I run win7 64 bit Ultimate. The security tools are Windows Firewall, MSE, MBAM pro, on demand SuperAntispyware and Sandboxie. I have just taken a free trial of Zemana Antilogger.
All browsing is done in SB; a separate SB is used for online transactions. I have stopped double clicking web links in emails. I always cut and paste them the links in the email, provided they are from known sources and I am reasonably confident of the source. All attachments are downloaded, scanned by MSE, MBAM and Virus total (hash check) before running. The rest of emails with/without any attachment, if from unknown source, is deleted.
I was expecting an attachment from payroll. An email did come and paid the price for deviating from the routine. I realised my mistake instantaneously but it is too late to retrace the steps. I did the VT hascheck and it throw many malwares/viruses.
MBAM, MSE and TDSSKiller did not find anything. SuperAntispyware picked up a malware from the attachment that I had sent to the Recycle Bin. Ditto in the case of ESET online scanner;
The workstation logs of OTL, OTL extra, MBAM, TDSSKiller and ESet are attached. I am also attaching an image of the VT Hash Check.
I have a notebook, which keeps in sync with the workstation. I am not sure if that is also infected.
I request someone to help me check if the infections are still active.
Thanks,
Sundar
--------------------------
OTL
--------------------------
OTL logfile created on: 27/02/2013 17:43:35 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Sundars\Desktop\GeeksFeb13
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
28.00 Gb Total Physical Memory | 19.20 Gb Available Physical Memory | 68.56% Memory free
56.00 Gb Paging File | 47.34 Gb Available in Paging File | 84.54% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.76 Gb Total Space | 373.20 Gb Free Space | 80.13% Space Free | Partition Type: NTFS
Drive D: | 1397.27 Gb Total Space | 1217.79 Gb Free Space | 87.15% Space Free | Partition Type: NTFS
Drive F: | 3.99 Gb Total Space | 3.29 Gb Free Space | 82.42% Space Free | Partition Type: NTFS
Computer Name: SUNDARS-PC | User Name: Sundars | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013/02/27 16:01:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sundars\Desktop\GeeksFeb13\OTL.exe
PRC - [2013/02/13 09:18:54 | 002,115,416 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
PRC - [2013/02/13 09:18:54 | 001,124,184 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2013/02/07 12:35:46 | 000,546,944 | ---- | M] (ESET) -- C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe
PRC - [2013/02/07 12:35:40 | 000,579,904 | ---- | M] () -- C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
PRC - [2013/01/20 19:29:18 | 028,539,272 | ---- | M] (Dropbox, Inc.) -- C:\Users\Sundars\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013/01/14 10:40:56 | 000,070,152 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\NLSSRV32.EXE
PRC - [2013/01/09 17:36:06 | 000,795,208 | ---- | M] (pdfforge GbR) -- C:\Program Files (x86)\PDF Architect\ConversionService.exe
PRC - [2013/01/09 17:34:26 | 001,324,104 | ---- | M] (pdfforge GbR) -- C:\Program Files (x86)\PDF Architect\HelperService.exe
PRC - [2012/12/18 14:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/11/26 14:09:22 | 001,225,312 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psia.exe
PRC - [2012/11/26 14:09:20 | 000,573,024 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
PRC - [2012/11/22 10:29:16 | 003,290,304 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012/09/04 18:06:07 | 003,696,632 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2012/08/31 09:03:00 | 000,537,918 | ---- | M] () -- C:\Program Files (x86)\OpenDNS\DNSCrypt\dnscrypt-proxy.exe
PRC - [2012/08/31 09:03:00 | 000,098,072 | ---- | M] (OpenDNS) -- C:\Program Files (x86)\OpenDNS\DNSCrypt\OpenDNSInterface.exe
PRC - [2012/08/31 09:03:00 | 000,014,336 | ---- | M] () -- C:\Program Files (x86)\OpenDNS\DNSCrypt\OpenDNSCryptService.exe
PRC - [2012/08/18 20:23:46 | 007,017,896 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
PRC - [2012/03/27 14:23:38 | 000,143,360 | ---- | M] (Pro Softnet Corporation) -- C:\ZoneAlarmBackup\ZABackup Service.exe
PRC - [2012/03/27 14:21:12 | 000,036,864 | ---- | M] (Pro Softnet Corp.) -- C:\ZoneAlarmBackup\ZABackupBackground.exe
PRC - [2012/03/08 11:25:18 | 000,203,600 | ---- | M] (X-Rite Inc.) -- C:\Program Files (x86)\X-Rite\Devices\Services\xrdd.exe
PRC - [2012/01/24 16:21:22 | 000,021,880 | ---- | M] (Schneider Electric) -- C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe
PRC - [2012/01/24 16:11:56 | 000,705,912 | ---- | M] (Schneider Electric) -- C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe
PRC - [2012/01/24 16:06:48 | 000,673,144 | ---- | M] (Schneider Electric) -- C:\Program Files (x86)\APC\PowerChute Personal Edition\apcsystray.exe
PRC - [2010/06/16 21:42:58 | 000,839,680 | ---- | M] () -- C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe
PRC - [2009/10/19 18:53:02 | 000,102,400 | ---- | M] (Wireless Service) -- C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe
PRC - [2009/02/11 17:57:14 | 000,147,456 | ---- | M] () -- C:\Windows\SysWOW64\ANIWConnService.exe
========== Modules (No Company Name) ==========
MOD - [2013/02/15 03:32:58 | 000,557,368 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
MOD - [2013/02/15 03:31:02 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\7ff638de44686eab4afaa8b3c8a9cfca\System.ServiceProcess.ni.dll
MOD - [2013/02/15 03:30:30 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll
MOD - [2013/02/07 12:35:40 | 000,579,904 | ---- | M] () -- C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
MOD - [2013/01/10 03:37:10 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll
MOD - [2013/01/10 03:30:55 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013/01/10 03:30:51 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013/01/10 03:30:48 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013/01/10 03:30:36 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013/01/10 03:30:31 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2012/08/27 20:15:27 | 008,007,680 | ---- | M] () -- C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
MOD - [2012/06/27 14:09:06 | 000,557,056 | ---- | M] () -- C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
MOD - [2012/05/30 19:06:48 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/05/30 19:06:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/06/16 21:42:58 | 000,839,680 | ---- | M] () -- C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe
MOD - [2009/10/19 17:57:04 | 000,270,336 | ---- | M] () -- C:\Windows\SysWOW64\wlanapp.dll
MOD - [2009/06/01 13:23:24 | 000,315,392 | ---- | M] () -- C:\Windows\SysWOW64\ANIOApi.dll
========== Services (SafeList) ==========
SRV:64bit: - [2013/01/27 11:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/01/27 11:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/01/14 10:40:50 | 000,230,408 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe -- (NitroDriverReadSpool8)
SRV:64bit: - [2012/12/16 11:25:38 | 000,123,664 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV:64bit: - [2012/09/15 08:03:10 | 000,142,488 | ---- | M] (BiniSoft.org) [Auto | Running] -- C:\Program Files\Windows Firewall Control\wfcs.exe -- (wfcs)
SRV:64bit: - [2012/07/11 18:54:58 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2009/07/14 01:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 01:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013/02/16 00:34:06 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/02/15 03:16:25 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/02/13 09:18:54 | 001,124,184 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2013/01/14 10:40:56 | 000,070,152 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2013/01/09 17:36:06 | 000,795,208 | ---- | M] (pdfforge GbR) [Auto | Running] -- C:\Program Files (x86)\PDF Architect\ConversionService.exe -- (PDF Architect Service)
SRV - [2013/01/09 17:34:26 | 001,324,104 | ---- | M] (pdfforge GbR) [Auto | Running] -- C:\Program Files (x86)\PDF Architect\HelperService.exe -- (PDF Architect Helper Service)
SRV - [2013/01/08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/12/18 14:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/11/26 14:09:22 | 001,225,312 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2012/11/26 14:09:20 | 000,659,040 | ---- | M] (Secunia) [Auto | Stopped] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2012/11/22 10:29:16 | 003,290,304 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/09/04 18:06:07 | 003,696,632 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2012/08/31 09:03:00 | 000,014,336 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\OpenDNS\DNSCrypt\OpenDNSCryptService.exe -- (DNSCrypt)
SRV - [2012/08/23 03:53:18 | 001,126,912 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2012/08/18 20:23:46 | 007,017,896 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe -- (syncagentsrv)
SRV - [2012/07/09 00:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012/03/27 14:23:38 | 000,143,360 | ---- | M] (Pro Softnet Corporation) [Auto | Running] -- C:\ZoneAlarmBackup\ZABackup Service.exe -- (ZoneAlarmBackup Service)
SRV - [2012/03/08 11:25:18 | 000,203,600 | ---- | M] (X-Rite Inc.) [Auto | Running] -- C:\Program Files (x86)\X-Rite\Devices\Services\xrdd.exe -- (xrdd.exe)
SRV - [2012/01/24 16:21:22 | 000,021,880 | ---- | M] (Schneider Electric) [Auto | Running] -- C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe -- (APC Data Service)
SRV - [2012/01/24 16:11:56 | 000,705,912 | ---- | M] (Schneider Electric) [Auto | Running] -- C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe -- (APC UPS Service)
SRV - [2009/06/10 21:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/02/11 17:57:14 | 000,147,456 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\ANIWConnService.exe -- (ANIWConnService)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2013/01/20 15:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/12/16 11:25:34 | 000,202,632 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV:64bit: - [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/09/28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/09/06 09:52:36 | 000,073,040 | ---- | M] (Dataram, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RAMDiskVE.sys -- (RAMDiskVE)
DRV:64bit: - [2012/09/04 18:06:10 | 000,367,200 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\afcdp.sys -- (afcdp)
DRV:64bit: - [2012/09/04 18:06:03 | 001,340,040 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpman.sys -- (tdrpman)
DRV:64bit: - [2012/09/04 18:06:00 | 001,093,256 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tib_mounter.sys -- (tib_mounter)
DRV:64bit: - [2012/09/04 18:05:54 | 000,228,488 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vididr.sys -- (vididr)
DRV:64bit: - [2012/09/04 18:05:53 | 000,166,024 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vidsflt.sys -- (vidsflt)
DRV:64bit: - [2012/09/04 18:05:48 | 000,340,104 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
DRV:64bit: - [2012/09/04 18:05:45 | 000,155,272 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fltsrv.sys -- (fltsrv)
DRV:64bit: - [2012/08/23 14:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 14:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 06:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/12/15 00:46:42 | 000,222,904 | ---- | M] (QFX Software Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\keyscrambler.sys -- (KeyScrambler)
DRV:64bit: - [2011/07/22 16:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 21:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/03/11 06:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 06:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 04:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/09/01 08:30:58 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI)
DRV:64bit: - [2009/12/30 10:21:26 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt)
DRV:64bit: - [2009/08/05 20:59:48 | 000,987,648 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2009/07/14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 23:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/06/10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 20:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/06 17:10:10 | 000,015,872 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\anodlwfx.sys -- (anodlwf)
DRV - [2013/02/15 03:32:58 | 000,175,352 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Running] -- c:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportIaso64.sys -- (RapportIaso)
DRV - [2013/02/15 03:32:55 | 000,585,944 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_50414.sys -- (RapportCerberus_50414)
DRV - [2013/02/13 09:19:12 | 000,357,272 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys -- (RapportPG64)
DRV - [2013/02/13 09:19:12 | 000,228,760 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys -- (RapportEI64)
DRV - [2009/07/14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1436455705-2035571507-3517363761-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1436455705-2035571507-3517363761-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\S-1-5-21-1436455705-2035571507-3517363761-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 38 1B 4A 1F 7E CC CD 01 [binary data]
IE - HKU\S-1-5-21-1436455705-2035571507-3517363761-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1436455705-2035571507-3517363761-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-1436455705-2035571507-3517363761-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1436455705-2035571507-3517363761-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_168.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_168.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Sundars\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Sundars\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013/02/24 16:08:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/02/24 18:03:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/02/24 18:04:05 | 000,000,000 | ---D | M]
[2012/08/27 21:00:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sundars\AppData\Roaming\Mozilla\Extensions
[2013/02/24 18:03:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/12/07 21:34:10 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/02/16 00:34:54 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013/01/18 22:56:20 | 000,171,584 | ---- | M] (Tracker Software Products (Canada) Ltd.) -- C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
[2013/02/16 04:40:51 | 000,001,738 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
[2013/02/16 04:40:51 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013/02/16 04:40:51 | 000,001,148 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
[2013/02/16 04:40:52 | 000,001,379 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
[2013/02/16 04:40:52 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
[2013/02/16 04:40:52 | 000,001,334 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Sundars\AppData\Local\Google\Chrome\Application\25.0.1364.97\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Sundars\AppData\Local\Google\Chrome\Application\25.0.1364.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Sundars\AppData\Local\Google\Chrome\Application\25.0.1364.97\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: PDF-XChange Viewer (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java Platform SE 7 U9 (Disabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility for IJ (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Disabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - Extension: Entanglement = C:\Users\Sundars\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: WOT = C:\Users\Sundars\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\1.4.9_0\
CHR - Extension: Abine TACO = C:\Users\Sundars\AppData\Local\Google\Chrome\User Data\Default\Extensions\cadbkmipeldjmjfcpcjibfjgflahmphk\1.50_0\
CHR - Extension: Adblock Plus = C:\Users\Sundars\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.3.4_0\
CHR - Extension: DoNotTrackMe = C:\Users\Sundars\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd\2.2.8.109_0\
CHR - Extension: LastPass = C:\Users\Sundars\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\2.0.20_0\
CHR - Extension: Poppit = C:\Users\Sundars\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: FlashControl = C:\Users\Sundars\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfidmkgnfgnkihnjeklbekckimkipmoe\3.0.16_0\
CHR - Extension: Google Mail Checker = C:\Users\Sundars\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\4.4.0_0\
O1 HOSTS File: ([2012/09/20 21:51:54 | 000,600,511 | ---- | M]) - C:\Windows\SysNative\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost #[IPv6]
O1 - Hosts: 127.0.0.1 fr.a2dfp.net
O1 - Hosts: 127.0.0.1 m.fr.a2dfp.net
O1 - Hosts: 127.0.0.1 ad.a8.net
O1 - Hosts: 127.0.0.1 asy.a8ww.net
O1 - Hosts: 127.0.0.1 abcstats.com
O1 - Hosts: 127.0.0.1 a.abv.bg
O1 - Hosts: 127.0.0.1 adserver.abv.bg
O1 - Hosts: 127.0.0.1 adv.abv.bg
O1 - Hosts: 127.0.0.1 bimg.abv.bg
O1 - Hosts: 127.0.0.1 ca.abv.bg
O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua
O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com
O1 - Hosts: 127.0.0.1 accuserveadsystem.com
O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com
O1 - Hosts: 127.0.0.1 achmedia.com
O1 - Hosts: 127.0.0.1 aconti.net
O1 - Hosts: 127.0.0.1 secure.aconti.net
O1 - Hosts: 127.0.0.1 www.aconti.net #[Dialer.Aconti]
O1 - Hosts: 127.0.0.1 csh.actiondesk.com
O1 - Hosts: 127.0.0.1 www.activemeter.com #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ads.activepower.net
O1 - Hosts: 127.0.0.1 stat.active24stats.nl #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 cms.ad2click.nl
O1 - Hosts: 16124 more lines...
