2013-05-28 16:07:19 | 000,036,834 | ---- | C] () -- C:\Users\SHARATH\Desktop\581248_501648186555295_455069555_n.jpg
[2013-05-28 12:39:19 | 000,058,436 | ---- | C] () -- C:\Users\SHARATH\Desktop\Sharath Kumar.pdf
[2013-05-28 12:39:14 | 000,103,059 | ---- | C] () -- C:\Users\SHARATH\Desktop\Sharath Kumar_192_14.pdf
[2013-05-28 11:16:11 | 000,047,270 | ---- | C] () -- C:\Users\SHARATH\Desktop\941356_468704919875232_1957387394_n.jpg
[2013-05-28 11:15:43 | 000,070,696 | ---- | C] () -- C:\Users\SHARATH\Desktop\923291_501255166594597_1774141554_n.jpg
[2013-05-27 15:06:03 | 000,219,932 | ---- | C] () -- C:\Users\SHARATH\Desktop\5520XXXX0133XXXX_25-05-2013.PDF
[2013-05-27 13:34:25 | 000,056,202 | ---- | C] () -- C:\Users\SHARATH\Desktop\968990_517720421615031_2012133065_n.jpg
[2013-05-27 13:26:11 | 000,029,547 | ---- | C] () -- C:\Users\SHARATH\Desktop\954876_468298896582501_459624798_n.jpg
[2013-05-27 13:24:42 | 000,033,458 | ---- | C] () -- C:\Users\SHARATH\Desktop\941786_501082276611886_52422508_n.jpg
[2013-05-27 13:23:31 | 000,025,146 | ---- | C] () -- C:\Users\SHARATH\Desktop\264584_501253173261463_2113719258_n.png
[2013-05-27 13:21:52 | 000,023,712 | ---- | C] () -- C:\Users\SHARATH\Desktop\944154_468286679917056_182137900_n.jpg
[2013-05-27 13:21:37 | 000,023,589 | ---- | C] () -- C:\Users\SHARATH\Desktop\581747_501058489947598_392999426_n.jpg
[2013-05-15 17:10:44 | 000,002,262 | ---- | C] () -- C:\Users\SHARATH\Desktop\Google Chrome.lnk
[2013-05-13 15:43:45 | 000,000,986 | ---- | C] () -- C:\Users\Public\Desktop\MBlaze.lnk
[2013-03-04 12:30:31 | 000,000,132 | ---- | C] () -- C:\Users\SHARATH\AppData\Roaming\Adobe PNG Format CS6 Prefs
[2012-12-26 13:34:01 | 000,001,456 | ---- | C] () -- C:\Users\SHARATH\AppData\Local\Adobe Save for Web 13.0 Prefs
[2012-10-27 23:40:45 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2012-09-26 15:13:35 | 000,000,027 | ---- | C] () -- C:\Windows\GraphicsDesk.INI
[2012-06-16 13:15:04 | 000,005,894 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp CD Writer.dat
[2012-06-16 13:14:44 | 000,011,030 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp DSP Effects.dat
[2012-06-16 13:14:40 | 001,726,328 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe
[2012-03-30 07:50:42 | 000,001,456 | ---- | C] () -- C:\Users\SHARATH\AppData\Local\Adobe Save for Web 12.0 Prefs
[2012-03-24 22:23:20 | 000,178,176 | ---- | C] () -- C:\Users\SHARATH\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012-03-02 23:15:47 | 000,034,308 | ---- | C] () -- C:\Windows\SysWow64\BASSMOD.dll
[2012-03-02 22:46:32 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012-03-02 22:46:32 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2012-03-02 22:46:31 | 000,790,528 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012-03-02 22:46:31 | 000,134,144 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012-03-02 22:46:31 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012-03-02 11:58:48 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2012-02-03 11:40:56 | 000,093,248 | ---- | C] () -- C:\Windows\SysWow64\TBRepair.dll

========== ZeroAccess Check ==========

[2009-07-14 10:25:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2010-11-21 08:53:55 | 014,174,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010-11-21 08:54:02 | 012,872,192 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 07:10:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-21 08:54:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 07:11:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Custom Scans ==========

< >

========== Base Services ==========
SRV:64bit: - [2009-07-14 07:10:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:64bit: - [2010-11-21 08:54:08 | 000,070,656 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:64bit: - [2009-07-14 07:08:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:64bit: - [2010-11-21 08:53:51 | 000,849,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:64bit: - [2010-11-21 08:54:00 | 000,705,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:64bit: - [2009-07-14 07:09:16 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
SRV:64bit: - [2009-07-14 07:10:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2009-07-14 06:45:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:64bit: - [2010-11-21 08:54:16 | 000,136,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:64bit: - [2010-11-21 08:54:16 | 000,177,152 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV - [2010-11-21 08:54:32 | 000,136,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
SRV:64bit: - [2010-11-21 08:54:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:64bit: - [2010-11-21 08:54:00 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2010-11-21 08:54:09 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2011-07-13 06:51:17 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:64bit: - [2009-07-14 07:10:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
SRV:64bit: - [2009-07-14 07:11:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2009-07-14 06:45:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:64bit: - [2009-07-14 07:11:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2010-11-21 08:53:48 | 000,501,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV:64bit: - [2009-07-14 07:11:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:64bit: - [2009-07-14 07:11:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:64bit: - [2009-07-14 07:11:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:64bit: - [2009-07-14 07:11:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
SRV - [2009-07-14 06:46:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
SRV:64bit: - [2010-11-21 08:53:54 | 000,303,616 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:64bit: - [2009-07-14 07:11:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:64bit: - [2010-11-21 08:54:00 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:64bit: - [2010-11-21 08:54:27 | 000,559,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
SRV:64bit: - [2009-07-14 07:09:16 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV:64bit: - [2009-07-14 07:11:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:64bit: - [2010-11-21 08:54:17 | 000,344,064 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:64bit: - [2010-11-21 08:54:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:64bit: - [2010-11-21 08:54:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:64bit: - [2009-07-14 07:09:16 | 000,031,232 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:64bit: - [2009-07-14 07:11:58 | 000,097,280 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:64bit: - [2010-11-21 08:53:48 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:64bit: - [2010-11-21 08:53:55 | 000,370,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2010-11-21 08:54:03 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:64bit: - [2010-11-21 08:54:16 | 001,110,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:64bit: - [2010-11-21 08:54:32 | 000,316,928 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2010-11-21 08:54:00 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:64bit: - [2009-07-14 07:11:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2010-11-21 08:54:01 | 000,209,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:64bit: - [2010-11-21 08:53:55 | 001,600,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:64bit: - [2010-11-21 08:54:32 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)
SRV:64bit: - [2010-11-21 08:54:32 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2010-11-21 08:55:06 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
SRV:64bit: - [2009-07-14 07:11:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010-11-21 08:53:55 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)
SRV:64bit: - [2010-11-21 08:54:28 | 000,828,416 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:64bit: - [2010-11-21 08:54:48 | 000,580,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:64bit: - [2010-11-21 08:54:15 | 000,128,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2010-11-21 08:54:28 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
SRV:64bit: - [2009-07-14 07:11:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:64bit: - [2010-11-21 08:54:25 | 002,420,736 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:64bit: - [2010-11-21 08:54:09 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:64bit: - [2009-07-14 07:11:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
SRV:64bit: - [2010-11-21 08:54:32 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)

< %SYSTEMDRIVE%\*.exe >
[2012-09-26 15:11:19 | 000,040,960 | ---- | M] () -- C:\HTGD0003.exe
[2012-09-26 15:11:19 | 000,036,864 | ---- | M] () -- C:\HTGD0005.exe
[2012-09-26 15:11:19 | 000,509,984 | ---- | M] (Microsoft Corporation) -- C:\HTGD0006.exe

< MD5 for: EXPLORER.EXE >
[2011-07-13 06:51:47 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011-07-13 06:51:47 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011-07-13 06:51:47 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011-07-13 06:51:47 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010-11-21 08:54:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011-07-13 06:51:47 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011-07-13 06:51:47 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010-11-21 08:54:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: SERVICES >
[2009-06-11 02:30:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\SysNative\drivers\etc\services
[2009-06-11 02:30:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services

< MD5 for: SERVICES.AIP >
[2012-03-29 20:35:50 | 000,297,104 | ---- | M] (Adobe Systems Incorporated) MD5=8311BFD3FD21EB8089259C491406A7B0 -- C:\Program Files\Adobe\Adobe Illustrator CS6 (64 Bit)\Plug-ins\Extensions\Services.aip

< MD5 for: SERVICES.AIP_0X3E69B3D98D1B184EA96CFBC18CE07CA5.2.MANIFEST >
[2011-06-19 16:45:44 | 000,000,640 | ---- | M] () MD5=22B10FA5245EAB826BCFD6E6F32B4B1F -- C:\Program Files\Adobe\Adobe Illustrator CS5 15.0.0 (Portable)\Virtual\SXS\Manifests\Services.aip_0x3e69b3d98d1b184ea96cfbc18ce07ca5.2.manifest
[2012-12-07 12:40:09 | 000,000,640 | ---- | M] () MD5=22B10FA5245EAB826BCFD6E6F32B4B1F -- C:\Users\SHARATH\AppData\Local\VirtualStore\Program Files\Adobe\Adobe Illustrator CS5 15.0.0 (Portable)\Virtual\SXS\Manifests\Services.aip_0x3e69b3d98d1b184ea96cfbc18ce07ca5.2.manifest

< MD5 for: SERVICES.CFG >
[2012-07-28 02:21:34 | 000,586,083 | ---- | M] () MD5=6DE4EA437EC1FE6DB27CADB0A7EA8DC2 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Services\Services.cfg
[2011-06-06 12:55:30 | 000,584,045 | R--- | M] () MD5=B82DD53FA8C260DDD7FDC42182DB816E -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\services.cfg

< MD5 for: SERVICES.EXE >
[2009-07-14 07:09:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009-07-14 07:09:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2010-11-21 12:36:16 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\SysNative\en-US\services.exe.mui
[2010-11-21 12:36:16 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui

< MD5 for: SERVICES.LNK >
[2009-07-14 10:24:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009-07-14 10:24:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2009-06-11 02:14:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2009-06-11 02:14:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof

< MD5 for: SERVICES.MSC >
[2010-11-21 12:36:14 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc
[2009-06-11 02:08:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2010-11-21 12:36:17 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2009-06-11 02:51:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2010-11-21 12:36:14 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009-06-11 02:08:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2010-11-21 12:36:17 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009-06-11 02:51:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

< MD5 for: SERVICES.PTXML >
[2009-07-14 01:46:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009-07-14 01:46:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml

< MD5 for: SVCHOST.EXE >
[2009-07-14 06:44:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009-07-14 06:44:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009-07-14 07:09:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009-07-14 07:09:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010-11-21 08:53:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010-11-21 08:53:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010-11-21 08:54:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010-11-21 08:54:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010-11-21 08:54:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010-11-21 08:54:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

< dir C:\ /S /A:L /C >
Volume in drive C is WINDOWS
Volume Serial Number is FEDF-A3AE
Directory of C:\
14-07-2009 10:38 <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\ProgramData
14-07-2009 10:38 <JUNCTION> Application Data [C:\ProgramData]
14-07-2009 10:38 <JUNCTION> Desktop [C:\Users\Public\Desktop]
14-07-2009 10:38 <JUNCTION> Documents [C:\Users\Public\Documents]
14-07-2009 10:38 <JUNCTION> Favorites [C:\Users\Public\Favorites]
14-07-2009 10:38 <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
14-07-2009 10:38 <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users
14-07-2009 10:38 <SYMLINKD> All Users [C:\ProgramData]
14-07-2009 10:38 <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\All Users
14-07-2009 10:38 <JUNCTION> Application Data [C:\ProgramData]
14-07-2009 10:38 <JUNCTION> Desktop [C:\Users\Public\Desktop]
14-07-2009 10:38 <JUNCTION> Documents [C:\Users\Public\Documents]
14-07-2009 10:38 <JUNCTION> Favorites [C:\Users\Public\Favorites]
14-07-2009 10:38 <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
14-07-2009 10:38 <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default
14-07-2009 10:38 <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
14-07-2009 10:38 <JUNCTION> Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
14-07-2009 10:38 <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
14-07-2009 10:38 <JUNCTION> My Documents [C:\Users\Default\Documents]
14-07-2009 10:38 <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
14-07-2009 10:38 <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
14-07-2009 10:38 <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
14-07-2009 10:38 <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
14-07-2009 10:38 <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
14-07-2009 10:38 <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
14-07-2009 10:38 <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
14-07-2009 10:38 <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
14-07-2009 10:38 <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
14-07-2009 10:38 <JUNCTION> My Music [C:\Users\Default\Music]
14-07-2009 10:38 <JUNCTION> My Pictures [C:\Users\Default\Pictures]
14-07-2009 10:38 <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
14-07-2009 10:38 <JUNCTION> My Music [C:\Users\Public\Music]
14-07-2009 10:38 <JUNCTION> My Pictures [C:\Users\Public\Pictures]
14-07-2009 10:38 <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Users\SHARATH
02-03-2012 11:50 <JUNCTION> Application Data [C:\Users\SHARATH\AppData\Roaming]
02-03-2012 11:50 <JUNCTION> Cookies [C:\Users\SHARATH\AppData\Roaming\Microsoft\Windows\Cookies]
02-03-2012 11:50 <JUNCTION> Local Settings [C:\Users\SHARATH\AppData\Local]
02-03-2012 11:50 <JUNCTION> My Documents [C:\Users\SHARATH\Documents]
02-03-2012 11:50 <JUNCTION> NetHood [C:\Users\SHARATH\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
02-03-2012 11:50 <JUNCTION> PrintHood [C:\Users\SHARATH\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
02-03-2012 11:50 <JUNCTION> Recent [C:\Users\SHARATH\AppData\Roaming\Microsoft\Windows\Recent]
02-03-2012 11:50 <JUNCTION> SendTo [C:\Users\SHARATH\AppData\Roaming\Microsoft\Windows\SendTo]
02-03-2012 11:50 <JUNCTION> Start Menu [C:\Users\SHARATH\AppData\Roaming\Microsoft\Windows\Start Menu]
02-03-2012 11:50 <JUNCTION> Templates [C:\Users\SHARATH\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\SHARATH\AppData\Local
02-03-2012 11:50 <JUNCTION> Application Data [C:\Users\SHARATH\AppData\Local]
02-03-2012 11:50 <JUNCTION> History [C:\Users\SHARATH\AppData\Local\Microsoft\Windows\History]
02-03-2012 11:50 <JUNCTION> Temporary Internet Files [C:\Users\SHARATH\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\SHARATH\Documents
02-03-2012 11:50 <JUNCTION> My Music [C:\Users\SHARATH\Music]
02-03-2012 11:50 <JUNCTION> My Pictures [C:\Users\SHARATH\Pictures]
02-03-2012 11:50 <JUNCTION> My Videos [C:\Users\SHARATH\Videos]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile
15-03-2012 00:10 <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Roaming]
15-03-2012 00:10 <JUNCTION> Cookies [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies]
15-03-2012 00:10 <JUNCTION> Local Settings [C:\Windows\system32\config\systemprofile\AppData\Local]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile\AppData\Local
15-03-2012 00:10 <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
15-03-2012 00:10 <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
15-03-2012 00:10 <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows\SysWOW64\config\systemprofile
15-03-2012 00:10 <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Roaming]
15-03-2012 00:10 <JUNCTION> Cookies [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies]
15-03-2012 00:10 <JUNCTION> Local Settings [C:\Windows\system32\config\systemprofile\AppData\Local]
0 File(s) 0 bytes
Directory of C:\Windows\SysWOW64\config\systemprofile\AppData\Local
15-03-2012 00:10 <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
15-03-2012 00:10 <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
15-03-2012 00:10 <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
62 Dir(s) 11,060,088,832 bytes free

========== Alternate Data Streams ==========

@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:373E1720
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:A9662AE0

< End of report >

  • 0

#7
Essexboy
Posted 01 June 2013 - 07:14 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you confirm that the external drive files are now visible. Also how is the computer behaving ?

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image
:OTL
FF - prefs.js..network.proxy.http: "192.168.1.3"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: ""
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: ""
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O3 - HKU\S-1-5-21-636246028-3416297652-1127146674-1000\..\Toolbar\WebBrowser: (no name) - {687578B9-7132-4A7A-80E4-30EE31099E03} - No CLSID value found.
O20 - AppInit_DLLs: (c:\progra~2\mocaflix\sprote~1.dll) - c:\Program Files (x86)\MocaFlix\sprotector.dll ()
[2013-06-01 17:28:42 | 000,000,410 | -H-- | M] () -- C:\Windows\tasks\OptimizerProUpdaterTask{29A41217-E6FE-4DE2-8FA4-A51B4D21BD46}.job
[2013-05-31 16:38:05 | 000,000,000 | -HSD | C] -- C:\87
[2013-05-31 16:38:05 | 000,000,000 | -HSD | C] -- C:\Users\SHARATH\AppData\Roaming\8600

:Files
c:\Program Files (x86)\MocaFlix

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download AdwCleaner from here to your desktop
Run AdwCleaner and select Delete

Posted Image

Once done it will ask to reboot, allow this
On reboot a log will be produced please attach that
  • 0

#8
Dave_83
Posted 01 June 2013 - 07:53 AM

Dave_83

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts
External drive is fine now, all the folders are now visible and accessible, thank you. I can see that autorun.inf is been renamed to autorun.inf.vir, hope the file will be deleted and it won't return back :)

Laptop seems to be fine, but i can see in the Startup, 9016.js and c454.js still there but disabled, wonder if these files has, got anything to do with the virus/malware infection??

Posting AdwCleaner log in a while.......Below is the OTL log >

OTL logfile created on: 01-06-2013 19:08:09 - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\SHARATH\Desktop
64bit- Home Basic Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00004009 | Country: India | Language: ENN | Date Format: dd-MM-yyyy

7.98 Gb Total Physical Memory | 6.11 Gb Available Physical Memory | 76.57% Memory free
15.96 Gb Paging File | 13.74 Gb Available in Paging File | 86.06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 71.80 Gb Total Space | 10.78 Gb Free Space | 15.01% Space Free | Partition Type: NTFS
Drive D: | 100.01 Gb Total Space | 64.95 Gb Free Space | 64.95% Space Free | Partition Type: NTFS
Drive E: | 100.01 Gb Total Space | 85.22 Gb Free Space | 85.22% Space Free | Partition Type: NTFS
Drive F: | 14.98 Gb Total Space | 1.05 Gb Free Space | 7.01% Space Free | Partition Type: NTFS
Drive I: | 931.48 Gb Total Space | 247.87 Gb Free Space | 26.61% Space Free | Partition Type: NTFS

Computer Name: SHARATH-VAIO | User Name: SHARATH | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013-06-01 18:15:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\SHARATH\Desktop\OTL_2.exe
PRC - [2013-05-17 15:45:40 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013-05-07 15:54:31 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013-05-03 22:10:00 | 000,216,968 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler.exe
PRC - [2013-04-05 01:06:12 | 000,607,744 | ---- | M] (MyCity) -- C:\Program Files (x86)\MCShield\MCShieldRTM.exe
PRC - [2013-03-30 22:04:02 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013-03-30 22:02:48 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2013-03-18 17:47:58 | 000,448,736 | ---- | M] (Sony) -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
PRC - [2013-02-04 17:13:54 | 000,070,832 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
PRC - [2012-07-28 02:21:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012-03-19 17:08:47 | 007,357,824 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
PRC - [2012-03-19 17:08:47 | 002,666,880 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012-03-19 16:59:38 | 000,106,368 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe
PRC - [2011-12-16 13:21:12 | 000,246,688 | R--- | M] (Western Digital) -- C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
PRC - [2011-12-16 13:21:10 | 001,687,968 | R--- | M] (Western Digital) -- C:\Program Files (x86)\Western Digital\WD Apps\WDDriveAutoUnlock.exe
PRC - [2011-06-23 18:31:28 | 003,380,632 | ---- | M] (Tonec Inc.) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe
PRC - [2011-04-30 05:50:18 | 000,146,592 | ---- | M] (Atheros) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
PRC - [2011-03-06 05:12:36 | 000,180,928 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2011-03-06 05:12:36 | 000,064,704 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
PRC - [2011-02-24 02:35:04 | 000,105,024 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
PRC - [2011-02-18 23:49:06 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011-02-16 00:17:02 | 002,757,312 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
PRC - [2011-02-02 01:50:48 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011-02-02 01:50:46 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2011-01-29 18:06:18 | 000,081,016 | ---- | M] (Sony of America Corporation) -- C:\Program Files\Sony\VAIO Care\listener.exe
PRC - [2010-11-27 13:25:42 | 000,648,032 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
PRC - [2010-11-27 13:25:42 | 000,398,176 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2010-09-14 07:02:32 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010-09-14 07:02:30 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010-05-25 19:58:58 | 000,263,600 | ---- | M] (Tonec Inc.) -- C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
PRC - [2010-03-10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2009-12-22 14:47:04 | 000,225,280 | ---- | M] () -- C:\ProgramData\DatacardService\DCService.exe
PRC - [2009-12-22 14:43:06 | 000,241,664 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DatacardService\DCSHelper.exe
PRC - [2009-10-01 21:32:04 | 004,584,288 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe


========== Modules (No Company Name) ==========

MOD - [2013-05-17 15:45:39 | 003,128,728 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013-02-04 17:13:54 | 000,070,832 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
MOD - [2012-11-07 16:25:36 | 000,204,288 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\MExplorer.dll
MOD - [2012-09-28 10:06:06 | 000,594,432 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\PhoneUpdate.dll
MOD - [2012-04-30 10:57:42 | 000,039,936 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\TMonitorAPI.dll
MOD - [2011-08-13 09:43:54 | 000,475,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\0acaaa18864b8ce389d6756876a269bc\IAStorUtil.ni.dll
MOD - [2011-08-13 09:43:54 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\e38d1efe292b58ac295f4db70c873016\IAStorCommon.ni.dll
MOD - [2011-07-07 14:54:36 | 000,233,984 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\Report.dll
MOD - [2011-02-18 23:48:48 | 000,235,112 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
MOD - [2010-11-21 09:19:13 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\5cae93d923c8378370758489e5535820\System.Runtime.Remoting.ni.dll
MOD - [2010-11-21 09:18:49 | 012,432,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd5168c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni.dll
MOD - [2010-11-21 09:18:42 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll
MOD - [2010-11-21 09:18:30 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf293040f3a93afa1ea782487acae816\WindowsBase.ni.dll
MOD - [2010-11-21 09:18:25 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\461d3b6b3f43e6fbe6c897d5936e17e4\System.Xml.ni.dll
MOD - [2010-11-21 09:18:22 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bc09ad2d49d8535371845cd7532f9271\System.Configuration.ni.dll
MOD - [2010-11-21 09:18:21 | 007,963,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll
MOD - [2010-11-21 09:18:14 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
MOD - [2010-01-11 15:44:54 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\VObject.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013-05-24 01:42:02 | 000,143,120 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2012-02-08 23:00:12 | 000,343,032 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe -- (NitroReaderDriverReadSpool2)
SRV:64bit: - [2011-12-15 11:40:08 | 001,977,224 | R--- | M] (Western Digital ) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WDFME.exe -- (WDFMEService)
SRV:64bit: - [2011-12-15 11:40:08 | 001,338,264 | R--- | M] (Western Digital ) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe -- (WDRulesService)
SRV:64bit: - [2011-12-15 11:40:06 | 000,319,384 | R--- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe -- (WDDMService)
SRV:64bit: - [2011-09-26 12:05:14 | 000,405,504 | ---- | M] () [Auto | Running] -- C:\Program Files\Reliance Netconnect+\bin\MonServiceUDisk.exe -- (UDisk Monitor)
SRV:64bit: - [2011-05-20 07:45:44 | 000,549,616 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV:64bit: - [2011-03-30 21:39:12 | 001,021,112 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Update 5\VUAgent.exe -- (VUAgent)
SRV:64bit: - [2011-02-28 22:59:18 | 000,852,160 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Smart Network\VSNService.exe -- (VSNService)
SRV:64bit: - [2011-02-19 10:45:06 | 000,099,104 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper)
SRV:64bit: - [2011-02-19 10:32:08 | 000,385,336 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe -- (VcmINSMgr)
SRV:64bit: - [2011-02-15 01:53:50 | 000,044,736 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Care\VCService.exe -- (VCService)
SRV:64bit: - [2011-01-29 18:06:18 | 000,259,192 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe -- (SampleCollector)
SRV:64bit: - [2011-01-21 00:57:18 | 000,286,936 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe -- (SpfService)
SRV:64bit: - [2010-09-23 06:40:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009-07-14 07:11:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013-05-17 15:45:39 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013-05-15 00:46:34 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013-03-30 22:04:02 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013-03-30 22:02:48 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013-02-28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013-02-04 17:43:22 | 000,155,824 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2012-07-28 02:21:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012-03-19 17:08:47 | 002,666,880 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2011-12-16 13:21:12 | 000,246,688 | R--- | M] (Western Digital) [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe -- (WDDriveService)
SRV - [2011-04-30 05:50:18 | 000,146,592 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent)
SRV - [2011-04-30 05:49:22 | 000,091,296 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2011-03-29 11:43:25 | 002,361,344 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2011-03-06 05:12:36 | 000,064,704 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2011-02-24 02:35:04 | 000,105,024 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
SRV - [2011-02-22 01:25:08 | 000,113,824 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp)
SRV - [2011-02-22 01:25:08 | 000,067,232 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs)
SRV - [2011-02-18 23:49:06 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011-02-02 01:50:48 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011-02-02 01:50:46 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2011-01-21 00:46:26 | 000,887,000 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2010-11-27 13:25:42 | 000,398,176 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2010-09-14 07:02:32 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010-03-19 02:46:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010-03-18 23:49:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010-03-10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2010-02-19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009-12-22 14:47:04 | 000,225,280 | ---- | M] () [Auto | Running] -- C:\ProgramData\DatacardService\DCService.exe -- (DCService.exe)
SRV - [2009-10-01 21:32:04 | 004,584,288 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe -- (Norton Ghost)
SRV - [2009-09-21 20:25:34 | 001,571,336 | ---- | M] (Symantec) [On_Demand | Stopped] -- C:\Program Files (x86)\Norton Ghost\Shared\Drivers\GenericMountHelper.exe -- (GenericMount Helper Service)
SRV - [2009-09-21 20:19:22 | 002,963,960 | ---- | M] (Symantec) [On_Demand | Running] -- C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe -- (SymSnapService)
SRV - [2009-06-11 02:53:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2005-01-27 18:16:58 | 000,856,064 | ---- | M] (Nero AG) [Auto | Stopped] -- C:\Program Files (x86)\Ahead\InCD\InCDsrv.exe -- (InCDsrv)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013-05-13 15:43:10 | 000,120,704 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2013-03-30 22:04:28 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2013-03-30 22:04:28 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2013-03-30 22:04:28 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011-12-16 21:23:01 | 000,035,112 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV:64bit: - [2011-07-22 21:56:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011-07-13 03:25:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011-06-09 21:20:58 | 000,153,248 | ---- | M] (Tonec Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\idmwfp.sys -- (IDMWFP)
DRV:64bit: - [2011-04-30 05:49:36 | 000,288,416 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2011-04-30 05:49:36 | 000,283,296 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2011-04-30 05:49:36 | 000,166,048 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2011-04-30 05:49:36 | 000,109,216 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_avdt.sys -- (btath_avdt)
DRV:64bit: - [2011-04-30 05:49:36 | 000,059,040 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2011-04-30 05:49:36 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2011-04-30 05:49:36 | 000,029,344 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2011-04-30 05:49:34 | 000,259,232 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2011-04-30 05:49:34 | 000,051,872 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AthDfu.sys -- (ATHDFU)
DRV:64bit: - [2011-03-29 14:44:07 | 000,173,160 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011-03-29 12:21:30 | 000,425,064 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011-03-29 11:45:05 | 000,335,464 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2011-03-29 09:27:20 | 001,581,184 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2011-03-11 12:11:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011-03-11 12:11:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011-02-22 20:57:05 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011-02-17 08:36:44 | 000,316,024 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2011-02-16 18:20:45 | 002,377,216 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010-11-21 08:54:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010-11-21 08:53:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010-11-21 08:53:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010-11-21 08:53:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010-11-04 10:15:54 | 000,120,704 | ---- | M] (ZTEMT Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT_ZTEMT_U_USBSER.sys -- (ztemtusbser)
DRV:64bit: - [2010-10-20 05:04:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010-04-27 01:50:29 | 000,012,032 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP)
DRV:64bit: - [2009-11-09 08:58:08 | 000,091,568 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2009-10-01 22:03:40 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV:64bit: - [2009-09-21 20:40:14 | 000,020,528 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vproeventmonitor.sys -- (VProEventMonitor)
DRV:64bit: - [2009-09-21 20:26:10 | 000,054,320 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GenericMount.sys -- (GenericMount)
DRV:64bit: - [2009-09-21 20:20:42 | 000,170,032 | ---- | M] (StorageCraft) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\symsnap.sys -- (symsnap)
DRV:64bit: - [2009-07-14 07:22:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009-07-14 07:18:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009-07-14 07:17:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009-07-14 07:15:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009-06-11 02:05:02 | 000,281,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\e1y60x64.sys -- (e1yexpress)
DRV:64bit: - [2009-06-11 02:04:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009-06-11 02:04:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009-06-11 02:04:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009-06-11 02:01:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009-05-27 03:02:04 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV:64bit: - [2009-02-13 12:02:52 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2008-06-27 07:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV - [2011-08-26 15:11:26 | 000,035,256 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlocker.sys -- (IObitUnlocker)
DRV - [2009-07-14 06:49:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005-01-27 22:37:28 | 000,027,776 | ---- | M] (Nero AG) [Kernel | System | Stopped] -- C:\Windows\SysWow64\drivers\InCDrm.sys -- (incdrm)
DRV - [2005-01-27 18:08:08 | 000,008,704 | ---- | M] (Nero AG) [Recognizer | System | Unknown] -- C:\Windows\SysWow64\drivers\InCDrec.sys -- (InCDrec)
DRV - [2005-01-27 18:08:02 | 000,099,200 | ---- | M] (Nero AG) [File_System | Disabled | Stopped] -- C:\Windows\SysWow64\drivers\InCDfs.sys -- (InCDfs)
DRV - [2005-01-27 18:07:34 | 000,028,928 | ---- | M] (Nero AG) [Kernel | System | Stopped] -- C:\Windows\SysWOW64\drivers\InCDpass.sys -- (InCDPass)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://websearch.just-browse.info/
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.jus...q={searchTerms}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



IE - HKU\S-1-5-21-636246028-3416297652-1127146674-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://in.yahoo.com/?fr=fp-yie9
IE - HKU\S-1-5-21-636246028-3416297652-1127146674-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-636246028-3416297652-1127146674-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.in/
IE - HKU\S-1-5-21-636246028-3416297652-1127146674-1000\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found
IE - HKU\S-1-5-21-636246028-3416297652-1127146674-1000\..\SearchScopes,DefaultScope = {5545F46F-FE6C-4DAE-B5FE-57C6EED890C9}
IE - HKU\S-1-5-21-636246028-3416297652-1127146674-1000\..\SearchScopes\{5545F46F-FE6C-4DAE-B5FE-57C6EED890C9}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\S-1-5-21-636246028-3416297652-1127146674-1000\..\SearchScopes\{5CBA97C5-0D9F-4ADB-8E76-BCCA34970FDF}: "URL" = http://in.search.yah...f-8&fr=chr-yie9
IE - HKU\S-1-5-21-636246028-3416297652-1127146674-1000\..\SearchScopes\{A4C2F101-4697-4122-905C-B2A37BDF7944}: "URL" = http://www.flickr.co...q={searchTerms}
IE - HKU\S-1-5-21-636246028-3416297652-1127146674-1000\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.jus...q={searchTerms}
IE - HKU\S-1-5-21-636246028-3416297652-1127146674-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7Bc45c406e-ab73-11d8-be73-000a95be3b12%7D:1.2.5
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - prefs.js..network.proxy.http: "192.168.1.3"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.type: 0
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: ""
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll ( )
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.732: C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.732: C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files (x86)\WordWeb\WCaptureMoz [2012-03-26 09:19:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013-05-17 15:45:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013-05-17 15:45:35 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}: C:\Program Files (x86)\DAP\DAPFireFox [2012-03-02 23:28:41 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\SHARATH\AppData\Roaming\IDM\idmmzcc5 [2012-04-22 21:18:37 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013-05-17 15:45:40 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013-05-17 15:45:35 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Users\SHARATH\AppData\Roaming\IDM\idmmzcc5 [2012-04-22 21:18:37 | 000,000,000 | ---D | M]

[2012-11-21 10:03:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SHARATH\AppData\Roaming\mozilla\Extensions
[2013-05-10 11:50:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SHARATH\AppData\Roaming\mozilla\Firefox\Profiles\msr6f9cm.default-1366977724619\extensions
[2013-05-10 11:50:24 | 001,360,435 | ---- | M] () (No name found) -- C:\Users\SHARATH\AppData\Roaming\mozilla\firefox\profiles\msr6f9cm.default-1366977724619\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi
[2013-05-17 15:45:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013-05-17 15:45:33 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013-05-17 15:45:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013-05-17 15:45:40 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011-12-09 22:53:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll

========== Chrome ==========

CHR - homepage: http://nemrod.se/
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U22 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Nitro PDF Plug-In (Enabled) = C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - Extension: Google Drive = C:\Users\SHARATH\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Web Developer = C:\Users\SHARATH\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbameneiokkgbdmiekhjnmfkcnldhhm\0.4.3_0\
CHR - Extension: SaveAs = C:\Users\SHARATH\AppData\Local\Google\Chrome\User Data\Default\Extensions\fijplnegmhibgjjaaocckopploghjbid\2_0\
CHR - Extension: SaveAs = C:\Users\SHARATH\AppData\Local\Google\Chrome\User Data\Default\Extensions\igmcemboopcbchcbdefocgmngommpmop\2_0\
CHR - Extension: Skype Click to Call = C:\Users\SHARATH\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.6.0.11664_0\
CHR - Extension: Remind Me - by Astrid = C:\Users\SHARATH\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhfjhcbjeaioljbdmiddkmnidgmnolbc\1.3.1.2_0\

O1 HOSTS File: ([2012-11-20 20:40:30 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [WD Quick View] C:\Program Files\Western Digital\WD SmartWare\WDDMStatus.exe (Western Digital Technologies, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [InCD] C:\Program Files (x86)\Ahead\InCD\InCD.exe (Nero AG)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Windows\SysWOW64\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [WD Drive Unlocker] C:\Program Files (x86)\Western Digital\WD Apps\WDDriveAutoUnlock.exe (Western Digital)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-636246028-3416297652-1127146674-1000..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-636246028-3416297652-1127146674-1000..\Run: [GoogleChromeAutoLaunch_4EE56885669B5D07FDBCB4E8D205AE34] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKU\S-1-5-21-636246028-3416297652-1127146674-1000..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - HKU\S-1-5-21-636246028-3416297652-1127146674-1000..\Run: [MCShield Monitor] C:\Program Files (x86)\MCShield\MCShieldRTM.exe (MyCity)
O4 - HKU\S-1-5-21-636246028-3416297652-1127146674-1000..\Run: [Sony PC Companion] C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe (Sony)
O4 - HKU\S-1-5-21-636246028-3416297652-1127146674-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-636246028-3416297652-1127146674-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 4
O8:64bit: - Extra context menu item: &Clean Traces - C:\Program Files (x86)\DAP\Privacy Package\dapcleanerie.htm ()
O8:64bit: - Extra context menu item: &Download with &DAP - C:\Program Files (x86)\DAP\dapextie.htm ()
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Download &all with DAP - C:\Program Files (x86)\DAP\dapextie2.htm ()
O8:64bit: - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8:64bit: - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: &Clean Traces - C:\Program Files (x86)\DAP\Privacy Package\dapcleanerie.htm ()
O8 - Extra context menu item: &Download with &DAP - C:\Program Files (x86)\DAP\dapextie.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Download &all with DAP - C:\Program Files (x86)\DAP\dapextie2.htm ()
O8 - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files (x86)\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files (x86)\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-636246028-3416297652-1127146674-1000\..Trusted Domains: aces.gov.in ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-636246028-3416297652-1127146674-1000\..Trusted Domains: incometaxindiaefiling.gov.in ([]https in Trusted sites)
O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_09)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_09)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BE0C6D8B-956B-46E5-AF87-E4D3337C4E08}: DhcpNameServer = 10.0.0.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22:64bit: - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll (Stardock)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012-08-29 15:39:38 | 000,000,000 | ---D | M] - I:\AUTORUN -- [ NTFS ]
O32 - AutoRun File - [2013-06-01 11:24:36 | 000,003,417 | ---- | M] () - I:\autorun.inf.vir -- [ NTFS ]
O33 - MountPoints2\{841b2080-6607-11e1-a568-78843cee444f}\Shell - "" = AutoRun
O33 - MountPoints2\{841b2080-6607-11e1-a568-78843cee444f}\Shell\AutoRun\command - "" = "H:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{a915a10c-8653-11e1-9eb2-ccaf78d262a8}\Shell - "" = AutoRun
O33 - MountPoints2\{a915a10c-8653-11e1-9eb2-ccaf78d262a8}\Shell\AutoRun\command - "" = H:\Setup.exe /Auto
O33 - MountPoints2\{fd60bca1-bb96-11e2-9e49-ccaf78d262a8}\Shell - "" = AutoRun
O33 - MountPoints2\{fd60bca1-bb96-11e2-9e49-ccaf78d262a8}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013-06-01 18:15:51 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\SHARATH\Desktop\OTL_2.exe
[2013-06-01 18:07:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MCShield
[2013-06-01 18:07:11 | 000,000,000 | ---D | C] -- C:\ProgramData\MCShield
[2013-06-01 18:07:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MCShield
[2013-06-01 13:18:20 | 000,000,000 | ---D | C] -- C:\Users\SHARATH\AppData\Roaming\SUPERAntiSpyware.com
[2013-06-01 13:18:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2013-06-01 13:18:11 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2013-05-31 16:38:05 | 000,000,000 | -HSD | C] -- C:\87
[2013-05-28 21:07:55 | 000,000,000 | --SD | C] -- C:\Users\SHARATH\Google Drive
[2013-05-28 21:06:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
[2013-05-17 15:45:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013-05-14 23:20:33 | 004,811,793 | ---- | C] (FileZilla Project) -- C:\Users\SHARATH\Desktop\FileZilla_3.7.0.1_win32-setup.exe
[2013-05-13 15:43:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Mobile Partner
[2013-05-13 15:43:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MBlaze
[2013-05-13 15:43:43 | 000,000,000 | ---D | C] -- C:\ProgramData\MBlaze
[2013-05-13 15:43:32 | 001,001,472 | ---- | C] (DiBcom SA) -- C:\Windows\SysNative\drivers\mod7700.sys
[2013-05-13 15:43:32 | 000,249,856 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ewusbnet.sys
[2013-05-13 15:43:32 | 000,120,704 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ewusbmdm.sys
[2013-05-13 15:43:32 | 000,114,560 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ewusbdev.sys
[2013-05-13 15:43:32 | 000,032,768 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\Windows\SysNative\drivers\ewdcsc.sys
[2013-05-13 15:43:32 | 000,013,952 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_usbenumfilter.sys
[2013-05-13 15:43:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MBlaze
[2013-05-07 15:59:16 | 000,083,160 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys

========== Files - Modified Within 30 Days ==========

[2013-06-01 19:12:53 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013-06-01 19:12:53 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013-06-01 19:08:26 | 000,632,031 | ---- | M] () -- C:\Users\SHARATH\Desktop\adwcleaner.exe
[2013-06-01 19:05:11 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013-06-01 19:04:58 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2013-06-01 19:04:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013-06-01 18:45:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013-06-01 18:36:17 | 019,253,799 | ---- | M] () -- C:\Users\SHARATH\Desktop\Ken HultgrenThe Art Of Animal Drawing.pdf
[2013-06-01 18:15:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\SHARATH\Desktop\OTL_2.exe
[2013-06-01 18:15:01 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013-06-01 18:03:07 | 000,230,991 | ---- | M] () -- C:\Users\SHARATH\Desktop\PVR Cinemas - Epic - 2nd June 2013.pdf
[2013-06-01 17:43:26 | 002,616,742 | ---- | M] () -- C:\Users\SHARATH\Desktop\MCShield-Setup.exe
[2013-06-01 13:43:25 | 000,027,701 | ---- | M] () -- C:\Users\SHARATH\Desktop\431896_470420063037051_1727245037_n.jpg
[2013-06-01 13:41:07 | 000,058,165 | ---- | M] () -- C:\Users\SHARATH\Desktop\217323_470396049706119_1753651473_n.jpg
[2013-06-01 13:36:06 | 000,028,934 | ---- | M] () -- C:\Users\SHARATH\Desktop\971258_10151473270211840_1393344760_n.jpg
[2013-06-01 13:35:05 | 000,037,299 | ---- | M] () -- C:\Users\SHARATH\Desktop\972018_470431169702607_654966369_n.jpg
[2013-06-01 13:34:25 | 000,017,915 | ---- | M] () -- C:\Users\SHARATH\Desktop\198337_470406523038405_30655581_n.png
[2013-06-01 13:18:14 | 000,001,815 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013-06-01 00:28:23 | 000,687,964 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013-06-01 00:28:23 | 000,132,780 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013-06-01 00:28:22 | 000,810,566 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013-05-31 23:18:40 | 000,028,776 | ---- | M] () -- C:\Users\SHARATH\Desktop\305651_677831902233636_1239750442_n.jpg
[2013-05-31 23:18:29 | 000,027,265 | ---- | M] () -- C:\Users\SHARATH\Desktop\7314_493080607429702_421051039_n.jpg
[2013-05-31 23:16:55 | 000,014,391 | ---- | M] () -- C:\Users\SHARATH\Desktop\9371_10152859011325114_401273643_n.jpg
[2013-05-31 23:16:14 | 000,033,146 | ---- | M] () -- C:\Users\SHARATH\Desktop\295940_10151591266099407_1300679421_n.jpg
[2013-05-31 23:15:31 | 000,096,650 | ---- | M] () -- C:\Users\SHARATH\Desktop\969630_502826473104133_399365092_n.jpg
[2013-05-31 15:35:05 | 000,034,582 | ---- | M] () -- C:\Users\SHARATH\Desktop\983886_502825176437596_467836688_n.png
[2013-05-31 13:07:04 | 000,054,000 | ---- | M] () -- C:\Users\SHARATH\Desktop\971186_492820160789080_203655130_n.jpg
[2013-05-31 13:06:36 | 000,028,396 | ---- | M] () -- C:\Users\SHARATH\Desktop\942062_492820564122373_1391753624_n.jpg
[2013-05-31 13:05:36 | 000,040,929 | ---- | M] () -- C:\Users\SHARATH\Desktop\400423_519330714787335_149753534_n.jpg
[2013-05-31 13:05:18 | 000,033,904 | ---- | M] () -- C:\Users\SHARATH\Desktop\427122_587078774657394_1788785518_n.jpg
[2013-05-31 13:01:38 | 000,036,823 | ---- | M] () -- C:\Users\SHARATH\Desktop\421372_502824806437633_1682872808_n.png
[2013-05-30 19:54:04 | 000,067,319 | ---- | M] () -- C:\Users\SHARATH\Desktop\Wood sculpture by Jeffro Ouitto.jpg
[2013-05-30 19:44:31 | 010,127,651 | ---- | M] () -- C:\Users\SHARATH\Desktop\photo.psd
[2013-05-30 19:44:24 | 001,699,461 | ---- | M] () -- C:\Users\SHARATH\Desktop\photo.png
[2013-05-30 19:44:15 | 000,000,132 | ---- | M] () -- C:\Users\SHARATH\AppData\Roaming\Adobe PNG Format CS6 Prefs
[2013-05-30 19:42:20 | 000,422,422 | ---- | M] () -- C:\Users\SHARATH\Desktop\photo.jpg
[2013-05-30 16:08:28 | 000,001,456 | ---- | M] () -- C:\Users\SHARATH\AppData\Local\Adobe Save for Web 13.0 Prefs
[2013-05-30 15:50:21 | 000,034,051 | ---- | M] () -- C:\Users\SHARATH\Desktop\969298_502458923140888_1811562924_n.png
[2013-05-30 14:57:14 | 000,017,199 | ---- | M] () -- C:\Users\SHARATH\Desktop\251111_677149565635203_1994445410_n.jpg
[2013-05-30 14:37:57 | 000,072,853 | ---- | M] () -- C:\Users\SHARATH\Desktop\971037_492545790816517_855633287_n.jpg
[2013-05-30 12:46:37 | 000,026,316 | ---- | M] () -- C:\Users\SHARATH\Desktop\294211_502458273140953_1563455176_n.png
[2013-05-30 11:02:15 | 011,815,816 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013-05-29 17:23:40 | 000,148,575 | ---- | M] () -- C:\Users\SHARATH\Desktop\bannersforthecampaign.zip
[2013-05-29 14:34:56 | 000,046,268 | ---- | M] () -- C:\Users\SHARATH\Desktop\Human Motorcycle Body paint by Trina Merry.jpg
[2013-05-29 13:20:19 | 000,070,610 | ---- | M] () -- C:\Users\SHARATH\Desktop\878_10151631053773415_1182720862_n.jpg
[2013-05-29 13:12:49 | 000,248,227 | ---- | M] () -- C:\Users\SHARATH\Desktop\TelephoneBill_556531_90113705.pdf
[2013-05-29 12:34:24 | 000,043,988 | ---- | M] () -- C:\Users\SHARATH\Desktop\one picture thounsand words.jpg
[2013-05-28 21:07:55 | 000,001,666 | ---- | M] () -- C:\Users\SHARATH\Desktop\Google Drive.lnk
[2013-05-28 18:46:36 | 000,026,882 | ---- | M] () -- C:\Users\SHARATH\Desktop\408179_474039739352116_1702297948_n.jpg
[2013-05-28 16:07:19 | 000,036,834 | ---- | M] () -- C:\Users\SHARATH\Desktop\581248_501648186555295_455069555_n.jpg
[2013-05-28 12:39:19 | 000,058,436 | ---- | M] () -- C:\Users\SHARATH\Desktop\Sharath Kumar.pdf
[2013-05-28 12:39:14 | 000,103,059 | ---- | M] () -- C:\Users\SHARATH\Desktop\Sharath Kumar_192_14.pdf
[2013-05-28 11:16:11 | 000,047,270 | ---- | M] () -- C:\Users\SHARATH\Desktop\941356_468704919875232_1957387394_n.jpg
[2013-05-28 11:15:43 | 000,070,696 | ---- | M] () -- C:\Users\SHARATH\Desktop\923291_501255166594597_1774141554_n.jpg
[2013-05-27 15:06:09 | 000,219,932 | ---- | M] () -- C:\Users\SHARATH\Desktop\5520XXXX0133XXXX_25-05-2013.PDF
[2013-05-27 13:34:25 | 000,056,202 | ---- | M] () -- C:\Users\SHARATH\Desktop\968990_517720421615031_2012133065_n.jpg
[2013-05-27 13:26:11 | 000,029,547 | ---- | M] () -- C:\Users\SHARATH\Desktop\954876_468298896582501_459624798_n.jpg
[2013-05-27 13:24:42 | 000,033,458 | ---- | M] () -- C:\Users\SHARATH\Desktop\941786_501082276611886_52422508_n.jpg
[2013-05-27 13:23:31 | 000,025,146 | ---- | M] () -- C:\Users\SHARATH\Desktop\264584_501253173261463_2113719258_n.png
[2013-05-27 13:21:52 | 000,023,712 | ---- | M] () -- C:\Users\SHARATH\Desktop\944154_468286679917056_182137900_n.jpg
[2013-05-27 13:21:37 | 000,023,589 | ---- | M] () -- C:\Users\SHARATH\Desktop\581747_501058489947598_392999426_n.jpg
[2013-05-26 03:25:23 | 000,000,360 | ---- | M] () -- C:\Windows\tasks\RegInOut Scheduled Scan - SHARATH.job
[2013-05-17 17:55:56 | 000,002,262 | ---- | M] () -- C:\Users\SHARATH\Desktop\Google Chrome.lnk
[2013-05-17 15:33:12 | 000,178,176 | ---- | M] () -- C:\Users\SHARATH\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013-05-14 23:21:23 | 004,811,793 | ---- | M] (FileZilla Project) -- C:\Users\SHARATH\Desktop\FileZilla_3.7.0.1_win32-setup.exe
[2013-05-13 15:43:45 | 000,000,986 | ---- | M] () -- C:\Users\Public\Desktop\MBlaze.lnk
[2013-05-13 15:43:11 | 001,001,472 | ---- | M] (DiBcom SA) -- C:\Windows\SysNative\drivers\mod7700.sys
[2013-05-13 15:43:10 | 000,249,856 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ewusbnet.sys
[2013-05-13 15:43:10 | 000,120,704 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ewusbmdm.sys
[2013-05-13 15:43:10 | 000,114,560 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ewusbdev.sys
[2013-05-13 15:43:10 | 000,032,768 | ---- | M] (Huawei Tech. Co., Ltd.) -- C:\Windows\SysNative\drivers\ewdcsc.sys
[2013-05-13 15:43:10 | 000,013,952 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_usbenumfilter.sys
[2013-05-09 15:38:22 | 000,001,574 | ---- | M] () -- C:\Users\SHARATH\Desktop\Grid Systems in Graphic Design Josef Muller-Brockmann.pdf.lnk
[2013-05-07 15:59:02 | 000,083,160 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys

========== Files Created - No Company Name ==========

[2013-06-01 19:08:30 | 000,632,031 | ---- | C] () -- C:\Users\SHARATH\Desktop\adwcleaner.exe
[2013-06-01 18:36:00 | 019,253,799 | ---- | C] () -- C:\Users\SHARATH\Desktop\Ken HultgrenThe Art Of Animal Drawing.pdf
[2013-06-01 18:03:06 | 000,230,991 | ---- | C] () -- C:\Users\SHARATH\Desktop\PVR Cinemas - Epic - 2nd June 2013.pdf
[2013-06-01 17:43:28 | 002,616,742 | ---- | C] () -- C:\Users\SHARATH\Desktop\MCShield-Setup.exe
[2013-06-01 13:43:25 | 000,027,701 | ---- | C] () -- C:\Users\SHARATH\Desktop\431896_470420063037051_1727245037_n.jpg
[2013-06-01 13:41:07 | 000,058,165 | ---- | C] () -- C:\Users\SHARATH\Desktop\217323_470396049706119_1753651473_n.jpg
[2013-06-01 13:36:05 | 000,028,934 | ---- | C] () -- C:\Users\SHARATH\Desktop\971258_10151473270211840_1393344760_n.jpg
[2013-06-01 13:35:05 | 000,037,299 | ---- | C] () -- C:\Users\SHARATH\Desktop\972018_470431169702607_654966369_n.jpg
[2013-06-01 13:34:25 | 000,017,915 | ---- | C] () -- C:\Users\SHARATH\Desktop\198337_470406523038405_30655581_n.png
[2013-06-01 13:18:14 | 000,001,815 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013-05-31 23:18:39 | 000,028,776 | ---- | C] () -- C:\Users\SHARATH\Desktop\305651_677831902233636_1239750442_n.jpg
[2013-05-31 23:18:28 | 000,027,265 | ---- | C] () -- C:\Users\SHARATH\Desktop\7314_493080607429702_421051039_n.jpg
[2013-05-31 23:16:54 | 000,014,391 | ---- | C] () -- C:\Users\SHARATH\Desktop\9371_10152859011325114_401273643_n.jpg
[2013-05-31 23:16:13 | 000,033,146 | ---- | C] () -- C:\Users\SHARATH\Desktop\295940_10151591266099407_1300679421_n.jpg
[2013-05-31 23:15:29 | 000,096,650 | ---- | C] () -- C:\Users\SHARATH\Desktop\969630_502826473104133_399365092_n.jpg
[2013-05-31 15:35:04 | 000,034,582 | ---- | C] () -- C:\Users\SHARATH\Desktop\983886_502825176437596_467836688_n.png
[2013-05-31 13:07:04 | 000,054,000 | ---- | C] () -- C:\Users\SHARATH\Desktop\971186_492820160789080_203655130_n.jpg
[2013-05-31 13:06:36 | 000,028,396 | ---- | C] () -- C:\Users\SHARATH\Desktop\942062_492820564122373_1391753624_n.jpg
[2013-05-31 13:05:36 | 000,040,929 | ---- | C] () -- C:\Users\SHARATH\Desktop\400423_519330714787335_149753534_n.jpg
[2013-05-31 13:05:17 | 000,033,904 | ---- | C] () -- C:\Users\SHARATH\Desktop\427122_587078774657394_1788785518_n.jpg
[2013-05-31 13:01:37 | 000,036,823 | ---- | C] () -- C:\Users\SHARATH\Desktop\421372_502824806437633_1682872808_n.png
[2013-05-30 19:54:04 | 000,067,319 | ---- | C] () -- C:\Users\SHARATH\Desktop\Wood sculpture by Jeffro Ouitto.jpg
[2013-05-30 19:44:29 | 010,127,651 | ---- | C] () -- C:\Users\SHARATH\Desktop\photo.psd
[2013-05-30 19:44:11 | 001,699,461 | ---- | C] () -- C:\Users\SHARATH\Desktop\photo.png
[2013-05-30 15:50:20 | 000,034,051 | ---- | C] () -- C:\Users\SHARATH\Desktop\969298_502458923140888_1811562924_n.png
[2013-05-30 14:57:14 | 000,017,199 | ---- | C] () -- C:\Users\SHARATH\Desktop\251111_677149565635203_1994445410_n.jpg
[2013-05-30 14:37:57 | 000,072,853 | ---- | C] () -- C:\Users\SHARATH\Desktop\971037_492545790816517_855633287_n.jpg
[2013-05-30 13:30:01 | 000,422,422 | ---- | C] () -- C:\Users\SHARATH\Desktop\photo.jpg
[2013-05-30 12:46:37 | 000,026,316 | ---- | C] () -- C:\Users\SHARATH\Desktop\294211_502458273140953_1563455176_n.png
[2013-05-29 17:23:22 | 000,148,575 | ---- | C] () -- C:\Users\SHARATH\Desktop\bannersforthecampaign.zip
[2013-05-29 14:34:55 | 000,046,268 | ---- | C] () -- C:\Users\SHARATH\Desktop\Human Motorcycle Body paint by Trina Merry.jpg
[2013-05-29 13:20:18 | 000,070,610 | ---- | C] () -- C:\Users\SHARATH\Desktop\878_10151631053773415_1182720862_n.jpg
[2013-05-29 13:12:49 | 000,248,227 | ---- | C] () -- C:\Users\SHARATH\Desktop\TelephoneBill_556531_90113705.pdf
[2013-05-29 12:34:22 | 000,043,988 | ---- | C] () -- C:\Users\SHARATH\Desktop\one picture thounsand words.jpg
[2013-05-28 21:07:55 | 000,001,666 | ---- | C] () -- C:\Users\SHARATH\Desktop\Google Drive.lnk
[2013-05-28 18:46:35 | 000,026,882 | ---- | C] () -- C:\Users\SHARATH\Desktop\408179_474039739352116_1702297948_n.jpg
[2013-05-28 16:07:19 | 000,036,834 | ---- | C] () -- C:\Users\SHARATH\Desktop\581248_501648186555295_455069555_n.jpg
[2013-05-28 12:39:19 | 000,058,436 | ---- | C] () -- C:\Users\SHARATH\Desktop\Sharath Kumar.pdf
[2013-05-28 12:39:14 | 000,103,059 | ---- | C] () -- C:\Users\SHARATH\Desktop\Sharath Kumar_192_14.pdf
[2013-05-28 11:16:11 | 000,047,270 | ---- | C] () -- C:\Users\SHARATH\Desktop\941356_468704919875232_1957387394_n.jpg
[2013-05-28 11:15:43 | 000,070,696 | ---- | C] () -- C:\Users\SHARATH\Desktop\923291_501255166594597_1774141554_n.jpg
[2013-05-27 15:06:03 | 000,219,932 | ---- | C] () -- C:\Users\SHARATH\Desktop\5520XXXX0133XXXX_25-05-2013.PDF
[2013-05-27 13:34:25 | 000,056,202 | ---- | C] () -- C:\Users\SHARATH\Desktop\968990_517720421615031_2012133065_n.jpg
[2013-05-27 13:26:11 | 000,029,547 | ---- | C] () -- C:\Users\SHARATH\Desktop\954876_468298896582501_459624798_n.jpg
[2013-05-27 13:24:42 | 000,033,458 | ---- | C] () -- C:\Users\SHARATH\Desktop\941786_501082276611886_52422508_n.jpg
[2013-05-27 13:23:31 | 000,025,146 | ---- | C] () -- C:\Users\SHARATH\Desktop\264584_501253173261463_2113719258_n.png
[2013-05-27 13:21:52 | 000,023,712 | ---- | C] () -- C:\Users\SHARATH\Desktop\944154_468286679917056_182137900_n.jpg
[2013-05-27 13:21:37 | 000,023,589 | ---- | C] () -- C:\Users\SHARATH\Desktop\581747_501058489947598_392999426_n.jpg
[2013-05-15 17:10:44 | 000,002,262 | ---- | C] () -- C:\Users\SHARATH\Desktop\Google Chrome.lnk
[2013-05-13 15:43:45 | 000,000,986 | ---- | C] () -- C:\Users\Public\Desktop\MBlaze.lnk
[2013-03-04 12:30:31 | 000,000,132 | ---- | C] () -- C:\Users\SHARATH\AppData\Roaming\Adobe PNG Format CS6 Prefs
[2012-12-26 13:34:01 | 000,001,456 | ---- | C] () -- C:\Users\SHARATH\AppData\Local\Adobe Save for Web 13.0 Prefs
[2012-10-27 23:40:45 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2012-09-26 15:13:35 | 000,000,027 | ---- | C] () -- C:\Windows\GraphicsDesk.INI
[2012-06-16 13:15:04 | 000,005,894 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp CD Writer.dat
[2012-06-16 13:14:44 | 000,011,030 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp DSP Effects.dat
[2012-06-16 13:14:40 | 001,726,328 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe
[2012-03-30 07:50:42 | 000,001,456 | ---- | C] () -- C:\Users\SHARATH\AppData\Local\Adobe Save for Web 12.0 Prefs
[2012-03-24 22:23:20 | 000,178,176 | ---- | C] () -- C:\Users\SHARATH\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012-03-02 23:15:47 | 000,034,308 | ---- | C] () -- C:\Windows\SysWow64\BASSMOD.dll
[2012-03-02 22:46:32 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012-03-02 22:46:32 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2012-03-02 22:46:31 | 000,790,528 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012-03-02 22:46:31 | 000,134,144 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012-03-02 22:46:31 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012-03-02 11:58:48 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2012-02-03 11:40:56 | 000,093,248 | ---- | C] () -- C:\Windows\SysWow64\TBRepair.dll

========== ZeroAccess Check ==========

[2009-07-14 10:25:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2010-11-21 08:53:55 | 014,174,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010-11-21 08:54:02 | 012,872,192 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 07:10:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-21 08:54:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 07:11:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012-04-20 17:38:49 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\ZTEEVDO
[2012-04-20 17:38:49 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\ZTEEVDO
[2013-03-24 01:47:24 | 000,000,000 | ---D | M] -- C:\Users\SHARATH\AppData\Roaming\Ableton
[2013-03-14 16:04:52 | 000,000,000 | ---D | M] -- C:\Users\SHARATH\AppData\Roaming\Bradsoft.com
[2012-03-31 12:09:44 | 000,000,000 | ---D | M] -- C:\Users\SHARATH\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2013-06-01 19:01:15 | 000,000,000 | ---D | M] -- C:\Users\SHARATH\AppData\Roaming\DMCache
[2012-04-23 11:31:57 | 000,000,000 | ---D | M] -- C:\Users\SHARATH\AppData\Roaming\Dropbox
[2012-05-01 20:59:01 | 000,000,000 | ---D | M] -- C:\Users\SHARATH\AppData\Roaming\EasiestSoft
[2013-05-14 23:23:13 | 000,000,000 | ---D | M] -- C:\Users\SHARATH\AppData\Roaming\FileZilla
[2012-03-26 14:06:32 | 000,000,000 | ---D | M] -- C:\Users\SHARATH\AppData\Roaming\GetRightToGo
[2012-09-26 15:13:13 | 000,000,000 | ---D | M] -- C:\Users\SHARATH\AppData\Roaming\Hemera
[2013-03-28 17:29:48 | 000,000,000 | ---D | M] -- C:\Users\SHARATH\AppData\Roaming\IDM
[2012-03-02 22:46:15 | 000,000,000 | ---D | M] -- C:\Users\SHARATH\AppData\Roaming\IObit
[2013-05-23 12:21:58 | 000,000,000 | ---D | M] -- C:\Users\SHARATH\AppData\Roaming\Maxthon3
[2013-06-01 00:41:23 | 000,000,000 | ---D | M] -- C:\Users\SHARATH\AppData\Roaming\Nitro PDF
[2013-02-13 17:41:51 | 000,000,000 | ---D | M] -- C:\Users\SHARATH\AppData\Roaming\Notepad++
[2012-03-15 00:26:46 | 000,000,000 | ---D | M] -- C:\Users\SHARATH\AppData\Roaming\OpenCandy
[2012-12-13 13:58:12 | 000,000,000 | ---D | M] -- C:\Users\SHARATH\AppData\Roaming\Opera
[2013-02-12 19:51:11 | 000,000,000 | ---D | M] -- C:\Users\SHARATH\AppData\Roaming\PDAppFlex
[2013-01-20 22:34:58 | 000,000,000 | ---D | M] -- C:\Users\SHARATH\AppData\Roaming\PrimoPDF
[2012-08-25 19:17:49 | 000,000,000 | ---D | M] -- C:\Users\SHARATH\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012-09-01 00:17:21 | 000,000,000 | ---D | M] -- C:\Users\SHARATH\AppData\Roaming\Stardock
[2012-03-31 11:57:42 | 000,000,000 | ---D | M] -- C:\Users\SHARATH\AppData\Roaming\TeamViewer
[2012-03-26 12:55:49 | 000,000,000 | ---D | M] -- C:\Users\SHARATH\AppData\Roaming\TeraCopy
[2012-11-10 20:30:02 | 000,000,000 | ---D | M] -- C:\Users\SHARATH\AppData\Roaming\TFP
[2013-05-02 23:32:58 | 000,000,000 | ---D | M] -- C:\Users\SHARATH\AppData\Roaming\uTorrent
[2012-03-05 11:27:18 | 000,000,000 | ---D | M] -- C:\Users\SHARATH\AppData\Roaming\Western Digital
[2012-06-28 13:27:31 | 000,000,000 | ---D | M] -- C:\Users\SHARATH\AppData\Roaming\Windows Live Writer
[2012-09-10 15:23:43 | 000,000,000 | ---D | M] -- C:\Users\SHARATH\AppData\Roaming\winman
[2012-12-26 22:30:24 | 000,000,000 | ---D | M] -- C:\Users\SHARATH\AppData\Roaming\ZTEEVDO
[2012-05-01 11:56:16 | 000,000,000 | ---D | M] -- C:\Users\SHARATH\AppData\Roaming\ZTEMTUI

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:373E1720
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:A9662AE0

< End of report >
  • 0

#9
Essexboy
Posted 01 June 2013 - 07:59 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Are they disabled in MSconfig as I was looking for those but could not see them

Could you re-enable them and run a fresh OTL log then I will kill them properly or you could manually delete them :)
  • 0

#10
Dave_83
Posted 01 June 2013 - 08:02 AM

Dave_83

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts
AdwCleaner log attached.

Attached Files


  • 0

Advertisements

#11
Essexboy
Posted 01 June 2013 - 08:09 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you manually delete the autorun.inf.vir on the F drive please

How is the computer behaving now ?
  • 0

#12
Dave_83
Posted 01 June 2013 - 08:09 AM

Dave_83

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts
Yes, they are disabled, i had disabled it before i had started this tread, so it won't create any problem later.

Sure, will re-enable them and will post a fresh OTL log in a while :)
  • 0

#13
Essexboy
Posted 01 June 2013 - 08:16 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Ta :)
  • 0

#14
Dave_83
Posted 01 June 2013 - 08:42 AM

Dave_83

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts
autorun.inf.vir on F drive is deleted.

Computer is fine now, everything is working fine.

OTL logfile created on: 01-06-2013 19:41:31 - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\SHARATH\Desktop
64bit- Home Basic Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00004009 | Country: India | Language: ENN | Date Format: dd-MM-yyyy

7.98 Gb Total Physical Memory | 6.03 Gb Available Physical Memory | 75.55% Memory free
15.96 Gb Paging File | 13.73 Gb Available in Paging File | 86.01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 71.80 Gb Total Space | 10.65 Gb Free Space | 14.83% Space Free | Partition Type: NTFS
Drive D: | 100.01 Gb Total Space | 64.95 Gb Free Space | 64.95% Space Free | Partition Type: NTFS
Drive E: | 100.01 Gb Total Space | 85.22 Gb Free Space | 85.22% Space Free | Partition Type: NTFS
Drive F: | 14.98 Gb Total Space | 1.05 Gb Free Space | 7.01% Space Free | Partition Type: NTFS
Drive I: | 931.48 Gb Total Space | 247.87 Gb Free Space | 26.61% Space Free | Partition Type: NTFS

Computer Name: SHARATH-VAIO | User Name: SHARATH | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013-06-01 18:15:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\SHARATH\Desktop\OTL_2.exe
PRC - [2013-05-17 15:45:40 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013-05-07 15:54:31 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013-05-03 22:10:00 | 000,216,968 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler.exe
PRC - [2013-04-05 01:06:12 | 000,607,744 | ---- | M] (MyCity) -- C:\Program Files (x86)\MCShield\MCShieldRTM.exe
PRC - [2013-03-30 22:04:02 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013-03-30 22:02:48 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2013-03-18 17:47:58 | 000,448,736 | ---- | M] (Sony) -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
PRC - [2013-02-04 17:13:54 | 000,070,832 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
PRC - [2012-07-28 02:21:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012-03-19 17:08:47 | 007,357,824 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
PRC - [2012-03-19 17:08:47 | 002,666,880 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012-03-19 16:59:38 | 000,106,368 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe
PRC - [2011-12-16 13:21:12 | 000,246,688 | R--- | M] (Western Digital) -- C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
PRC - [2011-12-16 13:21:10 | 001,687,968 | R--- | M] (Western Digital) -- C:\Program Files (x86)\Western Digital\WD Apps\WDDriveAutoUnlock.exe
PRC - [2011-06-23 18:31:28 | 003,380,632 | ---- | M] (Tonec Inc.) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe
PRC - [2011-04-30 05:50:18 | 000,146,592 | ---- | M] (Atheros) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
PRC - [2011-03-06 05:12:36 | 000,180,928 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2011-03-06 05:12:36 | 000,064,704 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
PRC - [2011-02-24 02:35:04 | 000,105,024 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
PRC - [2011-02-18 23:49:06 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011-02-16 00:17:02 | 002,757,312 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
PRC - [2011-02-15 01:53:50 | 000,044,736 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Care\VCService.exe
PRC - [2011-02-02 01:50:48 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011-02-02 01:50:46 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2011-01-29 18:06:18 | 000,081,016 | ---- | M] (Sony of America Corporation) -- C:\Program Files\Sony\VAIO Care\listener.exe
PRC - [2010-11-27 13:25:42 | 000,648,032 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
PRC - [2010-11-27 13:25:42 | 000,398,176 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2010-09-14 07:02:32 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010-09-14 07:02:30 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010-05-25 19:58:58 | 000,263,600 | ---- | M] (Tonec Inc.) -- C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
PRC - [2010-03-10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2009-12-22 14:47:04 | 000,225,280 | ---- | M] () -- C:\ProgramData\DatacardService\DCService.exe
PRC - [2009-12-22 14:43:06 | 000,241,664 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DatacardService\DCSHelper.exe
PRC - [2009-10-01 21:32:04 | 004,584,288 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe


========== Modules (No Company Name) ==========

MOD - [2013-05-17 15:45:39 | 003,128,728 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013-02-04 17:13:54 | 000,070,832 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
MOD - [2012-11-07 16:25:36 | 000,204,288 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\MExplorer.dll
MOD - [2012-09-28 10:06:06 | 000,594,432 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\PhoneUpdate.dll
MOD - [2012-04-30 10:57:42 | 000,039,936 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\TMonitorAPI.dll
MOD - [2011-08-13 09:43:54 | 000,475,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\0acaaa18864b8ce389d6756876a269bc\IAStorUtil.ni.dll
MOD - [2011-08-13 09:43:54 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\e38d1efe292b58ac295f4db70c873016\IAStorCommon.ni.dll
MOD - [2011-07-07 14:54:36 | 000,233,984 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\Report.dll
MOD - [2011-02-18 23:48:48 | 000,235,112 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
MOD - [2010-11-21 09:19:18 | 011,819,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\da5da08245467818759aa44c4eb948e1\System.Web.ni.dll
MOD - [2010-11-21 09:19:13 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\5cae93d923c8378370758489e5535820\System.Runtime.Remoting.ni.dll
MOD - [2010-11-21 09:18:49 | 012,432,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd5168c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni.dll
MOD - [2010-11-21 09:18:42 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll
MOD - [2010-11-21 09:18:30 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf293040f3a93afa1ea782487acae816\WindowsBase.ni.dll
MOD - [2010-11-21 09:18:25 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\461d3b6b3f43e6fbe6c897d5936e17e4\System.Xml.ni.dll
MOD - [2010-11-21 09:18:22 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bc09ad2d49d8535371845cd7532f9271\System.Configuration.ni.dll
MOD - [2010-11-21 09:18:21 | 007,963,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll
MOD - [2010-11-21 09:18:14 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
MOD - [2010-01-11 15:44:54 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\VObject.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013-05-24 01:42:02 | 000,143,120 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2012-02-08 23:00:12 | 000,343,032 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe -- (NitroReaderDriverReadSpool2)
SRV:64bit: - [2011-12-15 11:40:08 | 001,977,224 | R--- | M] (Western Digital ) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WDFME.exe -- (WDFMEService)
SRV:64bit: - [2011-12-15 11:40:08 | 001,338,264 | R--- | M] (Western Digital ) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe -- (WDRulesService)
SRV:64bit: - [2011-12-15 11:40:06 | 000,319,384 | R--- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe -- (WDDMService)
SRV:64bit: - [2011-09-26 12:05:14 | 000,405,504 | ---- | M] () [Auto | Running] -- C:\Program Files\Reliance Netconnect+\bin\MonServiceUDisk.exe -- (UDisk Monitor)
SRV:64bit: - [2011-05-20 07:45:44 | 000,549,616 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV:64bit: - [2011-03-30 21:39:12 | 001,021,112 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\VAIO Update 5\VUAgent.exe -- (VUAgent)
SRV:64bit: - [2011-02-28 22:59:18 | 000,852,160 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Smart Network\VSNService.exe -- (VSNService)
SRV:64bit: - [2011-02-19 10:45:06 | 000,099,104 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper)
SRV:64bit: - [2011-02-19 10:32:08 | 000,385,336 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe -- (VcmINSMgr)
SRV:64bit: - [2011-02-15 01:53:50 | 000,044,736 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\VAIO Care\VCService.exe -- (VCService)
SRV:64bit: - [2011-01-29 18:06:18 | 000,259,192 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe -- (SampleCollector)
SRV:64bit: - [2011-01-21 00:57:18 | 000,286,936 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe -- (SpfService)
SRV:64bit: - [2010-09-23 06:40:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009-07-14 07:11:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013-05-17 15:45:39 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013-05-15 00:46:34 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013-03-30 22:04:02 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013-03-30 22:02:48 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013-02-28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013-02-04 17:43:22 | 000,155,824 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2012-07-28 02:21:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012-03-19 17:08:47 | 002,666,880 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2011-12-16 13:21:12 | 000,246,688 | R--- | M] (Western Digital) [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe -- (WDDriveService)
SRV - [2011-04-30 05:50:18 | 000,146,592 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent)
SRV - [2011-04-30 05:49:22 | 000,091,296 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2011-03-29 11:43:25 | 002,361,344 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2011-03-06 05:12:36 | 000,064,704 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2011-02-24 02:35:04 | 000,105,024 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
SRV - [2011-02-22 01:25:08 | 000,113,824 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp)
SRV - [2011-02-22 01:25:08 | 000,067,232 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs)
SRV - [2011-02-18 23:49:06 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011-02-02 01:50:48 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011-02-02 01:50:46 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2011-01-21 00:46:26 | 000,887,000 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2010-11-27 13:25:42 | 000,398,176 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2010-09-14 07:02:32 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010-03-19 02:46:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010-03-18 23:49:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010-03-10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2010-02-19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009-12-22 14:47:04 | 000,225,280 | ---- | M] () [Auto | Running] -- C:\ProgramData\DatacardService\DCService.exe -- (DCService.exe)
SRV - [2009-10-01 21:32:04 | 004,584,288 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe -- (Norton Ghost)
SRV - [2009-09-21 20:25:34 | 001,571,336 | ---- | M] (Symantec) [On_Demand | Stopped] -- C:\Program Files (x86)\Norton Ghost\Shared\Drivers\GenericMountHelper.exe -- (GenericMount Helper Service)
SRV - [2009-09-21 20:19:22 | 002,963,960 | ---- | M] (Symantec) [On_Demand | Running] -- C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe -- (SymSnapService)
SRV - [2009-06-11 02:53:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2005-01-27 18:16:58 | 000,856,064 | ---- | M] (Nero AG) [Auto | Stopped] -- C:\Program Files (x86)\Ahead\InCD\InCDsrv.exe -- (InCDsrv)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013-05-13 15:43:10 | 000,120,704 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2013-03-30 22:04:28 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2013-03-30 22:04:28 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2013-03-30 22:04:28 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011-12-16 21:23:01 | 000,035,112 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV:64bit: - [2011-07-22 21:56:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011-07-13 03:25:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011-06-09 21:20:58 | 000,153,248 | ---- | M] (Tonec Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\idmwfp.sys -- (IDMWFP)
DRV:64bit: - [2011-04-30 05:49:36 | 000,288,416 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2011-04-30 05:49:36 | 000,283,296 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2011-04-30 05:49:36 | 000,166,048 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2011-04-30 05:49:36 | 000,109,216 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_avdt.sys -- (btath_avdt)
DRV:64bit: - [2011-04-30 05:49:36 | 000,059,040 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2011-04-30 05:49:36 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2011-04-30 05:49:36 | 000,029,344 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2011-04-30 05:49:34 | 000,259,232 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2011-04-30 05:49:34 | 000,051,872 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AthDfu.sys -- (ATHDFU)
DRV:64bit: - [2011-03-29 14:44:07 | 000,173,160 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011-03-29 12:21:30 | 000,425,064 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011-03-29 11:45:05 | 000,335,464 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2011-03-29 09:27:20 | 001,581,184 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2011-03-11 12:11:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011-03-11 12:11:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011-02-22 20:57:05 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011-02-17 08:36:44 | 000,316,024 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2011-02-16 18:20:45 | 002,377,216 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010-11-21 08:54:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010-11-21 08:53:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010-11-21 08:53:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010-11-21 08:53:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010-11-04 10:15:54 | 000,120,704 | ---- | M] (ZTEMT Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT_ZTEMT_U_USBSER.sys -- (ztemtusbser)
DRV:64bit: - [2010-10-20 05:04:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010-04-27 01:50:29 | 000,012,032 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP)
DRV:64bit: - [2009-11-09 08:58:08 | 000,091,568 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2009-10-01 22:03:40 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV:64bit: - [2009-09-21 20:40:14 | 000,020,528 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vproeventmonitor.sys -- (VProEventMonitor)
DRV:64bit: - [2009-09-21 20:26:10 | 000,054,320 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GenericMount.sys -- (GenericMount)
DRV:64bit: - [2009-09-21 20:20:42 | 000,170,032 | ---- | M] (StorageCraft) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\symsnap.sys -- (symsnap)
DRV:64bit: - [2009-07-14 07:22:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009-07-14 07:18:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009-07-14 07:17:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009-07-14 07:15:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009-06-11 02:05:02 | 000,281,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\e1y60x64.sys -- (e1yexpress)
DRV:64bit: - [2009-06-11 02:04:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009-06-11 02:04:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009-06-11 02:04:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009-06-11 02:01:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009-05-27 03:02:04 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV:64bit: - [2009-02-13 12:02:52 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2008-06-27 07:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV - [2011-08-26 15:11:26 | 000,035,256 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlocker.sys -- (IObitUnlocker)
DRV - [2009-07-14 06:49:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005-01-27 22:37:28 | 000,027,776 | ---- | M] (Nero AG) [Kernel | System | Stopped] -- C:\Windows\SysWow64\drivers\InCDrm.sys -- (incdrm)
DRV - [2005-01-27 18:08:08 | 000,008,704 | ---- | M] (Nero AG) [Recognizer | System | Unknown] -- C:\Windows\SysWow64\drivers\InCDrec.sys -- (InCDrec)
DRV - [2005-01-27 18:08:02 | 000,099,200 | ---- | M] (Nero AG) [File_System | Disabled | Stopped] -- C:\Windows\SysWow64\drivers\InCDfs.sys -- (InCDfs)
DRV - [2005-01-27 18:07:34 | 000,028,928 | ---- | M] (Nero AG) [Kernel | System | Stopped] -- C:\Windows\SysWOW64\drivers\InCDpass.sys -- (InCDPass)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://in.yahoo.com/?fr=fp-yie9
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.in/
IE - HKCU\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{5545F46F-FE6C-4DAE-B5FE-57C6EED890C9}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{5CBA97C5-0D9F-4ADB-8E76-BCCA34970FDF}: "URL" = http://in.search.yah...f-8&fr=chr-yie9
IE - HKCU\..\SearchScopes\{A4C2F101-4697-4122-905C-B2A37BDF7944}: "URL" = http://www.flickr.co...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7Bc45c406e-ab73-11d8-be73-000a95be3b12%7D:1.2.5
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - prefs.js..network.proxy.http: "192.168.1.3"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll ( )
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.732: C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.732: C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files (x86)\WordWeb\WCaptureMoz [2012-03-26 09:19:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013-05-17 15:45:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013-05-17 15:45:35 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}: C:\Program Files (x86)\DAP\DAPFireFox [2012-03-02 23:28:41 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\SHARATH\AppData\Roaming\IDM\idmmzcc5 [2012-04-22 21:18:37 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013-05-17 15:45:40 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013-05-17 15:45:35 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Users\SHARATH\AppData\Roaming\IDM\idmmzcc5 [2012-04-22 21:18:37 | 000,000,000 | ---D | M]

[2012-11-21 10:03:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SHARATH\AppData\Roaming\mozilla\Extensions
[2013-05-10 11:50:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SHARATH\AppData\Roaming\mozilla\Firefox\Profiles\msr6f9cm.default-1366977724619\extensions
[2013-05-10 11:50:24 | 001,360,435 | ---- | M] () (No name found) -- C:\Users\SHARATH\AppData\Roaming\mozilla\firefox\profiles\msr6f9cm.default-1366977724619\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi
[2013-05-17 15:45:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013-05-17 15:45:33 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013-05-17 15:45:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013-05-17 15:45:40 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011-12-09 22:53:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll

========== Chrome ==========

CHR - homepage: http://nemrod.se/
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U22 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Nitro PDF Plug-In (Enabled) = C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - Extension: Google Drive = C:\Users\SHARATH\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Web Developer = C:\Users\SHARATH\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbameneiokkgbdmiekhjnmfkcnldhhm\0.4.3_0\
CHR - Extension: SaveAs = C:\Users\SHARATH\AppData\Local\Google\Chrome\User Data\Default\Extensions\fijplnegmhibgjjaaocckopploghjbid\2_0\
CHR - Extension: SaveAs = C:\Users\SHARATH\AppData\Local\Google\Chrome\User Data\Default\Extensions\igmcemboopcbchcbdefocgmngommpmop\2_0\
CHR - Extension: Skype Click to Call = C:\Users\SHARATH\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.6.0.11664_0\
CHR - Extension: Remind Me - by Astrid = C:\Users\SHARATH\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhfjhcbjeaioljbdmiddkmnidgmnolbc\1.3.1.2_0\

O1 HOSTS File: ([2012-11-20 20:40:30 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [WD Quick View] C:\Program Files\Western Digital\WD SmartWare\WDDMStatus.exe (Western Digital Technologies, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [InCD] C:\Program Files (x86)\Ahead\InCD\InCD.exe (Nero AG)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Windows\SysWOW64\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [WD Drive Unlocker] C:\Program Files (x86)\Western Digital\WD Apps\WDDriveAutoUnlock.exe (Western Digital)
O4 - HKCU..\Run: [9016] C:\Users\SHARATH\AppData\Roaming\8600\9016.js File not found
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [GoogleChromeAutoLaunch_4EE56885669B5D07FDBCB4E8D205AE34] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKCU..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - HKCU..\Run: [MCShield Monitor] C:\Program Files (x86)\MCShield\MCShieldRTM.exe (MyCity)
O4 - HKCU..\Run: [Sony PC Companion] C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe (Sony)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Users\SHARATH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\c454.js ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 4
O8:64bit: - Extra context menu item: &Clean Traces - C:\Program Files (x86)\DAP\Privacy Package\dapcleanerie.htm ()
O8:64bit: - Extra context menu item: &Download with &DAP - C:\Program Files (x86)\DAP\dapextie.htm ()
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Download &all with DAP - C:\Program Files (x86)\DAP\dapextie2.htm ()
O8:64bit: - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8:64bit: - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: &Clean Traces - C:\Program Files (x86)\DAP\Privacy Package\dapcleanerie.htm ()
O8 - Extra context menu item: &Download with &DAP - C:\Program Files (x86)\DAP\dapextie.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Download &all with DAP - C:\Program Files (x86)\DAP\dapextie2.htm ()
O8 - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files (x86)\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files (x86)\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: aces.gov.in ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: incometaxindiaefiling.gov.in ([]https in Trusted sites)
O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_09)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_09)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BE0C6D8B-956B-46E5-AF87-E4D3337C4E08}: DhcpNameServer = 10.0.0.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22:64bit: - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll (Stardock)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012-08-29 15:39:38 | 000,000,000 | ---D | M] - I:\AUTORUN -- [ NTFS ]
O33 - MountPoints2\{841b2080-6607-11e1-a568-78843cee444f}\Shell - "" = AutoRun
O33 - MountPoints2\{841b2080-6607-11e1-a568-78843cee444f}\Shell\AutoRun\command - "" = "H:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{a915a10c-8653-11e1-9eb2-ccaf78d262a8}\Shell - "" = AutoRun
O33 - MountPoints2\{a915a10c-8653-11e1-9eb2-ccaf78d262a8}\Shell\AutoRun\command - "" = H:\Setup.exe /Auto
O33 - MountPoints2\{fd60bca1-bb96-11e2-9e49-ccaf78d262a8}\Shell - "" = AutoRun
O33 - MountPoints2\{fd60bca1-bb96-11e2-9e49-ccaf78d262a8}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013-06-01 18:15:51 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\SHARATH\Desktop\OTL_2.exe
[2013-06-01 18:07:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MCShield
[2013-06-01 18:07:11 | 000,000,000 | ---D | C] -- C:\ProgramData\MCShield
[2013-06-01 18:07:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MCShield
[2013-06-01 13:18:20 | 000,000,000 | ---D | C] -- C:\Users\SHARATH\AppData\Roaming\SUPERAntiSpyware.com
[2013-06-01 13:18:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2013-06-01 13:18:11 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2013-05-31 16:38:05 | 000,000,000 | -HSD | C] -- C:\87
[2013-05-28 21:07:55 | 000,000,000 | --SD | C] -- C:\Users\SHARATH\Google Drive
[2013-05-28 21:06:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
[2013-05-17 15:45:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013-05-14 23:20:33 | 004,811,793 | ---- | C] (FileZilla Project) -- C:\Users\SHARATH\Desktop\FileZilla_3.7.0.1_win32-setup.exe
[2013-05-13 15:43:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Mobile Partner
[2013-05-13 15:43:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MBlaze
[2013-05-13 15:43:43 | 000,000,000 | ---D | C] -- C:\ProgramData\MBlaze
[2013-05-13 15:43:32 | 001,001,472 | ---- | C] (DiBcom SA) -- C:\Windows\SysNative\drivers\mod7700.sys
[2013-05-13 15:43:32 | 000,249,856 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ewusbnet.sys
[2013-05-13 15:43:32 | 000,120,704 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ewusbmdm.sys
[2013-05-13 15:43:32 | 000,114,560 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ewusbdev.sys
[2013-05-13 15:43:32 | 000,032,768 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\Windows\SysNative\drivers\ewdcsc.sys
[2013-05-13 15:43:32 | 000,013,952 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_usbenumfilter.sys
[2013-05-13 15:43:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MBlaze
[2013-05-07 15:59:16 | 000,083,160 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys

========== Files - Modified Within 30 Days ==========

[2013-06-01 19:45:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013-06-01 19:34:59 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013-06-01 19:34:59 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013-06-01 19:27:34 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013-06-01 19:27:23 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2013-06-01 19:27:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013-06-01 19:15:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013-06-01 19:08:26 | 000,632,031 | ---- | M] () -- C:\Users\SHARATH\Desktop\adwcleaner.exe
[2013-06-01 18:36:17 | 019,253,799 | ---- | M] () -- C:\Users\SHARATH\Desktop\Ken HultgrenThe Art Of Animal Drawing.pdf
[2013-06-01 18:15:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\SHARATH\Desktop\OTL_2.exe
[2013-06-01 18:03:07 | 000,230,991 | ---- | M] () -- C:\Users\SHARATH\Desktop\PVR Cinemas - Epic - 2nd June 2013.pdf
[2013-06-01 17:43:26 | 002,616,742 | ---- | M] () -- C:\Users\SHARATH\Desktop\MCShield-Setup.exe
[2013-06-01 13:43:25 | 000,027,701 | ---- | M] () -- C:\Users\SHARATH\Desktop\431896_470420063037051_1727245037_n.jpg
[2013-06-01 13:41:07 | 000,058,165 | ---- | M] () -- C:\Users\SHARATH\Desktop\217323_470396049706119_1753651473_n.jpg
[2013-06-01 13:36:06 | 000,028,934 | ---- | M] () -- C:\Users\SHARATH\Desktop\971258_10151473270211840_1393344760_n.jpg
[2013-06-01 13:35:05 | 000,037,299 | ---- | M] () -- C:\Users\SHARATH\Desktop\972018_470431169702607_654966369_n.jpg
[2013-06-01 13:34:25 | 000,017,915 | ---- | M] () -- C:\Users\SHARATH\Desktop\198337_470406523038405_30655581_n.png
[2013-06-01 13:18:14 | 000,001,815 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013-06-01 11:03:31 | 000,049,754 | ---- | M] () -- C:\Users\SHARATH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\c454.js
[2013-06-01 00:28:23 | 000,687,964 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013-06-01 00:28:23 | 000,132,780 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013-06-01 00:28:22 | 000,810,566 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013-05-31 23:18:40 | 000,028,776 | ---- | M] () -- C:\Users\SHARATH\Desktop\305651_677831902233636_1239750442_n.jpg
[2013-05-31 23:18:29 | 000,027,265 | ---- | M] () -- C:\Users\SHARATH\Desktop\7314_493080607429702_421051039_n.jpg
[2013-05-31 23:16:55 | 000,014,391 | ---- | M] () -- C:\Users\SHARATH\Desktop\9371_10152859011325114_401273643_n.jpg
[2013-05-31 23:16:14 | 000,033,146 | ---- | M] () -- C:\Users\SHARATH\Desktop\295940_10151591266099407_1300679421_n.jpg
[2013-05-31 23:15:31 | 000,096,650 | ---- | M] () -- C:\Users\SHARATH\Desktop\969630_502826473104133_399365092_n.jpg
[2013-05-31 15:35:05 | 000,034,582 | ---- | M] () -- C:\Users\SHARATH\Desktop\983886_502825176437596_467836688_n.png
[2013-05-31 13:07:04 | 000,054,000 | ---- | M] () -- C:\Users\SHARATH\Desktop\971186_492820160789080_203655130_n.jpg
[2013-05-31 13:06:36 | 000,028,396 | ---- | M] () -- C:\Users\SHARATH\Desktop\942062_492820564122373_1391753624_n.jpg
[2013-05-31 13:05:36 | 000,040,929 | ---- | M] () -- C:\Users\SHARATH\Desktop\400423_519330714787335_149753534_n.jpg
[2013-05-31 13:05:18 | 000,033,904 | ---- | M] () -- C:\Users\SHARATH\Desktop\427122_587078774657394_1788785518_n.jpg
[2013-05-31 13:01:38 | 000,036,823 | ---- | M] () -- C:\Users\SHARATH\Desktop\421372_502824806437633_1682872808_n.png
[2013-05-30 19:54:04 | 000,067,319 | ---- | M] () -- C:\Users\SHARATH\Desktop\Wood sculpture by Jeffro Ouitto.jpg
[2013-05-30 19:44:31 | 010,127,651 | ---- | M] () -- C:\Users\SHARATH\Desktop\photo.psd
[2013-05-30 19:44:24 | 001,699,461 | ---- | M] () -- C:\Users\SHARATH\Desktop\photo.png
[2013-05-30 19:44:15 | 000,000,132 | ---- | M] () -- C:\Users\SHARATH\AppData\Roaming\Adobe PNG Format CS6 Prefs
[2013-05-30 19:42:20 | 000,422,422 | ---- | M] () -- C:\Users\SHARATH\Desktop\photo.jpg
[2013-05-30 16:08:28 | 000,001,456 | ---- | M] () -- C:\Users\SHARATH\AppData\Local\Adobe Save for Web 13.0 Prefs
[2013-05-30 15:50:21 | 000,034,051 | ---- | M] () -- C:\Users\SHARATH\Desktop\969298_502458923140888_1811562924_n.png
[2013-05-30 14:57:14 | 000,017,199 | ---- | M] () -- C:\Users\SHARATH\Desktop\251111_677149565635203_1994445410_n.jpg
[2013-05-30 14:37:57 | 000,072,853 | ---- | M] () -- C:\Users\SHARATH\Desktop\971037_492545790816517_855633287_n.jpg
[2013-05-30 12:46:37 | 000,026,316 | ---- | M] () -- C:\Users\SHARATH\Desktop\294211_502458273140953_1563455176_n.png
[2013-05-30 11:02:15 | 011,815,816 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013-05-29 17:23:40 | 000,148,575 | ---- | M] () -- C:\Users\SHARATH\Desktop\bannersforthecampaign.zip
[2013-05-29 14:34:56 | 000,046,268 | ---- | M] () -- C:\Users\SHARATH\Desktop\Human Motorcycle Body paint by Trina Merry.jpg
[2013-05-29 13:20:19 | 000,070,610 | ---- | M] () -- C:\Users\SHARATH\Desktop\878_10151631053773415_1182720862_n.jpg
[2013-05-29 13:12:49 | 000,248,227 | ---- | M] () -- C:\Users\SHARATH\Desktop\TelephoneBill_556531_90113705.pdf
[2013-05-29 12:34:24 | 000,043,988 | ---- | M] () -- C:\Users\SHARATH\Desktop\one picture thounsand words.jpg
[2013-05-28 21:07:55 | 000,001,666 | ---- | M] () -- C:\Users\SHARATH\Desktop\Google Drive.lnk
[2013-05-28 18:46:36 | 000,026,882 | ---- | M] () -- C:\Users\SHARATH\Desktop\408179_474039739352116_1702297948_n.jpg
[2013-05-28 16:07:19 | 000,036,834 | ---- | M] () -- C:\Users\SHARATH\Desktop\581248_501648186555295_455069555_n.jpg
[2013-05-28 12:39:19 | 000,058,436 | ---- | M] () -- C:\Users\SHARATH\Desktop\Sharath Kumar.pdf
[2013-05-28 12:39:14 | 000,103,059 | ---- | M] () -- C:\Users\SHARATH\Desktop\Sharath Kumar_192_14.pdf
[2013-05-28 11:16:11 | 000,047,270 | ---- | M] () -- C:\Users\SHARATH\Desktop\941356_468704919875232_1957387394_n.jpg
[2013-05-28 11:15:43 | 000,070,696 | ---- | M] () -- C:\Users\SHARATH\Desktop\923291_501255166594597_1774141554_n.jpg
[2013-05-27 15:06:09 | 000,219,932 | ---- | M] () -- C:\Users\SHARATH\Desktop\5520XXXX0133XXXX_25-05-2013.PDF
[2013-05-27 13:34:25 | 000,056,202 | ---- | M] () -- C:\Users\SHARATH\Desktop\968990_517720421615031_2012133065_n.jpg
[2013-05-27 13:26:11 | 000,029,547 | ---- | M] () -- C:\Users\SHARATH\Desktop\954876_468298896582501_459624798_n.jpg
[2013-05-27 13:24:42 | 000,033,458 | ---- | M] () -- C:\Users\SHARATH\Desktop\941786_501082276611886_52422508_n.jpg
[2013-05-27 13:23:31 | 000,025,146 | ---- | M] () -- C:\Users\SHARATH\Desktop\264584_501253173261463_2113719258_n.png
[2013-05-27 13:21:52 | 000,023,712 | ---- | M] () -- C:\Users\SHARATH\Desktop\944154_468286679917056_182137900_n.jpg
[2013-05-27 13:21:37 | 000,023,589 | ---- | M] () -- C:\Users\SHARATH\Desktop\581747_501058489947598_392999426_n.jpg
[2013-05-26 03:25:23 | 000,000,360 | ---- | M] () -- C:\Windows\tasks\RegInOut Scheduled Scan - SHARATH.job
[2013-05-17 17:55:56 | 000,002,262 | ---- | M] () -- C:\Users\SHARATH\Desktop\Google Chrome.lnk
[2013-05-17 15:33:12 | 000,178,176 | ---- | M] () -- C:\Users\SHARATH\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013-05-14 23:21:23 | 004,811,793 | ---- | M] (FileZilla Project) -- C:\Users\SHARATH\Desktop\FileZilla_3.7.0.1_win32-setup.exe
[2013-05-13 15:43:45 | 000,000,986 | ---- | M] () -- C:\Users\Public\Desktop\MBlaze.lnk
[2013-05-13 15:43:11 | 001,001,472 | ---- | M] (DiBcom SA) -- C:\Windows\SysNative\drivers\mod7700.sys
[2013-05-13 15:43:10 | 000,249,856 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ewusbnet.sys
[2013-05-13 15:43:10 | 000,120,704 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ewusbmdm.sys
[2013-05-13 15:43:10 | 000,114,560 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ewusbdev.sys
[2013-05-13 15:43:10 | 000,032,768 | ---- | M] (Huawei Tech. Co., Ltd.) -- C:\Windows\SysNative\drivers\ewdcsc.sys
[2013-05-13 15:43:10 | 000,013,952 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_usbenumfilter.sys
[2013-05-09 15:38:22 | 000,001,574 | ---- | M] () -- C:\Users\SHARATH\Desktop\Grid Systems in Graphic Design Josef Muller-Brockmann.pdf.lnk
[2013-05-07 15:59:02 | 000,083,160 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys

========== Files Created - No Company Name ==========

[2013-06-01 19:41:00 | 000,049,754 | ---- | C] () -- C:\Users\SHARATH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\c454.js
[2013-06-01 19:08:30 | 000,632,031 | ---- | C] () -- C:\Users\SHARATH\Desktop\adwcleaner.exe
[2013-06-01 18:36:00 | 019,253,799 | ---- | C] () -- C:\Users\SHARATH\Desktop\Ken HultgrenThe Art Of Animal Drawing.pdf
[2013-06-01 18:03:06 | 000,230,991 | ---- | C] () -- C:\Users\SHARATH\Desktop\PVR Cinemas - Epic - 2nd June 2013.pdf
[2013-06-01 17:43:28 | 002,616,742 | ---- | C] () -- C:\Users\SHARATH\Desktop\MCShield-Setup.exe
[2013-06-01 13:43:25 | 000,027,701 | ---- | C] () -- C:\Users\SHARATH\Desktop\431896_470420063037051_1727245037_n.jpg
[2013-06-01 13:41:07 | 000,058,165 | ---- | C] () -- C:\Users\SHARATH\Desktop\217323_470396049706119_1753651473_n.jpg
[2013-06-01 13:36:05 | 000,028,934 | ---- | C] () -- C:\Users\SHARATH\Desktop\971258_10151473270211840_1393344760_n.jpg
[2013-06-01 13:35:05 | 000,037,299 | ---- | C] () -- C:\Users\SHARATH\Desktop\972018_470431169702607_654966369_n.jpg
[2013-06-01 13:34:25 | 000,017,915 | ---- | C] () -- C:\Users\SHARATH\Desktop\198337_470406523038405_30655581_n.png
[2013-06-01 13:18:14 | 000,001,815 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013-05-31 23:18:39 | 000,028,776 | ---- | C] () -- C:\Users\SHARATH\Desktop\305651_677831902233636_1239750442_n.jpg
[2013-05-31 23:18:28 | 000,027,265 | ---- | C] () -- C:\Users\SHARATH\Desktop\7314_493080607429702_421051039_n.jpg
[2013-05-31 23:16:54 | 000,014,391 | ---- | C] () -- C:\Users\SHARATH\Desktop\9371_10152859011325114_401273643_n.jpg
[2013-05-31 23:16:13 | 000,033,146 | ---- | C] () -- C:\Users\SHARATH\Desktop\295940_10151591266099407_1300679421_n.jpg
[2013-05-31 23:15:29 | 000,096,650 | ---- | C] () -- C:\Users\SHARATH\Desktop\969630_502826473104133_399365092_n.jpg
[2013-05-31 15:35:04 | 000,034,582 | ---- | C] () -- C:\Users\SHARATH\Desktop\983886_502825176437596_467836688_n.png
[2013-05-31 13:07:04 | 000,054,000 | ---- | C] () -- C:\Users\SHARATH\Desktop\971186_492820160789080_203655130_n.jpg
[2013-05-31 13:06:36 | 000,028,396 | ---- | C] () -- C:\Users\SHARATH\Desktop\942062_492820564122373_1391753624_n.jpg
[2013-05-31 13:05:36 | 000,040,929 | ---- | C] () -- C:\Users\SHARATH\Desktop\400423_519330714787335_149753534_n.jpg
[2013-05-31 13:05:17 | 000,033,904 | ---- | C] () -- C:\Users\SHARATH\Desktop\427122_587078774657394_1788785518_n.jpg
[2013-05-31 13:01:37 | 000,036,823 | ---- | C] () -- C:\Users\SHARATH\Desktop\421372_502824806437633_1682872808_n.png
[2013-05-30 19:54:04 | 000,067,319 | ---- | C] () -- C:\Users\SHARATH\Desktop\Wood sculpture by Jeffro Ouitto.jpg
[2013-05-30 19:44:29 | 010,127,651 | ---- | C] () -- C:\Users\SHARATH\Desktop\photo.psd
[2013-05-30 19:44:11 | 001,699,461 | ---- | C] () -- C:\Users\SHARATH\Desktop\photo.png
[2013-05-30 15:50:20 | 000,034,051 | ---- | C] () -- C:\Users\SHARATH\Desktop\969298_502458923140888_1811562924_n.png
[2013-05-30 14:57:14 | 000,017,199 | ---- | C] () -- C:\Users\SHARATH\Desktop\251111_677149565635203_1994445410_n.jpg
[2013-05-30 14:37:57 | 000,072,853 | ---- | C] () -- C:\Users\SHARATH\Desktop\971037_492545790816517_855633287_n.jpg
[2013-05-30 13:30:01 | 000,422,422 | ---- | C] () -- C:\Users\SHARATH\Desktop\photo.jpg
[2013-05-30 12:46:37 | 000,026,316 | ---- | C] () -- C:\Users\SHARATH\Desktop\294211_502458273140953_1563455176_n.png
[2013-05-29 17:23:22 | 000,148,575 | ---- | C] () -- C:\Users\SHARATH\Desktop\bannersforthecampaign.zip
[2013-05-29 14:34:55 | 000,046,268 | ---- | C] () -- C:\Users\SHARATH\Desktop\Human Motorcycle Body paint by Trina Merry.jpg
[2013-05-29 13:20:18 | 000,070,610 | ---- | C] () -- C:\Users\SHARATH\Desktop\878_10151631053773415_1182720862_n.jpg
[2013-05-29 13:12:49 | 000,248,227 | ---- | C] () -- C:\Users\SHARATH\Desktop\TelephoneBill_556531_90113705.pdf
[2013-05-29 12:34:22 | 000,043,988 | ---- | C] () -- C:\Users\SHARATH\Desktop\one picture thounsand words.jpg
[2013-05-28 21:07:55 | 000,001,666 | ---- | C] () -- C:\Users\SHARATH\Desktop\Google Drive.lnk
[2013-05-28 18:46:35 | 000,026,882 | ---- | C] () -- C:\Users\SHARATH\Desktop\408179_474039739352116_1702297948_n.jpg
[2013-05-28 16:07:19 | 000,036,834 | ---- | C] () -- C:\Users\SHARATH\Desktop\581248_501648186555295_455069555_n.jpg
[2013-05-28 12:39:19 | 000,058,436 | ---- | C] () -- C:\Users\SHARATH\Desktop\Sharath Kumar.pdf
[2013-05-28 12:39:14 | 000,103,059 | ---- | C] () -- C:\Users\SHARATH\Desktop\Sharath Kumar_192_14.pdf
[2013-05-28 11:16:11 | 000,047,270 | ---- | C] () -- C:\Users\SHARATH\Desktop\941356_468704919875232_1957387394_n.jpg
[2013-05-28 11:15:43 | 000,070,696 | ---- | C] () -- C:\Users\SHARATH\Desktop\923291_501255166594597_1774141554_n.jpg
[2013-05-27 15:06:03 | 000,219,932 | ---- | C] () -- C:\Users\SHARATH\Desktop\5520XXXX0133XXXX_25-05-2013.PDF
[2013-05-27 13:34:25 | 000,056,202 | ---- | C] () -- C:\Users\SHARATH\Desktop\968990_517720421615031_2012133065_n.jpg
[2013-05-27 13:26:11 | 000,029,547 | ---- | C] () -- C:\Users\SHARATH\Desktop\954876_468298896582501_459624798_n.jpg
[2013-05-27 13:24:42 | 000,033,458 | ---- | C] () -- C:\Users\SHARATH\Desktop\941786_501082276611886_52422508_n.jpg
[2013-05-27 13:23:31 | 000,025,146 | ---- | C] () -- C:\Users\SHARATH\Desktop\264584_501253173261463_2113719258_n.png
[2013-05-27 13:21:52 | 000,023,712 | ---- | C] () -- C:\Users\SHARATH\Desktop\944154_468286679917056_182137900_n.jpg
[2013-05-27 13:21:37 | 000,023,589 | ---- | C] () -- C:\Users\SHARATH\Desktop\581747_501058489947598_392999426_n.jpg
[2013-05-15 17:10:44 | 000,002,262 | ---- | C] () -- C:\Users\SHARATH\Desktop\Google Chrome.lnk
[2013-05-13 15:43:45 | 000,000,986 | ---- | C] () -- C:\Users\Public\Desktop\MBlaze.lnk
[2013-03-04 12:30:31 | 000,000,132 | ---- | C] () -- C:\Users\SHARATH\AppData\Roaming\Adobe PNG Format CS6 Prefs
[2012-12-26 13:34:01 | 000,001,456 | ---- | C] () -- C:\Users\SHARATH\AppData\Local\Adobe Save for Web 13.0 Prefs
[2012-10-27 23:40:45 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2012-09-26 15:13:35 | 000,000,027 | ---- | C] () -- C:\Windows\GraphicsDesk.INI
[2012-06-16 13:15:04 | 000,005,894 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp CD Writer.dat
[2012-06-16 13:14:44 | 000,011,030 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp DSP Effects.dat
[2012-06-16 13:14:40 | 001,726,328 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe
[2012-03-30 07:50:42 | 000,001,456 | ---- | C] () -- C:\Users\SHARATH\AppData\Local\Adobe Save for Web 12.0 Prefs
[2012-03-24 22:23:20 | 000,178,176 | ---- | C] () -- C:\Users\SHARATH\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012-03-02 23:15:47 | 000,034,308 | ---- | C] () -- C:\Windows\SysWow64\BASSMOD.dll
[2012-03-02 22:46:32 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012-03-02 22:46:32 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2012-03-02 22:46:31 | 000,790,528 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012-03-02 22:46:31 | 000,134,144 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012-03-02 22:46:31 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012-03-02 11:58:48 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2012-02-03 11:40:56 | 000,093,248 | ---- | C] () -- C:\Windows\SysWow64\TBRepair.dll

========== ZeroAccess Check ==========

[2009-07-14 10:25:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2010-11-21 08:53:55 | 014,174,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010-11-21 08:54:02 | 012,872,192 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 07:10:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-21 08:54:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 07:11:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013-03-24 01:47:24 | 000,000,000 | ---D | M] -- C:\Users\SHARATH\AppData\Roaming\Ableton
[2013-03-14 16:04:52 | 000,000,000 | ---D | M] -- C:\Users\SHARATH\AppData\Roaming\Bradsoft.com
[2012-03-31 12:09:44 | 000,000,000 | ---D | M] -- C:\Users\SHARATH\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2013-06-01 19:01:15 | 000,000,000 | ---D | M] -- C:\Users\SHARATH\AppData\Roaming\DMCache
[2012-04-23 11:31:57 | 000,000,000 | ---D | M] -- C:\Users\SHARATH\AppData\Roaming\Dropbox
[2012-05-01 20:59:01 | 000,000,000 | ---D | M] -- C:\Users\SHARATH\AppData\Roaming\EasiestSoft
[2013-05-14 23:23:13 | 000,000,000 | ---D | M] -- C:\Users\SHARATH\AppData\Roaming\FileZilla
[2012-03-26 14:06:32 | 000,000,000 | ---D | M] -- C:\Users\SHARATH\AppData\Roaming\GetRightToGo
[2012-09-26 15:13:13 | 000,000,000 | ---D | M] -- C:\Users\SHARATH\AppData\Roaming\Hemera
[2013-03-28 17:29:48 | 000,000,000 | ---D | M] -- C:\Users\SHARATH\AppData\Roaming\IDM
[2012-03-02 22:46:15 | 000,000,000 | ---D | M] -- C:\Users\SHARATH\AppData\Roaming\IObit
[2013-05-23 12:21:58 | 000,000,000 | ---D | M] -- C:\Users\SHARATH\AppData\Roaming\Maxthon3
[2013-06-01 00:41:23 | 000,000,000 | ---D | M] -- C:\Users\SHARATH\AppData\Roaming\Nitro PDF
[2013-02-13 17:41:51 | 000,000,000 | ---D | M] -- C:\Users\SHARATH\AppData\Roaming\Notepad++
[2012-12-13 13:58:12 | 000,000,000 | ---D | M] -- C:\Users\SHARATH\AppData\Roaming\Opera
[2013-02-12 19:51:11 | 000,000,000 | ---D | M] -- C:\Users\SHARATH\AppData\Roaming\PDAppFlex
[2013-01-20 22:34:58 | 000,000,000 | ---D | M] -- C:\Users\SHARATH\AppData\Roaming\PrimoPDF
[2012-08-25 19:17:49 | 000,000,000 | ---D | M] -- C:\Users\SHARATH\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012-09-01 00:17:21 | 000,000,000 | ---D | M] -- C:\Users\SHARATH\AppData\Roaming\Stardock
[2012-03-31 11:57:42 | 000,000,000 | ---D | M] -- C:\Users\SHARATH\AppData\Roaming\TeamViewer
[2012-03-26 12:55:49 | 000,000,000 | ---D | M] -- C:\Users\SHARATH\AppData\Roaming\TeraCopy
[2012-11-10 20:30:02 | 000,000,000 | ---D | M] -- C:\Users\SHARATH\AppData\Roaming\TFP
[2013-05-02 23:32:58 | 000,000,000 | ---D | M] -- C:\Users\SHARATH\AppData\Roaming\uTorrent
[2012-03-05 11:27:18 | 000,000,000 | ---D | M] -- C:\Users\SHARATH\AppData\Roaming\Western Digital
[2012-06-28 13:27:31 | 000,000,000 | ---D | M] -- C:\Users\SHARATH\AppData\Roaming\Windows Live Writer
[2012-09-10 15:23:43 | 000,000,000 | ---D | M] -- C:\Users\SHARATH\AppData\Roaming\winman
[2012-12-26 22:30:24 | 000,000,000 | ---D | M] -- C:\Users\SHARATH\AppData\Roaming\ZTEEVDO
[2012-05-01 11:56:16 | 000,000,000 | ---D | M] -- C:\Users\SHARATH\AppData\Roaming\ZTEMTUI

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:373E1720
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:A9662AE0

< End of report >
  • 0

#15
Essexboy
Posted 01 June 2013 - 08:46 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets now kill those and tidy you up, I recommend that you keep McShield

Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O4 - Startup: C:\Users\SHARATH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\c454.js ()
    O4 - HKCU..\Run: [9016] C:\Users\SHARATH\AppData\Roaming\8600\9016.js File not found
    [2013-06-01 11:03:31 | 000,049,754 | ---- | M] () -- C:\Users\SHARATH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\c454.js

    :Commands
    [resethosts]
    [emptytemp]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

Run AdwCleaner and press uninstall

Clear Restore Points

Go Start > All Programmes > Accessories > System tools
Right click Disc Cleanup and select run as administrator
When it pops up at the first prompt select OK after it has done some calculations the tabs will appear
Select More Options tab
Press Sytem Restore and Shadow Copies Cleanup button
Posted Image


: Keep Java Updated :

WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article and this article.
I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser and How to unplug Java from the browser)

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Posted Image Malwarebytes.

Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

If you use on-line banking then as an added layer of protection install Trusteer Rapport

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit
To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?Keep safe :wave:
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP