Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

help removing browser-defender

Started by ryanex19 , Jul 23 2013 10:43 PM

  • Please log in to reply

#1
ryanex19
Posted 23 July 2013 - 10:43 PM

ryanex19

    New Member

  • Member
  • Pip
  • 6 posts
hi im having trouble with a program called browser defender by bit89 inc. every time i try to stop the process in taskman it pops up again i tried malwarebyte anti mal ,hitman pro it detects as ad-ware but after deleting it and restarting my pc it alwasy shows up and there are another 2 processes that im unable to close on taskman called nvxdsync & nvvsvc please help


OTL logfile created on: 7/24/2013 9:46:26 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Gimhan-Rayan\Downloads\Programs
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 1.66 Gb Available Physical Memory | 51.14% Memory free
6.50 Gb Paging File | 4.42 Gb Available in Paging File | 68.06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 1397.27 Gb Total Space | 364.44 Gb Free Space | 26.08% Space Free | Partition Type: NTFS
Drive I: | 465.73 Gb Total Space | 336.53 Gb Free Space | 72.26% Space Free | Partition Type: NTFS
Drive J: | 809.94 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: GIMHAN-RAYAN-PC | User Name: Gimhan-Rayan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - [2013/07/24 09:45:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Gimhan-Rayan\Downloads\Programs\OTL_2.exe
PRC - [2013/06/21 15:22:52 | 000,875,296 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2013/06/21 15:22:51 | 001,821,984 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2013/06/21 05:15:56 | 000,413,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2013/06/15 06:58:44 | 000,825,808 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2013/05/24 01:41:42 | 000,119,056 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2013/05/23 14:39:59 | 002,827,728 | ---- | M] () -- C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe
PRC - [2013/05/09 14:28:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2013/05/09 14:28:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/03/22 02:11:26 | 003,121,440 | ---- | M] (Connectify) -- C:\Program Files\Connectify\Connectifyd.exe
PRC - [2013/03/22 02:10:44 | 000,217,088 | ---- | M] (Connectify) -- C:\Program Files\Connectify\ConnectifyService.exe
PRC - [2012/02/07 18:05:48 | 003,462,552 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IDMan.exe
PRC - [2011/12/13 15:55:51 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/11/10 22:44:12 | 000,098,304 | ---- | M] () -- C:\Program Files\Quick net\ModemListener.exe
PRC - [2011/07/08 20:55:54 | 000,040,960 | ---- | M] () -- C:\Program Files\Common Files\DeviceHelper\DeviceManager.exe
PRC - [2010/09/08 16:15:10 | 001,034,752 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
PRC - [2010/09/08 16:14:50 | 000,484,352 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
PRC - [2010/09/08 16:11:36 | 000,237,056 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
PRC - [2010/09/01 02:48:24 | 002,941,984 | ---- | M] (Hagel Technologies Ltd.) -- C:\Program Files\DU Meter\DUMeter.exe
PRC - [2010/08/31 14:57:38 | 001,411,616 | ---- | M] (Hagel Technologies Ltd.) -- C:\Program Files\DU Meter\DUMeterSvc.exe
PRC - [2010/02/23 21:33:02 | 001,638,400 | ---- | M] (TP-LINK TECHNOLOGIES CO., LTD. ) -- C:\Program Files\TP-LINK\Common\TWCU.exe
PRC - [2009/07/14 06:44:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/14 06:44:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2006/03/01 06:40:18 | 000,069,632 | ---- | M] (CrypKey (Canada) Ltd.) -- C:\Windows\System32\Crypserv.exe


========== Modules (No Company Name) ==========

MOD - [2013/06/25 19:47:58 | 000,083,456 | ---- | M] () -- C:\Program Files\NCH Software\ExpressZip\ezcm.dll
MOD - [2013/06/15 06:58:42 | 000,393,168 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\27.0.1453.116\ppgooglenaclpluginchrome.dll
MOD - [2013/06/15 06:58:41 | 013,140,432 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll
MOD - [2013/06/15 06:58:40 | 004,051,408 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\27.0.1453.116\pdf.dll
MOD - [2013/06/15 06:57:51 | 000,599,504 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\27.0.1453.116\libglesv2.dll
MOD - [2013/06/15 06:57:50 | 000,124,368 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\27.0.1453.116\libegl.dll
MOD - [2013/06/15 06:57:48 | 001,597,392 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\27.0.1453.116\ffmpegsumo.dll
MOD - [2013/05/23 14:39:59 | 002,827,728 | ---- | M] () -- C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe
MOD - [2012/02/21 02:59:04 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/02/21 02:58:42 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/11/10 22:44:12 | 000,098,304 | ---- | M] () -- C:\Program Files\Quick net\ModemListener.exe
MOD - [2010/08/31 14:57:40 | 000,011,296 | ---- | M] () -- C:\Program Files\DU Meter\DUHelper.dll
MOD - [2010/02/23 21:33:02 | 000,918,816 | ---- | M] () -- C:\Program Files\TP-LINK\Common\RaWLAPI.dll
MOD - [2009/06/22 07:56:00 | 000,305,664 | ---- | M] () -- C:\Program Files\TeraCopy\TeraCopyExt.dll
MOD - [2006/08/06 01:04:34 | 000,126,464 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/07/10 07:26:22 | 000,559,016 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/06/21 05:15:56 | 000,413,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013/05/24 01:41:42 | 000,119,056 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2013/05/23 14:39:59 | 002,827,728 | ---- | M] () [Auto | Running] -- C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe -- (BrowserDefendert)
SRV - [2013/05/09 14:28:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013/04/10 12:28:17 | 000,115,608 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/03/22 02:10:44 | 000,217,088 | ---- | M] (Connectify) [Auto | Running] -- C:\Program Files\Connectify\ConnectifyService.exe -- (Connectify)
SRV - [2011/12/20 15:41:46 | 000,196,904 | ---- | M] (Nitro PDF Software) [Disabled | Stopped] -- C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe -- (NitroReaderDriverReadSpool2)
SRV - [2011/07/08 20:55:54 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\DeviceHelper\DeviceManager.exe -- (DeviceManager)
SRV - [2011/01/28 12:03:05 | 000,316,816 | ---- | M] (Protection Technology) [Auto | Stopped] -- C:\Windows\System32\appdrvrem01.exe -- (appdrvrem01)
SRV - [2010/11/27 14:47:41 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/09/08 16:15:10 | 001,034,752 | ---- | M] () [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe -- (WDFME)
SRV - [2010/09/08 16:14:50 | 000,484,352 | ---- | M] () [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe -- (WDSC)
SRV - [2010/09/08 16:11:36 | 000,237,056 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2010/08/31 14:57:38 | 001,411,616 | ---- | M] (Hagel Technologies Ltd.) [Auto | Running] -- C:\Program Files\DU Meter\DUMeterSvc.exe -- (DUMeterSvc)
SRV - [2010/03/25 20:09:22 | 000,490,280 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010/02/23 21:33:08 | 000,185,632 | ---- | M] (Ralink Technology, Corp.) [Disabled | Stopped] -- C:\Program Files\TP-LINK\Common\RaRegistry.exe -- (RalinkRegistryWriter)
SRV - [2010/02/20 03:07:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/12/21 18:44:46 | 000,413,696 | ---- | M] (CSR, plc) [Auto | Stopped] -- C:\Windows\System32\HFGService.dll -- (HFGService)
SRV - [2009/07/14 06:46:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 06:46:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 06:45:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/11/07 14:28:18 | 003,004,416 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon90)
SRV - [2006/03/01 06:40:18 | 000,069,632 | ---- | M] (CrypKey (Canada) Ltd.) [Auto | Running] -- C:\Windows\System32\Crypserv.exe -- (Crypkey License)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\GIMHAN~1\AppData\Local\Temp\ALSysIO.sys -- (ALSysIO)
DRV - [2013/07/24 09:21:36 | 000,030,464 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hitmanpro37.sys -- (hitmanpro37)
DRV - [2013/07/09 19:32:44 | 000,023,456 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DrvAgent32.sys -- (DrvAgent32)
DRV - [2013/07/04 17:23:19 | 000,031,560 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamchameleon.sys -- (mbamchameleon)
DRV - [2013/06/28 07:13:21 | 000,770,344 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013/06/28 07:13:21 | 000,369,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2013/06/28 07:13:21 | 000,175,176 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013/06/21 17:32:43 | 009,069,344 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2013/05/26 18:55:43 | 000,029,672 | ---- | M] (Connectify) [Kernel | System | Running] -- C:\Windows\System32\drivers\cnnctfy3.sys -- (cnnctfy3)
DRV - [2013/05/09 14:29:10 | 000,061,680 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2013/05/09 14:29:10 | 000,056,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013/05/09 14:29:10 | 000,049,376 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013/05/09 14:29:09 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013/05/09 14:29:09 | 000,021,576 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswKbd.sys -- (aswKbd)
DRV - [2013/05/09 14:29:08 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/02/08 07:43:32 | 000,091,936 | ---- | M] (Tonec Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\idmwfp.sys -- (IDMWFP)
DRV - [2011/11/08 17:35:52 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2011/07/22 21:57:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/15 23:43:12 | 000,135,680 | ---- | M] (Oracle Corporation) [Kernel | Auto | Running] -- C:\Program Files\YouWave_Android\vb\VBoxDrv.sys -- (VBoxDrv)
DRV - [2011/07/13 03:25:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/07/08 20:56:04 | 000,106,112 | ---- | M] (TCT International Mobile Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\jrdusbser.sys -- (jrdusbser)
DRV - [2011/01/28 12:03:06 | 003,033,200 | ---- | M] (Protection Technology) [Kernel | System | Running] -- C:\Windows\System32\drivers\appdrv01.sys -- (appdrv01)
DRV - [2010/09/23 00:49:02 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\taphss.sys -- (taphss)
DRV - [2010/08/31 14:57:42 | 000,019,368 | ---- | M] (Hagel Technologies Ltd.) [Kernel | On_Demand | Running] -- C:\Program Files\DU Meter\DUMetr32.sys -- (DUMeterDrv)
DRV - [2010/08/07 20:48:42 | 000,106,880 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2010/07/27 18:25:48 | 000,072,832 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2010/03/14 02:28:52 | 000,087,536 | ---- | M] (CyberLink Corp.) [2010/11/26 23:07:24] [Kernel | Auto | Running] -- C:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl -- ({1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC})
DRV - [2009/12/21 18:44:44 | 000,043,008 | ---- | M] (CSR, plc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BthAudioHF.sys -- (BthAudioHF)
DRV - [2009/12/21 18:44:26 | 000,061,952 | ---- | M] (CSR, plc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bthav.sys -- (csr_a2dp)
DRV - [2009/09/15 10:06:26 | 000,807,936 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)
DRV - [2009/08/13 13:53:02 | 000,022,528 | ---- | M] (CSR, plc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BthAvrcp.sys -- (BthAvrcp)
DRV - [2009/07/14 05:22:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/14 05:21:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/02/25 08:12:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2009/02/14 01:32:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2007/02/07 02:32:00 | 000,123,939 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\kqemu.sys -- (kqemu)
DRV - [2006/01/10 08:17:27 | 000,031,846 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\Ckldrv.sys -- (NetworkX)
DRV - [2004/06/09 21:44:40 | 000,010,556 | ---- | M] (Bo Brantén) [Kernel | System | Running] -- C:\Windows\System32\drivers\filedisk.sys -- (FileDisk)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.condui...&ctid=CT1561552

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www1.delta-se...3_ctrl&tsp=4951
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 30 0C 9D 10 05 8E CB 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {9565115d-c7d6-46d3-bd63-b67b481a4368} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.condui...&ctid=CT1561552
IE - HKCU\..\SearchScopes\{CC06A197-5E94-485C-B970-A5A8671A6DA5}: "URL" = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Delta Search"
FF - prefs.js..browser.startup.homepage: "http://search.babylo...0000241dc490f4"
FF - prefs.js..extensions.enabledAddons: plugin%40yontoo.com:1.20.02
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.9
FF - prefs.js..extensions.enabledAddons: extension%40hidemyass.com:1.2.7
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: [email protected]:1.20.00
FF - prefs.js..extensions.enabledItems: {9565115d-c7d6-46d3-bd63-b67b481a4368}:3.5.0.12
FF - prefs.js..extensions.enabledItems: [email protected]:1.1
FF - prefs.js..extensions.enabledItems: [email protected]:7.2.3
FF - prefs.js..extensions.enabledItems: {d57c9ff1-6389-48fc-b770-f78bd89b6e8a}:1.36
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.7
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.3.0.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..keyword.URL: "http://start.facemoo...p?f=5&a=fsy&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@kuaiyong.yrtd.com,version=1.0.1.1: C:\Program Files\kuaiyong\np_kyplugin.dll (YRTD)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files\Nitro PDF\Reader 2\npnitromozilla.dll ( )
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Users\Gimhan-Rayan\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Gimhan-Rayan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2013/06/07 05:16:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013/06/28 12:16:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/04/12 01:09:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/07/08 21:53:30 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Gimhan-Rayan\AppData\Roaming\IDM\idmmzcc5 [2013/07/24 09:23:03 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Users\Gimhan-Rayan\AppData\Roaming\IDM\idmmzcc5 [2013/07/24 09:23:03 | 000,000,000 | ---D | M]