O2:64bit: - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files (x86)\KeyScrambler\x64\KeyScramblerIE.dll (QFX Software Corporation)
O2:64bit: - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O2 - BHO: (PDF Architect Helper) - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (PDF Architect Toolbar) - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll (pdfforge GbR)
O4:64bit: - HKLM..\Run: [Eraser] C:\Program Files\Eraser\Eraser.exe (The Eraser Project)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ANIWZCS2Service] C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Wireless Service)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Display] C:\Program Files (x86)\APC\PowerChute Personal Edition\DataCollectionLauncher.exe (Schneider Electric)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1436455705-2035571507-3517363761-1000..\Run: [OpenDNS Updater] C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe ()
O4 - HKU\S-1-5-21-1436455705-2035571507-3517363761-1000..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O4 - HKU\S-1-5-21-1436455705-2035571507-3517363761-1000..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O4 - HKU\S-1-5-21-1436455705-2035571507-3517363761-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-1436455705-2035571507-3517363761-1000..\Run: [ZoneAlarm Backup Startup] C:\ZoneAlarmBackup\ZABackupStartup.exe (Pro Softnet Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Sundars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Sundars\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Sundars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\VTHash - Shortcut.lnk = C:\Program Files (x86)\Boredom Software\VT Hash Check\VTHash.exe (Boredom Software)
O4 - Startup: C:\Users\Sundars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZoneAlarm Backup Tray.lnk = C:\ZoneAlarmBackup\ZABackupReg2ini.exe (Pro Softnet Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\S-1-5-21-1436455705-2035571507-3517363761-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-21-1436455705-2035571507-3517363761-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1
O7 - HKU\S-1-5-21-1436455705-2035571507-3517363761-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O9:64bit: - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files (x86)\KeyScrambler\x64\KeyScramblerIE.dll (QFX Software Corporation)
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.6.2.cab (DLM Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.67.222.222 208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{34D1FD84-4DBD-4397-A083-ECBEAD716994}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C6FE4E93-3C13-4C10-AE40-508A39FC0C1A}: DhcpNameServer = 208.67.222.222 208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C6FE4E93-3C13-4C10-AE40-508A39FC0C1A}: NameServer = 127.0.0.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2049/12/01 21:46:58 | 000,000,000 | ---D | C] -- C:\Users\Sundars\Documents\Shri Jyoti Star
[2013/02/27 15:50:32 | 000,000,000 | ---D | C] -- C:\Users\Sundars\Desktop\GeeksFeb13
[2013/02/26 23:01:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AlpariUK
[2013/02/24 16:56:45 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Roaming\PDF Architect
[2013/02/24 16:08:36 | 000,000,000 | ---D | C] -- C:\Users\Sundars\Documents\PDF Architect Files
[2013/02/24 16:08:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Architect
[2013/02/24 16:08:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDF Architect
[2013/02/24 16:08:01 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Roaming\pdfforge
[2013/02/24 16:08:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
[2013/02/24 16:06:25 | 000,103,936 | ---- | C] (pdfforge GbR) -- C:\Windows\SysNative\pdfcmon.dll
[2013/02/24 16:06:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDFCreator
[2013/02/22 03:34:08 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013/02/14 11:18:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AmiBroker x64
[2013/02/14 11:18:13 | 000,000,000 | ---D | C] -- C:\Program Files\AmiBroker
[2013/02/14 08:49:46 | 000,000,000 | ---D | C] -- C:\ProgramData\VS Revo Group
[2013/02/11 21:15:11 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Roaming\MAPILab Ltd
[2013/02/11 21:09:18 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MAPILab
[2013/02/11 21:09:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Outlook Security Manager
[2013/02/11 21:09:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MAPILab Ltd
[2013/02/11 21:09:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MAPILab Ltd
[2013/02/11 21:08:47 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[2013/02/11 20:30:54 | 000,000,000 | --SD | C] -- C:\Users\Sundars\Documents\My Data Sources
[2013/02/11 18:51:50 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Sundars\Desktop\TDSSKiller.exe
[2013/02/07 14:22:53 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Roaming\FEXTrader
[2013/02/07 14:19:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AlpariUK
[2013/02/04 16:46:06 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Roaming\Saxo Bank
[2013/02/04 16:46:04 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Local\Saxo Bank
[2013/01/31 20:20:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Saxo Bank
[2013/01/31 20:20:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Saxo Bank
[2013/01/29 13:46:12 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Roaming\FXTS2
[2013/01/29 13:46:09 | 000,000,000 | -H-D | C] -- C:\ProgramData\{38A62063-1033-4FC5-9C3A-95CC87213C6E}
[2013/01/29 13:46:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FX Trading
[2013/01/29 10:56:46 | 000,000,000 | -H-D | C] -- C:\ProgramData\~0
[2013/01/29 10:56:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Candleworks
[2013/01/29 10:56:04 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Local\PackageAware
[2012/12/01 18:52:03 | 013,923,704 | ---- | C] (Schneider Electric) -- C:\Users\Sundars\PCPE Setup.exe
[2012/12/01 18:52:03 | 001,079,808 | ---- | C] (Microsoft Corporation) -- C:\Users\Sundars\mfc80u.dll
[2012/12/01 18:52:03 | 000,626,688 | ---- | C] (Microsoft Corporation) -- C:\Users\Sundars\msvcr80.dll
[2012/12/01 18:52:03 | 000,021,880 | ---- | C] (Schneider Electric) -- C:\Users\Sundars\grm_res.dll
[2012/12/01 18:52:03 | 000,021,880 | ---- | C] (Schneider Electric) -- C:\Users\Sundars\fr_res.dll
[2012/12/01 18:52:03 | 000,021,368 | ---- | C] (Schneider Electric) -- C:\Users\Sundars\pt_res.dll
[2012/12/01 18:52:03 | 000,021,368 | ---- | C] (Schneider Electric) -- C:\Users\Sundars\it_res.dll
[2012/12/01 18:52:03 | 000,021,368 | ---- | C] (Schneider Electric) -- C:\Users\Sundars\es_res.dll
[2012/12/01 18:52:03 | 000,021,368 | ---- | C] (Schneider Electric) -- C:\Users\Sundars\en_res.dll
[2012/12/01 18:52:03 | 000,020,856 | ---- | C] (Schneider Electric) -- C:\Users\Sundars\ru_res.dll
[2012/12/01 18:52:03 | 000,020,344 | ---- | C] (Schneider Electric) -- C:\Users\Sundars\jp_res.dll
[2012/12/01 18:52:03 | 000,019,832 | ---- | C] (Schneider Electric) -- C:\Users\Sundars\zh_res.dll
[2012/11/19 15:14:34 | 000,498,352 | ---- | C] (Norgate Investor Services Pty Ltd) -- C:\Users\Sundars\AppData\Roaming\ngUninstaller.exe
========== Files - Modified Within 30 Days ==========
[2013/02/27 17:15:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/02/27 16:53:12 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1436455705-2035571507-3517363761-1000UA.job
[2013/02/27 16:52:11 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/02/27 16:01:38 | 000,012,926 | ---- | M] () -- C:\Windows\Sandboxie.ini
[2013/02/27 15:49:45 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Sundars\Desktop\TDSSKiller.exe
[2013/02/27 11:55:39 | 000,209,403 | ---- | M] () -- C:\Users\Sundars\Desktop\Saxo.cs2
[2013/02/27 06:52:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/02/27 03:26:45 | 000,013,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/02/27 03:26:45 | 000,013,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/02/27 03:18:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/02/27 03:18:11 | 1073,221,627 | -HS- | M] () -- C:\hiberfil.sys
[2013/02/27 03:01:10 | 000,002,155 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/02/27 02:53:01 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1436455705-2035571507-3517363761-1000Core.job
[2013/02/26 23:01:25 | 000,001,909 | ---- | M] () -- C:\Users\Public\Desktop\AlpariDirect.lnk
[2013/02/26 22:57:27 | 000,209,042 | ---- | M] () -- C:\Users\Sundars\Desktop\Saxo.bs2
[2013/02/26 22:20:46 | 000,202,176 | ---- | M] () -- C:\Users\Sundars\Desktop\Saxo_Simulation.cs2
[2013/02/26 22:20:46 | 000,202,176 | ---- | M] () -- C:\Users\Sundars\Desktop\Saxo_Live.cs2
[2013/02/25 14:10:29 | 011,680,494 | ---- | M] () -- C:\Users\Sundars\Desktop\Millard_Cycles-A Tribute to J. M. Hurst.pdf
[2013/02/25 09:49:58 | 006,004,403 | ---- | M] () -- C:\Users\Sundars\Desktop\Balan , Robert - Elliott Wave Principle Forex.pdf
[2013/02/25 09:45:35 | 000,566,110 | ---- | M] () -- C:\Users\Sundars\Desktop\Vedic Astrology and Rasi Characteristics.pdf
[2013/02/25 09:43:54 | 000,119,885 | ---- | M] () -- C:\Users\Sundars\Desktop\JYOTISH VEDIC ASTROLOGY Brihat Jatak.pdf
[2013/02/25 09:36:29 | 018,322,616 | ---- | M] () -- C:\Users\Sundars\Desktop\fundamentals of vedic astro. by Bepin Bihari.pdf
[2013/02/25 09:32:31 | 000,294,327 | ---- | M] () -- C:\Users\Sundars\Desktop\JYOTISH VEDIC ASTROLOGY Bhrigu Sutras.pdf
[2013/02/24 23:15:35 | 000,989,704 | ---- | M] () -- C:\Users\Sundars\Desktop\Narayana Dasa - S. Rath [Chi].pdf
[2013/02/24 18:04:21 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/02/24 16:37:27 | 000,001,121 | ---- | M] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2013/02/24 16:37:27 | 000,000,909 | ---- | M] () -- C:\Users\Sundars\Desktop\AmiBroker x64.lnk
[2013/02/24 16:08:47 | 000,000,997 | ---- | M] () -- C:\Users\Sundars\Desktop\PDF Architect.lnk
[2013/02/24 16:08:01 | 000,001,035 | ---- | M] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[2013/02/23 17:55:22 | 000,002,380 | ---- | M] () -- C:\Users\Sundars\Desktop\Google Chrome.lnk
[2013/02/18 23:16:16 | 000,000,018 | ---- | M] () -- C:\UserName.ini
[2013/02/15 15:00:30 | 000,785,302 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/02/15 15:00:30 | 000,668,644 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/02/15 15:00:30 | 000,126,260 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/02/15 03:26:42 | 000,424,808 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/02/08 17:49:13 | 000,001,062 | ---- | M] () -- C:\Users\Public\Desktop\PDF-Viewer.lnk
[2013/02/03 12:42:22 | 000,001,053 | ---- | M] () -- C:\Users\Sundars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013/02/03 12:42:01 | 000,001,025 | ---- | M] () -- C:\Users\Sundars\Desktop\Dropbox.lnk
[2013/01/31 20:20:31 | 000,002,068 | ---- | M] () -- C:\Users\Public\Desktop\SaxoTrader.lnk
[2013/01/29 13:46:07 | 000,000,968 | ---- | M] () -- C:\Users\Public\Desktop\FXCM Trading Station.lnk
========== Files Created - No Company Name ==========
[2013/02/26 22:53:48 | 000,202,176 | ---- | C] () -- C:\Users\Sundars\Desktop\Saxo_Live.cs2
[2013/02/26 22:20:53 | 000,202,176 | ---- | C] () -- C:\Users\Sundars\Desktop\Saxo_Simulation.cs2
[2013/02/25 17:01:40 | 000,405,166 | ---- | C] () -- C:\Users\Sundars\Desktop\1024880_CB-876159501001_INV_CB-876159501001-20130124_20130124.pdf
[2013/02/25 17:00:45 | 000,404,985 | ---- | C] () -- C:\Users\Sundars\Desktop\1024880_CB-876159501001_INV_CB-876159501001-20121219_20121219.pdf
[2013/02/25 16:59:06 | 000,408,586 | ---- | C] () -- C:\Users\Sundars\Desktop\1024880_CB-876159501001_INV_CB-876159501001-20121126_20121126.pdf
[2013/02/25 14:09:57 | 011,680,494 | ---- | C] () -- C:\Users\Sundars\Desktop\Millard_Cycles-A Tribute to J. M. Hurst.pdf
[2013/02/25 09:49:41 | 006,004,403 | ---- | C] () -- C:\Users\Sundars\Desktop\Balan , Robert - Elliott Wave Principle Forex.pdf
[2013/02/25 09:45:30 | 000,566,110 | ---- | C] () -- C:\Users\Sundars\Desktop\Vedic Astrology and Rasi Characteristics.pdf
[2013/02/25 09:43:52 | 000,119,885 | ---- | C] () -- C:\Users\Sundars\Desktop\JYOTISH VEDIC ASTROLOGY Brihat Jatak.pdf
[2013/02/25 09:35:30 | 018,322,616 | ---- | C] () -- C:\Users\Sundars\Desktop\fundamentals of vedic astro. by Bepin Bihari.pdf
[2013/02/25 09:32:28 | 000,294,327 | ---- | C] () -- C:\Users\Sundars\Desktop\JYOTISH VEDIC ASTROLOGY Bhrigu Sutras.pdf
[2013/02/24 23:15:34 | 000,989,704 | ---- | C] () -- C:\Users\Sundars\Desktop\Narayana Dasa - S. Rath [Chi].pdf
[2013/02/24 16:08:47 | 000,000,997 | ---- | C] () -- C:\Users\Sundars\Desktop\PDF Architect.lnk
[2013/02/24 16:08:01 | 000,001,035 | ---- | C] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[2013/02/14 11:18:18 | 000,000,909 | ---- | C] () -- C:\Users\Sundars\Desktop\AmiBroker x64.lnk
[2013/02/14 11:14:30 | 000,001,121 | ---- | C] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2013/02/07 14:19:57 | 000,001,909 | ---- | C] () -- C:\Users\Public\Desktop\AlpariDirect.lnk
[2013/02/04 16:53:52 | 000,209,403 | ---- | C] () -- C:\Users\Sundars\Desktop\Saxo.cs2
[2013/02/04 16:53:52 | 000,209,042 | ---- | C] () -- C:\Users\Sundars\Desktop\Saxo.bs2
[2013/01/31 20:20:31 | 000,002,068 | ---- | C] () -- C:\Users\Public\Desktop\SaxoTrader.lnk
[2013/01/29 13:46:07 | 000,000,968 | ---- | C] () -- C:\Users\Public\Desktop\FXCM Trading Station.lnk
[2013/01/22 22:56:57 | 000,000,115 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2012/12/12 07:28:24 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\NtDirect.dll
[2012/12/10 21:48:05 | 000,000,208 | ---- | C] () -- C:\Windows\SJDemo.INI
[2012/12/01 18:52:05 | 013,338,112 | ---- | C] () -- C:\Users\Sundars\PCPE_3.0.1.msi
[2012/12/01 18:52:03 | 000,018,808 | ---- | C] () -- C:\Users\Sundars\ResourceReader.dll
[2012/10/01 19:05:07 | 000,000,079 | ---- | C] () -- C:\Users\Sundars\AppData\Local\CrystalDiskMark30.ini
[2012/09/18 13:03:30 | 000,012,926 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2012/09/17 20:32:41 | 000,197,800 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2012/09/13 18:24:38 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\ANIWConnService.exe
[2012/09/13 18:24:28 | 000,270,336 | ---- | C] () -- C:\Windows\SysWow64\wlanapp.dll
[2012/09/13 18:24:28 | 000,217,088 | ---- | C] () -- C:\Windows\SysWow64\aIPH.dll
[2012/09/13 18:24:28 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\AQCKGen.dll
[2012/09/13 18:24:28 | 000,045,115 | ---- | C] () -- C:\Windows\SysWow64\ANICtl.dll
[2012/09/13 18:24:01 | 000,315,392 | ---- | C] () -- C:\Windows\SysWow64\ANIOApi.dll
[2012/09/13 18:24:00 | 000,733,184 | ---- | C] () -- C:\Windows\SysWow64\ANIOWPS.dll
[2012/09/13 18:24:00 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\ANIWPS.exe
[2012/08/31 06:25:37 | 000,005,544 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/08/29 21:45:01 | 000,026,128 | ---- | C] () -- C:\Windows\SysWow64\ZABackupXceedCryReg.exe
[2012/08/29 21:45:00 | 000,441,705 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll
[2012/08/29 21:45:00 | 000,055,808 | ---- | C] () -- C:\Windows\SysWow64\zlib1.dll
[2012/08/27 20:42:08 | 000,769,284 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/09/19 07:07:46 | 000,015,360 | ---- | C] () -- C:\Windows\SysWow64\bdmjpeg.dll
[2011/09/19 07:07:32 | 000,058,368 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll
========== ZeroAccess Check ==========
[2012/11/26 22:33:56 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RC65CCW\Futures-PremiumData\l
[2012/11/26 22:33:56 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RC65CCW\Futures-PremiumData\n
[2012/11/26 22:33:56 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RC65CCW\Futures-PremiumData\u
[2012/12/31 09:49:12 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RSFYH16\l
[2012/12/31 09:49:12 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RSFYH16\n
[2012/12/31 09:49:12 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RSFYH16\u
[2012/11/26 22:36:55 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RY4MAPM\l
[2012/11/26 22:36:55 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RY4MAPM\n
[2012/11/26 22:36:55 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RY4MAPM\u
[2009/07/14 04:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 05:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 04:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/08/21 13:11:31 | 000,857,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/08/21 13:37:44 | 000,636,928 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/08/21 13:08:38 | 000,453,120 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 192 bytes -> C:\Windows:nlsPreferences
< End of report >
------------------------------------------------
OTL EXTRAS
---------------------------------------------------------
OTL Extras logfile created on: 27/02/2013 17:43:35 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Sundars\Desktop\GeeksFeb13
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
28.00 Gb Total Physical Memory | 19.20 Gb Available Physical Memory | 68.56% Memory free
56.00 Gb Paging File | 47.34 Gb Available in Paging File | 84.54% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.76 Gb Total Space | 373.20 Gb Free Space | 80.13% Space Free | Partition Type: NTFS
Drive D: | 1397.27 Gb Total Space | 1217.79 Gb Free Space | 87.15% Space Free | Partition Type: NTFS
Drive F: | 3.99 Gb Total Space | 3.29 Gb Free Space | 82.42% Space Free | Partition Type: NTFS
Computer Name: SUNDARS-PC | User Name: Sundars | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
"PolicyVersion" = 522
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
"DisableNotifications" = 0
"AllowLocalPolicyMerge" = 1
"DefaultInboundAction" = 1
"EnableFirewall" = 1
"DefaultOutboundAction" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging]
"LogDroppedPackets" = 1
"LogSuccessfulConnections" = 0
"LogFilePath" = D:\Firewall Logs\Corp Domain\CorpDomFirewall.log -- ()
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile]
"DisableNotifications" = 0
"AllowLocalPolicyMerge" = 1
"AllowLocalIPsecPolicyMerge" = 1
"DefaultInboundAction" = 1
"EnableFirewall" = 1
"DefaultOutboundAction" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile\Logging]
"LogFilePath" = D:\Firewall Logs\Private Domain\Private-firewall.log -- ()
"LogDroppedPackets" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile]
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0
"AllowLocalPolicyMerge" = 1
"AllowLocalIPsecPolicyMerge" = 1
"DefaultInboundAction" = 1
"EnableFirewall" = 1
"DefaultOutboundAction" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\Logging]
"LogFilePath" = D:\Firewall Logs\Pub Domain\pubfirewall.log -- ()
"LogDroppedPackets" = 1
"LogSuccessfulConnections" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
"PolicyVersion" = 522
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
"DisableNotifications" = 0
"AllowLocalPolicyMerge" = 1
"DefaultInboundAction" = 1
"EnableFirewall" = 1
"DefaultOutboundAction" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging]
"LogDroppedPackets" = 1
"LogSuccessfulConnections" = 0
"LogFilePath" = D:\Firewall Logs\Corp Domain\CorpDomFirewall.log -- ()
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile]
"DisableNotifications" = 0
"AllowLocalPolicyMerge" = 1
"AllowLocalIPsecPolicyMerge" = 1
"DefaultInboundAction" = 1
"EnableFirewall" = 1
"DefaultOutboundAction" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile\Logging]
"LogFilePath" = D:\Firewall Logs\Private Domain\Private-firewall.log -- ()
"LogDroppedPackets" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile]
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0
"AllowLocalPolicyMerge" = 1
"AllowLocalIPsecPolicyMerge" = 1
"DefaultInboundAction" = 1
"EnableFirewall" = 1
"DefaultOutboundAction" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\Logging]
"LogFilePath" = D:\Firewall Logs\Pub Domain\pubfirewall.log -- ()
"LogDroppedPackets" = 1
"LogSuccessfulConnections" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DefaultOutboundAction" = 1
"DefaultInboundAction" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DefaultOutboundAction" = 1
"DefaultInboundAction" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DefaultOutboundAction" = 1
"DefaultInboundAction" = 1
"DoNotAllowExceptions" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0080B179-9CEC-40A5-A462-0B82343768A9}" = rport=80 | protocol=6 | dir=out | app=c:\program files\internet explorer\iexplore.exe |
"{037817A2-0C36-4F80-BD21-4E9E93B11B83}" = lport=2869 | protocol=6 | dir=in | app=system |
"{0435F557-D1A4-402E-B1F7-3D9E7F648381}" = rport=60020 | protocol=6 | dir=out | app=c:\program files (x86)\dtn\iqfeed\iqconnect.exe |
"{0B304621-B5AE-4C95-9DE1-13FF76A6BBFC}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0BC3C76A-D498-4DC2-892B-EA6D8A22F9CC}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"{0ED09BE7-AE91-4C38-82B5-FC9EA8C190B7}" = rport=5357 | protocol=6 | dir=out | app=c:\windows\system32\svchost.exe |
"{1004C511-AFBE-458B-98D5-833B7DB26337}" = rport=80 | protocol=6 | dir=out | app=%programfiles% (x86)\common files\java\java update\jaucheck.exe |
"{12CF2A8A-9497-417A-9D2E-2F3506289CC2}" = rport=80 | protocol=6 | dir=out | app=%programfiles% (x86)\java\jre7\bin\java.exe |
"{1525DB6D-2600-44F1-A2A9-965CBE65F773}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{17CA3D79-A96C-4BBE-B23E-75A7FCDBC4FD}" = rport=80 | protocol=6 | dir=out | app=%programfiles% (x86)\java\jre7\bin\javaws.exe |
"{19149804-26F3-43C8-B148-CBDBAD23C459}" = rport=80 | protocol=6 | dir=out | app=%programfiles% (x86)\candleworks\fxts2\fxtspp.exe |
"{1C941435-EAAF-43D2-90E6-0ACF03B62B9F}" = rport=139 | protocol=6 | dir=out | app=system |
"{1EDA99A7-9AD4-4AF0-9303-435091387BCB}" = rport=80 | protocol=6 | dir=out | name=custom - sanboxie update |
"{27BFBB78-5FD9-477D-904A-1AB9E0882C54}" = rport=80 | protocol=6 | dir=out | app=%userprofile%\downloads\jre-7u7-windows-i586.exe |
"{2C11ED30-390F-402B-A3F8-A3D1815BBE6B}" = rport=80 | protocol=6 | dir=out | app=%programfiles%\microsoft security client\msseces.exe |
"{2E0D74DE-530B-4CB9-9F2C-7C2979EDDE73}" = rport=80 | protocol=6 | dir=out | app=%programfiles%\tracker software\live update\liveupdate.exe |
"{2FA6246B-3291-43C2-9104-335418D2B2C9}" = rport=443 | protocol=6 | dir=out | app=c:\program files (x86)\malwarebytes' anti-malware\mbamscheduler.exe |
"{37173833-9E91-4523-BB2C-9D0F35330214}" = rport=80 | protocol=6 | dir=out | svc=wuauserv | app=%systemroot%\syswow64\svchost.exe |
"{38A745CD-9C0B-481F-A0F6-2B55D409C8DE}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\apple software update\softwareupdate.exe |
"{3C8CE795-74B8-446F-945B-9143E289DC40}" = lport=138 | protocol=17 | dir=in | app=system |
"{3E10042F-FF69-4A2F-885D-593CF23AB8CB}" = rport=21 | protocol=6 | dir=out | app=ftpcommand |
"{41852DE7-8F6D-4FEB-9118-570AF75F6ED5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{435B5C72-25C2-4F4C-BECB-128217EA84E2}" = rport=80 | protocol=6 | dir=out | app=%programfiles% (x86)\java\jre7\bin\javacpl.exe |
"{460D9863-B5A3-49C7-85EB-1B0A0DEAFF55}" = rport=990 | protocol=6 | dir=out | app=ftps |
"{48215E7D-0375-41A7-85B3-D2A416BA1280}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{487D674D-A0F6-43F4-BE83-7001E3313EF9}" = rport=80 | protocol=6 | dir=out | app=%userprofile%\downloads\chromeinstall-7u7.exe |
"{4951FC49-C199-4CE8-890B-81217AEDC5DE}" = rport=80 | protocol=6 | dir=out | svc=wuauserv | app=%systemroot%\system32\svchost.exe |
"{4F54FEDD-A0E7-47A7-AEE2-67576541E639}" = lport=139 | protocol=6 | dir=in | app=system |
"{4FA3CDD0-5078-45F5-83F0-5C0267DA3BFD}" = lport=445 | protocol=6 | dir=in | app=system |
"{51253AA4-83E7-4D1C-9453-CF0923CCA2D9}" = rport=80 | protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{52F0BEC5-E727-493E-9ED9-8F53C11E1BA8}" = rport=25 | protocol=6 | dir=out | app=%programfiles% (x86)\microsoft office\office12\outlook.exe |
"{55A77A94-5B62-498A-9426-C02BAF3F977B}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\google\update\googleupdate.exe |
"{55BD0BCC-0811-4876-A209-C948E128C403}" = rport=80 | protocol=6 | dir=out | app=%programfiles% (x86)\common files\java\java update\jusched.exe |
"{5AAF81B0-C53F-4746-ACBC-FD09B38AF601}" = rport=443 | protocol=6 | dir=out | app=c:\program files (x86)\trusteer\rapport\bin\rapportmgmtservice.exe |
"{5AC02C1F-54F8-4DE5-817E-4FC269EDA339}" = rport=80 | protocol=6 | dir=out | app=%programfiles% (x86)\itunes\itunes.exe |
"{5DE4A4D2-FA9F-4353-A708-D73DA3A652C4}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\trusteer\rapport\bin\rapportservice.exe |
"{5F3BD7B4-F12D-4F53-9333-8388EC1F3D79}" = rport=80 | protocol=6 | dir=out | app=%programfiles% (x86)\java\jre7\bin\javaw.exe |
"{691532FC-BDE4-4416-9D10-2D58CFF798D8}" = rport=0 | protocol=6 | dir=out | app=ftpdatapass |
"{6C1BA8E5-4A21-45F5-B319-EF1E5CAF2FAA}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{72D52E9A-3F98-49B6-B994-27D898CF3E7E}" = rport=445 | protocol=6 | dir=out | app=system |
"{7647472E-4DD4-4328-B47E-EFC512D8E11C}" = lport=5454 | protocol=6 | dir=in | name=x-rite device services manager |
"{7675492C-551C-4CEA-8D24-47BF6BB555D5}" = rport=123 | protocol=17 | dir=out | svc=w32time | app=%systemroot%\system32\svchost.exe |
"{76D7BFC5-DE32-4D2B-975E-BF311A970C2B}" = rport=123 | protocol=17 | dir=out | svc=w32time | app=%systemroot%\syswow64\svchost.exe |
"{770D90DC-A3EC-4E2A-9BD9-D1A9A381A196}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\malwarebytes' anti-malware\mbamscheduler.exe |
"{77642868-B51E-4862-AE57-8A1241E8ADBA}" = rport=53242 | protocol=17 | dir=out | app=c:\windows\system32\svchost.exe |
"{79727309-7478-4C34-A02A-4FCA4BBC2401}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7ACB291D-24AD-4E50-BB18-18419E47F26E}" = rport=80 | protocol=6 | dir=out | app=%userprofile%\downloads\flashplayer.exe |
"{7F4C80D8-4753-4040-86C6-DC5EF60A84FA}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\mozilla firefox\updater.exe |
"{8100B946-DF54-49CB-9A6C-1178D20ED7B4}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\vs revo group\revo uninstaller\revouninstaller.exe |
"{88ED0056-AB28-4434-9B29-D8B1BC7FB02F}" = lport=137 | protocol=17 | dir=in | app=system |
"{8B2101E0-12C1-4346-9CAA-A39F0E6EBB11}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{8D9FF397-5CD4-41D2-9720-83ED65EF6CD4}" = rport=0 | protocol=17 | dir=out | app=%systemroot%\system32\lsass.exe |
"{8DBDF54A-6044-4280-BD95-A75FE5503C6F}" = rport=80 | protocol=6 | dir=in | app=%programfiles% (x86)\dtn\iqfeed\iqconnect.exe |
"{93E8D073-5DCA-48FF-A7C6-AF87BDE40FCC}" = rport=53 | protocol=17 | dir=out | app=%programfiles% (x86)\opendns\dnscrypt\dnscrypt-proxy.exe |
"{94A3740E-1CBD-4890-92D0-544398794671}" = rport=0 | protocol=6 | dir=in | app=ftpdata |
"{9768C54D-E186-418F-A875-D6E358FA8DBA}" = lport=135 | protocol=6 | dir=in | name=custom network rule - block port 135 & 445 |
"{9931D52F-202A-4B3B-AA60-4DE087F1CBF6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{9DC477C0-F7D9-4366-A090-90FD2940964B}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\imgburn\imgburn.exe |
"{A1199EF9-80D2-4765-9926-6ECDF199968E}" = rport=80 | protocol=6 | dir=out | app=%programfiles% (x86)\alpariuk\alpariukdirect.exe |
"{A1CC236B-EDE1-4BC3-B998-29369803D698}" = rport=443 | protocol=6 | dir=out | app=c:\program files (x86)\trusteer\rapport\bin\rapportservice.exe |
"{A3E44110-D81C-4C40-97A6-AC370F8A58BC}" = rport=80 | protocol=6 | dir=out | app=%programfiles% (x86)\common files\java\java update\jucheck.exe |
"{ACDD36DC-9D27-47EB-90D0-F926A4EB5BE5}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AD288ADA-13A6-4AB7-9F11-667E8037441E}" = rport=53 | protocol=17 | dir=out | svc=dnscache | app=c:\windows\system32\svchost.exe |
"{AD64947C-D997-48B1-BE42-91B8A0D7DE10}" = rport=53 | protocol=17 | dir=out | app=c:\windows\system32\svchost.exe |
"{AEE2927D-0BE7-48AD-B84F-BB9420B413F7}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\google\update\googleupdate.exe |
"{BE35D014-7375-4CF8-96E7-FB48BD4FC589}" = rport=80 | protocol=6 | dir=out | svc=helpsvc | app=%systemroot%\system32\svchost.exe |
"{C1517DCF-0153-411F-B6F7-437EABA15734}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\trusteer\rapport\bin\rapportmgmtservice.exe |
"{C25FDC95-75C8-4B02-A680-A9683369255D}" = rport=1900 | protocol=17 | dir=in | name=custom network rule - block port 1900 |
"{C54F4BEA-6C5D-49A4-A404-106D40F36805}" = rport=137 | protocol=17 | dir=out | app=system |
"{C7AF0FCA-D9E0-46CC-9560-CC3F6374000F}" = rport=21 | protocol=6 | dir=out | app=c:\windows\system32\ftp.exe |
"{CB8C8985-DED2-4AD8-A6DB-9DACB7382757}" = rport=80 | protocol=6 | dir=out | app=c:\windows\explorer.exe |
"{CED1BDAB-355B-43E1-AE4C-B6F2BDACD7D7}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\internet explorer\iexplore.exe |
"{D1FD6188-2C72-4D8D-B00D-4F5DDF1B4C16}" = rport=10243 | protocol=6 | dir=out | app=system |
"{D2E3F49D-5D14-4A30-8692-3D62D9EB66C4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D3D68CB4-1CA5-4CD2-97B5-BD401CAECA3B}" = rport=53 | protocol=17 | dir=out | app=c:\users\sundars\desktop\dnsbench.exe |
"{D69D0BA4-25AA-45D5-B13B-D16F60E7BC56}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DCA478A1-17F1-4837-BCA8-076A2AF54BD5}" = lport=445 | protocol=6 | dir=in | app=system |
"{E5DA8FC4-8E91-479F-8B46-600566B7B709}" = rport=80 | protocol=6 | dir=out | app=%programfiles% (x86)\neosmart technologies\easybcd\easybcd.exe |
"{E606D67D-B1AB-4EE1-A69C-9D2FE4938B7C}" = rport=19105 | protocol=6 | dir=out | app=c:\zonealarmbackup\zabackupclsclient.exe |
"{E7E35D46-CB1B-43FD-BA53-5AA1F210DD54}" = rport=138 | protocol=17 | dir=out | app=system |
"{EDA4A98E-8370-4539-AD6B-72404B071835}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EE6EC7EC-AC60-4DC6-A6CE-A862F8571CF9}" = rport=80 | protocol=6 | dir=out | app=%userprofile%\desktop\dnsbench.exe |
"{EED2690E-C22D-4DD0-9E27-D640DC27DD9F}" = lport=10243 | protocol=6 | dir=in | app=system |
"{EFB25419-6427-4026-863D-0D0ABAF13106}" = rport=5353 | protocol=17 | dir=out | app=c:\program files\bonjour\mdnsresponder.exe |
"{F1465CE8-C087-48DF-9FDC-B822BB36ABE3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{F8629104-F619-49D0-AE1C-6100248D1A28}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\dtn\iqfeed\iqconnect.exe |
"{FA99D32A-DFE9-4A49-8244-3AF34448FA84}" = rport=9300 | protocol=17 | dir=in | app=%programfiles% (x86)\dtn\iqfeed\iqconnect.exe |
"{FAD88354-8E90-48F0-9C06-93B86887956B}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\malwarebytes' anti-malware\mbam.exe |
"{FBA1FFFE-E890-4A05-A650-C5E74DF32FC9}" = rport=443 | protocol=6 | dir=out | app=c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02AE0858-A1D2-4E46-B57B-0B53F51CC875}" = protocol=6 | dir=out | app=system |
"{02F6CF83-B922-4DFA-A538-CE9690B4F467}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{07DE943A-FCCE-4632-8583-9233297F71B3}" = protocol=6 | dir=out | app=c:\program files (x86)\dtn\iqfeed\iqlinklauncher.exe |
"{081C384A-26DC-49A0-BE1C-512FA0F7B368}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0E22F87F-52A2-49DA-BFC4-F82A0BD47882}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1A44AE1D-755F-4204-A097-239793D3B011}" = protocol=6 | dir=out | app=system |
"{1C436F62-F9BB-48E5-9500-734DF5514EA4}" = protocol=41 | dir=out | app=system |
"{1F60ADFE-3A22-45A4-B306-BB7677B1D361}" = protocol=17 | dir=in | app=%programfiles% (x86)\skype\phone\skype.exe |
"{23283D50-1E32-41EB-92A8-8C37E25517B0}" = protocol=6 | dir=in | app=c:\users\sundars\appdata\roaming\dropbox\bin\dropbox.exe |
"{27BD713F-6845-4387-BBFF-E98D8C0B5B20}" = protocol=1 | dir=out | app=any |
"{2AD065AB-674C-4B08-B2A9-5E042F7FE9E3}" = protocol=58 | dir=out | [email protected],-28546 |
"{31AFFA1F-636C-450F-ADD6-E24735461E56}" = protocol=6 | dir=out | app=c:\program files (x86)\dtn\iqfeed\iqlinklauncher.exe |
"{36E58820-6D9D-457A-B352-AF3F0CB53A5E}" = protocol=1 | dir=out | app=any |
"{3ABF56B1-01A2-483B-9B66-AFA61B4AB951}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3BAC2DCA-4022-4E72-BA73-873017E23D51}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3E22B6B3-3727-4519-A3DE-BD48C9488392}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{46C26C40-03DB-4FEC-AC98-FB914BD94B8F}" = protocol=58 | dir=in | [email protected],-28545 |
"{4986A3E3-3510-421C-A080-B6D2C3FC360C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{52AFB3C1-C1A5-491D-A84A-21256767B8BC}" = dir=out | app=c:\windows\system32\svchost.exe |
"{58F648BB-3EA9-4859-8669-E4F47E6EA2E5}" = protocol=6 | dir=out | app=%programfiles% (x86)\skype\phone\skype.exe |
"{6005D19E-3CB0-4A6F-A579-E270439F9869}" = dir=out | app=%programfiles% (x86)\skype\phone\skype.exe |
"{65F4782F-EACD-41DB-9ED5-26393C29DE82}" = protocol=17 | dir=out | app=c:\windows\system32\svchost.exe |
"{72BCEA47-6BB6-4ADE-983B-228641C9302D}" = protocol=1 | dir=out | app=system |
"{734788E0-AFAF-487E-AED0-9298930A1088}" = protocol=17 | dir=out | app=%programfiles% (x86)\dtn\iqfeed\iqconnect.exe |
"{741143EC-C7A7-47A7-B42A-2EFF2ED9B126}" = protocol=1 | dir=out | [email protected],-28544 |
"{7ED03C91-09EB-4076-A2FF-5E7E98C1EFAA}" = dir=out | app=c:\windows\system32\svchost.exe |
"{7F0036D4-EC68-46E5-B69A-42C2C1344461}" = protocol=17 | dir=in | app=c:\users\sundars\appdata\roaming\dropbox\bin\dropbox.exe |
"{8B32DC7A-B6D2-4A37-BE2E-B4EEDA94468D}" = protocol=1 | dir=in | app=system |
"{8D31B319-72A4-41E0-8FBA-86E99DB4EA81}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9568630F-847B-42F1-8ACE-407919AAB359}" = protocol=1 | dir=in | [email protected],-28543 |
"{9C3E662D-983C-48E1-A95A-E3BCEC1256BF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9F5E6F7C-1BAE-48C0-906A-5B84CB0FF752}" = dir=out | app=c:\windows\system32\svchost.exe |
"{A0ADB1FB-9594-4BB7-8AFC-1F713A9E2518}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A1DD282B-58C7-45B4-BEE7-752EA6D3906C}" = dir=out | app=c:\program files\bonjour\mdnsresponder.exe |
"{A6D498CF-E09B-444E-92C0-96E7D1F913DB}" = protocol=6 | dir=out | app=c:\users\sundars\appdata\local\google\chrome\application\chrome.exe |
"{A8535852-4D23-44D2-9DEE-CD01379E81BB}" = protocol=6 | dir=out | app=%programfiles% (x86)\skype\phone\skype.exe |
"{B1823B2B-EDC0-4BC0-837F-A88EEE3007D8}" = dir=out | app=%programfiles% (x86)\skype\phone\skype.exe |
"{B1988050-9ED7-4E08-BCE1-373D183E3673}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B4BC57CD-0FD5-4741-A302-6BBB97016F68}" = dir=out | app=c:\windows\system32\svchost.exe |
"{B8109073-8311-4FAD-A67C-734030419875}" = protocol=6 | dir=in | app=system |
"{C1595049-4E1F-4439-97B2-1E19F1B33573}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{CB76087B-1BA0-4271-8CF5-6DD3F72E2E98}" = protocol=6 | dir=out | app=%programfiles% (x86)\dtn\iqfeed\iqconnect.exe |
"{CCC19B31-EF85-46CA-AF61-A8745EC86EC7}" = protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{D1D6BDA2-327D-4124-A999-7B5CBC25EFBF}" = dir=out | app=localhost |
"{D3BE2D32-9A18-45C7-B6B9-FED10B20B3F6}" = protocol=6 | dir=in | app=%programfiles% (x86)\skype\phone\skype.exe |
"{D61688A1-CA8B-4CF4-BEDF-A2560DA1F10D}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{D6405D40-BAFA-4502-B088-63AC198989EF}" = dir=out | app=c:\users\sundars\appdata\local\google\update\googleupdate.exe |
"{D85495EB-0B42-4E83-959F-0855C57BDBD3}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D8E461AB-C02C-4F03-98C4-CDA6AEB570BC}" = dir=out | app=c:\windows\system32\svchost.exe |
"{DB19B829-055B-4A4E-8806-EEEB69794CB4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DE8F6E81-1B58-4C50-BC81-E216FA32945E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DED7948D-BB40-406E-86D7-D218E54D7025}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E231AF57-69BB-40B9-8E60-7AEA8D2AFCBF}" = protocol=17 | dir=out | app=%programfiles% (x86)\dtn\iqfeed\iqconnect.exe |
"{E7BE0CEA-2882-4E7A-9D41-24999CE84D8A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F44AF056-E079-4E84-B7AD-6C93D96D4425}" = protocol=17 | dir=in | app=system |
"{F97CFC43-DDBB-4A9D-B160-1838A78D4AF9}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"TCP Query User{233BB6F8-395C-4ABB-B0F1-CFBDFB632F0E}C:\program files (x86)\ninjatrader 7\bin64\ninjatrader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ninjatrader 7\bin64\ninjatrader.exe |
"UDP Query User{145BF891-3E97-4094-978C-8DA141CC18AD}C:\program files (x86)\ninjatrader 7\bin64\ninjatrader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ninjatrader 7\bin64\ninjatrader.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04F9B09E-CDB5-46fc-AC30-2E7E7C7A8A34}" = Canon MP800
"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
"{1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1}" = Microsoft .NET Framework 4.5
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417015FF}" = Java 7 Update 15 (64-bit)
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 3.0.1
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E5159B4-A519-41EF-80EF-AD58371515DF}" = Eraser 6.0.10.2620
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5
"{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer
"{AAE9AB32-071F-46AF-B0C3-F936E6345F4A}" = Nitro Pro 8
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D0CB24F4-084F-40DE-B6B9-A03626E682F0}" = iCloud
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client
"{F92F0AAB-2EF6-412C-8BF4-0B11EB535280}_is1" = PDF-XChange 2012 Pro
"AmiBroker64_is1" = AmiBroker 5.60.3 x64
"CCleaner" = CCleaner
"CrystalDiskMark_is1" = CrystalDiskMark 3.0.1c
"Microsoft Security Client" = Microsoft Security Essentials
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"Sandboxie" = Sandboxie 3.76 (64-bit)
"Windows Firewall Control" = Windows Firewall Control
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{1E579B65-503B-4184-B481-5138124BEE1D}_is1" = VT Hash Check 1.2
"{26A24AE4-039D-4CA4-87B4-2F83217015FF}" = Java 7 Update 15
"{272E80B6-9579-421F-8B8E-6E8855FA1F91}" = Vigor N61 802.11n Wireless USB Adapter
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{3577E42B-3347-4EB8-BFDA-D36E8ED3C519}" = Windows 7 USB/DVD Download Tool
"{45EECCAE-403C-44CE-AE2F-6028617B63F8}" = X-Rite Device Services Manager
"{494367EC-82A9-4C0D-A788-74A967998E8C}" = FXCM Trading Station
"{49C14B93-58AD-4178-B52C-750D54CE618D}" = SaxoTrader
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C590030-7469-453E-8589-D15DA9D03F52}" = ANIWZCS2 Service
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{80A07844-CA64-4DE4-AB61-D37DDBE8074F}" = PDF Architect
"{8ED262EE-FC73-47A9-BB86-D92223246881}" = PowerChute Personal Edition 3.0.2
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_PROR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.6)
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B008D66F-B796-4C06-B707-932F0B225531}" = Mail Merge Toolkit
"{B3314ED3-506E-40BE-BBB0-104E719AE44B}" = AlpariUK
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BB2338E5-3156-49D3-B539-7E6EF5BC3ECF}" = NinjaTrader 7
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{DEF3592F-0751-4632-9875-8BF9AD602898}" = DNSCrypt
"{E04FD66D-ADDD-48A0-B766-4111945C09D4}" = RAMDisk
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{FBD7AFBB-8D94-4207-A013-CAF1BBA51AB3}" = Microsoft .NET Framework 3.5 SP1 Setup
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Bandicam" = Bandicam
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"CanonMyPrinter" = Canon My Printer
"EasyBCD" = EasyBCD 2.1.2
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"ERUNT_is1" = ERUNT 1.1j
"ESET Online Scanner" = ESET Online Scanner v3
"FXCM Trading Station" = FXCM Trading Station
"ImgBurn" = ImgBurn
"IQFeed Client" = IQFeed Client 4.9.0.3
"Jagannatha Hora_is1" = Jagannatha Hora 7.64
"KeyScrambler" = KeyScrambler
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"Mozilla Firefox 19.0 (x86 en-GB)" = Mozilla Firefox 19.0 (x86 en-GB)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator 2.0" = Canon MP Navigator 2.0
"OpenDNS Updater" = OpenDNS Updater 2.2.1
"PROR" = Microsoft Office Professional 2007
"Rapport_msi" = Rapport
"Revo Uninstaller" = Revo Uninstaller 1.94
"Secunia PSI" = Secunia PSI (3.0.0.6001)
"TaxCalc 2007" = TaxCalc 2007
"TaxCalc 2011" = TaxCalc 2011
"TaxCalc 2012" = TaxCalc 2012
"WinX Free AVI to FLV Converter_is1" = WinX Free AVI to FLV Converter 4.1.11
"ZoneAlarm Backup Powered by IDrive_is1" = ZoneAlarm Backup Powered by IDrive version 1.0.5 March 01, 2011
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1436455705-2035571507-3517363761-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"DataTools" = DataTools
"DataUpdater" = Premium Data
"Dropbox" = Dropbox
"fx2" = Premium Forex
"Google Chrome" = Google Chrome
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 22/02/2013 04:37:31 | Computer Name = Sundars-PC | Source = Desktop Window Manager | ID = 9020
Description = The Desktop Window Manager has encountered a fatal error (0x88980406)
Error - 23/02/2013 10:18:21 | Computer Name = Sundars-PC | Source = Desktop Window Manager | ID = 9020
Description = The Desktop Window Manager has encountered a fatal error (0x88980406)
Error - 24/02/2013 19:28:03 | Computer Name = Sundars-PC | Source = Application Error | ID = 0
Description =
Error - 24/02/2013 19:28:04 | Computer Name = Sundars-PC | Source = Application Error | ID = 0
Description =
Error - 24/02/2013 19:28:06 | Computer Name = Sundars-PC | Source = Application Error | ID = 1000
Description = Faulting application name: PDF Architect.exe, version: 1.0.52.8917,
time stamp: 0x50ed8023 Faulting module name: PDF Architect.exe, version: 1.0.52.8917,
time stamp: 0x50ed8023 Exception code: 0xc0000005 Fault offset: 0x0042f6dd Faulting
process id: 0x740 Faulting application start time: 0x01ce12e683166f6d Faulting application
path: C:\Program Files (x86)\PDF Architect\PDF Architect.exe Faulting module path:
C:\Program Files (x86)\PDF Architect\PDF Architect.exe Report Id: d7512472-7ed9-11e2-ab60-00215ac6f264
Error - 25/02/2013 06:22:26 | Computer Name = Sundars-PC | Source = Desktop Window Manager | ID = 9020
Description = The Desktop Window Manager has encountered a fatal error (0x88980406)
Error - 27/02/2013 11:54:14 | Computer Name = Sundars-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\Sundars\Desktop\esetsmartinstaller_enu.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 27/02/2013 11:57:06 | Computer Name = Sundars-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\Sundars\Desktop\GeeksFeb13\esetsmartinstaller_enu
(1).exe".Error in manifest or policy file "" on line . A component version required
by the application conflicts with another component version already active. Conflicting
components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 27/02/2013 11:57:12 | Computer Name = Sundars-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\Sundars\Desktop\GeeksFeb13\esetsmartinstaller_enu
(1).exe".Error in manifest or policy file "" on line . A component version required
by the application conflicts with another component version already active. Conflicting
components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 27/02/2013 11:58:29 | Computer Name = Sundars-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\Sundars\Desktop\GeeksFeb13\esetsmartinstaller_enu
(1).exe".Error in manifest or policy file "" on line . A component version required
by the application conflicts with another component version already active. Conflicting
components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
[ OSession Events ]
Error - 05/11/2012 06:11:45 | Computer Name = Sundars-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 17
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 14/02/2013 06:04:46 | Computer Name = Sundars-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk3\DR3.
Error - 14/02/2013 06:04:47 | Computer Name = Sundars-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk3\DR3.
Error - 14/02/2013 06:04:47 | Computer Name = Sundars-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk3\DR3.
Error - 14/02/2013 06:04:48 | Computer Name = Sundars-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk3\DR3.
Error - 14/02/2013 06:04:49 | Computer Name = Sundars-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk3\DR3.
Error - 14/02/2013 06:04:49 | Computer Name = Sundars-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk3\DR3.
Error - 14/02/2013 06:04:50 | Computer Name = Sundars-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk3\DR3.
Error - 14/02/2013 06:04:50 | Computer Name = Sundars-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk3\DR3.
Error - 14/02/2013 06:04:51 | Computer Name = Sundars-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk3\DR3.
Error - 14/02/2013 07:21:53 | Computer Name = Sundars-PC | Source = Service Control Manager | ID = 7031
Description = The Acronis Nonstop Backup Service service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
10000 milliseconds: Restart the service.
< End of report >
-----------------------
MBAM SCAN
-----------------------------
OTL Extras logfile created on: 27/02/2013 17:43:35 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Sundars\Desktop\GeeksFeb13
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
28.00 Gb Total Physical Memory | 19.20 Gb Available Physical Memory | 68.56% Memory free
56.00 Gb Paging File | 47.34 Gb Available in Paging File | 84.54% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.76 Gb Total Space | 373.20 Gb Free Space | 80.13% Space Free | Partition Type: NTFS
Drive D: | 1397.27 Gb Total Space | 1217.79 Gb Free Space | 87.15% Space Free | Partition Type: NTFS
Drive F: | 3.99 Gb Total Space | 3.29 Gb Free Space | 82.42% Space Free | Partition Type: NTFS
Computer Name: SUNDARS-PC | User Name: Sundars | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
"PolicyVersion" = 522
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
"DisableNotifications" = 0
"AllowLocalPolicyMerge" = 1
"DefaultInboundAction" = 1
"EnableFirewall" = 1
"DefaultOutboundAction" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging]
"LogDroppedPackets" = 1
"LogSuccessfulConnections" = 0
"LogFilePath" = D:\Firewall Logs\Corp Domain\CorpDomFirewall.log -- ()
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile]
"DisableNotifications" = 0
"AllowLocalPolicyMerge" = 1
"AllowLocalIPsecPolicyMerge" = 1
"DefaultInboundAction" = 1
"EnableFirewall" = 1
"DefaultOutboundAction" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile\Logging]
"LogFilePath" = D:\Firewall Logs\Private Domain\Private-firewall.log -- ()
"LogDroppedPackets" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile]
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0
"AllowLocalPolicyMerge" = 1
"AllowLocalIPsecPolicyMerge" = 1
"DefaultInboundAction" = 1
"EnableFirewall" = 1
"DefaultOutboundAction" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\Logging]
"LogFilePath" = D:\Firewall Logs\Pub Domain\pubfirewall.log -- ()
"LogDroppedPackets" = 1
"LogSuccessfulConnections" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
"PolicyVersion" = 522
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
"DisableNotifications" = 0
"AllowLocalPolicyMerge" = 1
"DefaultInboundAction" = 1
"EnableFirewall" = 1
"DefaultOutboundAction" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging]
"LogDroppedPackets" = 1
"LogSuccessfulConnections" = 0
"LogFilePath" = D:\Firewall Logs\Corp Domain\CorpDomFirewall.log -- ()
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile]
"DisableNotifications" = 0
"AllowLocalPolicyMerge" = 1
"AllowLocalIPsecPolicyMerge" = 1
"DefaultInboundAction" = 1
"EnableFirewall" = 1
"DefaultOutboundAction" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile\Logging]
"LogFilePath" = D:\Firewall Logs\Private Domain\Private-firewall.log -- ()
"LogDroppedPackets" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile]
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0
"AllowLocalPolicyMerge" = 1
"AllowLocalIPsecPolicyMerge" = 1
"DefaultInboundAction" = 1
"EnableFirewall" = 1
"DefaultOutboundAction" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\Logging]
"LogFilePath" = D:\Firewall Logs\Pub Domain\pubfirewall.log -- ()
"LogDroppedPackets" = 1
"LogSuccessfulConnections" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DefaultOutboundAction" = 1
"DefaultInboundAction" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DefaultOutboundAction" = 1
"DefaultInboundAction" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DefaultOutboundAction" = 1
"DefaultInboundAction" = 1
"DoNotAllowExceptions" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0080B179-9CEC-40A5-A462-0B82343768A9}" = rport=80 | protocol=6 | dir=out | app=c:\program files\internet explorer\iexplore.exe |
"{037817A2-0C36-4F80-BD21-4E9E93B11B83}" = lport=2869 | protocol=6 | dir=in | app=system |
"{0435F557-D1A4-402E-B1F7-3D9E7F648381}" = rport=60020 | protocol=6 | dir=out | app=c:\program files (x86)\dtn\iqfeed\iqconnect.exe |
"{0B304621-B5AE-4C95-9DE1-13FF76A6BBFC}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0BC3C76A-D498-4DC2-892B-EA6D8A22F9CC}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"{0ED09BE7-AE91-4C38-82B5-FC9EA8C190B7}" = rport=5357 | protocol=6 | dir=out | app=c:\windows\system32\svchost.exe |
"{1004C511-AFBE-458B-98D5-833B7DB26337}" = rport=80 | protocol=6 | dir=out | app=%programfiles% (x86)\common files\java\java update\jaucheck.exe |
"{12CF2A8A-9497-417A-9D2E-2F3506289CC2}" = rport=80 | protocol=6 | dir=out | app=%programfiles% (x86)\java\jre7\bin\java.exe |
"{1525DB6D-2600-44F1-A2A9-965CBE65F773}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{17CA3D79-A96C-4BBE-B23E-75A7FCDBC4FD}" = rport=80 | protocol=6 | dir=out | app=%programfiles% (x86)\java\jre7\bin\javaws.exe |
"{19149804-26F3-43C8-B148-CBDBAD23C459}" = rport=80 | protocol=6 | dir=out | app=%programfiles% (x86)\candleworks\fxts2\fxtspp.exe |
"{1C941435-EAAF-43D2-90E6-0ACF03B62B9F}" = rport=139 | protocol=6 | dir=out | app=system |
"{1EDA99A7-9AD4-4AF0-9303-435091387BCB}" = rport=80 | protocol=6 | dir=out | name=custom - sanboxie update |
"{27BFBB78-5FD9-477D-904A-1AB9E0882C54}" = rport=80 | protocol=6 | dir=out | app=%userprofile%\downloads\jre-7u7-windows-i586.exe |
"{2C11ED30-390F-402B-A3F8-A3D1815BBE6B}" = rport=80 | protocol=6 | dir=out | app=%programfiles%\microsoft security client\msseces.exe |
"{2E0D74DE-530B-4CB9-9F2C-7C2979EDDE73}" = rport=80 | protocol=6 | dir=out | app=%programfiles%\tracker software\live update\liveupdate.exe |
"{2FA6246B-3291-43C2-9104-335418D2B2C9}" = rport=443 | protocol=6 | dir=out | app=c:\program files (x86)\malwarebytes' anti-malware\mbamscheduler.exe |
"{37173833-9E91-4523-BB2C-9D0F35330214}" = rport=80 | protocol=6 | dir=out | svc=wuauserv | app=%systemroot%\syswow64\svchost.exe |
"{38A745CD-9C0B-481F-A0F6-2B55D409C8DE}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\apple software update\softwareupdate.exe |
"{3C8CE795-74B8-446F-945B-9143E289DC40}" = lport=138 | protocol=17 | dir=in | app=system |
"{3E10042F-FF69-4A2F-885D-593CF23AB8CB}" = rport=21 | protocol=6 | dir=out | app=ftpcommand |
"{41852DE7-8F6D-4FEB-9118-570AF75F6ED5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{435B5C72-25C2-4F4C-BECB-128217EA84E2}" = rport=80 | protocol=6 | dir=out | app=%programfiles% (x86)\java\jre7\bin\javacpl.exe |
"{460D9863-B5A3-49C7-85EB-1B0A0DEAFF55}" = rport=990 | protocol=6 | dir=out | app=ftps |
"{48215E7D-0375-41A7-85B3-D2A416BA1280}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{487D674D-A0F6-43F4-BE83-7001E3313EF9}" = rport=80 | protocol=6 | dir=out | app=%userprofile%\downloads\chromeinstall-7u7.exe |
"{4951FC49-C199-4CE8-890B-81217AEDC5DE}" = rport=80 | protocol=6 | dir=out | svc=wuauserv | app=%systemroot%\system32\svchost.exe |
"{4F54FEDD-A0E7-47A7-AEE2-67576541E639}" = lport=139 | protocol=6 | dir=in | app=system |
"{4FA3CDD0-5078-45F5-83F0-5C0267DA3BFD}" = lport=445 | protocol=6 | dir=in | app=system |
"{51253AA4-83E7-4D1C-9453-CF0923CCA2D9}" = rport=80 | protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{52F0BEC5-E727-493E-9ED9-8F53C11E1BA8}" = rport=25 | protocol=6 | dir=out | app=%programfiles% (x86)\microsoft office\office12\outlook.exe |
"{55A77A94-5B62-498A-9426-C02BAF3F977B}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\google\update\googleupdate.exe |
"{55BD0BCC-0811-4876-A209-C948E128C403}" = rport=80 | protocol=6 | dir=out | app=%programfiles% (x86)\common files\java\java update\jusched.exe |
"{5AAF81B0-C53F-4746-ACBC-FD09B38AF601}" = rport=443 | protocol=6 | dir=out | app=c:\program files (x86)\trusteer\rapport\bin\rapportmgmtservice.exe |
"{5AC02C1F-54F8-4DE5-817E-4FC269EDA339}" = rport=80 | protocol=6 | dir=out | app=%programfiles% (x86)\itunes\itunes.exe |
"{5DE4A4D2-FA9F-4353-A708-D73DA3A652C4}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\trusteer\rapport\bin\rapportservice.exe |
"{5F3BD7B4-F12D-4F53-9333-8388EC1F3D79}" = rport=80 | protocol=6 | dir=out | app=%programfiles% (x86)\java\jre7\bin\javaw.exe |
"{691532FC-BDE4-4416-9D10-2D58CFF798D8}" = rport=0 | protocol=6 | dir=out | app=ftpdatapass |
"{6C1BA8E5-4A21-45F5-B319-EF1E5CAF2FAA}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{72D52E9A-3F98-49B6-B994-27D898CF3E7E}" = rport=445 | protocol=6 | dir=out | app=system |
"{7647472E-4DD4-4328-B47E-EFC512D8E11C}" = lport=5454 | protocol=6 | dir=in | name=x-rite device services manager |
"{7675492C-551C-4CEA-8D24-47BF6BB555D5}" = rport=123 | protocol=17 | dir=out | svc=w32time | app=%systemroot%\system32\svchost.exe |
"{76D7BFC5-DE32-4D2B-975E-BF311A970C2B}" = rport=123 | protocol=17 | dir=out | svc=w32time | app=%systemroot%\syswow64\svchost.exe |
"{770D90DC-A3EC-4E2A-9BD9-D1A9A381A196}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\malwarebytes' anti-malware\mbamscheduler.exe |
"{77642868-B51E-4862-AE57-8A1241E8ADBA}" = rport=53242 | protocol=17 | dir=out | app=c:\windows\system32\svchost.exe |
"{79727309-7478-4C34-A02A-4FCA4BBC2401}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7ACB291D-24AD-4E50-BB18-18419E47F26E}" = rport=80 | protocol=6 | dir=out | app=%userprofile%\downloads\flashplayer.exe |
"{7F4C80D8-4753-4040-86C6-DC5EF60A84FA}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\mozilla firefox\updater.exe |
"{8100B946-DF54-49CB-9A6C-1178D20ED7B4}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\vs revo group\revo uninstaller\revouninstaller.exe |
"{88ED0056-AB28-4434-9B29-D8B1BC7FB02F}" = lport=137 | protocol=17 | dir=in | app=system |
"{8B2101E0-12C1-4346-9CAA-A39F0E6EBB11}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{8D9FF397-5CD4-41D2-9720-83ED65EF6CD4}" = rport=0 | protocol=17 | dir=out | app=%systemroot%\system32\lsass.exe |
"{8DBDF54A-6044-4280-BD95-A75FE5503C6F}" = rport=80 | protocol=6 | dir=in | app=%programfiles% (x86)\dtn\iqfeed\iqconnect.exe |
"{93E8D073-5DCA-48FF-A7C6-AF87BDE40FCC}" = rport=53 | protocol=17 | dir=out | app=%programfiles% (x86)\opendns\dnscrypt\dnscrypt-proxy.exe |
"{94A3740E-1CBD-4890-92D0-544398794671}" = rport=0 | protocol=6 | dir=in | app=ftpdata |
"{9768C54D-E186-418F-A875-D6E358FA8DBA}" = lport=135 | protocol=6 | dir=in | name=custom network rule - block port 135 & 445 |
"{9931D52F-202A-4B3B-AA60-4DE087F1CBF6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{9DC477C0-F7D9-4366-A090-90FD2940964B}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\imgburn\imgburn.exe |
"{A1199EF9-80D2-4765-9926-6ECDF199968E}" = rport=80 | protocol=6 | dir=out | app=%programfiles% (x86)\alpariuk\alpariukdirect.exe |
"{A1CC236B-EDE1-4BC3-B998-29369803D698}" = rport=443 | protocol=6 | dir=out | app=c:\program files (x86)\trusteer\rapport\bin\rapportservice.exe |
"{A3E44110-D81C-4C40-97A6-AC370F8A58BC}" = rport=80 | protocol=6 | dir=out | app=%programfiles% (x86)\common files\java\java update\jucheck.exe |
"{ACDD36DC-9D27-47EB-90D0-F926A4EB5BE5}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AD288ADA-13A6-4AB7-9F11-667E8037441E}" = rport=53 | protocol=17 | dir=out | svc=dnscache | app=c:\windows\system32\svchost.exe |
"{AD64947C-D997-48B1-BE42-91B8A0D7DE10}" = rport=53 | protocol=17 | dir=out | app=c:\windows\system32\svchost.exe |
"{AEE2927D-0BE7-48AD-B84F-BB9420B413F7}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\google\update\googleupdate.exe |
"{BE35D014-7375-4CF8-96E7-FB48BD4FC589}" = rport=80 | protocol=6 | dir=out | svc=helpsvc | app=%systemroot%\system32\svchost.exe |
"{C1517DCF-0153-411F-B6F7-437EABA15734}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\trusteer\rapport\bin\rapportmgmtservice.exe |
"{C25FDC95-75C8-4B02-A680-A9683369255D}" = rport=1900 | protocol=17 | dir=in | name=custom network rule - block port 1900 |
"{C54F4BEA-6C5D-49A4-A404-106D40F36805}" = rport=137 | protocol=17 | dir=out | app=system |
"{C7AF0FCA-D9E0-46CC-9560-CC3F6374000F}" = rport=21 | protocol=6 | dir=out | app=c:\windows\system32\ftp.exe |
"{CB8C8985-DED2-4AD8-A6DB-9DACB7382757}" = rport=80 | protocol=6 | dir=out | app=c:\windows\explorer.exe |
"{CED1BDAB-355B-43E1-AE4C-B6F2BDACD7D7}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\internet explorer\iexplore.exe |
"{D1FD6188-2C72-4D8D-B00D-4F5DDF1B4C16}" = rport=10243 | protocol=6 | dir=out | app=system |
"{D2E3F49D-5D14-4A30-8692-3D62D9EB66C4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D3D68CB4-1CA5-4CD2-97B5-BD401CAECA3B}" = rport=53 | protocol=17 | dir=out | app=c:\users\sundars\desktop\dnsbench.exe |
"{D69D0BA4-25AA-45D5-B13B-D16F60E7BC56}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DCA478A1-17F1-4837-BCA8-076A2AF54BD5}" = lport=445 | protocol=6 | dir=in | app=system |
"{E5DA8FC4-8E91-479F-8B46-600566B7B709}" = rport=80 | protocol=6 | dir=out | app=%programfiles% (x86)\neosmart technologies\easybcd\easybcd.exe |
"{E606D67D-B1AB-4EE1-A69C-9D2FE4938B7C}" = rport=19105 | protocol=6 | dir=out | app=c:\zonealarmbackup\zabackupclsclient.exe |
"{E7E35D46-CB1B-43FD-BA53-5AA1F210DD54}" = rport=138 | protocol=17 | dir=out | app=system |
"{EDA4A98E-8370-4539-AD6B-72404B071835}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EE6EC7EC-AC60-4DC6-A6CE-A862F8571CF9}" = rport=80 | protocol=6 | dir=out | app=%userprofile%\desktop\dnsbench.exe |
"{EED2690E-C22D-4DD0-9E27-D640DC27DD9F}" = lport=10243 | protocol=6 | dir=in | app=system |
"{EFB25419-6427-4026-863D-0D0ABAF13106}" = rport=5353 | protocol=17 | dir=out | app=c:\program files\bonjour\mdnsresponder.exe |
"{F1465CE8-C087-48DF-9FDC-B822BB36ABE3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{F8629104-F619-49D0-AE1C-6100248D1A28}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\dtn\iqfeed\iqconnect.exe |
"{FA99D32A-DFE9-4A49-8244-3AF34448FA84}" = rport=9300 | protocol=17 | dir=in | app=%programfiles% (x86)\dtn\iqfeed\iqconnect.exe |
"{FAD88354-8E90-48F0-9C06-93B86887956B}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\malwarebytes' anti-malware\mbam.exe |
"{FBA1FFFE-E890-4A05-A650-C5E74DF32FC9}" = rport=443 | protocol=6 | dir=out | app=c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02AE0858-A1D2-4E46-B57B-0B53F51CC875}" = protocol=6 | dir=out | app=system |
"{02F6CF83-B922-4DFA-A538-CE9690B4F467}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{07DE943A-FCCE-4632-8583-9233297F71B3}" = protocol=6 | dir=out | app=c:\program files (x86)\dtn\iqfeed\iqlinklauncher.exe |
"{081C384A-26DC-49A0-BE1C-512FA0F7B368}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0E22F87F-52A2-49DA-BFC4-F82A0BD47882}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1A44AE1D-755F-4204-A097-239793D3B011}" = protocol=6 | dir=out | app=system |
"{1C436F62-F9BB-48E5-9500-734DF5514EA4}" = protocol=41 | dir=out | app=system |
"{1F60ADFE-3A22-45A4-B306-BB7677B1D361}" = protocol=17 | dir=in | app=%programfiles% (x86)\skype\phone\skype.exe |
"{23283D50-1E32-41EB-92A8-8C37E25517B0}" = protocol=6 | dir=in | app=c:\users\sundars\appdata\roaming\dropbox\bin\dropbox.exe |
"{27BD713F-6845-4387-BBFF-E98D8C0B5B20}" = protocol=1 | dir=out | app=any |
"{2AD065AB-674C-4B08-B2A9-5E042F7FE9E3}" = protocol=58 | dir=out | [email protected],-28546 |
"{31AFFA1F-636C-450F-ADD6-E24735461E56}" = protocol=6 | dir=out | app=c:\program files (x86)\dtn\iqfeed\iqlinklauncher.exe |
"{36E58820-6D9D-457A-B352-AF3F0CB53A5E}" = protocol=1 | dir=out | app=any |
"{3ABF56B1-01A2-483B-9B66-AFA61B4AB951}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3BAC2DCA-4022-4E72-BA73-873017E23D51}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3E22B6B3-3727-4519-A3DE-BD48C9488392}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{46C26C40-03DB-4FEC-AC98-FB914BD94B8F}" = protocol=58 | dir=in | [email protected],-28545 |
"{4986A3E3-3510-421C-A080-B6D2C3FC360C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{52AFB3C1-C1A5-491D-A84A-21256767B8BC}" = dir=out | app=c:\windows\system32\svchost.exe |
"{58F648BB-3EA9-4859-8669-E4F47E6EA2E5}" = protocol=6 | dir=out | app=%programfiles% (x86)\skype\phone\skype.exe |
"{6005D19E-3CB0-4A6F-A579-E270439F9869}" = dir=out | app=%programfiles% (x86)\skype\phone\skype.exe |
"{65F4782F-EACD-41DB-9ED5-26393C29DE82}" = protocol=17 | dir=out | app=c:\windows\system32\svchost.exe |
"{72BCEA47-6BB6-4ADE-983B-228641C9302D}" = protocol=1 | dir=out | app=system |
"{734788E0-AFAF-487E-AED0-9298930A1088}" = protocol=17 | dir=out | app=%programfiles% (x86)\dtn\iqfeed\iqconnect.exe |
"{741143EC-C7A7-47A7-B42A-2EFF2ED9B126}" = protocol=1 | dir=out | [email protected],-28544 |
"{7ED03C91-09EB-4076-A2FF-5E7E98C1EFAA}" = dir=out | app=c:\windows\system32\svchost.exe |
"{7F0036D4-EC68-46E5-B69A-42C2C1344461}" = protocol=17 | dir=in | app=c:\users\sundars\appdata\roaming\dropbox\bin\dropbox.exe |
"{8B32DC7A-B6D2-4A37-BE2E-B4EEDA94468D}" = protocol=1 | dir=in | app=system |
"{8D31B319-72A4-41E0-8FBA-86E99DB4EA81}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9568630F-847B-42F1-8ACE-407919AAB359}" = protocol=1 | dir=in | [email protected],-28543 |
"{9C3E662D-983C-48E1-A95A-E3BCEC1256BF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9F5E6F7C-1BAE-48C0-906A-5B84CB0FF752}" = dir=out | app=c:\windows\system32\svchost.exe |
"{A0ADB1FB-9594-4BB7-8AFC-1F713A9E2518}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A1DD282B-58C7-45B4-BEE7-752EA6D3906C}" = dir=out | app=c:\program files\bonjour\mdnsresponder.exe |
"{A6D498CF-E09B-444E-92C0-96E7D1F913DB}" = protocol=6 | dir=out | app=c:\users\sundars\appdata\local\google\chrome\application\chrome.exe |
"{A8535852-4D23-44D2-9DEE-CD01379E81BB}" = protocol=6 | dir=out | app=%programfiles% (x86)\skype\phone\skype.exe |
"{B1823B2B-EDC0-4BC0-837F-A88EEE3007D8}" = dir=out | app=%programfiles% (x86)\skype\phone\skype.exe |
"{B1988050-9ED7-4E08-BCE1-373D183E3673}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B4BC57CD-0FD5-4741-A302-6BBB97016F68}" = dir=out | app=c:\windows\system32\svchost.exe |
"{B8109073-8311-4FAD-A67C-734030419875}" = protocol=6 | dir=in | app=system |
"{C1595049-4E1F-4439-97B2-1E19F1B33573}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{CB76087B-1BA0-4271-8CF5-6DD3F72E2E98}" = protocol=6 | dir=out | app=%programfiles% (x86)\dtn\iqfeed\iqconnect.exe |
"{CCC19B31-EF85-46CA-AF61-A8745EC86EC7}" = protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{D1D6BDA2-327D-4124-A999-7B5CBC25EFBF}" = dir=out | app=localhost |
"{D3BE2D32-9A18-45C7-B6B9-FED10B20B3F6}" = protocol=6 | dir=in | app=%programfiles% (x86)\skype\phone\skype.exe |
"{D61688A1-CA8B-4CF4-BEDF-A2560DA1F10D}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{D6405D40-BAFA-4502-B088-63AC198989EF}" = dir=out | app=c:\users\sundars\appdata\local\google\update\googleupdate.exe |
"{D85495EB-0B42-4E83-959F-0855C57BDBD3}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D8E461AB-C02C-4F03-98C4-CDA6AEB570BC}" = dir=out | app=c:\windows\system32\svchost.exe |
"{DB19B829-055B-4A4E-8806-EEEB69794CB4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DE8F6E81-1B58-4C50-BC81-E216FA32945E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DED7948D-BB40-406E-86D7-D218E54D7025}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E231AF57-69BB-40B9-8E60-7AEA8D2AFCBF}" = protocol=17 | dir=out | app=%programfiles% (x86)\dtn\iqfeed\iqconnect.exe |
"{E7BE0CEA-2882-4E7A-9D41-24999CE84D8A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F44AF056-E079-4E84-B7AD-6C93D96D4425}" = protocol=17 | dir=in | app=system |
"{F97CFC43-DDBB-4A9D-B160-1838A78D4AF9}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"TCP Query User{233BB6F8-395C-4ABB-B0F1-CFBDFB632F0E}C:\program files (x86)\ninjatrader 7\bin64\ninjatrader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ninjatrader 7\bin64\ninjatrader.exe |
"UDP Query User{145BF891-3E97-4094-978C-8DA141CC18AD}C:\program files (x86)\ninjatrader 7\bin64\ninjatrader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ninjatrader 7\bin64\ninjatrader.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04F9B09E-CDB5-46fc-AC30-2E7E7C7A8A34}" = Canon MP800
"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
"{1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1}" = Microsoft .NET Framework 4.5
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417015FF}" = Java 7 Update 15 (64-bit)
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 3.0.1
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E5159B4-A519-41EF-80EF-AD58371515DF}" = Eraser 6.0.10.2620
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5
"{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer
"{AAE9AB32-071F-46AF-B0C3-F936E6345F4A}" = Nitro Pro 8
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D0CB24F4-084F-40DE-B6B9-A03626E682F0}" = iCloud
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client
"{F92F0AAB-2EF6-412C-8BF4-0B11EB535280}_is1" = PDF-XChange 2012 Pro
"AmiBroker64_is1" = AmiBroker 5.60.3 x64
"CCleaner" = CCleaner
"CrystalDiskMark_is1" = CrystalDiskMark 3.0.1c
"Microsoft Security Client" = Microsoft Security Essentials
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"Sandboxie" = Sandboxie 3.76 (64-bit)
"Windows Firewall Control" = Windows Firewall Control
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{1E579B65-503B-4184-B481-5138124BEE1D}_is1" = VT Hash Check 1.2
"{26A24AE4-039D-4CA4-87B4-2F83217015FF}" = Java 7 Update 15
"{272E80B6-9579-421F-8B8E-6E8855FA1F91}" = Vigor N61 802.11n Wireless USB Adapter
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{3577E42B-3347-4EB8-BFDA-D36E8ED3C519}" = Windows 7 USB/DVD Download Tool
"{45EECCAE-403C-44CE-AE2F-6028617B63F8}" = X-Rite Device Services Manager
"{494367EC-82A9-4C0D-A788-74A967998E8C}" = FXCM Trading Station
"{49C14B93-58AD-4178-B52C-750D54CE618D}" = SaxoTrader
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C590030-7469-453E-8589-D15DA9D03F52}" = ANIWZCS2 Service
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{80A07844-CA64-4DE4-AB61-D37DDBE8074F}" = PDF Architect
"{8ED262EE-FC73-47A9-BB86-D92223246881}" = PowerChute Personal Edition 3.0.2
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_PROR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.6)
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B008D66F-B796-4C06-B707-932F0B225531}" = Mail Merge Toolkit
"{B3314ED3-506E-40BE-BBB0-104E719AE44B}" = AlpariUK
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BB2338E5-3156-49D3-B539-7E6EF5BC3ECF}" = NinjaTrader 7
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{DEF3592F-0751-4632-9875-8BF9AD602898}" = DNSCrypt
"{E04FD66D-ADDD-48A0-B766-4111945C09D4}" = RAMDisk
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{FBD7AFBB-8D94-4207-A013-CAF1BBA51AB3}" = Microsoft .NET Framework 3.5 SP1 Setup
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Bandicam" = Bandicam
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"CanonMyPrinter" = Canon My Printer
"EasyBCD" = EasyBCD 2.1.2
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"ERUNT_is1" = ERUNT 1.1j
"ESET Online Scanner" = ESET Online Scanner v3
"FXCM Trading Station" = FXCM Trading Station
"ImgBurn" = ImgBurn
"IQFeed Client" = IQFeed Client 4.9.0.3
"Jagannatha Hora_is1" = Jagannatha Hora 7.64
"KeyScrambler" = KeyScrambler
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"Mozilla Firefox 19.0 (x86 en-GB)" = Mozilla Firefox 19.0 (x86 en-GB)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator 2.0" = Canon MP Navigator 2.0
"OpenDNS Updater" = OpenDNS Updater 2.2.1
"PROR" = Microsoft Office Professional 2007
"Rapport_msi" = Rapport
"Revo Uninstaller" = Revo Uninstaller 1.94
"Secunia PSI" = Secunia PSI (3.0.0.6001)
"TaxCalc 2007" = TaxCalc 2007
"TaxCalc 2011" = TaxCalc 2011
"TaxCalc 2012" = TaxCalc 2012
"WinX Free AVI to FLV Converter_is1" = WinX Free AVI to FLV Converter 4.1.11
"ZoneAlarm Backup Powered by IDrive_is1" = ZoneAlarm Backup Powered by IDrive version 1.0.5 March 01, 2011
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1436455705-2035571507-3517363761-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"DataTools" = DataTools
"DataUpdater" = Premium Data
"Dropbox" = Dropbox
"fx2" = Premium Forex
"Google Chrome" = Google Chrome
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 22/02/2013 04:37:31 | Computer Name = Sundars-PC | Source = Desktop Window Manager | ID = 9020
Description = The Desktop Window Manager has encountered a fatal error (0x88980406)
Error - 23/02/2013 10:18:21 | Computer Name = Sundars-PC | Source = Desktop Window Manager | ID = 9020
Description = The Desktop Window Manager has encountered a fatal error (0x88980406)
Error - 24/02/2013 19:28:03 | Computer Name = Sundars-PC | Source = Application Error | ID = 0
Description =
Error - 24/02/2013 19:28:04 | Computer Name = Sundars-PC | Source = Application Error | ID = 0
Description =
Error - 24/02/2013 19:28:06 | Computer Name = Sundars-PC | Source = Application Error | ID = 1000
Description = Faulting application name: PDF Architect.exe, version: 1.0.52.8917,
time stamp: 0x50ed8023 Faulting module name: PDF Architect.exe, version: 1.0.52.8917,
time stamp: 0x50ed8023 Exception code: 0xc0000005 Fault offset: 0x0042f6dd Faulting
process id: 0x740 Faulting application start time: 0x01ce12e683166f6d Faulting application
path: C:\Program Files (x86)\PDF Architect\PDF Architect.exe Faulting module path:
C:\Program Files (x86)\PDF Architect\PDF Architect.exe Report Id: d7512472-7ed9-11e2-ab60-00215ac6f264
Error - 25/02/2013 06:22:26 | Computer Name = Sundars-PC | Source = Desktop Window Manager | ID = 9020
Description = The Desktop Window Manager has encountered a fatal error (0x88980406)
Error - 27/02/2013 11:54:14 | Computer Name = Sundars-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\Sundars\Desktop\esetsmartinstaller_enu.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 27/02/2013 11:57:06 | Computer Name = Sundars-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\Sundars\Desktop\GeeksFeb13\esetsmartinstaller_enu
(1).exe".Error in manifest or policy file "" on line . A component version required
by the application conflicts with another component version already active. Conflicting
components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 27/02/2013 11:57:12 | Computer Name = Sundars-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\Sundars\Desktop\GeeksFeb13\esetsmartinstaller_enu
(1).exe".Error in manifest or policy file "" on line . A component version required
by the application conflicts with another component version already active. Conflicting
components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 27/02/2013 11:58:29 | Computer Name = Sundars-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\Sundars\Desktop\GeeksFeb13\esetsmartinstaller_enu
(1).exe".Error in manifest or policy file "" on line . A component version required
by the application conflicts with another component version already active. Conflicting
components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
[ OSession Events ]
Error - 05/11/2012 06:11:45 | Computer Name = Sundars-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 17
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 14/02/2013 06:04:46 | Computer Name = Sundars-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk3\DR3.
Error - 14/02/2013 06:04:47 | Computer Name = Sundars-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk3\DR3.
Error - 14/02/2013 06:04:47 | Computer Name = Sundars-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk3\DR3.
Error - 14/02/2013 06:04:48 | Computer Name = Sundars-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk3\DR3.
Error - 14/02/2013 06:04:49 | Computer Name = Sundars-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk3\DR3.
Error - 14/02/2013 06:04:49 | Computer Name = Sundars-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk3\DR3.
Error - 14/02/2013 06:04:50 | Computer Name = Sundars-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk3\DR3.
Error - 14/02/2013 06:04:50 | Computer Name = Sundars-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk3\DR3.
Error - 14/02/2013 06:04:51 | Computer Name = Sundars-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk3\DR3.
Error - 14/02/2013 07:21:53 | Computer Name = Sundars-PC | Source = Service Control Manager | ID = 7031
Description = The Acronis Nonstop Backup Service service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
10000 milliseconds: Restart the service.
< End of report >
---------------------------------------
TDSS Killer Scan
-----------------------------------------
15:49:54.0808 6984 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
15:49:55.0147 6984 ============================================================
15:49:55.0147 6984 Current date / time: 2013/02/27 15:49:55.0147
15:49:55.0147 6984 SystemInfo:
15:49:55.0147 6984
15:49:55.0147 6984 OS Version: 6.1.7601 ServicePack: 1.0
15:49:55.0147 6984 Product type: Workstation
15:49:55.0148 6984 ComputerName: SUNDARS-PC
15:49:55.0148 6984 UserName: Sundars
15:49:55.0148 6984 Windows directory: C:\Windows
15:49:55.0148 6984 System windows directory: C:\Windows
15:49:55.0148 6984 Running under WOW64
15:49:55.0148 6984 Processor architecture: Intel x64
15:49:55.0148 6984 Number of processors: 4
15:49:55.0148 6984 Page size: 0x1000
15:49:55.0148 6984 Boot type: Normal boot
15:49:55.0148 6984 ============================================================
15:50:03.0018 6984 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:50:03.0147 6984 Drive \Device\Harddisk1\DR1 - Size: 0x15D51C00000 (1397.28 Gb), SectorSize: 0x200, Cylinders: 0x2C882, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:50:03.0261 6984 Drive \Device\Harddisk2\DR0 - Size: 0xFFC00000 (4.00 Gb), SectorSize: 0x200, Cylinders: 0x3FF, SectorsPerTrack: 0x20, TracksPerCylinder: 0x100, Type 'W'
15:50:03.0263 6984 ============================================================
15:50:03.0263 6984 \Device\Harddisk0\DR0:
15:50:03.0265 6984 MBR partitions:
15:50:03.0265 6984 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
15:50:03.0265 6984 \Device\Harddisk1\DR1:
15:50:03.0265 6984 MBR partitions:
15:50:03.0265 6984 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xAEA8A5C3
15:50:03.0265 6984 \Device\Harddisk2\DR0:
15:50:03.0265 6984 MBR partitions:
15:50:03.0265 6984 \Device\Harddisk2\DR0\Partition1: MBR, Type 0x7, StartLBA 0x80, BlocksNum 0x7FC800
15:50:03.0266 6984 ============================================================
15:50:03.0445 6984 C: <-> \Device\Harddisk0\DR0\Partition1
15:50:03.0865 6984 D: <-> \Device\Harddisk1\DR1\Partition1
15:50:03.0865 6984 F: <-> \Device\Harddisk2\DR0\Partition1
15:50:03.0865 6984 ============================================================
15:50:03.0866 6984 Initialize success
15:50:03.0866 6984 ============================================================
15:50:10.0366 4760 ============================================================
15:50:10.0366 4760 Scan started
15:50:10.0366 4760 Mode: Manual; SigCheck; TDLFS;
15:50:10.0366 4760 ============================================================
15:50:13.0719 4760 ================ Scan system memory ========================
15:50:13.0719 4760 System memory - ok
15:50:13.0720 4760 ================ Scan services =============================
15:50:13.0974 4760 [ 581D88B25C4D4121824FED2CA38E562F ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
15:50:14.0204 4760 !SASCORE - ok
15:50:14.0387 4760 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
15:50:14.0431 4760 1394ohci - ok
15:50:14.0488 4760 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
15:50:14.0507 4760 ACPI - ok
15:50:14.0532 4760 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
15:50:14.0577 4760 AcpiPmi - ok
15:50:14.0811 4760 [ DBD0F1FCA3A26E565A864E5DC505D713 ] AcrSch2Svc C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
15:50:14.0838 4760 AcrSch2Svc - ok
15:50:15.0113 4760 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:50:15.0126 4760 AdobeARMservice - ok
15:50:15.0449 4760 [ 563CDCFEEAEF97163E206AF71A61AA6E ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:50:15.0465 4760 AdobeFlashPlayerUpdateSvc - ok
15:50:15.0543 4760 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
15:50:15.0574 4760 adp94xx - ok
15:50:15.0604 4760 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
15:50:15.0626 4760 adpahci - ok
15:50:15.0675 4760 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
15:50:15.0733 4760 adpu320 - ok
15:50:15.0876 4760 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
15:50:16.0012 4760 AeLookupSvc - ok
15:50:16.0275 4760 [ ABCF9C80EAACE03021BB7F450EB8993F ] afcdp C:\Windows\system32\DRIVERS\afcdp.sys
15:50:16.0299 4760 afcdp - ok
15:50:16.0411 4760 [ C390AD88DCACA99A7FDA88658BC96D84 ] afcdpsrv C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
15:50:16.0470 4760 afcdpsrv - ok
15:50:16.0650 4760 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
15:50:16.0688 4760 AFD - ok
15:50:16.0882 4760 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
15:50:16.0899 4760 agp440 - ok
15:50:17.0010 4760 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
15:50:17.0029 4760 ALG - ok
15:50:17.0171 4760 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
15:50:17.0187 4760 aliide - ok
15:50:17.0227 4760 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
15:50:17.0243 4760 amdide - ok
15:50:17.0345 4760 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
15:50:17.0362 4760 AmdK8 - ok
15:50:17.0371 4760 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
15:50:17.0389 4760 AmdPPM - ok
15:50:17.0443 4760 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
15:50:17.0459 4760 amdsata - ok
15:50:17.0597 4760 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
15:50:17.0614 4760 amdsbs - ok
15:50:17.0725 4760 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
15:50:17.0745 4760 amdxata - ok
15:50:17.0762 4760 ANIWConnService - ok
15:50:17.0951 4760 [ 4CCF421E6C4B2A4CBCE000715911F7CC ] anodlwf C:\Windows\system32\DRIVERS\anodlwfx.sys
15:50:17.0968 4760 anodlwf - ok
15:50:18.0139 4760 [ 107AB19CC1D40B9D04537F6EEAAC34C9 ] APC Data Service C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe
15:50:18.0152 4760 APC Data Service - ok
15:50:18.0249 4760 [ C7F8C8080B055B3DE9A8141DFD8E308A ] APC UPS Service C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe
15:50:18.0268 4760 APC UPS Service - ok
15:50:18.0554 4760 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
15:50:18.0607 4760 AppID - ok
15:50:18.0630 4760 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
15:50:18.0664 4760 AppIDSvc - ok
15:50:18.0685 4760 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
15:50:18.0722 4760 Appinfo - ok
15:50:19.0032 4760 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:50:19.0046 4760 Apple Mobile Device - ok
15:50:19.0187 4760 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
15:50:19.0318 4760 AppMgmt - ok
15:50:19.0531 4760 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
15:50:19.0548 4760 arc - ok
15:50:19.0575 4760 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
15:50:19.0593 4760 arcsas - ok
15:50:20.0021 4760 [ 108FB6DDB69E537A2EA53F425363FAE5 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
15:50:20.0041 4760 aspnet_state - ok
15:50:20.0131 4760 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
15:50:20.0186 4760 AsyncMac - ok
15:50:20.0253 4760 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
15:50:20.0267 4760 atapi - ok
15:50:20.0340 4760 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:50:20.0455 4760 AudioEndpointBuilder - ok
15:50:20.0482 4760 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
15:50:20.0531 4760 AudioSrv - ok
15:50:20.0566 4760 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
15:50:20.0598 4760 AxInstSV - ok
15:50:20.0686 4760 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
15:50:20.0717 4760 b06bdrv - ok
15:50:21.0320 4760 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
15:50:21.0340 4760 b57nd60a - ok
15:50:21.0546 4760 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
15:50:21.0563 4760 BDESVC - ok
15:50:21.0701 4760 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
15:50:22.0095 4760 Beep - ok
15:50:22.0278 4760 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
15:50:22.0318 4760 BFE - ok
15:50:22.0451 4760 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
15:50:22.0492 4760 BITS - ok
15:50:22.0620 4760 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
15:50:22.0769 4760 blbdrive - ok
15:50:22.0851 4760 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
15:50:22.0867 4760 Bonjour Service - ok
15:50:22.0989 4760 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
15:50:23.0072 4760 bowser - ok
15:50:23.0087 4760 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:50:23.0196 4760 BrFiltLo - ok
15:50:23.0220 4760 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:50:23.0239 4760 BrFiltUp - ok
15:50:23.0264 4760 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
15:50:23.0316 4760 Browser - ok
15:50:23.0346 4760 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
15:50:23.0371 4760 Brserid - ok
15:50:23.0377 4760 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
15:50:23.0398 4760 BrSerWdm - ok
15:50:23.0409 4760 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
15:50:23.0471 4760 BrUsbMdm - ok
15:50:23.0476 4760 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
15:50:23.0516 4760 BrUsbSer - ok
15:50:23.0524 4760 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
15:50:23.0547 4760 BTHMODEM - ok
15:50:23.0622 4760 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
15:50:23.0726 4760 bthserv - ok
15:50:23.0746 4760 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
15:50:23.0836 4760 cdfs - ok
15:50:23.0895 4760 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
15:50:23.0960 4760 cdrom - ok
15:50:24.0017 4760 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
15:50:24.0085 4760 CertPropSvc - ok
15:50:24.0106 4760 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
15:50:24.0162 4760 circlass - ok
15:50:24.0188 4760 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
15:50:24.0208 4760 CLFS - ok
15:50:25.0473 4760 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:50:25.0488 4760 clr_optimization_v2.0.50727_32 - ok
15:50:25.0530 4760 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:50:25.0545 4760 clr_optimization_v2.0.50727_64 - ok
15:50:25.0710 4760 [ 6D7C8A951AF6AD6835C029B3CB88D333 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:50:25.0729 4760 clr_optimization_v4.0.30319_32 - ok
15:50:25.0804 4760 [ 86329C35FF23CFEF0FB6C0023BA06BCE ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:50:25.0823 4760 clr_optimization_v4.0.30319_64 - ok
15:50:25.0851 4760 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
15:50:25.0875 4760 CmBatt - ok
15:50:25.0908 4760 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
15:50:25.0923 4760 cmdide - ok
15:50:26.0004 4760 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
15:50:26.0031 4760 CNG - ok
15:50:26.0072 4760 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
15:50:26.0087 4760 Compbatt - ok
15:50:26.0155 4760 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
15:50:26.0225 4760 CompositeBus - ok
15:50:26.0303 4760 COMSysApp - ok
15:50:26.0338 4760 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
15:50:26.0354 4760 crcdisk - ok
15:50:26.0526 4760 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
15:50:26.0593 4760 CryptSvc - ok
15:50:26.0641 4760 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
15:50:26.0679 4760 CSC - ok
15:50:26.0757 4760 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
15:50:26.0788 4760 CscService - ok
15:50:26.0962 4760 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
15:50:27.0002 4760 DcomLaunch - ok
15:50:27.0099 4760 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
15:50:27.0191 4760 defragsvc - ok
15:50:27.0314 4760 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
15:50:27.0449 4760 DfsC - ok
15:50:27.0489 4760 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
15:50:27.0510 4760 Dhcp - ok
15:50:27.0531 4760 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
15:50:27.0578 4760 discache - ok
15:50:27.0701 4760 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
15:50:27.0717 4760 Disk - ok
15:50:27.0896 4760 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
15:50:27.0937 4760 Dnscache - ok
15:50:28.0031 4760 [ 6F865DE0687B6EC045F78CE9656D3626 ] DNSCrypt C:\Program Files (x86)\OpenDNS\DNSCrypt\OpenDNSCryptService.exe
15:50:28.0038 4760 DNSCrypt ( UnsignedFile.Multi.Generic ) - warning
15:50:28.0038 4760 DNSCrypt - detected UnsignedFile.Multi.Generic (1)
15:50:28.0058 4760 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
15:50:28.0100 4760 dot3svc - ok
15:50:28.0139 4760 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
15:50:28.0184 4760 DPS - ok
15:50:28.0218 4760 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
15:50:28.0246 4760 drmkaud - ok
15:50:28.0293 4760 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
15:50:28.0318 4760 DXGKrnl - ok
15:50:28.0357 4760 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
15:50:28.0392 4760 EapHost - ok
15:50:28.0522 4760 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
15:50:28.0720 4760 ebdrv - ok
15:50:28.0818 4760 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
15:50:28.0871 4760 EFS - ok
15:50:29.0001 4760 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
15:50:29.0023 4760 ehRecvr - ok
15:50:29.0065 4760 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
15:50:29.0087 4760 ehSched - ok
15:50:29.0131 4760 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
15:50:29.0169 4760 elxstor - ok
15:50:29.0197 4760 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
15:50:29.0214 4760 ErrDev - ok
15:50:29.0357 4760 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
15:50:29.0398 4760 EventSystem - ok
15:50:29.0445 4760 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
15:50:29.0502 4760 exfat - ok
15:50:29.0522 4760 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
15:50:29.0562 4760 fastfat - ok
15:50:29.0687 4760 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
15:50:29.0763 4760 Fax - ok
15:50:29.0784 4760 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
15:50:29.0802 4760 fdc - ok
15:50:29.0863 4760 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
15:50:29.0900 4760 fdPHost - ok
15:50:29.0918 4760 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
15:50:29.0981 4760 FDResPub - ok
15:50:30.0012 4760 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
15:50:30.0036 4760 FileInfo - ok
15:50:30.0073 4760 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
15:50:30.0141 4760 Filetrace - ok
15:50:30.0167 4760 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
15:50:30.0186 4760 flpydisk - ok
15:50:30.0270 4760 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
15:50:30.0292 4760 FltMgr - ok
15:50:30.0469 4760 [ F0CC1A9106F9FB0F704F6ED95622B43E ] fltsrv C:\Windows\system32\DRIVERS\fltsrv.sys
15:50:30.0486 4760 fltsrv - ok
15:50:30.0531 4760 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
15:50:30.0558 4760 FontCache - ok
15:50:30.0689 4760 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:50:30.0703 4760 FontCache3.0.0.0 - ok
15:50:30.0855 4760 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
15:50:30.0871 4760 FsDepends - ok
15:50:30.0924 4760 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
15:50:30.0939 4760 Fs_Rec - ok
15:50:31.0026 4760 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
15:50:31.0047 4760 fvevol - ok
15:50:31.0126 4760 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
15:50:31.0142 4760 gagp30kx - ok
15:50:31.0207 4760 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:50:31.0219 4760 GEARAspiWDM - ok
15:50:31.0258 4760 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
15:50:31.0305 4760 gpsvc - ok
15:50:31.0405 4760 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:50:31.0420 4760 gupdate - ok
15:50:31.0425 4760 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:50:31.0437 4760 gupdatem - ok
15:50:31.0573 4760 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
15:50:31.0795 4760 hcw85cir - ok
15:50:31.0897 4760 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:50:31.0977 4760 HdAudAddService - ok
15:50:32.0126 4760 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
15:50:32.0146 4760 HDAudBus - ok
15:50:32.0179 4760 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
15:50:32.0195 4760 HidBatt - ok
15:50:32.0296 4760 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
15:50:32.0321 4760 HidBth - ok
15:50:32.0346 4760 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
15:50:32.0388 4760 HidIr - ok
15:50:32.0412 4760 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
15:50:32.0485 4760 hidserv - ok
15:50:32.0852 4760 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
15:50:32.0884 4760 HidUsb - ok
15:50:32.0963 4760 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
15:50:33.0015 4760 hkmsvc - ok
15:50:33.0073 4760 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:50:33.0091 4760 HomeGroupListener - ok
15:50:33.0141 4760 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:50:33.0159 4760 HomeGroupProvider - ok
15:50:33.0194 4760 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
15:50:33.0209 4760 HpSAMD - ok
15:50:33.0269 4760 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
15:50:33.0367 4760 HTTP - ok
15:50:33.0419 4760 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
15:50:33.0433 4760 hwpolicy - ok
15:50:33.0689 4760 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
15:50:33.0764 4760 i8042prt - ok
15:50:33.0837 4760 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
15:50:33.0858 4760 iaStorV - ok
15:50:34.0203 4760 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:50:34.0243 4760 idsvc - ok
15:50:34.0382 4760 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
15:50:34.0398 4760 iirsp - ok
15:50:34.0435 4760 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
15:50:34.0490 4760 IKEEXT - ok
15:50:34.0526 4760 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
15:50:34.0565 4760 intelide - ok
15:50:34.0599 4760 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
15:50:35.0476 4760 intelppm - ok
15:50:35.0719 4760 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
15:50:38.0367 4760 IPBusEnum - ok
15:50:38.0471 4760 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:50:38.0689 4760 IpFilterDriver - ok
15:50:38.0809 4760 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
15:50:38.0879 4760 iphlpsvc - ok
15:50:39.0130 4760 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
15:50:39.0214 4760 IPMIDRV - ok
15:50:39.0368 4760 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
15:50:39.0440 4760 IPNAT - ok
15:50:39.0729 4760 [ 0F261EC4F514926177C70C1832374231 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
15:50:39.0752 4760 iPod Service - ok
15:50:39.0908 4760 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
15:50:39.0932 4760 IRENUM - ok
15:50:39.0972 4760 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
15:50:39.0995 4760 isapnp - ok
15:50:40.0257 4760 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
15:50:40.0294 4760 iScsiPrt - ok
15:50:40.0330 4760 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
15:50:40.0347 4760 kbdclass - ok
15:50:40.0432 4760 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
15:50:40.0648 4760 kbdhid - ok
15:50:40.0691 4760 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
15:50:40.0762 4760 KeyIso - ok
15:50:40.0951 4760 [ E3CF421210EBDDACB4590AE67A0226DC ] KeyScrambler C:\Windows\system32\drivers\keyscrambler.sys
15:50:41.0010 4760 KeyScrambler - ok
15:50:41.0029 4760 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
15:50:41.0045 4760 KSecDD - ok
15:50:41.0101 4760 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
15:50:41.0119 4760 KSecPkg - ok
15:50:41.0192 4760 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
15:50:41.0228 4760 ksthunk - ok
15:50:41.0268 4760 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
15:50:41.0396 4760 KtmRm - ok
15:50:41.0561 4760 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
15:50:41.0698 4760 LanmanServer - ok
15:50:41.0947 4760 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:50:42.0037 4760 LanmanWorkstation - ok
15:50:42.0090 4760 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
15:50:42.0228 4760 lltdio - ok
15:50:42.0267 4760 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
15:50:42.0349 4760 lltdsvc - ok
15:50:42.0377 4760 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
15:50:42.0539 4760 lmhosts - ok
15:50:42.0639 4760 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
15:50:42.0657 4760 LSI_FC - ok
15:50:42.0694 4760 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
15:50:42.0710 4760 LSI_SAS - ok
15:50:43.0016 4760 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:50:43.0031 4760 LSI_SAS2 - ok
15:50:43.0037 4760 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:50:43.0056 4760 LSI_SCSI - ok
15:50:43.0897 4760 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
15:50:43.0933 4760 luafv - ok
15:50:44.0138 4760 [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
15:50:44.0152 4760 MBAMProtector - ok
15:50:44.0210 4760 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
15:50:44.0227 4760 MBAMScheduler - ok
15:50:44.0318 4760 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
15:50:44.0337 4760 MBAMService - ok
15:50:44.0387 4760 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
15:50:44.0407 4760 Mcx2Svc - ok
15:50:44.0628 4760 [ 7CF1B716372B89568AE4C0FE769F5869 ] MDM C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
15:50:44.0638 4760 MDM ( UnsignedFile.Multi.Generic ) - warning
15:50:44.0638 4760 MDM - detected UnsignedFile.Multi.Generic (1)
15:50:44.0698 4760 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
15:50:44.0712 4760 megasas - ok
15:50:44.0862 4760 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
15:50:44.0881 4760 MegaSR - ok
15:50:45.0006 4760 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
15:50:45.0043 4760 MMCSS - ok
15:50:45.0069 4760 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
15:50:45.0106 4760 Modem - ok
15:50:45.0214 4760 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
15:50:45.0231 4760 monitor - ok
15:50:45.0313 4760 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
15:50:45.0329 4760 mouclass - ok
15:50:45.0375 4760 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
15:50:45.0391 4760 mouhid - ok
15:50:45.0412 4760 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
15:50:45.0427 4760 mountmgr - ok
15:50:45.0470 4760 [ 5C5E45DDABEFBC9F564F1D5C83258B8F ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
15:50:45.0483 4760 MozillaMaintenance - ok
15:50:45.0815 4760 [ F8A10560B35C66F9DE212F03DAD5BFA7 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
15:50:45.0836 4760 MpFilter - ok
15:50:45.0857 4760 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
15:50:45.0875 4760 mpio - ok
15:50:45.0956 4760 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
15:50:45.0992 4760 mpsdrv - ok
15:50:46.0427 4760 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
15:50:46.0475 4760 MpsSvc - ok
15:50:46.0534 4760 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
15:50:46.0557 4760 MRxDAV - ok
15:50:46.0638 4760 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
15:50:46.0788 4760 mrxsmb - ok
15:50:46.0864 4760 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:50:46.0954 4760 mrxsmb10 - ok
15:50:46.0975 4760 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:50:47.0018 4760 mrxsmb20 - ok
15:50:47.0086 4760 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
15:50:47.0104 4760 msahci - ok
15:50:47.0147 4760 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
15:50:47.0166 4760 msdsm - ok
15:50:47.0212 4760 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
15:50:47.0235 4760 MSDTC - ok
15:50:47.0331 4760 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
15:50:47.0373 4760 Msfs - ok
15:50:47.0406 4760 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
15:50:47.0456 4760 mshidkmdf - ok
15:50:47.0510 4760 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
15:50:47.0531 4760 msisadrv - ok
15:50:47.0575 4760 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
15:50:47.0761 4760 MSiSCSI - ok
15:50:47.0778 4760 msiserver - ok
15:50:47.0897 4760 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
15:50:47.0938 4760 MSKSSRV - ok
15:50:48.0038 4760 [ E07DEC52FF801841BA9B6878A60304FB ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe
15:50:48.0057 4760 MsMpSvc - ok
15:50:48.0085 4760 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
15:50:48.0174 4760 MSPCLOCK - ok
15:50:48.0179 4760 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
15:50:48.0241 4760 MSPQM - ok
15:50:48.0275 4760 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
15:50:48.0297 4760 MsRPC - ok
15:50:48.0460 4760 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
15:50:48.0477 4760 mssmbios - ok
15:50:48.0572 4760 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
15:50:48.0606 4760 MSTEE - ok
15:50:48.0611 4760 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
15:50:48.0630 4760 MTConfig - ok
15:50:48.0743 4760 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
15:50:48.0759 4760 Mup - ok
15:50:48.0800 4760 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
15:50:48.0870 4760 napagent - ok
15:50:48.0935 4760 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
15:50:49.0131 4760 NativeWifiP - ok
15:50:49.0379 4760 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
15:50:49.0416 4760 NDIS - ok
15:50:49.0586 4760 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
15:50:49.0700 4760 NdisCap - ok
15:50:49.0985 4760 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
15:50:50.0052 4760 NdisTapi - ok
15:50:50.0185 4760 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
15:50:50.0229 4760 Ndisuio - ok
15:50:50.0338 4760 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
15:50:50.0407 4760 NdisWan - ok
15:50:50.0569 4760 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
15:50:50.0632 4760 NDProxy - ok
15:50:50.0673 4760 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
15:50:50.0708 4760 NetBIOS - ok
15:50:50.0790 4760 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
15:50:50.0826 4760 NetBT - ok
15:50:50.0908 4760 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
15:50:50.0923 4760 Netlogon - ok
15:50:51.0176 4760 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
15:50:51.0295 4760 Netman - ok
15:50:51.0344 4760 [ 5243CFC2E7161C91C2B355240035B9E4 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:50:51.0362 4760 NetMsmqActivator - ok
15:50:51.0380 4760 [ 5243CFC2E7161C91C2B355240035B9E4 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:50:51.0397 4760 NetPipeActivator - ok
15:50:51.0407 4760 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
15:50:51.0447 4760 netprofm - ok
15:50:51.0550 4760 [ 26672F93749AC9FD28DA1B0F94EFA78D ] netr28ux C:\Windows\system32\DRIVERS\netr28ux.sys
15:50:51.0597 4760 netr28ux - ok
15:50:51.0606 4760 [ 5243CFC2E7161C91C2B355240035B9E4 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:50:51.0626 4760 NetTcpActivator - ok
15:50:51.0631 4760 [ 5243CFC2E7161C91C2B355240035B9E4 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:50:51.0648 4760 NetTcpPortSharing - ok
15:50:51.0688 4760 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
15:50:51.0703 4760 nfrd960 - ok
15:50:51.0778 4760 [ 162100E0BC8377710F9D170631921C03 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
15:50:51.0795 4760 NisDrv - ok
15:50:51.0936 4760 [ C6E15F2F95F9C0A6098D43510B604E52 ] NisSrv C:\Program Files\Microsoft Security Client\NisSrv.exe
15:50:51.0957 4760 NisSrv - ok
15:50:52.0056 4760 [ E7613E62899EE7E845289D2FFD71074C ] NitroDriverReadSpool8 C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
15:50:52.0071 4760 NitroDriverReadSpool8 - ok
15:50:52.0105 4760 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
15:50:52.0128 4760 NlaSvc - ok
15:50:52.0736 4760 [ FCF99CBAC69879CDF87780EFFA41E87B ] nlsX86cc C:\Windows\SysWOW64\NLSSRV32.EXE
15:50:52.0753 4760 nlsX86cc - ok
15:50:52.0996 4760 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
15:50:53.0097 4760 Npfs - ok
15:50:53.0294 4760 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
15:50:53.0332 4760 nsi - ok
15:50:53.0412 4760 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
15:50:53.0541 4760 nsiproxy - ok
15:50:54.0224 4760 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
15:50:54.0343 4760 Ntfs - ok
15:50:54.0405 4760 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
15:50:54.0440 4760 Null - ok
15:50:55.0102 4760 [ E55CAB397F77D5208DB18A78B1B7C0D5 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:50:55.0316 4760 nvlddmkm - ok
15:50:55.0487 4760 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
15:50:55.0552 4760 nvraid - ok
15:50:55.0617 4760 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
15:50:55.0649 4760 nvstor - ok
15:50:55.0713 4760 [ 43BC8151893AE6AFE42E149D663C2221 ] nvsvc C:\Windows\system32\nvvsvc.exe
15:50:55.0740 4760 nvsvc - ok
15:50:55.0869 4760 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
15:50:55.0885 4760 nv_agp - ok
15:50:56.0056 4760 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:50:56.0072 4760 odserv - ok
15:50:56.0103 4760 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
15:50:56.0150 4760 ohci1394 - ok
15:50:56.0290 4760 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:50:56.0306 4760 ose - ok
15:50:56.0353 4760 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
15:50:56.0477 4760 p2pimsvc - ok
15:50:56.0587 4760 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
15:50:56.0618 4760 p2psvc - ok
15:50:56.0977 4760 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
15:50:57.0070 4760 Parport - ok
15:50:57.0148 4760 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
15:50:57.0164 4760 partmgr - ok
15:50:57.0211 4760 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
15:50:57.0226 4760 PcaSvc - ok
15:50:57.0273 4760 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
15:50:57.0289 4760 pci - ok
15:50:57.0382 4760 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
15:50:57.0398 4760 pciide - ok
15:50:57.0429 4760 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
15:50:57.0460 4760 pcmcia - ok
15:50:57.0476 4760 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
15:50:57.0491 4760 pcw - ok
15:50:57.0897 4760 [ A1688A4FB2EC49D040C027EF6DC7A87B ] PDF Architect Helper Service C:\Program Files (x86)\PDF Architect\HelperService.exe
15:50:57.0928 4760 PDF Architect Helper Service - ok
15:50:57.0991 4760 [ E23FF9B2F8EEAB2BDDA681C21C48E843 ] PDF Architect Service C:\Program Files (x86)\PDF Architect\ConversionService.exe
15:50:58.0006 4760 PDF Architect Service - ok
15:50:58.0100 4760 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
15:50:58.0178 4760 PEAUTH - ok
15:50:58.0318 4760 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
15:50:58.0365 4760 PeerDistSvc - ok
15:50:58.0396 4760 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
15:50:58.0459 4760 PerfHost - ok
15:50:58.0583 4760 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
15:50:58.0755 4760 pla - ok
15:50:58.0942 4760 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
15:50:58.0958 4760 PlugPlay - ok
15:50:59.0020 4760 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
15:50:59.0051 4760 PNRPAutoReg - ok
15:50:59.0129 4760 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
15:50:59.0145 4760 PNRPsvc - ok
15:50:59.0239 4760 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
15:50:59.0285 4760 PolicyAgent - ok
15:50:59.0317 4760 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
15:50:59.0363 4760 Power - ok
15:50:59.0629 4760 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
15:50:59.0675 4760 PptpMiniport - ok
15:50:59.0691 4760 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
15:50:59.0738 4760 Processor - ok
15:50:59.0800 4760 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
15:50:59.0816 4760 ProfSvc - ok
15:50:59.0831 4760 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
15:50:59.0847 4760 ProtectedStorage - ok
15:50:59.0909 4760 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
15:50:59.0941 4760 Psched - ok
15:50:59.0987 4760 [ FB46E9A827A8799EBD7BFA9128C91F37 ] PSI C:\Windows\system32\DRIVERS\psi_mf.sys
15:51:00.0034 4760 PSI - ok
15:51:00.0112 4760 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
15:51:00.0175 4760 ql2300 - ok
15:51:00.0175 4760 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
15:51:00.0190 4760 ql40xx - ok
15:51:00.0237 4760 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
15:51:00.0253 4760 QWAVE - ok
15:51:00.0533 4760 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
15:51:00.0611 4760 QWAVEdrv - ok
15:51:00.0845 4760 [ B988A1B977B837E563312D935553F271 ] RAMDiskVE C:\Windows\system32\Drivers\RAMDiskVE.sys
15:51:00.0877 4760 RAMDiskVE - ok
15:51:01.0111 4760 [ E3AE78C0F00A5E3792A1A3BCA33B6DF3 ] RapportCerberus_50414 C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_50414.sys
15:51:01.0126 4760 RapportCerberus_50414 - ok
15:51:01.0251 4760 [ 5D64E78BC24FF8ADCD1647612B5A0CDF ] RapportEI64 C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys
15:51:01.0267 4760 RapportEI64 - ok
15:51:01.0360 4760 [ EE86BA861726741F03A786EEC847A0F7 ] RapportIaso c:\programdata\trusteer\rapport\store\exts\rapportms\baseline\rapportiaso64.sys
15:51:01.0376 4760 RapportIaso - ok
15:51:01.0610 4760 [ 9B0E9AF5C264521C635A3C3CB966AF85 ] RapportMgmtService C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
15:51:01.0641 4760 RapportMgmtService - ok
15:51:01.0781 4760 [ 1A954C2633BCCA3F48F85D57E5CA3561 ] RapportPG64 C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys
15:51:01.0828 4760 RapportPG64 - ok
15:51:01.0875 4760 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
15:51:02.0062 4760 RasAcd - ok
15:51:02.0125 4760 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
15:51:02.0171 4760 RasAgileVpn - ok
15:51:02.0218 4760 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
15:51:02.0421 4760 RasAuto - ok
15:51:02.0483 4760 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
15:51:02.0530 4760 Rasl2tp - ok
15:51:02.0577 4760 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
15:51:02.0717 4760 RasMan - ok
15:51:02.0842 4760 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
15:51:02.0905 4760 RasPppoe - ok
15:51:02.0951 4760 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
15:51:02.0998 4760 RasSstp - ok
15:51:03.0107 4760 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
15:51:03.0154 4760 rdbss - ok
15:51:03.0217 4760 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
15:51:03.0232 4760 rdpbus - ok
15:51:03.0263 4760 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
15:51:03.0310 4760 RDPCDD - ok
15:51:03.0388 4760 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
15:51:03.0404 4760 RDPDR - ok
15:51:03.0497 4760 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
15:51:03.0544 4760 RDPENCDD - ok
15:51:03.0575 4760 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
15:51:03.0622 4760 RDPREFMP - ok
15:51:03.0919 4760 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
15:51:03.0934 4760 RdpVideoMiniport - ok
15:51:03.0997 4760 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
15:51:04.0028 4760 RDPWD - ok
15:51:04.0059 4760 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
15:51:04.0075 4760 rdyboost - ok
15:51:04.0153 4760 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
15:51:04.0199 4760 RemoteAccess - ok
15:51:04.0231 4760 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
15:51:04.0277 4760 RemoteRegistry - ok
15:51:04.0340 4760 [ 9C3AC71A9934B884FAC567A8807E9C4D ] Revoflt C:\Windows\system32\DRIVERS\revoflt.sys
15:51:04.0371 4760 Revoflt - ok
15:51:04.0418 4760 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
15:51:04.0449 4760 RpcEptMapper - ok
15:51:04.0511 4760 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
15:51:04.0605 4760 RpcLocator - ok
15:51:04.0839 4760 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
15:51:04.0870 4760 RpcSs - ok
15:51:05.0026 4760 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
15:51:05.0073 4760 rspndr - ok
15:51:05.0167 4760 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
15:51:05.0198 4760 s3cap - ok
15:51:05.0213 4760 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
15:51:05.0229 4760 SamSs - ok
15:51:05.0806 4760 [ 3289766038DB2CB14D07DC84392138D5 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
15:51:05.0822 4760 SASDIFSV - ok
15:51:05.0869 4760 [ 58A38E75F3316A83C23DF6173D41F2B5 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
15:51:05.0869 4760 SASKUTIL - ok
15:51:05.0993 4760 [ CCBF62280DAF6D94A4C73E391CDAC68C ] SbieDrv C:\Program Files\Sandboxie\SbieDrv.sys
15:51:06.0025 4760 SbieDrv - ok
15:51:06.0040 4760 [ 8A1F63C6EC01C56C9EC4C681E593FE34 ] SbieSvc C:\Program Files\Sandboxie\SbieSvc.exe
15:51:06.0056 4760 SbieSvc - ok
15:51:06.0118 4760 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
15:51:06.0134 4760 sbp2port - ok
15:51:06.0149 4760 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
15:51:06.0196 4760 SCardSvr - ok
15:51:06.0227 4760 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
15:51:06.0259 4760 scfilter - ok
15:51:06.0337 4760 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
15:51:06.0383 4760 Schedule - ok
15:51:06.0430 4760 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
15:51:06.0461 4760 SCPolicySvc - ok
15:51:06.0571 4760 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
15:51:06.0586 4760 SDRSVC - ok
15:51:06.0695 4760 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
15:51:06.0742 4760 secdrv - ok
15:51:06.0773 4760 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
15:51:06.0820 4760 seclogon - ok
15:51:06.0945 4760 [ 306F9390976E41063D21AB9AB6D48122 ] Secunia PSI Agent C:\Program Files (x86)\Secunia\PSI\PSIA.exe
15:51:06.0976 4760 Secunia PSI Agent - ok
15:51:07.0070 4760 [ 29C852880E9634F8C6BD77A4E68B5B34 ] Secunia Update Agent C:\Program Files (x86)\Secunia\PSI\sua.exe
15:51:07.0382 4760 Secunia Update Agent - ok
15:51:07.0413 4760 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
15:51:07.0507 4760 SENS - ok
15:51:07.0522 4760 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
15:51:07.0569 4760 SensrSvc - ok
15:51:07.0616 4760 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
15:51:07.0678 4760 Serenum - ok
15:51:07.0709 4760 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
15:51:07.0772 4760 Serial - ok
15:51:07.0787 4760 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
15:51:07.0943 4760 sermouse - ok
15:51:07.0990 4760 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
15:51:08.0021 4760 SessionEnv - ok
15:51:08.0115 4760 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
15:51:08.0302 4760 sffdisk - ok
15:51:08.0349 4760 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
15:51:08.0380 4760 sffp_mmc - ok
15:51:08.0489 4760 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
15:51:08.0505 4760 sffp_sd - ok
15:51:08.0552 4760 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
15:51:08.0567 4760 sfloppy - ok
15:51:08.0583 4760 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
15:51:08.0630 4760 SharedAccess - ok
15:51:08.0661 4760 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:51:08.0708 4760 ShellHWDetection - ok
15:51:08.0739 4760 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:51:08.0755 4760 SiSRaid2 - ok
15:51:08.0786 4760 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
15:51:08.0801 4760 SiSRaid4 - ok
15:51:09.0004 4760 [ 3740B83AEC21D981065D7E819BD7E878 ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
15:51:09.0051 4760 Skype C2C Service - ok
15:51:09.0254 4760 [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
15:51:09.0269 4760 SkypeUpdate - ok
15:51:09.0301 4760 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
15:51:09.0332 4760 Smb - ok
15:51:09.0394 4760 [ FDB6E127DF739D4911319F0C8D339CAF ] snapman C:\Windows\system32\DRIVERS\snapman.sys
15:51:09.0410 4760 snapman - ok
15:51:09.0457 4760 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
15:51:09.0472 4760 SNMPTRAP - ok
15:51:09.0597 4760 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
15:51:09.0613 4760 spldr - ok
15:51:09.0722 4760 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
15:51:09.0737 4760 Spooler - ok
15:51:09.0909 4760 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
15:51:10.0049 4760 sppsvc - ok
15:51:10.0127 4760 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
15:51:10.0190 4760 sppuinotify - ok
15:51:10.0221 4760 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
15:51:10.0252 4760 srv - ok
15:51:10.0315 4760 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
15:51:10.0439 4760 srv2 - ok
15:51:10.0533 4760 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
15:51:10.0580 4760 srvnet - ok
15:51:10.0642 4760 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
15:51:10.0689 4760 SSDPSRV - ok
15:51:10.0705 4760 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
15:51:10.0783 4760 SstpSvc - ok
15:51:10.0892 4760 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
15:51:11.0017 4760 stexstor - ok
15:51:11.0048 4760 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
15:51:11.0110 4760 stisvc - ok
15:51:11.0173 4760 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
15:51:11.0188 4760 storflt - ok
15:51:11.0204 4760 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
15:51:11.0219 4760 storvsc - ok
15:51:11.0251 4760 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
15:51:11.0266 4760 swenum - ok
15:51:11.0313 4760 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
15:51:11.0360 4760 swprv - ok
15:51:11.0687 4760 [ 378EB8E20B3E91A89150688EA6CEE843 ] syncagentsrv C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
15:51:11.0781 4760 syncagentsrv - ok
15:51:11.0828 4760 Synth3dVsc - ok
15:51:11.0890 4760 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
15:51:11.0921 4760 SysMain - ok
15:51:11.0937 4760 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:51:12.0124 4760 TabletInputService - ok
15:51:12.0187 4760 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
15:51:12.0218 4760 TapiSrv - ok
15:51:12.0280 4760 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
15:51:12.0311 4760 TBS - ok
15:51:12.0452 4760 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
15:51:12.0545 4760 Tcpip - ok
15:51:12.0623 4760 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
15:51:12.0670 4760 TCPIP6 - ok
15:51:12.0717 4760 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
15:51:12.0889 4760 tcpipreg - ok
15:51:12.0920 4760 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
15:51:12.0935 4760 TDPIPE - ok
15:51:13.0107 4760 [ 843DAFC2CD4ED5D57FA40FD2000C6296 ] tdrpman C:\Windows\system32\DRIVERS\tdrpman.sys
15:51:13.0154 4760 tdrpman - ok
15:51:13.0201 4760 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
15:51:13.0263 4760 TDTCP - ok
15:51:13.0341 4760 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
15:51:13.0388 4760 tdx - ok
15:51:13.0419 4760 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
15:51:13.0450 4760 TermDD - ok
15:51:13.0528 4760 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
15:51:13.0575 4760 TermService - ok
15:51:13.0606 4760 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
15:51:13.0653 4760 Themes - ok
15:51:13.0684 4760 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
15:51:13.0747 4760 THREADORDER - ok
15:51:13.0825 4760 [ 31C9790525705B292F3B30F6676873CD ] tib_mounter C:\Windows\system32\DRIVERS\tib_mounter.sys
15:51:13.0871 4760 tib_mounter - ok
15:51:13.0934 4760 [ DBCC20C02E8A3E43B03C304A4E40A84F ] TPM C:\Windows\system32\drivers\tpm.sys
15:51:14.0027 4760 TPM - ok
15:51:14.0090 4760 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
15:51:14.0168 4760 TrkWks - ok
15:51:14.0199 4760 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:51:14.0246 4760 TrustedInstaller - ok
15:51:14.0277 4760 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
15:51:14.0324 4760 tssecsrv - ok
15:51:14.0371 4760 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
15:51:14.0387 4760 TsUsbFlt - ok
15:51:14.0403 4760 tsusbhub - ok
15:51:14.0481 4760 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
15:51:14.0528 4760 tunnel - ok
15:51:14.0574 4760 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
15:51:14.0637 4760 uagp35 - ok
15:51:14.0668 4760 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
15:51:14.0793 4760 udfs - ok
15:51:14.0840 4760 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
15:51:14.0886 4760 UI0Detect - ok
15:51:14.0918 4760 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
15:51:14.0933 4760 uliagpkx - ok
15:51:14.0996 4760 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
15:51:15.0027 4760 umbus - ok
15:51:15.0058 4760 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
15:51:15.0136 4760 UmPass - ok
15:51:15.0167 4760 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
15:51:15.0308 4760 UmRdpService - ok
15:51:15.0339 4760 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
15:51:15.0448 4760 upnphost - ok
15:51:15.0495 4760 [ 43228F8EDD1B0BCDD3145AD246E63D39 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
15:51:15.0557 4760 USBAAPL64 - ok
15:51:15.0588 4760 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
15:51:15.0604 4760 usbccgp - ok
15:51:15.0682 4760 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
15:51:15.0713 4760 usbcir - ok
15:51:15.0729 4760 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
15:51:15.0744 4760 usbehci - ok
15:51:15.0822 4760 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
15:51:15.0869 4760 usbhub - ok
15:51:15.0932 4760 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
15:51:15.0947 4760 usbohci - ok
15:51:16.0025 4760 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
15:51:16.0056 4760 usbprint - ok
15:51:16.0088 4760 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
15:51:16.0119 4760 usbscan - ok
15:51:16.0197 4760 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:51:16.0306 4760 USBSTOR - ok
15:51:16.0337 4760 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
15:51:16.0400 4760 usbuhci - ok
15:51:16.0478 4760 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
15:51:16.0556 4760 UxSms - ok
15:51:16.0571 4760 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
15:51:16.0602 4760 VaultSvc - ok
15:51:16.0680 4760 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
15:51:16.0696 4760 vdrvroot - ok
15:51:16.0743 4760 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
15:51:16.0805 4760 vds - ok
15:51:16.0852 4760 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
15:51:16.0883 4760 vga - ok
15:51:16.0930 4760 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
15:51:16.0961 4760 VgaSave - ok
15:51:17.0008 4760 VGPU - ok
15:51:17.0055 4760 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
15:51:17.0086 4760 vhdmp - ok
15:51:17.0102 4760 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
15:51:17.0117 4760 viaide - ok
15:51:17.0180 4760 [ 927CBC96C4635F235301411E530FB56E ] vididr C:\Windows\system32\DRIVERS\vididr.sys
15:51:17.0195 4760 vididr - ok
15:51:17.0289 4760 [ 88B4E5C396003BCF479CA4D9BE851D57 ] vidsflt C:\Windows\system32\DRIVERS\vidsflt.sys
15:51:17.0304 4760 vidsflt - ok
15:51:17.0351 4760 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
15:51:17.0382 4760 vmbus - ok
15:51:17.0382 4760 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
15:51:17.0445 4760 VMBusHID - ok
15:51:17.0476 4760 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
15:51:17.0492 4760 volmgr - ok
15:51:17.0523 4760 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
15:51:17.0554 4760 volmgrx - ok
15:51:17.0585 4760 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
15:51:17.0601 4760 volsnap - ok
15:51:17.0632 4760 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
15:51:17.0648 4760 vsmraid - ok
15:51:17.0694 4760 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
15:51:17.0788 4760 VSS - ok
15:51:17.0819 4760 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
15:51:17.0850 4760 vwifibus - ok
15:51:17.0882 4760 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
15:51:17.0960 4760 vwififlt - ok
15:51:18.0006 4760 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
15:51:18.0053 4760 W32Time - ok
15:51:18.0100 4760 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
15:51:18.0209 4760 WacomPen - ok
15:51:18.0303 4760 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
15:51:18.0334 4760 WANARP - ok
15:51:18.0365 4760 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
15:51:18.0443 4760 Wanarpv6 - ok
15:51:18.0615 4760 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
15:51:18.0677 4760 WatAdminSvc - ok
15:51:18.0724 4760 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
15:51:18.0786 4760 wbengine - ok
15:51:18.0818 4760 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
15:51:18.0833 4760 WbioSrvc - ok
15:51:18.0974 4760 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
15:51:19.0379 4760 wcncsvc - ok
15:51:19.0426 4760 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:51:19.0442 4760 WcsPlugInService - ok
15:51:19.0457 4760 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
15:51:19.0473 4760 Wd - ok
15:51:19.0535 4760 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
15:51:19.0566 4760 Wdf01000 - ok
15:51:19.0644 4760 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
15:51:19.0676 4760 WdiServiceHost - ok
15:51:19.0676 4760 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
15:51:19.0707 4760 WdiSystemHost - ok
15:51:19.0754 4760 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
15:51:19.0785 4760 WebClient - ok
15:51:19.0832 4760 [ D5BA7D43FA2EF656BF7E98A188391E40 ] Wecsvc C:\Windows\system32\wecsvc.dll
15:51:19.0863 4760 Wecsvc - ok
15:51:19.0910 4760 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
15:51:19.0988 4760 wercplsupport - ok
15:51:20.0112 4760 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
15:51:20.0175 4760 WerSvc - ok
15:51:20.0456 4760 [ 19F78853CF7E4E567CCD87D67693031B ] wfcs C:\Program Files\Windows Firewall Control\wfcs.exe
15:51:20.0471 4760 wfcs - ok
15:51:20.0721 4760 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
15:51:20.0830 4760 WfpLwf - ok
15:51:20.0986 4760 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
15:51:21.0017 4760 WIMMount - ok
15:51:21.0048 4760 WinDefend - ok
15:51:21.0189 4760 WinHttpAutoProxySvc - ok
15:51:21.0438 4760 [ 136760C1E9697BAF4ECDEAE5590A0806 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
15:51:21.0454 4760 Winmgmt - ok
15:51:21.0610 4760 [ 3BB6B401A780BF434C8F58137DE10BF7 ] WinRM C:\Windows\system32\WsmSvc.dll
15:51:21.0735 4760 WinRM - ok
15:51:22.0000 4760 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
15:51:22.0047 4760 WinUsb - ok
15:51:22.0094 4760 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
15:51:22.0125 4760 Wlansvc - ok
15:51:22.0250 4760 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
15:51:22.0281 4760 WmiAcpi - ok
15:51:22.0328 4760 [ 4DF841632B62A7CF19A79A05046A8AB1 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
15:51:22.0343 4760 wmiApSrv - ok
15:51:22.0452 4760 WMPNetworkSvc - ok
15:51:22.0530 4760 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
15:51:22.0546 4760 WPCSvc - ok
15:51:22.0577 4760 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
15:51:22.0608 4760 WPDBusEnum - ok
15:51:22.0655 4760 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
15:51:22.0686 4760 ws2ifsl - ok
15:51:22.0718 4760 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
15:51:22.0764 4760 wscsvc - ok
15:51:22.0780 4760 WSearch - ok
15:51:22.0952 4760 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
15:51:22.0998 4760 wuauserv - ok
15:51:23.0045 4760 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
15:51:23.0061 4760 WudfPf - ok
15:51:23.0108 4760 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
15:51:23.0123 4760 WUDFRd - ok
15:51:23.0201 4760 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
15:51:23.0217 4760 wudfsvc - ok
15:51:23.0248 4760 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
15:51:23.0264 4760 WwanSvc - ok
15:51:23.0435 4760 [ 8A5273D9048FB6B75EE5181C3E5D74B0 ] xrdd.exe C:\Program Files (x86)\X-Rite\Devices\Services\xrdd.exe
15:51:23.0451 4760 xrdd.exe - ok
15:51:23.0561 4760 [ A107BDCFE7CF82CF60F2653C5F2FF3A8 ] ZoneAlarmBackup Service C:\ZoneAlarmBackup\ZABackup Service.exe
15:51:23.0561 4760 ZoneAlarmBackup Service ( UnsignedFile.Multi.Generic ) - warning
15:51:23.0561 4760 ZoneAlarmBackup Service - detected UnsignedFile.Multi.Generic (1)
15:51:23.0670 4760 ================ Scan global ===============================
15:51:23.0717 4760 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
15:51:24.0497 4760 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
15:51:24.0513 4760 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
15:51:24.0575 4760 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
15:51:24.0637 4760 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
15:51:24.0637 4760 [Global] - ok
15:51:24.0637 4760 ================ Scan MBR ==================================
15:51:24.0653 4760 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
15:51:25.0495 4760 \Device\Harddisk0\DR0 - ok
15:51:25.0511 4760 [ E64B2A49894D1FD5A0201870E3E41A51 ] \Device\Harddisk1\DR1
15:51:25.0636 4760 \Device\Harddisk1\DR1 - ok
15:51:25.0651 4760 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk2\DR0
15:51:25.0651 4760 \Device\Harddisk2\DR0 - ok
15:51:25.0651 4760 ================ Scan VBR ==================================
15:51:25.0651 4760 [ 91CA6712131845DC78D6C19C878AE51F ] \Device\Harddisk0\DR0\Partition1
15:51:25.0651 4760 \Device\Harddisk0\DR0\Partition1 - ok
15:51:25.0667 4760 [ 7301DD4F2B4EB4E2334F7ADD5BC9F278 ] \Device\Harddisk1\DR1\Partition1
15:51:25.0667 4760 \Device\Harddisk1\DR1\Partition1 - ok
15:51:25.0667 4760 [ 003AE4F014B88F19131378200011555F ] \Device\Harddisk2\DR0\Partition1
15:51:25.0667 4760 \Device\Harddisk2\DR0\Partition1 - ok
15:51:25.0667 4760 ============================================================
15:51:25.0667 4760 Scan finished
15:51:25.0667 4760 ============================================================
15:51:25.0714 2944 Detected object count: 3
15:51:25.0714 2944 Actual detected object count: 3
15:51:52.0193 2944 DNSCrypt ( UnsignedFile.Multi.Generic ) - skipped by user
15:51:52.0193 2944 DNSCrypt ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:51:52.0193 2944 MDM ( UnsignedFile.Multi.Generic ) - skipped by user
15:51:52.0193 2944 MDM ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:51:52.0193 2944 ZoneAlarmBackup Service ( UnsignedFile.Multi.Generic ) - skipped by user
15:51:52.0193 2944 ZoneAlarmBackup Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
----------------------------------
ESET online Scanner log
------------------------------------
C:\$Recycle.Bin\S-1-5-21-1436455705-2035571507-3517363761-1000\$RFT65PW.exe a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Users\Sundars\Downloads\SetupImgBurn_2.5.7.0.exe a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
D:\DownloadSW\IDRIVE\G970X DRIVERS\SetupBatteryCare.zip Win32/OpenCandy application deleted - quarantined
D:\DownloadSW\Utility\FreeStudio.exe multiple threats cleaned by deleting - quarantined
F:\Windows TMP\is-81AGD.tmp\OCSetupHlp.dll Win32/OpenCandy application cleaned by deleting - quarantined