[2011/01/15 09:52:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gimhan-Rayan\AppData\Roaming\mozilla\Extensions
[2013/07/24 09:18:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gimhan-Rayan\AppData\Roaming\mozilla\Firefox\Profiles\5eoqu9ae.default\extensions
[2013/04/12 00:54:31 | 000,000,000 | ---D | M] (PageRage Community Toolbar) -- C:\Users\Gimhan-Rayan\AppData\Roaming\mozilla\Firefox\Profiles\5eoqu9ae.default\extensions\{9565115d-c7d6-46d3-bd63-b67b481a4368}
[2013/07/06 23:35:17 | 000,053,803 | ---- | M] () (No name found) -- C:\Users\Gimhan-Rayan\AppData\Roaming\mozilla\firefox\profiles\5eoqu9ae.default\extensions\[email protected]
[2011/11/01 16:23:24 | 000,026,121 | ---- | M] () (No name found) -- C:\Users\Gimhan-Rayan\AppData\Roaming\mozilla\firefox\profiles\5eoqu9ae.default\extensions\[email protected]
[2013/04/12 00:52:51 | 000,021,490 | ---- | M] () (No name found) -- C:\Users\Gimhan-Rayan\AppData\Roaming\mozilla\firefox\profiles\5eoqu9ae.default\extensions\[email protected]
[2013/07/02 23:46:07 | 000,350,663 | ---- | M] () (No name found) -- C:\Users\Gimhan-Rayan\AppData\Roaming\mozilla\firefox\profiles\5eoqu9ae.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
[2013/07/02 23:45:45 | 000,150,349 | ---- | M] () (No name found) -- C:\Users\Gimhan-Rayan\AppData\Roaming\mozilla\firefox\profiles\5eoqu9ae.default\extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}.xpi
[2013/04/12 00:54:20 | 000,714,654 | ---- | M] () (No name found) -- C:\Users\Gimhan-Rayan\AppData\Roaming\mozilla\firefox\profiles\5eoqu9ae.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
[2013/07/06 23:34:15 | 000,269,448 | ---- | M] () (No name found) -- C:\Users\Gimhan-Rayan\AppData\Roaming\mozilla\firefox\profiles\5eoqu9ae.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2013/07/22 14:34:08 | 000,006,548 | ---- | M] () -- C:\Users\Gimhan-Rayan\AppData\Roaming\mozilla\firefox\profiles\5eoqu9ae.default\searchplugins\babylon.xml
[2013/07/22 14:37:05 | 000,001,294 | ---- | M] () -- C:\Users\Gimhan-Rayan\AppData\Roaming\mozilla\firefox\profiles\5eoqu9ae.default\searchplugins\delta.xml
[2011/03/18 09:38:10 | 000,009,966 | ---- | M] () -- C:\Users\Gimhan-Rayan\AppData\Roaming\mozilla\firefox\profiles\5eoqu9ae.default\searchplugins\mywebsearch.xml
[2013/04/12 01:09:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/03/29 19:52:59 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2013/07/04 18:07:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2013/04/10 12:28:33 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013/04/10 12:27:54 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013/04/10 12:27:54 | 000,002,086 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www1.delta-se...3_ctrl&tsp=4951
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Disabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.116\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: DivX Web Player (Disabled) = C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
CHR - plugin: 2007 Microsoft Office system (Disabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: QuickTime Plug-in 7.5 (861) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.5 (861) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.5 (861) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.5 (861) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.5 (861) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.5 (861) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.5 (861) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Picasa (Disabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U21 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Nitro PDF Plug-In (Disabled) = C:\Program Files\Nitro PDF\Reader 2\npnitromozilla.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Ky Plugin (Enabled) = C:\Program Files\kuaiyong\np_kyplugin.dll
CHR - plugin: Unity Player (Disabled) = C:\Users\Gimhan-Rayan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll
CHR - Extension: Duolingo = C:\Users\Gimhan-Rayan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiahmijlpehemcpleichkcokhegllfjl\1.0.10_0\
CHR - Extension: Angry Birds = C:\Users\Gimhan-Rayan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
CHR - Extension: Google Drive = C:\Users\Gimhan-Rayan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: SocialReviver = C:\Users\Gimhan-Rayan\AppData\Local\Google\Chrome\User Data\Default\Extensions\beeidigicffecnkbanlfnmaplmkafdje\4.1_0\
CHR - Extension: RE:Channel Blocker = C:\Users\Gimhan-Rayan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blecdbhmbheakehhhaokfijdleeappep\1.1_0\
CHR - Extension: YouTube = C:\Users\Gimhan-Rayan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Gimhan-Rayan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Japanese Kana = C:\Users\Gimhan-Rayan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnhmomiblghhhfjleapinggmnjhinign\2.0.3_0\
CHR - Extension: ESPN Cricinfo = C:\Users\Gimhan-Rayan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijhlikjoigjegofbedmfmlcfkmhabldh\1.8.4.1_1\
CHR - Extension: Unfriend Finder = C:\Users\Gimhan-Rayan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kddnblacojpnmjdlpnndlcamnmmkfina\35_0\
CHR - Extension: JAPANESE 1 = C:\Users\Gimhan-Rayan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbpipicjdmcoocdcnjlijbgclebahlno\1.0.8_0\
CHR - Extension: All Mangas Reader = C:\Users\Gimhan-Rayan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhjloagockgobfpopemejpgjjechcpfd\1.5.4_0\
CHR - Extension: One Piece: Monkey D. Luffy (1920x1080) Black = C:\Users\Gimhan-Rayan\AppData\Local\Google\Chrome\User Data\Default\Extensions\odlmkpkghaionadbgabmfhdmbgonecba\1.0.1_0\
CHR - Extension: Type Fu = C:\Users\Gimhan-Rayan\AppData\Local\Google\Chrome\User Data\Default\Extensions\okboeogmnhjpgbeaokfogelclpblaemo\2.0.0_0\
CHR - Extension: Gmail = C:\Users\Gimhan-Rayan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2011/01/27 09:07:40 | 000,000,854 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - {7C207950-B633-40B8-95B3-E3E08502BE44} - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Connectify Hotspot] C:\Program Files\Connectify\Connectify.exe (Connectify)
O4 - HKLM..\Run: [ModemListener] C:\Program Files\Quick net\ModemListener.exe ()
O4 - HKLM..\Run: [Windows7FirewallControl] C:\Program Files\Windows7FirewallControl\Windows7FirewallControl.exe File not found
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe (Hagel Technologies Ltd.)
O4 - HKCU..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - HKCU..\Run: [Windows Security Center Notification App] C:\Users\Gimhan-Rayan\AppData\Roaming\MSSecurity\wscntfy.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPath = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office15\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MIF5BA~1\Office15\ONBttnIE.dll/105 File not found
O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - E:\WinHTTrack\WinHTTrackIEBar.dll File not found
O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - E:\WinHTTrack\WinHTTrackIEBar.dll File not found
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: samsungsetup.com ([www] http in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.syste...ri_4.4.11.0.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{10FEA6A7-A705-4A55-8A72-AE3600645DA3}: NameServer = 192.168.137.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8AE0E4E3-BB85-4EBC-8962-4AB65AE501D4}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8AE0E4E3-BB85-4EBC-8962-4AB65AE501D4}: NameServer = 8.8.8.8,8.8.4.4
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 03:12:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{045ccca3-fa4e-11e0-a548-00241dc490f4}\Shell - "" = AutoRun
O33 - MountPoints2\{045ccca3-fa4e-11e0-a548-00241dc490f4}\Shell\AutoRun\command - "" = K:\autorun.exe
O33 - MountPoints2\{2e61c400-1b5b-11e1-b580-00241dc490f4}\Shell - "" = AutoRun
O33 - MountPoints2\{2e61c400-1b5b-11e1-b580-00241dc490f4}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{57c53bff-11ba-11e1-9c7c-00241dc490f4}\Shell - "" = AutoRun
O33 - MountPoints2\{57c53bff-11ba-11e1-9c7c-00241dc490f4}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{57c53c04-11ba-11e1-9c7c-00241dc490f4}\Shell - "" = AutoRun
O33 - MountPoints2\{57c53c04-11ba-11e1-9c7c-00241dc490f4}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{5f14c710-1804-11e1-8cf5-00241dc490f4}\Shell - "" = AutoRun
O33 - MountPoints2\{5f14c710-1804-11e1-8cf5-00241dc490f4}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{768ad86b-17fb-11e1-8725-00241dc490f4}\Shell - "" = AutoRun
O33 - MountPoints2\{768ad86b-17fb-11e1-8725-00241dc490f4}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{768ad86e-17fb-11e1-8725-00241dc490f4}\Shell - "" = AutoRun
O33 - MountPoints2\{768ad86e-17fb-11e1-8725-00241dc490f4}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{768ad8a4-17fb-11e1-8725-00241dc490f4}\Shell - "" = AutoRun
O33 - MountPoints2\{768ad8a4-17fb-11e1-8725-00241dc490f4}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{768ad8a6-17fb-11e1-8725-00241dc490f4}\Shell - "" = AutoRun
O33 - MountPoints2\{768ad8a6-17fb-11e1-8725-00241dc490f4}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{99e01337-f96d-11de-b282-00241dc490f4}\Shell - "" = AutoRun
O33 - MountPoints2\{99e01337-f96d-11de-b282-00241dc490f4}\Shell\AutoRun\command - "" = "D:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{a849fd7e-99e2-11e2-b3bf-00241dc490f4}\Shell - "" = AutoRun
O33 - MountPoints2\{a849fd7e-99e2-11e2-b3bf-00241dc490f4}\Shell\AutoRun\command - "" = D:\autorun.exe
O33 - MountPoints2\{a98f646a-5816-11e0-8f51-00241dc490f4}\Shell - "" = AutoRun
O33 - MountPoints2\{a98f646a-5816-11e0-8f51-00241dc490f4}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{b2428e81-1b10-11e1-afbf-00241dc490f4}\Shell - "" = AutoRun
O33 - MountPoints2\{b2428e81-1b10-11e1-afbf-00241dc490f4}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{b2428e86-1b10-11e1-afbf-00241dc490f4}\Shell - "" = AutoRun
O33 - MountPoints2\{b2428e86-1b10-11e1-afbf-00241dc490f4}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{b2428e88-1b10-11e1-afbf-00241dc490f4}\Shell - "" = AutoRun
O33 - MountPoints2\{b2428e88-1b10-11e1-afbf-00241dc490f4}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{d1425481-12b6-11e1-9b49-00241dc490f4}\Shell - "" = AutoRun
O33 - MountPoints2\{d1425481-12b6-11e1-9b49-00241dc490f4}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{d1425483-12b6-11e1-9b49-00241dc490f4}\Shell - "" = AutoRun
O33 - MountPoints2\{d1425483-12b6-11e1-9b49-00241dc490f4}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (bootdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/07/24 09:31:15 | 000,000,000 | ---D | C] -- C:\Users\Gimhan-Rayan\AppData\Local\NVIDIA
[2013/07/24 08:07:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
[2013/07/24 08:07:24 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2013/07/24 08:06:36 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013/07/23 23:05:38 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/07/23 22:06:44 | 000,000,000 | ---D | C] -- C:\Windows\System32\Extensions
[2013/07/23 22:06:29 | 000,000,000 | ---D | C] -- C:\Windows\System32\searchplugins
[2013/07/22 14:39:51 | 000,000,000 | ---D | C] -- C:\Users\Gimhan-Rayan\AppData\Local\Bundled software uninstaller
[2013/07/22 14:37:48 | 000,000,000 | ---D | C] -- C:\Users\Gimhan-Rayan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender
[2013/07/22 14:37:41 | 000,000,000 | ---D | C] -- C:\ProgramData\BrowserDefender
[2013/07/22 14:37:01 | 000,000,000 | ---D | C] -- C:\Program Files\Delta
[2013/07/21 17:58:28 | 000,000,000 | ---D | C] -- C:\Users\Gimhan-Rayan\AppData\Roaming\com.felidae.lms
[2013/07/21 17:58:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vidunena
[2013/07/21 17:58:18 | 000,000,000 | ---D | C] -- C:\Program Files\Vidunena
[2013/07/21 14:52:58 | 000,000,000 | ---D | C] -- C:\Users\Gimhan-Rayan\Desktop\New folder (5)
[2013/07/16 14:42:18 | 000,000,000 | ---D | C] -- C:\Users\Gimhan-Rayan\NewsUpdater
[2013/07/16 14:37:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\News Updater
[2013/07/15 11:26:59 | 000,000,000 | ---D | C] -- C:\Users\Gimhan-Rayan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
[2013/07/12 19:40:05 | 000,000,000 | ---D | C] -- C:\Users\Gimhan-Rayan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Utilities
[2013/07/12 10:01:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Steam
[2013/07/12 10:01:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2013/07/12 10:01:32 | 000,000,000 | ---D | C] -- C:\Program Files\Steam
[2013/07/11 22:37:10 | 000,000,000 | ---D | C] -- C:\Users\Gimhan-Rayan\AppData\Roaming\Nitro PDF
[2013/07/10 12:49:17 | 000,000,000 | ---D | C] -- C:\Users\Gimhan-Rayan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Digital Confidence
[2013/07/10 12:49:10 | 000,000,000 | ---D | C] -- C:\Program Files\Digital Confidence
[2013/07/10 12:49:09 | 000,000,000 | ---D | C] -- C:\Users\Gimhan-Rayan\AppData\Roaming\Digital Confidence
[2013/07/10 09:28:34 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2013/07/09 19:32:44 | 000,023,456 | ---- | C] (Phoenix Technologies) -- C:\Windows\System32\drivers\DrvAgent32.sys
[2013/07/09 19:32:43 | 000,000,000 | ---D | C] -- C:\Users\Gimhan-Rayan\AppData\Local\eSupport.com
[2013/07/09 19:30:54 | 000,000,000 | ---D | C] -- C:\ProgramData\SystemRequirementsLab
[2013/07/07 19:05:26 | 000,000,000 | ---D | C] -- C:\Users\Gimhan-Rayan\AppData\Local\MicroTrends
[2013/07/07 19:05:23 | 000,000,000 | ---D | C] -- C:\Users\Gimhan-Rayan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MicroTrends
[2013/07/06 22:56:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CNT EA
[2013/07/06 22:56:11 | 000,000,000 | ---D | C] -- C:\Program Files\CNT EA
[2013/07/06 18:52:52 | 000,000,000 | ---D | C] -- C:\Program Files\Newsprofiteer
[2013/07/05 17:33:29 | 000,000,000 | ---D | C] -- C:\Program Files\Citrix
[2013/07/05 17:32:57 | 000,000,000 | ---D | C] -- C:\Users\Gimhan-Rayan\AppData\Local\Citrix
[2013/07/04 16:33:04 | 000,000,000 | ---D | C] -- C:\Users\Gimhan-Rayan\Desktop\analysis
[2013/07/04 16:25:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malcode Analyst Pack
[2013/07/04 16:25:13 | 000,233,472 | ---- | C] (SandSprite.com) -- C:\Windows\vbDevKit.dll
[2013/07/04 16:25:13 | 000,061,440 | ---- | C] (SandSprite.com) -- C:\Windows\spSubclass2.dll
[2013/07/04 16:25:12 | 000,000,000 | ---D | C] -- C:\iDefense
[2013/07/04 15:26:45 | 000,000,000 | ---D | C] -- C:\Users\Gimhan-Rayan\Desktop\sequ
[2013/07/03 13:49:07 | 000,000,000 | ---D | C] -- C:\Users\Gimhan-Rayan\AppData\Roaming\SUPERAntiSpyware.com
[2013/07/03 13:49:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2013/07/03 13:48:57 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2013/07/03 13:48:57 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2013/07/01 16:23:13 | 000,000,000 | ---D | C] -- C:\Users\Gimhan-Rayan\AppData\Roaming\Malwarebytes
[2013/07/01 16:22:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/07/01 16:22:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/07/01 16:22:53 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/07/01 16:22:53 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/06/30 18:29:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Forex Tester
[2013/06/30 18:29:14 | 000,000,000 | ---D | C] -- C:\ForexTester
[2013/06/30 18:01:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Forex Tester 2
[2013/06/30 18:01:37 | 000,000,000 | ---D | C] -- C:\ForexTester2
[2013/06/29 18:20:17 | 000,000,000 | R--D | C] -- C:\Users\Gimhan-Rayan\Desktop\My Shared Folder
[2013/06/29 09:05:29 | 000,000,000 | R--D | C] -- C:\Users\Gimhan-Rayan\Desktop\New folder (4)
[2013/06/28 12:34:19 | 000,000,000 | ---D | C] -- C:\ProgramData\ALM
[2013/06/28 12:25:10 | 000,000,000 | ---D | C] -- C:\Users\Gimhan-Rayan\Adobe Flash Builder 4.6
[2013/06/28 12:17:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe LiveCycle ES2
[2013/06/28 12:11:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PX Storage Engine
[2013/06/28 12:11:39 | 000,000,000 | ---D | C] -- C:\Program Files\My Company Name
[2013/06/28 12:02:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS6
[2013/06/28 11:34:09 | 000,000,000 | ---D | C] -- C:\photoshop 6
[2013/06/26 09:44:07 | 000,000,000 | ---D | C] -- C:\Users\Gimhan-Rayan\AppData\Local\@ByELDI
[2013/06/25 21:57:52 | 000,000,000 | R--D | C] -- C:\Users\Gimhan-Rayan\Desktop\FORX
[2013/06/25 19:48:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Utilities
[2013/06/25 19:48:02 | 000,000,000 | ---D | C] -- C:\Users\Gimhan-Rayan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
[2013/06/25 19:45:58 | 000,000,000 | ---D | C] -- C:\office13
[2013/06/25 08:59:02 | 000,000,000 | ---D | C] -- C:\Users\Gimhan-Rayan\AppData\Local\Micro Concept Software
[2013/06/25 08:53:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KenoLab
[2013/06/25 08:53:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Micro Concept Software
[2013/06/25 08:53:34 | 000,000,000 | ---D | C] -- C:\Program Files\Micro Concept Software
[2013/06/24 20:48:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MetaTrader - Alpari UK
[2011/06/12 02:01:24 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpe5FEA.dll

========== Files - Modified Within 30 Days ==========

[2013/07/24 09:31:23 | 000,028,096 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/24 09:31:23 | 000,028,096 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/24 09:22:03 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/07/24 09:21:54 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2013/07/24 09:21:40 | 000,000,330 | -HS- | M] () -- C:\Windows\tasks\YHHWGADP.job
[2013/07/24 09:21:36 | 000,030,464 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro37.sys
[2013/07/24 09:21:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/07/24 09:21:25 | 2616,057,856 | -HS- | M] () -- C:\hiberfil.sys
[2013/07/24 09:18:59 | 000,069,818 | ---- | M] () -- C:\Windows\System32\.crusader
[2013/07/24 09:17:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/07/24 08:44:25 | 000,152,880 | ---- | M] () -- C:\Users\Gimhan-Rayan\Desktop\naruto-4320359.jpg
[2013/07/24 08:07:25 | 000,001,893 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2013/07/24 06:27:42 | 000,010,669 | ---- | M] () -- C:\Users\Gimhan-Rayan\Desktop\993655_659514167411331_1165642995_n.jpg
[2013/07/23 18:28:36 | 000,037,121 | ---- | M] () -- C:\Users\Gimhan-Rayan\Desktop\1006006_402182156569277_405110217_n.jpg
[2013/07/23 18:00:01 | 000,000,456 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration.job
[2013/07/23 17:19:49 | 000,008,601 | ---- | M] () -- C:\Users\Gimhan-Rayan\Desktop\533619_3201435052010_1569034997_n.jpg
[2013/07/23 17:19:43 | 000,011,226 | ---- | M] () -- C:\Users\Gimhan-Rayan\Desktop\1013537_363238437137166_1979261321_n.jpg
[2013/07/23 17:19:37 | 000,008,800 | ---- | M] () -- C:\Users\Gimhan-Rayan\Desktop\1012413_416374065148403_278218588_n.jpg
[2013/07/23 16:42:48 | 000,780,892 | ---- | M] () -- C:\Users\Gimhan-Rayan\Desktop\legend_of_korra__team_avatar_by_ichan_desu-d562t6p.png
[2013/07/23 16:33:16 | 000,006,617 | ---- | M] () -- C:\Users\Gimhan-Rayan\Desktop\1001362_4872568023115_2138464394_n.jpg
[2013/07/23 16:29:34 | 000,023,270 | ---- | M] () -- C:\Users\Gimhan-Rayan\Desktop\1045168_10201066693341202_1689100825_n.jpg
[2013/07/23 16:27:17 | 000,009,207 | ---- | M] () -- C:\Users\Gimhan-Rayan\Desktop\1003328_10151578744842404_223450197_n.jpg
[2013/07/23 11:40:12 | 001,326,973 | ---- | M] () -- C:\Users\Gimhan-Rayan\Desktop\IMG_1244.jpg
[2013/07/23 10:36:04 | 000,038,622 | ---- | M] () -- C:\Users\Gimhan-Rayan\Desktop\1010327_558836287504960_628623413_n.jpg
[2013/07/23 09:59:52 | 000,034,755 | ---- | M] () -- C:\Users\Gimhan-Rayan\Desktop\971688_412476835540573_1172451934_n.jpg
[2013/07/22 19:25:01 | 000,052,043 | ---- | M] () -- C:\Users\Gimhan-Rayan\Desktop\1069894_423371661111223_1161014552_n.jpg
[2013/07/22 18:33:28 | 003,858,624 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/07/22 18:24:20 | 000,920,459 | ---- | M] () -- C:\Users\Gimhan-Rayan\Desktop\IMG_1133.jpg
[2013/07/22 16:43:59 | 007,636,412 | ---- | M] () -- C:\Users\Gimhan-Rayan\Desktop\part2.jpg
[2013/07/22 15:11:43 | 002,750,774 | ---- | M] () -- C:\Users\Gimhan-Rayan\Desktop\part1.jpg
[2013/07/22 14:50:10 | 002,751,423 | ---- | M] () -- C:\Users\Gimhan-Rayan\Desktop\hhj.jpg
[2013/07/22 14:48:01 | 002,736,684 | ---- | M] () -- C:\Users\Gimhan-Rayan\Desktop\iiiiiooo.jpg
[2013/07/22 14:36:21 | 000,005,866 | ---- | M] () -- C:\Users\Gimhan-Rayan\Desktop\Pixel-.zip
[2013/07/22 09:31:37 | 000,123,888 | ---- | M] () -- C:\Users\Gimhan-Rayan\Desktop\the_most_crowded_cities_in_the_world_640_23_zpsa18c9f8e.jpg
[2013/07/21 23:13:47 | 000,038,806 | ---- | M] () -- C:\Users\Gimhan-Rayan\Desktop\934958_10151673688748346_464700108_n.jpg
[2013/07/21 18:06:08 | 000,206,700 | -H-- | M] () -- C:\Windows\System32\mlfcache.dat
[2013/07/21 17:58:25 | 000,000,980 | ---- | M] () -- C:\Users\Public\Desktop\Vidunena.lnk
[2013/07/21 12:19:25 | 000,707,690 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/07/21 12:19:25 | 000,139,022 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/07/20 22:11:02 | 000,025,247 | ---- | M] () -- C:\Users\Gimhan-Rayan\Desktop\EURGBP(1 Day)20130720221058.png
[2013/07/20 20:51:03 | 000,017,359 | ---- | M] () -- C:\Users\Gimhan-Rayan\Desktop\942409_396306783807437_90587989_n.jpg
[2013/07/20 18:11:04 | 000,050,128 | ---- | M] () -- C:\Users\Gimhan-Rayan\Desktop\1016309_537243086322875_990967395_n.jpg
[2013/07/20 11:16:04 | 427,187,099 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/07/20 10:30:09 | 000,060,132 | ---- | M] () -- C:\Users\Gimhan-Rayan\Desktop\551e86299da2.jpg
[2013/07/20 04:17:34 | 000,010,390 | ---- | M] () -- C:\Users\Gimhan-Rayan\Desktop\1013457_337640433034037_127067875_n.jpg
[2013/07/20 01:19:54 | 000,153,238 | ---- | M] () -- C:\Users\Gimhan-Rayan\Desktop\historys-strongest-disciple-kenichi-4304055.jpg
[2013/07/18 21:15:44 | 000,324,427 | ---- | M] () -- C:\Users\Gimhan-Rayan\Desktop\Untitled.jpg
[2013/07/18 13:49:36 | 001,583,761 | ---- | M] () -- C:\Users\Gimhan-Rayan\Desktop\id2.jpg
[2013/07/18 13:49:09 | 001,538,833 | ---- | M] () -- C:\Users\Gimhan-Rayan\Desktop\id.jpg
[2013/07/18 13:15:08 | 000,228,802 | ---- | M] () -- C:\Users\Gimhan-Rayan\Desktop\Untitled-2.jpg
[2013/07/18 13:09:23 | 002,494,378 | ---- | M] () -- C:\Users\Gimhan-Rayan\Desktop\IMG_1229.JPG
[2013/07/18 10:56:22 | 001,513,272 | ---- | M] () -- C:\Users\Gimhan-Rayan\Desktop\IMG_1226.JPG
[2013/07/18 10:45:15 | 001,980,212 | ---- | M] () -- C:\Users\Gimhan-Rayan\Desktop\IMG_122.JPG
[2013/07/16 22:35:37 | 000,041,970 | ---- | M] () -- C:\Users\Gimhan-Rayan\Desktop\1016873_10201462278828363_1128169736_n.jpg
[2013/07/16 14:37:26 | 000,000,904 | ---- | M] () -- C:\Users\Gimhan-Rayan\Desktop\News Updater.lnk
[2013/07/15 11:26:59 | 000,000,213 | ---- | M] () -- C:\Users\Gimhan-Rayan\Desktop\Dota 2.url
[2013/07/13 19:35:17 | 000,000,568 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2013/07/12 19:50:36 | 000,052,197 | ---- | M] () -- C:\Users\Gimhan-Rayan\Desktop\13830273.png
[2013/07/12 19:40:05 | 000,001,128 | ---- | M] () -- C:\Users\Public\Desktop\Doxillion Document Converter.lnk
[2013/07/12 10:01:43 | 000,000,875 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2013/07/11 22:34:42 | 000,641,339 | ---- | M] () -- C:\Users\Gimhan-Rayan\Desktop\iiiii.jpg
[2013/07/11 22:30:40 | 000,661,179 | ---- | M] () -- C:\Users\Gimhan-Rayan\Desktop\gggg.jpg
[2013/07/10 12:49:17 | 000,002,312 | ---- | M] () -- C:\Users\Gimhan-Rayan\Desktop\BatchPurifier.lnk
[2013/07/09 19:32:46 | 000,000,882 | ---- | M] () -- C:\Users\Gimhan-Rayan\Desktop\Find Drivers with DriverAgent.lnk
[2013/07/09 19:32:44 | 000,023,456 | ---- | M] (Phoenix Technologies) -- C:\Windows\System32\drivers\DrvAgent32.sys
[2013/07/05 17:01:24 | 002,884,795 | ---- | M] () -- C:\Users\Gimhan-Rayan\Desktop\IMG_1184.JPG
[2013/07/04 17:23:19 | 000,031,560 | ---- | M] () -- C:\Windows\System32\drivers\mbamchameleon.sys
[2013/07/03 23:01:35 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2013/07/03 13:49:01 | 000,001,961 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/07/03 09:53:22 | 000,124,663 | ---- | M] () -- C:\Users\Gimhan-Rayan\Desktop\www.jpg
[2013/07/02 22:05:40 | 000,111,276 | ---- | M] () -- C:\Users\Gimhan-Rayan\Desktop\2013-07-01-4bed194.png
[2013/07/01 16:22:59 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/07/01 13:42:50 | 002,094,778 | ---- | M] () -- C:\Users\Gimhan-Rayan\Desktop\Dogrape.gif
[2013/06/30 18:29:18 | 000,000,652 | ---- | M] () -- C:\Users\Gimhan-Rayan\Desktop\Forex Tester Professional.lnk
[2013/06/29 12:18:39 | 000,001,300 | ---- | M] () -- C:\Users\Gimhan-Rayan\Desktop\KenoLab 3.0.lnk
[2013/06/28 12:17:14 | 000,001,996 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk
[2013/06/28 07:13:21 | 000,770,344 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2013/06/28 07:13:21 | 000,369,584 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2013/06/28 07:13:21 | 000,175,176 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/06/28 07:13:21 | 000,000,175 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys.sum
[2013/06/28 07:13:21 | 000,000,175 | ---- | M] () -- C:\Windows\System32\drivers\aswSP.sys.sum
[2013/06/28 07:13:21 | 000,000,175 | ---- | M] () -- C:\Windows\System32\drivers\aswSnx.sys.sum
[2013/06/26 08:14:12 | 000,001,992 | ---- | M] () -- C:\Users\Gimhan-Rayan\Desktop\Continue installation - 7zip.lnk
[2013/06/25 08:59:02 | 000,000,000 | ---- | M] () -- C:\Windows\WD.INI
[2013/06/24 20:48:11 | 000,001,539 | ---- | M] () -- C:\Users\Public\Desktop\MetaTrader - Alpari UK.lnk

========== Files Created - No Company Name ==========

[2013/07/24 09:18:59 | 000,069,818 | ---- | C] () -- C:\Windows\System32\.crusader
[2013/07/24 08:44:24 | 000,152,880 | ---- | C] () -- C:\Users\Gimhan-Rayan\Desktop\naruto-4320359.jpg
[2013/07/24 08:07:25 | 000,030,464 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro37.sys
[2013/07/24 08:07:25 | 000,001,893 | ---- | C] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2013/07/24 06:27:41 | 000,010,669 | ---- | C] () -- C:\Users\Gimhan-Rayan\Desktop\993655_659514167411331_1165642995_n.jpg
[2013/07/23 18:28:35 | 000,037,121 | ---- | C] () -- C:\Users\Gimhan-Rayan\Desktop\1006006_402182156569277_405110217_n.jpg
[2013/07/23 17:19:48 | 000,008,601 | ---- | C] () -- C:\Users\Gimhan-Rayan\Desktop\533619_3201435052010_1569034997_n.jpg
[2013/07/23 17:19:43 | 000,011,226 | ---- | C] () -- C:\Users\Gimhan-Rayan\Desktop\1013537_363238437137166_1979261321_n.jpg
[2013/07/23 17:19:36 | 000,008,800 | ---- | C] () -- C:\Users\Gimhan-Rayan\Desktop\1012413_416374065148403_278218588_n.jpg
[2013/07/23 16:42:48 | 000,780,892 | ---- | C] () -- C:\Users\Gimhan-Rayan\Desktop\legend_of_korra__team_avatar_by_ichan_desu-d562t6p.png
[2013/07/23 16:33:16 | 000,006,617 | ---- | C] () -- C:\Users\Gimhan-Rayan\Desktop\1001362_4872568023115_2138464394_n.jpg
[2013/07/23 16:29:34 | 000,023,270 | ---- | C] () -- C:\Users\Gimhan-Rayan\Desktop\1045168_10201066693341202_1689100825_n.jpg
[2013/07/23 16:27:16 | 000,009,207 | ---- | C] () -- C:\Users\Gimhan-Rayan\Desktop\1003328_10151578744842404_223450197_n.jpg
[2013/07/23 10:36:04 | 000,038,622 | ---- | C] () -- C:\Users\Gimhan-Rayan\Desktop\1010327_558836287504960_628623413_n.jpg
[2013/07/23 09:59:48 | 000,034,755 | ---- | C] () -- C:\Users\Gimhan-Rayan\Desktop\971688_412476835540573_1172451934_n.jpg
[2013/07/22 19:24:59 | 000,052,043 | ---- | C] () -- C:\Users\Gimhan-Rayan\Desktop\1069894_423371661111223_1161014552_n.jpg
[2013/07/22 18:24:19 | 000,920,459 | ---- | C] () -- C:\Users\Gimhan-Rayan\Desktop\IMG_1133.jpg
[2013/07/22 16:44:12 | 001,326,973 | ---- | C] () -- C:\Users\Gimhan-Rayan\Desktop\IMG_1244.jpg
[2013/07/22 15:51:40 | 007,636,412 | ---- | C] () -- C:\Users\Gimhan-Rayan\Desktop\part2.jpg
[2013/07/22 15:11:41 | 002,750,774 | ---- | C] () -- C:\Users\Gimhan-Rayan\Desktop\part1.jpg
[2013/07/22 14:50:07 | 002,751,423 | ---- | C] () -- C:\Users\Gimhan-Rayan\Desktop\hhj.jpg
[2013/07/22 14:47:59 | 002,736,684 | ---- | C] () -- C:\Users\Gimhan-Rayan\Desktop\iiiiiooo.jpg
[2013/07/22 14:37:22 | 000,005,866 | ---- | C] () -- C:\Users\Gimhan-Rayan\Desktop\Pixel-.zip
[2013/07/22 14:07:02 | 001,980,212 | ---- | C] () -- C:\Users\Gimhan-Rayan\Desktop\IMG_122.JPG
[2013/07/22 13:48:33 | 001,513,272 | ---- | C] () -- C:\Users\Gimhan-Rayan\Desktop\IMG_1226.JPG
[2013/07/22 09:31:36 | 000,123,888 | ---- | C] () -- C:\Users\Gimhan-Rayan\Desktop\the_most_crowded_cities_in_the_world_640_23_zpsa18c9f8e.jpg
[2013/07/21 23:13:47 | 000,038,806 | ---- | C] () -- C:\Users\Gimhan-Rayan\Desktop\934958_10151673688748346_464700108_n.jpg
[2013/07/21 18:06:08 | 000,206,700 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2013/07/21 17:58:25 | 000,000,980 | ---- | C] () -- C:\Users\Public\Desktop\Vidunena.lnk
[2013/07/20 22:11:02 | 000,025,247 | ---- | C] () -- C:\Users\Gimhan-Rayan\Desktop\EURGBP(1 Day)20130720221058.png
[2013/07/20 20:52:00 | 000,017,359 | ---- | C] () -- C:\Users\Gimhan-Rayan\Desktop\942409_396306783807437_90587989_n.jpg
[2013/07/20 18:11:03 | 000,050,128 | ---- | C] () -- C:\Users\Gimhan-Rayan\Desktop\1016309_537243086322875_990967395_n.jpg
[2013/07/20 10:30:08 | 000,060,132 | ---- | C] () -- C:\Users\Gimhan-Rayan\Desktop\551e86299da2.jpg
[2013/07/20 04:17:34 | 000,010,390 | ---- | C] () -- C:\Users\Gimhan-Rayan\Desktop\1013457_337640433034037_127067875_n.jpg
[2013/07/20 01:19:53 | 000,153,238 | ---- | C] () -- C:\Users\Gimhan-Rayan\Desktop\historys-strongest-disciple-kenichi-4304055.jpg
[2013/07/18 21:15:44 | 000,324,427 | ---- | C] () -- C:\Users\Gimhan-Rayan\Desktop\Untitled.jpg
[2013/07/18 13:49:34 | 001,583,761 | ---- | C] () -- C:\Users\Gimhan-Rayan\Desktop\id2.jpg
[2013/07/18 13:49:06 | 001,538,833 | ---- | C] () -- C:\Users\Gimhan-Rayan\Desktop\id.jpg
[2013/07/18 13:15:07 | 000,228,802 | ---- | C] () -- C:\Users\Gimhan-Rayan\Desktop\Untitled-2.jpg
[2013/07/18 13:11:09 | 002,494,378 | ---- | C] () -- C:\Users\Gimhan-Rayan\Desktop\IMG_1229.JPG
[2013/07/16 22:35:30 | 000,041,970 | ---- | C] () -- C:\Users\Gimhan-Rayan\Desktop\1016873_10201462278828363_1128169736_n.jpg
[2013/07/16 14:37:26 | 000,000,904 | ---- | C] () -- C:\Users\Gimhan-Rayan\Desktop\News Updater.lnk
[2013/07/15 11:26:59 | 000,000,213 | ---- | C] () -- C:\Users\Gimhan-Rayan\Desktop\Dota 2.url
[2013/07/12 19:50:36 | 000,052,197 | ---- | C] () -- C:\Users\Gimhan-Rayan\Desktop\13830273.png
[2013/07/12 19:40:05 | 000,001,140 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Doxillion Document Converter.lnk
[2013/07/12 19:40:05 | 000,001,128 | ---- | C] () -- C:\Users\Public\Desktop\Doxillion Document Converter.lnk
[2013/07/12 10:01:43 | 000,000,875 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2013/07/11 22:34:41 | 000,641,339 | ---- | C] () -- C:\Users\Gimhan-Rayan\Desktop\iiiii.jpg
[2013/07/11 22:30:40 | 000,661,179 | ---- | C] () -- C:\Users\Gimhan-Rayan\Desktop\gggg.jpg
[2013/07/10 12:49:17 | 000,002,312 | ---- | C] () -- C:\Users\Gimhan-Rayan\Desktop\BatchPurifier.lnk
[2013/07/09 19:32:46 | 000,000,882 | ---- | C] () -- C:\Users\Gimhan-Rayan\Desktop\Find Drivers with DriverAgent.lnk
[2013/07/06 18:52:56 | 000,002,309 | ---- | C] () -- C:\Users\Gimhan-Rayan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Currency Strength Meter.lnk
[2013/07/05 17:10:17 | 002,884,795 | ---- | C] () -- C:\Users\Gimhan-Rayan\Desktop\IMG_1184.JPG
[2013/07/04 17:23:19 | 000,031,560 | ---- | C] () -- C:\Windows\System32\drivers\mbamchameleon.sys
[2013/07/04 16:25:24 | 000,188,487 | ---- | C] () -- C:\Windows\loadlib.exe
[2013/07/04 16:25:23 | 000,050,688 | ---- | C] () -- C:\Windows\FindDll.exe
[2013/07/04 16:25:15 | 000,176,188 | ---- | C] () -- C:\Windows\gdiprocs.exe
[2013/07/03 13:49:01 | 000,001,961 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/07/03 09:50:21 | 000,124,663 | ---- | C] () -- C:\Users\Gimhan-Rayan\Desktop\www.jpg
[2013/07/02 22:05:39 | 000,111,276 | ---- | C] () -- C:\Users\Gimhan-Rayan\Desktop\2013-07-01-4bed194.png
[2013/07/01 16:22:59 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/07/01 13:42:48 | 002,094,778 | ---- | C] () -- C:\Users\Gimhan-Rayan\Desktop\Dogrape.gif
[2013/06/30 18:29:18 | 000,000,652 | ---- | C] () -- C:\Users\Gimhan-Rayan\Desktop\Forex Tester Professional.lnk
[2013/06/29 12:18:39 | 000,001,300 | ---- | C] () -- C:\Users\Gimhan-Rayan\Desktop\KenoLab 3.0.lnk
[2013/06/28 12:17:14 | 000,002,465 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller X.lnk
[2013/06/28 12:17:14 | 000,002,453 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat X Pro.lnk
[2013/06/28 12:17:14 | 000,001,996 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk
[2013/06/28 12:12:38 | 000,001,067 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Widget Browser.lnk
[2013/06/28 12:08:05 | 000,000,967 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
[2013/06/28 07:13:21 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys.sum
[2013/06/28 07:13:21 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSP.sys.sum
[2013/06/28 07:13:21 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSnx.sys.sum
[2013/06/26 08:14:12 | 000,001,992 | ---- | C] () -- C:\Users\Gimhan-Rayan\Desktop\Continue installation - 7zip.lnk
[2013/06/25 19:47:58 | 000,001,116 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Express Zip.lnk
[2013/06/25 08:59:02 | 000,000,000 | ---- | C] () -- C:\Windows\WD.INI
[2013/06/24 20:48:11 | 000,001,539 | ---- | C] () -- C:\Users\Public\Desktop\MetaTrader - Alpari UK.lnk
[2013/06/07 05:19:51 | 000,175,176 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/06/07 05:19:44 | 000,049,376 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013/05/21 22:10:33 | 000,000,218 | ---- | C] () -- C:\Users\Gimhan-Rayan\.recently-used.xbel
[2013/04/27 05:17:29 | 000,156,160 | ---- | C] () -- C:\Windows\System32\WS_ContextMenu.dll
[2012/02/20 15:28:25 | 000,000,172 | ---- | C] () -- C:\Windows\ODBC.INI
[2012/02/12 07:40:06 | 000,180,624 | ---- | C] () -- C:\Windows\System32\Primomonnt.dll
[2012/02/04 10:38:31 | 000,000,568 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/02/02 06:38:39 | 000,000,000 | ---- | C] () -- C:\Users\Gimhan-Rayan\AppData\Local\{161FA095-98BD-48E4-B32F-27DE8856F672}
[2012/01/28 14:56:12 | 000,138,464 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2012/01/28 14:56:11 | 000,022,328 | ---- | C] () -- C:\Users\Gimhan-Rayan\AppData\Roaming\PnkBstrK.sys
[2012/01/28 14:55:35 | 000,682,280 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2012/01/27 21:43:26 | 000,000,051 | ---- | C] () -- C:\Users\Gimhan-Rayan\jagex_cl_runescape_LIVE.dat
[2012/01/27 21:43:26 | 000,000,024 | ---- | C] () -- C:\Users\Gimhan-Rayan\random.dat
[2012/01/06 12:06:58 | 000,000,004 | ---- | C] () -- C:\Windows\vx86036.dat
[2012/01/06 12:06:53 | 000,000,071 | ---- | C] () -- C:\Windows\Crypkey.ini
[2012/01/06 12:06:40 | 000,031,846 | ---- | C] () -- C:\Windows\System32\Ckldrv.sys
[2012/01/06 12:06:40 | 000,027,648 | R--- | C] () -- C:\Windows\Setup_ck.exe
[2012/01/06 12:06:40 | 000,018,432 | ---- | C] () -- C:\Windows\Setup_ck.dll
[2012/01/06 12:06:40 | 000,011,776 | ---- | C] () -- C:\Windows\Ckrfresh.exe
[2011/12/31 07:51:51 | 000,028,672 | ---- | C] () -- C:\Windows\SNVerifyDLL.dll
[2011/12/03 20:44:26 | 000,020,312 | ---- | C] () -- C:\Windows\System32\RegistryDefragBootTime.exe
[2011/11/15 11:35:59 | 000,000,577 | ---- | C] () -- C:\Users\Gimhan-Rayan\AppData\Roaming\AutoGK.ini
[2011/11/10 18:24:20 | 000,000,000 | ---- | C] () -- C:\Users\Gimhan-Rayan\AppData\Local\{222E5CAE-202C-4D46-9317-29943CD4715D}
[2011/11/06 11:22:58 | 000,000,000 | ---- | C] () -- C:\Users\Gimhan-Rayan\AppData\Local\{4322FE1F-ACAE-4F71-A684-80161E1ECC8C}
[2011/10/27 06:08:32 | 000,000,182 | ---- | C] () -- C:\Users\Gimhan-Rayan\.packettracer
[2011/10/13 15:41:39 | 000,000,132 | ---- | C] () -- C:\Users\Gimhan-Rayan\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2011/10/02 06:49:15 | 000,000,000 | ---- | C] () -- C:\Users\Gimhan-Rayan\AppData\Local\{811786F0-FE28-4568-9D35-AF6AB2557D45}
[2011/08/11 00:33:50 | 000,000,000 | ---- | C] () -- C:\Users\Gimhan-Rayan\AppData\Local\{E7073897-4897-4B2C-842A-999D2F5D2D76}
[2011/07/30 14:16:09 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011/07/27 21:07:34 | 000,000,000 | ---- | C] () -- C:\Users\Gimhan-Rayan\AppData\Local\{B4E83F26-6DCE-4076-9341-B8905B9DF8D7}
[2011/07/17 16:44:56 | 000,388,823 | ---- | C] () -- C:\Users\Gimhan-Rayan\hping.exe
[2011/07/17 16:44:56 | 000,025,256 | ---- | C] () -- C:\Users\Gimhan-Rayan\ars.c
[2011/07/17 16:44:56 | 000,018,990 | ---- | C] () -- C:\Users\Gimhan-Rayan\parseoptions.c
[2011/07/17 16:44:56 | 000,016,972 | ---- | C] () -- C:\Users\Gimhan-Rayan\waitpacket.c
[2011/07/17 16:44:56 | 000,015,537 | ---- | C] () -- C:\Users\Gimhan-Rayan\parseoptions.o
[2011/07/17 16:44:56 | 000,015,136 | ---- | C] () -- C:\Users\Gimhan-Rayan\getifname.c
[2011/07/17 16:44:56 | 000,014,495 | ---- | C] () -- C:\Users\Gimhan-Rayan\hping2.h
[2011/07/17 16:44:56 | 000,014,226 | ---- | C] () -- C:\Users\Gimhan-Rayan\apd.c
[2011/07/17 16:44:56 | 000,013,597 | ---- | C] () -- C:\Users\Gimhan-Rayan\sendip.c
[2011/07/17 16:44:56 | 000,013,452 | ---- | C] () -- C:\Users\Gimhan-Rayan\ars.h
[2011/07/17 16:44:56 | 000,011,446 | ---- | C] () -- C:\Users\Gimhan-Rayan\apd.o
[2011/07/17 16:44:56 | 000,010,799 | ---- | C] () -- C:\Users\Gimhan-Rayan\waitpacket.o
[2011/07/17 16:44:56 | 000,010,504 | ---- | C] () -- C:\Users\Gimhan-Rayan\main.c
[2011/07/17 16:44:56 | 000,010,172 | ---- | C] () -- C:\Users\Gimhan-Rayan\split.c
[2011/07/17 16:44:56 | 000,009,797 | ---- | C] () -- C:\Users\Gimhan-Rayan\winscan.c
[2011/07/17 16:44:56 | 000,009,073 | ---- | C] () -- C:\Users\Gimhan-Rayan\ars.o
[2011/07/17 16:44:56 | 000,008,885 | ---- | C] () -- C:\Users\Gimhan-Rayan\main.o
[2011/07/17 16:44:56 | 000,008,139 | ---- | C] () -- C:\Users\Gimhan-Rayan\sendicmp.c
[2011/07/17 16:44:56 | 000,008,057 | ---- | C] () -- C:\Users\Gimhan-Rayan\hping.dev
[2011/07/17 16:44:56 | 000,007,230 | ---- | C] () -- C:\Users\Gimhan-Rayan\sendip.o
[2011/07/17 16:44:56 | 000,006,778 | ---- | C] () -- C:\Users\Gimhan-Rayan\antigetopt.c
[2011/07/17 16:44:56 | 000,006,771 | ---- | C] () -- C:\Users\Gimhan-Rayan\usage.c
[2011/07/17 16:44:56 | 000,006,665 | ---- | C] () -- C:\Users\Gimhan-Rayan\winscan.o
[2011/07/17 16:44:56 | 000,006,181 | ---- | C] () -- C:\Users\Gimhan-Rayan\usage.o
[2011/07/17 16:44:56 | 000,005,033 | ---- | C] () -- C:\Users\Gimhan-Rayan\Makefile.win
[2011/07/17 16:44:56 | 000,004,878 | ---- | C] () -- C:\Users\Gimhan-Rayan\getifname.o
[2011/07/17 16:44:56 | 000,004,724 | ---- | C] () -- C:\Users\Gimhan-Rayan\split.o
[2011/07/17 16:44:56 | 000,004,487 | ---- | C] () -- C:\Users\Gimhan-Rayan\hping.layout
[2011/07/17 16:44:56 | 000,004,186 | ---- | C] () -- C:\Users\Gimhan-Rayan\sendicmp.o
[2011/07/17 16:44:56 | 000,003,823 | ---- | C] () -- C:\Users\Gimhan-Rayan\display_ipopt.c
[2011/07/17 16:44:56 | 000,003,477 | ---- | C] () -- C:\Users\Gimhan-Rayan\send.c
[2011/07/17 16:44:56 | 000,003,302 | ---- | C] () -- C:\Users\Gimhan-Rayan\rtt.c
[2011/07/17 16:44:56 | 000,003,235 | ---- | C] () -- C:\Users\Gimhan-Rayan\antigetopt.o
[2011/07/17 16:44:56 | 000,002,873 | ---- | C] () -- C:\Users\Gimhan-Rayan\sendtcp.c
[2011/07/17 16:44:56 | 000,002,850 | ---- | C] () -- C:\Users\Gimhan-Rayan\strlcpy.c
[2011/07/17 16:44:56 | 000,002,830 | ---- | C] () -- C:\Users\Gimhan-Rayan\send.o
[2011/07/17 16:44:56 | 000,002,801 | ---- | C] () -- C:\Users\Gimhan-Rayan\globals.h
[2011/07/17 16:44:56 | 000,002,458 | ---- | C] () -- C:\Users\Gimhan-Rayan\getlhs.o
[2011/07/17 16:44:56 | 000,002,259 | ---- | C] () -- C:\Users\Gimhan-Rayan\rtt.o
[2011/07/17 16:44:56 | 000,002,221 | ---- | C] () -- C:\Users\Gimhan-Rayan\sendtcp.o
[2011/07/17 16:44:56 | 000,002,207 | ---- | C] () -- C:\Users\Gimhan-Rayan\statistics.o
[2011/07/17 16:44:56 | 000,002,173 | ---- | C] () -- C:\Users\Gimhan-Rayan\sendudp.c
[2011/07/17 16:44:56 | 000,002,115 | ---- | C] () -- C:\Users\Gimhan-Rayan\getlhs.c
[2011/07/17 16:44:56 | 000,002,065 | ---- | C] () -- C:\Users\Gimhan-Rayan\statistics.c
[2011/07/17 16:44:56 | 000,002,046 | ---- | C] () -- C:\Users\Gimhan-Rayan\winctrl_z.c
[2011/07/17 16:44:56 | 000,002,004 | ---- | C] () -- C:\Users\Gimhan-Rayan\logicmp.o
[2011/07/17 16:44:56 | 000,001,992 | ---- | C] () -- C:\Users\Gimhan-Rayan\listen.c
[2011/07/17 16:44:56 | 000,001,975 | ---- | C] () -- C:\Users\Gimhan-Rayan\wintimer.c
[2011/07/17 16:44:56 | 000,001,892 | ---- | C] () -- C:\Users\Gimhan-Rayan\libpcap_stuff.c
[2011/07/17 16:44:56 | 000,001,871 | ---- | C] () -- C:\Users\Gimhan-Rayan\listen.o
[2011/07/17 16:44:56 | 000,001,863 | ---- | C] () -- C:\Users\Gimhan-Rayan\hstring.c
[2011/07/17 16:44:56 | 000,001,862 | ---- | C] () -- C:\Users\Gimhan-Rayan\logicmp.c
[2011/07/17 16:44:56 | 000,001,826 | ---- | C] () -- C:\Users\Gimhan-Rayan\display_ipopt.o
[2011/07/17 16:44:56 | 000,001,817 | ---- | C] () -- C:\Users\Gimhan-Rayan\datafiller.c
[2011/07/17 16:44:56 | 000,001,780 | ---- | C] () -- C:\Users\Gimhan-Rayan\ip_opt_build.c
[2011/07/17 16:44:56 | 000,001,714 | ---- | C] () -- C:\Users\Gimhan-Rayan\datafiller.o
[2011/07/17 16:44:56 | 000,001,680 | ---- | C] () -- C:\Users\Gimhan-Rayan\in.h
[2011/07/17 16:44:56 | 000,001,645 | ---- | C] () -- C:\Users\Gimhan-Rayan\sendip_handler.o
[2011/07/17 16:44:56 | 000,001,597 | ---- | C] () -- C:\Users\Gimhan-Rayan\sendip_handler.c
[2011/07/17 16:44:56 | 000,001,591 | ---- | C] () -- C:\Users\Gimhan-Rayan\winctrl_z.o
[2011/07/17 16:44:56 | 000,001,508 | ---- | C] () -- C:\Users\Gimhan-Rayan\sendudp.o
[2011/07/17 16:44:56 | 000,001,508 | ---- | C] () -- C:\Users\Gimhan-Rayan\libpcap_stuff.o
[2011/07/17 16:44:56 | 000,001,459 | ---- | C] () -- C:\Users\Gimhan-Rayan\ip_opt_build.o
[2011/07/17 16:44:56 | 000,001,431 | ---- | C] () -- C:\Users\Gimhan-Rayan\gethostname.c
[2011/07/17 16:44:56 | 000,001,366 | ---- | C] () -- C:\Users\Gimhan-Rayan\wintimer.o
[2011/07/17 16:44:56 | 000,001,295 | ---- | C] () -- C:\Users\Gimhan-Rayan\sendhcmp.c
[2011/07/17 16:44:56 | 000,001,156 | ---- | C] () -- C:\Users\Gimhan-Rayan\gethostname.o
[2011/07/17 16:44:56 | 000,001,143 | ---- | C] () -- C:\Users\Gimhan-Rayan\arsglue.o
[2011/07/17 16:44:56 | 000,001,093 | ---- | C] () -- C:\Users\Gimhan-Rayan\resolve.c
[2011/07/17 16:44:56 | 000,001,084 | ---- | C] () -- C:\Users\Gimhan-Rayan\getusec.c
[2011/07/17 16:44:56 | 000,001,047 | ---- | C] () -- C:\Users\Gimhan-Rayan\hstring.o
[2011/07/17 16:44:56 | 000,001,022 | ---- | C] () -- C:\Users\Gimhan-Rayan\antigetopt.h
[2011/07/17 16:44:56 | 000,001,021 | ---- | C] () -- C:\Users\Gimhan-Rayan\datahandler.o
[2011/07/17 16:44:56 | 000,000,997 | ---- | C] () -- C:\Users\Gimhan-Rayan\sendhcmp.o
[2011/07/17 16:44:56 | 000,000,967 | ---- | C] () -- C:\Users\Gimhan-Rayan\relid.c
[2011/07/17 16:44:56 | 000,000,919 | ---- | C] () -- C:\Users\Gimhan-Rayan\sockopt.c
[2011/07/17 16:44:56 | 000,000,896 | ---- | C] () -- C:\Users\Gimhan-Rayan\sendrawip.o
[2011/07/17 16:44:56 | 000,000,875 | ---- | C] () -- C:\Users\Gimhan-Rayan\datahandler.c
[2011/07/17 16:44:56 | 000,000,837 | ---- | C] () -- C:\Users\Gimhan-Rayan\sockopt.o
[2011/07/17 16:44:56 | 000,000,820 | ---- | C] () -- C:\Users\Gimhan-Rayan\cksum.c
[2011/07/17 16:44:56 | 000,000,789 | ---- | C] () -- C:\Users\Gimhan-Rayan\bytesex.h
[2011/07/17 16:44:56 | 000,000,788 | ---- | C] () -- C:\Users\Gimhan-Rayan\resolve.o
[2011/07/17 16:44:56 | 000,000,728 | ---- | C] () -- C:\Users\Gimhan-Rayan\version.o
[2011/07/17 16:44:56 | 000,000,711 | ---- | C] () -- C:\Users\Gimhan-Rayan\relid.o
[2011/07/17 16:44:56 | 000,000,633 | ---- | C] () -- C:\Users\Gimhan-Rayan\arsglue.c
[2011/07/17 16:44:56 | 000,000,632 | ---- | C] () -- C:\Users\Gimhan-Rayan\version.c
[2011/07/17 16:44:56 | 000,000,606 | ---- | C] () -- C:\Users\Gimhan-Rayan\opensockraw.c
[2011/07/17 16:44:56 | 000,000,603 | ---- | C] () -- C:\Users\Gimhan-Rayan\opensockraw.o
[2011/07/17 16:44:56 | 000,000,585 | ---- | C] () -- C:\Users\Gimhan-Rayan\memstr.c
[2011/07/17 16:44:56 | 000,000,569 | ---- | C] () -- C:\Users\Gimhan-Rayan\memlockall.c
[2011/07/17 16:44:56 | 000,000,538 | ---- | C] () -- C:\Users\Gimhan-Rayan\getusec.o
[2011/07/17 16:44:56 | 000,000,528 | ---- | C] () -- C:\Users\Gimhan-Rayan\release.h
[2011/07/17 16:44:56 | 000,000,525 | ---- | C] () -- C:\Users\Gimhan-Rayan\hcmp.h
[2011/07/17 16:44:56 | 000,000,492 | ---- | C] () -- C:\Users\Gimhan-Rayan\cksum.o
[2011/07/17 16:44:56 | 000,000,486 | ---- | C] () -- C:\Users\Gimhan-Rayan\sendrawip.c
[2011/07/17 16:44:56 | 000,000,448 | ---- | C] () -- C:\Users\Gimhan-Rayan\memstr.o
[2011/07/17 16:44:56 | 000,000,420 | ---- | C] () -- C:\Users\Gimhan-Rayan\strlcpy.o
[2011/07/17 16:44:56 | 000,000,352 | ---- | C] () -- C:\Users\Gimhan-Rayan\memlockall.o
[2011/07/17 16:44:56 | 000,000,177 | ---- | C] () -- C:\Users\Gimhan-Rayan\byteorder.h
[2011/07/17 16:44:56 | 000,000,146 | ---- | C] () -- C:\Users\Gimhan-Rayan\hstring.h
[2011/07/17 16:44:56 | 000,000,086 | ---- | C] () -- C:\Users\Gimhan-Rayan\systype.h
[2011/07/15 19:08:24 | 000,010,260 | ---- | C] () -- C:\Users\Gimhan-Rayan\supernatural.s06e15.720p.hdtv.x264-immerse.avi
[2011/07/15 15:14:02 | 287,741,564 | ---- | C] () -- C:\Users\Gimhan-Rayan\supernatural.s06e14.720p.hdtv.x264-immerse.avi
[2011/07/15 15:00:02 | 291,656,416 | ---- | C] () -- C:\Users\Gimhan-Rayan\supernatural.s06e13.720p.hdtv.x264-2hd.avi
[2011/07/15 14:47:18 | 301,267,776 | ---- | C] () -- C:\Users\Gimhan-Rayan\supernatural.s06e12.720p.hdtv.x264-immerse.avi
[2011/07/15 14:33:02 | 297,717,560 | ---- | C] () -- C:\Users\Gimhan-Rayan\Supernatural - [6x11] - Appointment in Samarra.avi
[2011/07/15 14:16:47 | 299,839,414 | ---- | C] () -- C:\Users\Gimhan-Rayan\Supernatural - [6x10] - Caged Heat.avi
[2011/07/11 18:46:11 | 303,547,510 | ---- | C] () -- C:\Users\Gimhan-Rayan\Smallville.S10E17.Kent.avi
[2011/07/11 18:24:45 | 303,300,576 | ---- | C] () -- C:\Users\Gimhan-Rayan\Smallville.S10E18.Booster.avi
[2011/07/10 14:49:54 | 000,002,048 | ---- | C] () -- C:\Users\Gimhan-Rayan\AppData\Roaming\Superfoto Editor 2011 Prefs
[2011/07/09 17:29:27 | 302,590,604 | ---- | C] () -- C:\Users\Gimhan-Rayan\Smallville.S10E16.Scion.avi
[2011/07/09 16:58:28 | 302,349,168 | ---- | C] () -- C:\Users\Gimhan-Rayan\Smallville.S10E15.Fortune.avi
[2011/07/09 16:22:44 | 304,776,006 | ---- | C] () -- C:\Users\Gimhan-Rayan\Smallville.S10E14.Masquerade.avi
[2011/07/09 15:45:15 | 302,028,476 | ---- | C] () -- C:\Users\Gimhan-Rayan\Smallville.S10E13.Beacon.avi
[2011/07/09 15:05:07 | 303,293,292 | ---- | C] () -- C:\Users\Gimhan-Rayan\Smallville.S10E11.col.avi
[2011/07/09 14:15:48 | 307,132,602 | ---- | C] () -- C:\Users\Gimhan-Rayan\Smallville.S10E11.Icarus.avi
[2011/07/08 14:25:53 | 1824,136,170 | ---- | C] () -- C:\Users\Gimhan-Rayan\Untitled.avi
[2011/07/04 15:38:55 | 792,229,946 | ---- | C] () -- C:\Users\Gimhan-Rayan\The.Eagle.2011.DVDR5.450MB.ShAaNiG.com.avi
[2011/06/30 13:55:16 | 000,000,000 | ---- | C] () -- C:\Users\Gimhan-Rayan\_nf__one_piece_movie_09_darklegends.avi
[2011/06/27 15:16:38 | 833,364,258 | ---- | C] () -- C:\Users\Gimhan-Rayan\One.Piece.Movie10.gblog85.avi
[2011/06/02 23:12:05 | 475,410,970 | ---- | C] () -- C:\Users\Gimhan-Rayan\MediaFire4U.Com_Strps.Dd_Cd1.avi
[2011/06/02 22:06:03 | 302,636,428 | ---- | C] () -- C:\Users\Gimhan-Rayan\super.avi
[2011/06/02 22:04:35 | 000,010,260 | ---- | C] () -- C:\Users\Gimhan-Rayan\super
[2011/05/10 21:41:16 | 000,000,132 | ---- | C] () -- C:\Users\Gimhan-Rayan\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2011/05/09 02:03:07 | 000,007,606 | ---- | C] () -- C:\Users\Gimhan-Rayan\AppData\Local\Resmon.ResmonCfg
[2011/04/30 14:26:35 | 000,011,159 | ---- | C] () -- C:\Users\Gimhan-Rayan\gsview32.ini
[2011/03/29 19:56:07 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/03/09 15:00:58 | 000,000,212 | ---- | C] () -- C:\Users\Gimhan-Rayan\.PhotoFilmStrip
[2011/02/25 02:39:41 | 000,002,555 | ---- | C] () -- C:\Users\Gimhan-Rayan\CyberLink PowerDirector.lnk
[2011/02/16 10:46:15 | 000,006,144 | ---- | C] () -- C:\Users\Gimhan-Rayan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/13 12:22:48 | 000,000,132 | ---- | C] () -- C:\Users\Gimhan-Rayan\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/01/19 19:00:40 | 000,000,998 | ---- | C] () -- C:\Users\Gimhan-Rayan\AppData\Roaming\snapperqt.prefs.ini
[2011/01/19 19:00:40 | 000,000,182 | ---- | C] () -- C:\Users\Gimhan-Rayan\AppData\Roaming\snapper.prefs.ini
[2010/01/05 03:26:49 | 027,542,576 | ---- | C] ( ) -- C:\Users\Gimhan-Rayan\AdbeRdr920_fr_FR.exe

========== ZeroAccess Check ==========

[2009/07/14 10:12:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2011/12/13 14:46:55 | 012,867,584 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 06:45:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 06:46:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2011/03/19 11:39:52 | 000,000,000 | ---D | M] -- C:\Users\Gimhan-Rayan\AppData\Roaming\Activision
[2011/01/16 12:29:58 | 000,000,000 | ---D | M] -- C:\Users\Gimhan-Rayan\AppData\Roaming\AnvSoft
[2011/07/30 14:19:29 | 000,000,000 | ---D | M] -- C:\Users\Gimhan-Rayan\AppData\Roaming\avidemux
[2011/04/23 02:01:23 | 000,000,000 | ---D | M] -- C:\Users\Gimhan-Rayan\AppData\Roaming\Bump Technologies, Inc
[2013/07/21 17:58:28 | 000,000,000 | ---D | M] -- C:\Users\Gimhan-Rayan\AppData\Roaming\com.felidae.lms
[2010/11/27 13:59:17 | 000,000,000 | ---D | M] -- C:\Users\Gimhan-Rayan\AppData\Roaming\Command and Conquer 4
[2012/01/05 20:47:31 | 000,000,000 | ---D | M] -- C:\Users\Gimhan-Rayan\AppData\Roaming\dBpoweramp
[2013/06/09 06:03:03 | 000,000,000 | ---D | M] -- C:\Users\Gimhan-Rayan\AppData\Roaming\DG
[2013/07/10 12:49:09 | 000,000,000 | ---D | M] -- C:\Users\Gimhan-Rayan\AppData\Roaming\Digital Confidence
[2013/07/24 09:20:30 | 000,000,000 | ---D | M] -- C:\Users\Gimhan-Rayan\AppData\Roaming\DMCache
[2013/06/23 18:12:58 | 000,000,000 | ---D | M] -- C:\Users\Gimhan-Rayan\AppData\Roaming\Downloaded Installations
[2011/05/01 12:47:44 | 000,000,000 | ---D | M] -- C:\Users\Gimhan-Rayan\AppData\Roaming\Expert PDF Reader
[2011/07/15 15:37:59 | 000,000,000 | ---D | M] -- C:\Users\Gimhan-Rayan\AppData\Roaming\FFSJ
[2012/01/09 11:25:36 | 000,000,000 | ---D | M] -- C:\Users\Gimhan-Rayan\AppData\Roaming\FlySuite
[2011/04/30 14:51:18 | 000,000,000 | ---D | M] -- C:\Users\Gimhan-Rayan\AppData\Roaming\GetRightToGo
[2013/05/21 22:03:29 | 000,000,000 | ---D | M] -- C:\Users\Gimhan-Rayan\AppData\Roaming\gtk-2.0
[2011/03/25 18:20:13 | 000,000,000 | ---D | M] -- C:\Users\Gimhan-Rayan\AppData\Roaming\HideIPEasy
[2013/07/15 23:05:23 | 000,000,000 | ---D | M] -- C:\Users\Gimhan-Rayan\AppData\Roaming\IDM
[2011/05/15 17:24:42 | 000,000,000 | ---D | M] -- C:\Users\Gimhan-Rayan\AppData\Roaming\ImTOO
[2011/01/15 16:56:26 | 000,000,000 | ---D | M] -- C:\Users\Gimhan-Rayan\AppData\Roaming\Internet Download Accelerator
[2011/01/20 09:43:10 | 000,000,000 | ---D | M] -- C:\Users\Gimhan-Rayan\AppData\Roaming\Megaupload
[2013/07/01 15:21:07 | 000,000,000 | ---D | M] -- C:\Users\Gimhan-Rayan\AppData\Roaming\Mipony
[2011/05/19 00:33:06 | 000,000,000 | ---D | M] -- C:\Users\Gimhan-Rayan\AppData\Roaming\Mirillis
[2011/03/05 23:27:15 | 000,000,000 | ---D | M] -- C:\Users\Gimhan-Rayan\AppData\Roaming\MPEG Streamclip
[2013/02/23 22:15:43 | 000,000,000 | ---D | M] -- C:\Users\Gimhan-Rayan\AppData\Roaming\MSSecurity
[2013/07/11 22:37:11 | 000,000,000 | ---D | M] -- C:\Users\Gimhan-Rayan\AppData\Roaming\Nitro PDF
[2012/02/12 07:40:18 | 000,000,000 | ---D | M] -- C:\Users\Gimhan-Rayan\AppData\Roaming\OpenCandy
[2011/01/28 08:46:02 | 000,000,000 | ---D | M] -- C:\Users\Gimhan-Rayan\AppData\Roaming\Opera
[2013/04/20 01:35:55 | 000,000,000 | ---D | M] -- C:\Users\Gimhan-Rayan\AppData\Roaming\PrimoPDF
[2011/03/18 10:38:08 | 000,000,000 | ---D | M] -- C:\Users\Gimhan-Rayan\AppData\Roaming\PunkBuster
[2011/01/23 09:43:14 | 000,000,000 | ---D | M] -- C:\Users\Gimhan-Rayan\AppData\Roaming\Reviversoft
[2013/06/10 04:37:17 | 000,000,000 | ---D | M] -- C:\Users\Gimhan-Rayan\AppData\Roaming\RIFT
[2011/01/19 19:00:20 | 000,000,000 | ---D | M] -- C:\Users\Gimhan-Rayan\AppData\Roaming\snap
[2011/07/23 14:36:57 | 000,000,000 | ---D | M] -- C:\Users\Gimhan-Rayan\AppData\Roaming\SoftMaker
[2011/05/10 21:38:32 | 000,000,000 | ---D | M] -- C:\Users\Gimhan-Rayan\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011/08/13 22:19:10 | 000,000,000 | ---D | M] -- C:\Users\Gimhan-Rayan\AppData\Roaming\Stereoscopic Player
[2011/07/10 14:49:46 | 000,000,000 | ---D | M] -- C:\Users\Gimhan-Rayan\AppData\Roaming\Superfoto Editor 2011
[2013/03/07 03:24:26 | 000,000,000 | ---D | M] -- C:\Users\Gimhan-Rayan\AppData\Roaming\SystemRequirementsLab
[2013/07/20 11:54:36 | 000,000,000 | ---D | M] -- C:\Users\Gimhan-Rayan\AppData\Roaming\TeraCopy
[2011/01/21 19:09:49 | 000,000,000 | ---D | M] -- C:\Users\Gimhan-Rayan\AppData\Roaming\Thinstall
[2011/02/01 17:27:11 | 000,000,000 | ---D | M] -- C:\Users\Gimhan-Rayan\AppData\Roaming\Ubisoft
[2010/01/05 01:49:42 | 000,000,000 | ---D | M] -- C:\Users\Gimhan-Rayan\AppData\Roaming\Western Digital
[2013/04/27 05:17:43 | 000,000,000 | ---D | M] -- C:\Users\Gimhan-Rayan\AppData\Roaming\Wondershare Video Converter Ultimate
[2011/05/26 02:51:40 | 000,000,000 | ---D | M] -- C:\Users\Gimhan-Rayan\AppData\Roaming\Xilisoft Corporation

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2013/05/31 20:56:09 | 027,645,994 | ---- | M] ()(C:\Users\Gimhan-Rayan\Desktop\???? 1.0.0.ipa) -- C:\Users\Gimhan-Rayan\Desktop\オルクス 1.0.0.ipa
[2013/05/31 20:43:04 | 027,645,994 | ---- | C] ()(C:\Users\Gimhan-Rayan\Desktop\???? 1.0.0.ipa) -- C:\Users\Gimhan-Rayan\Desktop\オルクス 1.0.0.ipa

========== Alternate Data Streams ==========

@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:D1B5B4F1

< End of report >
  • 0

Advertisements

#2
ryanex19
Posted 23 July 2013 - 10:48 PM

ryanex19

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
and also today morning i received a mail from twitter saying that"""" Twitter believes that your account may have been compromised by a website or service not associated with Twitter. We've reset your password to prevent others from accessing your account.""""""" this is the first time i got some thing like this is it related to brow defender ??????
  • 0

#3
RKinner
Posted 23 July 2013 - 10:54 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
nvxdsync & nvvsvc are from NVidia so I would leave them alone.


Download the adwCleaner

  • Run the Tool
    Windows Vista and Windows 7 users:
    Right click in the adwCleaner.exe and select the option     Posted Image
  • Select the Delete button.
  • When the scan completes, it will open a notepad windows.
  • Please, copy the content of this file in your next reply.

Right click on your Avast ball in the systray and select About Avast! and tell me what version number you have.


Copy the text in the code box:

DRIVES
nnetsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\assembly\GAC_32\*.ini
%systemroot%\assembly\GAC_64\*.ini
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
rsvpsp.dll
pnrpnsp.dll 
nwprovau.dll
nlaapi.dll
napinsp.dll
mswsock.dll
winrnr.dll
wshelper.dll
services.exe
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
user32.dll
/md5stop
C:\Windows\assembly\tmp\U\*.* /s
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%ProgramFiles%\WINDOWS NT\*.* /s
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.
  • 0

#4
ryanex19
Posted 23 July 2013 - 10:58 PM

ryanex19

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Right click in the adwCleaner.exe and select the option ?? i cant see the image next to it what is it ?
  • 0

#5
ryanex19
Posted 23 July 2013 - 11:11 PM

ryanex19

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
hi heres the adw log
# AdwCleaner v2.306 - Logfile created 07/24/2013 at 10:32:47
# Updated 19/07/2013 by Xplode
# Operating system : Windows 7 Ultimate (32 bits)
# User : Gimhan-Rayan - GIMHAN-RAYAN-PC
# Boot Mode : Normal
# Running from : C:\Users\Gimhan-Rayan\Downloads\Programs\adwcleaner.exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : BrowserDefendert

***** [Files / Folders] *****

File Deleted : C:\user.js
File Deleted : C:\Users\Gimhan-Rayan\AppData\Roaming\Mozilla\Firefox\Profiles\5eoqu9ae.default\bProtector_extensions.rdf
File Deleted : C:\Users\Gimhan-Rayan\AppData\Roaming\Mozilla\Firefox\Profiles\5eoqu9ae.default\extensions\[email protected]
File Deleted : C:\Users\Gimhan-Rayan\AppData\Roaming\Mozilla\Firefox\Profiles\5eoqu9ae.default\searchplugins\Babylon.xml
File Deleted : C:\Users\Gimhan-Rayan\AppData\Roaming\Mozilla\Firefox\Profiles\5eoqu9ae.default\searchplugins\delta.xml
File Deleted : C:\Users\Gimhan-Rayan\AppData\Roaming\Mozilla\Firefox\Profiles\5eoqu9ae.default\searchplugins\mywebsearch.xml
File Deleted : C:\Windows\system32\roboot.exe
File Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2008\Microsoft Visual Studio 2008 Documentation.lnk
Folder Deleted : C:\Program Files\Common Files\ParetoLogic
Folder Deleted : C:\Program Files\delta
Folder Deleted : C:\Program Files\Mozilla Firefox\Extensions\[email protected]
Folder Deleted : C:\Program Files\ParetoLogic
Folder Deleted : C:\Program Files\registry mechanic
Folder Deleted : C:\Program Files\Wondershare
Folder Deleted : C:\Program Files\Yontoo Layers Client
Folder Deleted : C:\ProgramData\BrowserDefender
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ParetoLogic
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\registry mechanic
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
Folder Deleted : C:\ProgramData\ParetoLogic
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Users\GIMHAN~1\AppData\Local\Temp\TempDir
Folder Deleted : C:\Users\Gimhan-Rayan\AppData\Local\Bundled software uninstaller
Folder Deleted : C:\Users\Gimhan-Rayan\AppData\Local\Conduit
Folder Deleted : C:\Users\Gimhan-Rayan\AppData\Local\PackageAware
Folder Deleted : C:\Users\Gimhan-Rayan\AppData\LocalLow\FunWebProducts
Folder Deleted : C:\Users\Gimhan-Rayan\AppData\LocalLow\MyWebSearch
Folder Deleted : C:\Users\Gimhan-Rayan\AppData\LocalLow\Seekmo
Folder Deleted : C:\Users\Gimhan-Rayan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender
Folder Deleted : C:\Users\Gimhan-Rayan\AppData\Roaming\Mozilla\Firefox\Profiles\5eoqu9ae.default\ConduitCommon
Folder Deleted : C:\Users\Gimhan-Rayan\AppData\Roaming\Mozilla\Firefox\Profiles\5eoqu9ae.default\CT2418376
Folder Deleted : C:\Users\Gimhan-Rayan\AppData\Roaming\Mozilla\Firefox\Profiles\5eoqu9ae.default\extensions\{9565115d-c7d6-46d3-bd63-b67b481a4368}
Folder Deleted : C:\Users\Gimhan-Rayan\AppData\Roaming\OpenCandy

***** [Registry] *****

Key Deleted : HKCU\Software\a538fdfb53bb847
Key Deleted : HKCU\Software\AppDataLow\Software\Fun Web Products
Key Deleted : HKCU\Software\AppDataLow\Software\FunWebProducts
Key Deleted : HKCU\Software\AppDataLow\Software\MyWebSearch
Key Deleted : HKCU\Software\AppDataLow\Software\ShoppingReport2
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\Toolbar
Key Deleted : HKCU\Software\BabSolution
Key Deleted : HKCU\Software\BI
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Delta
Key Deleted : HKCU\Software\Headlight
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF6-072E-44CF-8957-5838F569A31D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKCU\Software\StartSearch
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\SOFTWARE\a538fdfb53bb847
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{67FA02C4-AB30-4E77-A640-78EE8EC8673B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2418376
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Delta
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller
Key Deleted : HKLM\Software\Tarma Installer

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7600.16385

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=AEA600241DC490F4&affID=119821&tt=210713_ctrl&tsp=4951 --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://www1.delta-search.com/?babsrc=NT_ss&mntrId=AEA600241DC490F4&affID=119821&tt=210713_ctrl&tsp=4951 --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - bProtectTabs] = hxxp://www1.delta-search.com/?babsrc=NT_ss&mntrId=AEA600241DC490F4&affID=119821&tt=210713_ctrl&tsp=4951 --> hxxp://www.google.com

-\\ Mozilla Firefox v20.0.1 (en-US)

File : C:\Users\Gimhan-Rayan\AppData\Roaming\Mozilla\Firefox\Profiles\5eoqu9ae.default\prefs.js

C:\Users\Gimhan-Rayan\AppData\Roaming\Mozilla\Firefox\Profiles\5eoqu9ae.default\user.js ... Deleted !

Deleted : user_pref("CT2418376..clientLogIsEnabled", true);
Deleted : user_pref("CT2418376..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT2418376..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT2418376.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Deleted : user_pref("CT2418376.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2418376.AppTrackingLastCheckTime", "Wed Nov 16 2011 09:43:55 GMT+0000 (Coordinated Univ[...]
Deleted : user_pref("CT2418376.CTID", "CT2418376");
Deleted : user_pref("CT2418376.CurrentServerDate", "23-12-2011");
Deleted : user_pref("CT2418376.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2418376.DialogsGetterLastCheckTime", "Tue Dec 20 2011 11:13:55 GMT+0000 (Coordinated Un[...]
Deleted : user_pref("CT2418376.DownloadReferralCookieData", "");
Deleted : user_pref("CT2418376.ExternalComponentPollDate5694225620172914022", "Fri Dec 23 2011 05:17:47 GMT+00[...]
Deleted : user_pref("CT2418376.FirstServerDate", "21-1-2011");
Deleted : user_pref("CT2418376.FirstTime", true);
Deleted : user_pref("CT2418376.FirstTimeFF3", true);
Deleted : user_pref("CT2418376.FirstTimeSettingsDone", true);
Deleted : user_pref("CT2418376.FixPageNotFoundErrors", true);
Deleted : user_pref("CT2418376.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2418376.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2418376.HasUserGlobalKeys", true);
Deleted : user_pref("CT2418376.HomePageProtectorEnabled", false);
Deleted : user_pref("CT2418376.Initialize", true);
Deleted : user_pref("CT2418376.InitializeCommonPrefs", true);
Deleted : user_pref("CT2418376.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT2418376.InstallationType", "UnknownIntegration");
Deleted : user_pref("CT2418376.InstalledDate", "Fri Jan 21 2011 07:09:17 GMT-0800 (Pacific Standard Time)");
Deleted : user_pref("CT2418376.IsAlertDBUpdated", true);
Deleted : user_pref("CT2418376.IsGrouping", false);
Deleted : user_pref("CT2418376.IsMulticommunity", false);
Deleted : user_pref("CT2418376.IsOpenThankYouPage", false);
Deleted : user_pref("CT2418376.IsOpenUninstallPage", true);
Deleted : user_pref("CT2418376.LanguagePackLastCheckTime", "Fri Dec 23 2011 05:17:50 GMT+0000 (Coordinated Uni[...]
Deleted : user_pref("CT2418376.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2418376.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2418376.LastLogin_2.7.2.0", "Wed Jan 26 2011 00:48:59 GMT-0800 (Pacific Standard Time)"[...]
Deleted : user_pref("CT2418376.LastLogin_3.5.0.12", "Sat Oct 22 2011 15:07:32 GMT+0000 (Coordinated Universal [...]
Deleted : user_pref("CT2418376.LastLogin_3.7.0.6", "Mon Nov 14 2011 06:48:06 GMT+0000 (Coordinated Universal T[...]
Deleted : user_pref("CT2418376.LastLogin_3.8.0.8", "Wed Dec 21 2011 17:50:14 GMT+0000 (Coordinated Universal T[...]
Deleted : user_pref("CT2418376.LastLogin_3.8.1.0", "Fri Dec 23 2011 05:17:48 GMT+0000 (Coordinated Universal T[...]
Deleted : user_pref("CT2418376.LatestVersion", "3.8.1.0");
Deleted : user_pref("CT2418376.Locale", "en");
Deleted : user_pref("CT2418376.LoginCache", 4);
Deleted : user_pref("CT2418376.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2418376.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2418376.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2418376.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT2418376.SHRINK_TOOLBAR", 1);
Deleted : user_pref("CT2418376.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Deleted : user_pref("CT2418376.SearchEngineBeforeUnload", "My Web Search");
Deleted : user_pref("CT2418376.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2418376.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT241[...]
Deleted : user_pref("CT2418376.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2418376.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2418376.SearchInNewTabLastCheckTime", "Fri Dec 23 2011 05:17:49 GMT+0000 (Coordinated U[...]
Deleted : user_pref("CT2418376.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2418376.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]
Deleted : user_pref("CT2418376.SearchProtectorEnabled", false);
Deleted : user_pref("CT2418376.SearchProtectorToolbarDisabled", false);
Deleted : user_pref("CT2418376.ServiceMapLastCheckTime", "Fri Dec 23 2011 05:17:48 GMT+0000 (Coordinated Unive[...]
Deleted : user_pref("CT2418376.SettingsCheckIntervalMin", 120);
Deleted : user_pref("CT2418376.SettingsLastCheckTime", "Fri Dec 23 2011 05:17:47 GMT+0000 (Coordinated Univers[...]
Deleted : user_pref("CT2418376.SettingsLastUpdate", "1321973056");
Deleted : user_pref("CT2418376.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2418376.ThirdPartyComponentsLastCheck", "Sat Dec 10 2011 15:27:36 GMT+0000 (Coordinated[...]
Deleted : user_pref("CT2418376.ThirdPartyComponentsLastUpdate", "1312887586");
Deleted : user_pref("CT2418376.ToolbarShrinkedFromSetup", false);
Deleted : user_pref("CT2418376.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2418376");
Deleted : user_pref("CT2418376.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT2418376.UserID", "UN50251426786192223");
Deleted : user_pref("CT2418376.ValidationData_Toolbar", 2);
Deleted : user_pref("CT2418376.alertChannelId", "812740");
Deleted : user_pref("CT2418376.clientLogIsEnabled", true);
Deleted : user_pref("CT2418376.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Deleted : user_pref("CT2418376.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT2418376.globalFirstTimeInfoLastCheckTime", "Fri Dec 23 2011 05:17:49 GMT+0000 (Coordina[...]
Deleted : user_pref("CT2418376.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT2418376.initDone", true);
Deleted : user_pref("CT2418376.isAppTrackingManagerOn", true);
Deleted : user_pref("CT2418376.myStuffEnabled", true);
Deleted : user_pref("CT2418376.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2418376.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2418376.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2418376.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2418376.oldAppsList", "128994482097350312,128994482097506563,111,5694225620172914022,12[...]
Deleted : user_pref("CT2418376.revertSettingsEnabled", true);
Deleted : user_pref("CT2418376.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT2418376.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT2418376.testingCtid", "");
Deleted : user_pref("CT2418376.toolbarAppMetaDataLastCheckTime", "Fri Dec 23 2011 05:17:49 GMT+0000 (Coordinat[...]
Deleted : user_pref("CT2418376.toolbarContextMenuLastCheckTime", "Tue Dec 20 2011 11:13:52 GMT+0000 (Coordinat[...]
Deleted : user_pref("CT2418376.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Deleted : user_pref("CT2418376.usagesFlag", 2);
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2418376/CT2418376[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/812740/808552/LK", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2418376", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.5.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2418376",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2418376&octid=[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2418376/CT2418376[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"1d8[...]
Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Gimhan-Rayan\\AppData\\Roaming\\Moz[...]
Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.8.1.0");
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://start.facemoods.com/results.php?f[...]
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2418376");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2418376");
Deleted : user_pref("CommunityToolbar.globalUserId", "c257d94a-00c5-4b3d-acc1-11cb2bc58c7b");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Tue Dec 20 2011 11:13:5[...]
Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Fri Dec 23 2011 05:17:57 GMT+000[...]
Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Fri Dec 23 2011 05:17:48 GMT+0000 (C[...]
Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.notifications.userId", "a37588f2-9b71-43f7-8484-fd8bfb87a0d2");
Deleted : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Deleted : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");
Deleted : user_pref("browser.search.order.1", "Search the web (Babylon)");
Deleted : user_pref("browser.search.selectedEngine", "Delta Search");
Deleted : user_pref("browser.startup.homepage", "hxxp://search.babylon.com/?AF=100490&babsrc=HP_ss&mntrId=aea6[...]
Deleted : user_pref("extensions.BabylonToolbar.admin", false);
Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Deleted : user_pref("extensions.BabylonToolbar.babExt", "");
Deleted : user_pref("extensions.BabylonToolbar.babTrack", "affID=100490");
Deleted : user_pref("extensions.BabylonToolbar.bbDpng", 23);
Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Deleted : user_pref("extensions.BabylonToolbar.dfltSrch", true);
Deleted : user_pref("extensions.BabylonToolbar.hmpg", true);
Deleted : user_pref("extensions.BabylonToolbar.id", "aea617d600000000000000241dc490f4");
Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15315");
Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Deleted : user_pref("extensions.BabylonToolbar.keyWordUrl", "hxxp://search.babylon.com/?AF=100490&babsrc=adbar[...]
Deleted : user_pref("extensions.BabylonToolbar.lastDP", 23);
Deleted : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.5.3.173:44:08");
Deleted : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "8.0");
Deleted : user_pref("extensions.BabylonToolbar.newTab", true);
Deleted : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_FFUP");
Deleted : user_pref("extensions.BabylonToolbar.noFFXTlbr", false);
Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Deleted : user_pref("extensions.BabylonToolbar.propectorlck", 63177527);
Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 1);
Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 1);
Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Deleted : user_pref("extensions.BabylonToolbar.ptch_0717", true);
Deleted : user_pref("extensions.BabylonToolbar.smplGrp", "none");
Deleted : user_pref("extensions.BabylonToolbar.srcExt", "ss");
Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "tb9");
Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.5.3.17");
Deleted : user_pref("extensions.BabylonToolbar.vrsnTs", "1.5.3.173:44:08");
Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.5.3.17");
Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=100490");
Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "aea617d600000000000000241dc490f4");
Deleted : user_pref("extensions.BabylonToolbar_i.id", "aea617d600000000000000241dc490f4");
Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15315");
Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Deleted : user_pref("extensions.BabylonToolbar_i.newTab", false);
Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.173:44:08");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Deleted : user_pref("extensions.facemoods.aflt", "_#fsy");
Deleted : user_pref("extensions.facemoods.firstRun", false);
Deleted : user_pref("extensions.mywebsearch.openSearchURL", "hxxp://search.mywebsearch.com/mywebsearch/opensea[...]
Deleted : user_pref("extensions.mywebsearch.prevKwdEnabled", true);
Deleted : user_pref("extensions.mywebsearch.prevKwdURL", "hxxp://start.facemoods.com/results.php?f=5&a=fsy&q="[...]
Deleted : user_pref("extentions.y2layers.installId", "0fc78d77-15fa-4a98-80bb-7def4b9ef0df");
Deleted : user_pref("extentions.y2layers.lastDnsTest", 367883);
Deleted : user_pref("keyword.URL", "hxxp://start.facemoods.com/results.php?f=5&a=fsy&q=");

-\\ Google Chrome v27.0.1453.116

File : C:\Users\Gimhan-Rayan\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.2697] : homepage = "hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=AEA600241DC490F4&affID=119821&tt=2[...]

-\\ Opera v11.1.1190.0

File : C:\Users\Gimhan-Rayan\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [22975 octets] - [24/07/2013 10:29:39]
AdwCleaner[R2].txt - [23036 octets] - [24/07/2013 10:32:29]
AdwCleaner[S1].txt - [23447 octets] - [24/07/2013 10:32:47]

########## EOF - C:\AdwCleaner[S1].txt - [23508 octets] ##########
  • 0

#6
ryanex19
Posted 23 July 2013 - 11:13 PM

ryanex19

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
my virus def num is 130723-1 and that browser defender process is not shown in my taskman anymore does that means my pc is safe ?
  • 0

#7
RKinner
Posted 24 July 2013 - 12:21 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Sorry about the image. You chose the correct option.

Browser Defender is just adware. It's a nuisance but not really dangerous.

I asked about Avast because I wanted to make sure you had the latest version (8.0.1489). You have the latest definitions so I assume you have the same version that I do. Tonight before you go to bed, start a boot-time scan. It will run most of the night if it's like mine.


First mute the speakers so it won't wake you up when Windows loads. Click on the Orange ball. Click on Security. Click on AntiVirus. Scroll down to the bottom and find Boot-time scan. Click on Settings. Where it says Heuristic Sensitivity click on the last rectangle so that all of them are orange and it says High. Then change When a threat is found ... to: Move to Chest. OK. Now click on Schedule Now. Close the Avast window and then reboot. The scan will start. It will tell you where it will save the report. Usually it's
C:\ProgramData\AVAST Software\Avast\report\aswBoot.txt but it might change so verify the location. When Windows loads Click on the Orange Ball then Maintenance then Scan Logs. Click on the Boot-time scan log and then View Results. IF it found anything then open the saved Report and copy and paste the text into a reply so I can see it.
  • 0

#8
ryanex19
Posted 24 July 2013 - 12:51 AM

ryanex19

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
ok i will post it here tonight ,thank you for you assistance :) its a huge help
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP