Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Possible Malware: Pretty Slow Browsers and significant loading times


  • This topic is locked This topic is locked

#1
SSri09

SSri09

    Member

  • Member
  • PipPipPip
  • 144 posts
Being security paranoid, I have loaded the browsers with many add-ons (firefox) and browser extensions (chrome), which slow down the browsing experience. Nevertheless, the impact of these add-ons / extensions were barely noticeable in the past, until I saw a dramatic deterioration recently.

I experienced the following problems on my desktop and laptop; the latter syncs with the desktop to ensure that I can use the laptop while I am on the road or if the desktop is used by other members of the household. The issues listed below are valid both for the desktop and the laptop, which is connected on a secured wireless connection.


Problem:


(1) In the last few weeks, I am seeing a significant slowing of browsing and loading of websites. (2) I can ping the IP through command prompt but cannot browse. Real time streaming of financial market data applications would lose connection, which become fine after a few troubleshooting and/or a reboot. I figured out conflicts with IPV4 and IPV6 and DNS (I think it is more of a DNS than IPV6 conflict). I disabled IPV6. I switched to Google's public DNS (8.8.8.8 / 8.8.4.4). The DNS lookup error appears sorted out and so is the real-time streaming of data in the last few days, although the laptop does play up at irregular intervals with DNS lookup error even now (3) The MSE does a full scan daily but on a boot the next day, it says that the computer is unprotected as the scan was not done for a while!. Several reinstalls did not address the problem. (4) Realtime market application, once I login, usually comes green immediately. These days, the login screen apppears late, connects late and turns green late.

I use Firefox and Chrome. The firefox and chrome takes ages (a few minutes even to load www.google.co.uk). The laptop is faster than desktop as the former has a 12GB RAM and the latter has 4GB. Of these, 2GB is used by system, processes and applications. I do not think RAM on the desktop is a problem as the 12GB RAM laptop also takes a lot of time to load the web sites/pages.

Is this a Malware problem? I think so; for the record, I had used Windows Firewall with Firewall Control Plus and MSE. I use MBAM, SuperAntiSpyware, Spyware Guard (on boot), PrevX (as the banks asked to me use it). I run MBAM and SuperAntiSpyware once or twice a week. CC cleaner is run daily on boot. The TFC is run a couple of times a month. I run ESET online scanner once in a while. All updates are taken care of automatically. I surf safely, do not use torrents or play online games or access any suspicious email with links.

Desktop: HP xw8600, Xeon x5450 3.00 GHz quad-core, 4 GB RAM and Win7 64 bit ultimate.
Laptop: Clevo model, i7 950 quad-core, 12 GB triple channel RAM, Win7 64 bit Pro.

Given the recent problems, I suspected that Windows Firewall / MSE are pretty ineffective, I recently installed comodo firewall. I am thinking of ditching MSE and go for a paid version of anti-virus; the choices are Avira, Avast and Kaspersky. I am skeptical of Avira as I believe it installs ask tool bar and can be a nuisance with ads? I want an AV, which is pretty light on resources and effective. Please suggest. Real time MBAM is an option that I am considering.


Steps taken:

(1) I ran an ESET online scanner. It did not show any infection. I tried running TDSSKiller. It did not pick up any issue. (2) I ran GMER on the desktop and laptop. The laptop turned a NIL report, while the desktop GMER run threw 3 rootkit at the registry (Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved.....). I did not believe this as GMER could generate false positives. (3) I downloaded Kaspersky Virus Removal Tool and ran on both the desktop and laptops.
strangely, it showed that two files were infected (false positive, I guess) on both the computers (this is not surprising as the laptop syncs all application drives). One was Zone Alarm extreme security setup file and another was Net Tools 5.0xxxx (I have never used it and do not remember downloading them). Since I no longer use them, I allowed it to delete / disinfect them. (4) after step 3, I ran GMER, which picked up the same infections. Please advise if you would like me to post these logs as well. In short, problems still remain at large.

I am posting the logs of the Desktop only. I am holding the logs of the laptop as may have to be taken up after addressing the desktop problem. Please advise if I could post the laptop logs as well, as both are having almost same issues.


DESKTOP LOGS:

(1) OTL Extras


I had problems running it as it froze while scanning Chrome settings. It threw an error message (LIST INDEX OUT OF BOUNCE - 1061). I ran fine after deleting a couple of chrome extensions.

OTL Extras logfile created on: 11/11/2011 11:11:02 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Sundars\Documents\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 1.76 Gb Available Physical Memory | 43.92% Memory free
8.00 Gb Paging File | 5.77 Gb Available in Paging File | 72.17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.76 Gb Total Space | 377.42 Gb Free Space | 81.03% Space Free | Partition Type: NTFS
Drive D: | 1397.27 Gb Total Space | 1345.02 Gb Free Space | 96.26% Space Free | Partition Type: NTFS

Computer Name: SUNDARS-PC | User Name: Sundars | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [runas] -- cmd.exe /c takeown /f "%1" && icacls "%1" /grant administrators:F (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [runas] -- cmd.exe /c takeown /f "%1" && icacls "%1" /grant administrators:F (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0
"DefaultOutboundAction" = 1
"DefaultInboundAction" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04F9B09E-CDB5-46fc-AC30-2E7E7C7A8A34}" = Canon MP800
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{21BF1592-7D07-4516-930C-2BF40CE9E59B}" = PDF-XChange Viewer
"{26A24AE4-039D-4CA4-87B4-2F86417001FF}" = Java™ 7 Update 1 (64-bit)
"{3C5E60F1-0821-4B07-97EA-84EB5A927CF6}" = MobileMe Control Panel
"{42738DB0-FC3E-4672-A99B-9372F5696E30}" = Microsoft Security Client
"{4EAB2511-0135-48CA-A47B-CE1E6836793A}" = COMODO Internet Security
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.5
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{997C9EC4-B53D-479D-81B7-0AEC8D174BA1}" = iTunes
"{9C98CA38-4C1A-4AC8-B55C-169497C8826B}" = Apple Mobile Device Support
"{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer
"{B7588D45-AFDC-4C93-9E2E-A100F3554B64}" = Microsoft Fix it Center
"{B860298B-CE03-4DE2-B92E-422F2C20A2D8}_is1" = PDF-XChange Lite 4
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"PCSI" = Prevx
"Puran Defrag Free Edition_is1" = Puran Defrag Free Edition 7.1
"WinRAR archiver" = WinRAR 4.01 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{007F778D-F15C-4EAB-AE92-071D21FAF632}" = Adobe Photoshop Elements 9
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0BCA9EFD-F2D6-4638-B053-8693BA0404BE}" = Citrix online plug-in (Web)
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java™ 6 Update 29
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{433EACD8-4747-4A6A-826A-FFA9F39B0D40}" = Elements 9 Organizer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{55392E52-1AAD-44C4-BE49-258FFE72434F}" = Citrix online plug-in (USB)
"{669A032D-4E28-3D11-BB26-8AD5D51EFE87}" = Google Talk Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{75157F34-02C6-4831-BD66-3BC49E7A8394}" = BlackBerry Desktop Software 6.1
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{812424AC-A8B5-44E6-8D48-07E939D1AD9A}" = Citrix online plug-in (HDX)
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_PROR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{964A0E79-160F-4F5F-97D0-9C03CFA434FA}" = Syrius Updater
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{B0A92733-C870-415C-A494-DF72C2C58402}" = BlackBerry Device Software Updater
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CF53CF7C-D996-43EB-9904-DBED57C25625}" = Citrix online plug-in (DV)
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E2AE009D-37E5-4724-A6B8-0ED6A6BA4F68}" = Elements STI Installer
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F302F4F0-588D-6501-1ACF-BE3FDCC9135D}" = Adobe Community Help
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 9" = Adobe Photoshop Elements 9
"AmiBroker_is1" = AmiBroker 5.40
"AutocompletePro3_is1" = AutocompletePro
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.1
"CanonMyPrinter" = Canon Utilities My Printer
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"CitrixOnlinePluginPackWeb" = Citrix online plug-in - web
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"ERUNT_is1" = ERUNT 1.1j
"ESET Online Scanner" = ESET Online Scanner v3
"EULAlyzer_is1" = EULAlyzer 2.0
"FileHippo.com" = FileHippo.com Update Checker
"Graph_is1" = Graph 4.3
"IQFeed Client" = IQFeed Client 4.7.2.0
"Jagannatha Hora_is1" = Jagannatha Hora 7.51
"KeyScrambler" = KeyScrambler
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Mozilla Firefox 8.0 (x86 en-GB)" = Mozilla Firefox 8.0 (x86 en-GB)
"Mozilla Thunderbird (8.0)" = Mozilla Thunderbird (8.0)
"MP Navigator 2.0" = Canon MP Navigator 2.0
"PROR" = Microsoft Office Professional 2007
"Rapport_msi" = Rapport
"Revo Uninstaller" = Revo Uninstaller 1.92
"SpywareBlaster_is1" = SpywareBlaster 4.4
"SpywareGuard_is1" = SpywareGuard v2.2
"SyncBackPro_is1" = SyncBackPro
"TaxCalc 2010" = TaxCalc 2010
"TrueCrypt" = TrueCrypt
"ZoneAlarm Backup Powered by IDrive_is1" = ZoneAlarm Backup Powered by IDrive version 1.0.5 March 11, 2010

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CitrixOnlinePluginPackWeb" = Citrix online plug-in - web
"Google Chrome" = Google Chrome
"PassportPhoto" = PassportPhoto (remove)

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/11/2011 09:41:04 | Computer Name = Sundars-PC | Source = VSS | ID = 8193
Description =

Error - 10/11/2011 09:41:04 | Computer Name = Sundars-PC | Source = VSS | ID = 8193
Description =

Error - 10/11/2011 09:43:48 | Computer Name = Sundars-PC | Source = Schedule | ID = 0
Description =

Error - 10/11/2011 09:49:14 | Computer Name = Sundars-PC | Source = Schedule | ID = 0
Description =

Error - 10/11/2011 15:36:35 | Computer Name = Sundars-PC | Source = Schedule | ID = 0
Description =

Error - 11/11/2011 02:29:56 | Computer Name = Sundars-PC | Source = Schedule | ID = 0
Description =

Error - 11/11/2011 05:49:30 | Computer Name = Sundars-PC | Source = Schedule | ID = 0
Description =

Error - 11/11/2011 05:53:05 | Computer Name = Sundars-PC | Source = Application Error | ID = 1000
Description = Faulting application name: PuranDefragS.exe, version: 7.1.0.0, time
stamp: 0x4bf0e4ee Faulting module name: PuranDefragS.exe, version: 7.1.0.0, time
stamp: 0x4bf0e4ee Exception code: 0xc0000094 Fault offset: 0x000000000000bc1a Faulting
process id: 0x854 Faulting application start time: 0x01cca0573a13ae8e Faulting application
path: C:\Windows\system32\PuranDefragS.exe Faulting module path: C:\Windows\system32\PuranDefragS.exe
Report
Id: f34a7084-0c4a-11e1-8181-00215ac6f264

Error - 11/11/2011 05:57:05 | Computer Name = Sundars-PC | Source = VSS | ID = 8194
Description =

Error - 11/11/2011 06:05:07 | Computer Name = Sundars-PC | Source = Schedule | ID = 0
Description =

[ System Events ]
Error - 10/11/2011 22:11:16 | Computer Name = Sundars-PC | Source = Service Control Manager | ID = 7031
Description = The CSIScanner service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 10000 milliseconds:
Restart the service.

Error - 10/11/2011 22:11:26 | Computer Name = Sundars-PC | Source = Service Control Manager | ID = 7000
Description = The CSIScanner service failed to start due to the following error:
%%3

Error - 11/11/2011 02:30:23 | Computer Name = Sundars-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:
%%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842

Error - 11/11/2011 02:35:52 | Computer Name = Sundars-PC | Source = Service Control Manager | ID = 7022
Description = The Windows Update service hung on starting.

Error - 11/11/2011 05:47:26 | Computer Name = Sundars-PC | Source = Service Control Manager | ID = 7031
Description = The CSIScanner service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 10000 milliseconds:
Restart the service.

Error - 11/11/2011 05:47:36 | Computer Name = Sundars-PC | Source = Service Control Manager | ID = 7000
Description = The CSIScanner service failed to start due to the following error:
%%109

Error - 11/11/2011 05:50:01 | Computer Name = Sundars-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:
%%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842

Error - 11/11/2011 05:53:08 | Computer Name = Sundars-PC | Source = Service Control Manager | ID = 7034
Description = The PuranDefrag service terminated unexpectedly. It has done this
1 time(s).

Error - 11/11/2011 06:03:00 | Computer Name = Sundars-PC | Source = Service Control Manager | ID = 7031
Description = The CSIScanner service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 10000 milliseconds:
Restart the service.

Error - 11/11/2011 06:05:33 | Computer Name = Sundars-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:
%%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842


< End of report >

(2) OTL LOGS

OTL logfile created on: 11/11/2011 11:11:02 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Sundars\Documents\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 1.76 Gb Available Physical Memory | 43.92% Memory free
8.00 Gb Paging File | 5.77 Gb Available in Paging File | 72.17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.76 Gb Total Space | 377.42 Gb Free Space | 81.03% Space Free | Partition Type: NTFS
Drive D: | 1397.27 Gb Total Space | 1345.02 Gb Free Space | 96.26% Space Free | Partition Type: NTFS

Computer Name: SUNDARS-PC | User Name: Sundars | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/11 10:56:51 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Sundars\My Documents\Downloads\OTL.exe
PRC - [2011/11/09 09:12:29 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/11/07 21:28:26 | 001,652,536 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
PRC - [2011/11/07 21:28:26 | 000,931,640 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/02/18 10:47:12 | 000,079,192 | ---- | M] (Research In Motion Limited) -- C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2010/09/06 01:19:58 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
PRC - [2010/04/26 10:06:44 | 000,096,112 | ---- | M] (Microsoft Corp.) -- C:\Program Files (x86)\Microsoft\Office Live\OfficeLiveSignIn.exe
PRC - [2010/03/11 11:07:54 | 000,124,432 | ---- | M] ( Pro-Softnet) -- C:\ZoneAlarmBackup\ZABackupWebM.exe
PRC - [2010/03/11 11:01:32 | 000,149,008 | ---- | M] (Pro Softnet Corporation) -- C:\ZoneAlarmBackup\ZABackup Service.exe
PRC - [2010/03/03 19:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/03/03 19:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2009/09/12 23:09:10 | 000,103,768 | ---- | M] (Citrix Systems, Inc.) -- C:\Users\Sundars\AppData\Local\Citrix\ICA Client\concentr.exe
PRC - [2009/09/12 23:09:04 | 000,550,232 | ---- | M] (Citrix Systems, Inc.) -- C:\Users\Sundars\AppData\Local\Citrix\ICA Client\wfcrun32.exe
PRC - [2009/01/12 08:15:52 | 000,071,096 | ---- | M] () -- C:\Windows\SysWOW64\NMSAccessU.exe
PRC - [2003/08/29 18:05:35 | 000,360,448 | ---- | M] () -- C:\Program Files (x86)\SpywareGuard\sgmain.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/09 09:12:28 | 001,989,592 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/10/30 20:57:06 | 000,557,056 | ---- | M] () -- C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
MOD - [2011/10/13 12:54:18 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\3c8f9ba115087754b5b1d8394fc818ba\IAStorUtil.ni.dll
MOD - [2011/10/13 12:44:52 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b2622080e047040fa044dd21a04ff10d\System.Runtime.Remoting.ni.dll
MOD - [2011/10/13 12:44:32 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll
MOD - [2011/10/13 12:44:27 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll
MOD - [2011/10/13 12:44:17 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll
MOD - [2011/10/13 12:44:13 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll
MOD - [2011/10/13 12:44:10 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2011/10/13 12:44:10 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll
MOD - [2011/10/13 12:44:05 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/09/20 03:07:39 | 000,412,728 | ---- | M] () -- C:\Users\Sundars\AppData\Local\Google\Chrome\Application\14.0.835.186\ppgooglenaclpluginchrome.dll
MOD - [2011/09/20 03:07:37 | 003,696,184 | ---- | M] () -- C:\Users\Sundars\AppData\Local\Google\Chrome\Application\14.0.835.186\pdf.dll
MOD - [2011/09/20 03:06:11 | 000,142,568 | ---- | M] () -- C:\Users\Sundars\AppData\Local\Google\Chrome\Application\14.0.835.186\avutil-51.dll
MOD - [2011/09/20 03:06:10 | 000,253,320 | ---- | M] () -- C:\Users\Sundars\AppData\Local\Google\Chrome\Application\14.0.835.186\avformat-53.dll
MOD - [2011/09/20 03:06:09 | 002,403,240 | ---- | M] () -- C:\Users\Sundars\AppData\Local\Google\Chrome\Application\14.0.835.186\avcodec-53.dll
MOD - [2011/08/19 04:36:19 | 006,277,280 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011/07/19 09:03:43 | 000,516,368 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\28896\RapportMS.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/02/14 04:04:38 | 000,756,040 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL
MOD - [2003/08/29 18:05:35 | 000,360,448 | ---- | M] () -- C:\Program Files (x86)\SpywareGuard\sgmain.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/10/07 18:47:16 | 002,663,568 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV:64bit: - [2011/09/11 08:40:46 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2011/06/13 21:21:14 | 000,343,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV:64bit: - [2011/04/27 16:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011/04/27 16:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011/01/04 12:00:35 | 006,724,632 | ---- | M] (Prevx) [Auto | Running] -- C:\Program Files\Prevx\prevx.exe -- (CSIScanner)
SRV:64bit: - [2010/05/17 12:11:42 | 000,290,816 | ---- | M] (Puran Software) [Auto | Running] -- C:\Windows\SysNative\PuranDefragS.exe -- (PuranDefrag)
SRV:64bit: - [2009/07/14 01:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 01:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011/11/07 21:28:26 | 000,931,640 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2011/08/31 16:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/08/10 10:53:46 | 000,102,608 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe -- (McAfee SiteAdvisor Service)
SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/11/20 12:21:36 | 000,351,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2010/09/06 01:19:58 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor9.0)
SRV - [2010/06/23 08:09:57 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/11 11:07:54 | 000,124,432 | ---- | M] ( Pro-Softnet) [Auto | Running] -- C:\ZoneAlarmBackup\ZABackupWebM.exe -- (ZABackupWebM)
SRV - [2010/03/11 11:01:32 | 000,149,008 | ---- | M] (Pro Softnet Corporation) [Auto | Running] -- C:\ZoneAlarmBackup\ZABackup Service.exe -- (ZoneAlarmBackup Service)
SRV - [2010/03/03 19:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2009/06/10 21:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/01/12 08:15:52 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\NMSAccessU.exe -- (NMSAccess)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/11/09 23:53:10 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\28235625.sys -- (28235625)
DRV:64bit: - [2011/09/14 13:58:46 | 000,274,616 | ---- | M] (QFX Software Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\keyscrambler.sys -- (KeyScrambler)
DRV:64bit: - [2011/08/31 16:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/07/22 16:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 21:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/06/07 22:32:07 | 000,230,352 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2011/05/10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/04/27 14:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2011/03/11 06:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 06:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/16 17:23:46 | 000,074,240 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2011/01/04 12:00:35 | 000,065,736 | ---- | M] (Prevx) [File_System | System | Running] -- C:\Windows\SysNative\drivers\pxrts.sys -- (pxrts)
DRV:64bit: - [2011/01/04 12:00:35 | 000,036,384 | ---- | M] (Prevx) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pxscan.sys -- (pxscan)
DRV:64bit: - [2011/01/04 12:00:35 | 000,024,024 | ---- | M] (Prevx) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pxkbf.sys -- (pxkbf)
DRV:64bit: - [2010/11/20 13:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 11:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 11:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/03/19 02:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/03/03 18:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/12/30 11:21:26 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt)
DRV:64bit: - [2009/09/08 18:13:16 | 000,087,600 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ctxusbm.sys -- (ctxusbm)
DRV:64bit: - [2009/07/14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 00:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/07/14 00:06:43 | 000,060,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\61883.sys -- (61883)
DRV:64bit: - [2009/07/14 00:06:43 | 000,048,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avc.sys -- (Avc)
DRV:64bit: - [2009/07/14 00:06:42 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msdv.sys -- (MSDV)
DRV:64bit: - [2009/07/13 23:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/06/10 20:35:36 | 000,867,328 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2009/06/10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 20:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/03/06 17:10:10 | 000,015,872 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\anodlwfx.sys -- (anodlwf)
DRV:64bit: - [2009/01/09 14:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV - [2011/11/07 21:32:12 | 000,396,944 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_32301.sys -- (RapportCerberus_32301)
DRV - [2011/11/07 21:28:40 | 000,061,712 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys -- (RapportPG64)
DRV - [2011/11/07 21:28:40 | 000,055,056 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys -- (RapportEI64)
DRV - [2009/07/14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D6 05 80 23 B2 3A CB 01 [binary data]
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..abine.backup.network.proxy.autoconfig_url: ""
FF - prefs.js..abine.backup.network.proxy.type: 5
FF - prefs.js..browser.search.defaultenginename: "Secure Search"
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.order.2: "Google"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110323
FF - prefs.js..extensions.enabledItems: [email protected]:1.8
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.50
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.0.2
FF - prefs.js..extensions.enabledItems: {4776510a-a1f4-41f3-a3c8-35b474ecef23}:1.0.8
FF - prefs.js..extensions.enabledItems: [email protected]:2.7.1.0
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://uk.search.yah...h?fr=mcafee&p="
FF - prefs.js..network.proxy.autoconfig_url: "abine://auto-conf.js"
FF - prefs.js..network.proxy.type: 2


FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\ITunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Sundars\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Sundars\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Sundars\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Sundars\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2011/11/10 16:25:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/09 22:23:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/11/09 22:23:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/09 22:23:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/11/09 22:23:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/09 22:23:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/11/09 22:23:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.14\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/09 22:23:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.14\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/11/09 22:23:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/09 22:23:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/11/09 22:23:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/09 22:23:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/11/09 22:23:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/09 22:23:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/11/09 22:23:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/09 22:23:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/11/09 22:23:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/09 22:23:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/11/09 22:23:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/09 22:23:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/11/09 22:23:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/09 22:23:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/11/09 22:23:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/09 22:23:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/11/09 22:23:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/09 22:23:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/11/09 22:23:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/09 22:23:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/11/09 22:23:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.11\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011/11/09 22:52:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.11\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011/11/09 22:52:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2010/06/29 17:47:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sundars\AppData\Roaming\Mozilla\Extensions
[2010/06/29 17:47:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sundars\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/11/09 09:10:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sundars\AppData\Roaming\Mozilla\Firefox\Profiles\h7xf00a3.default\extensions
[2011/07/11 06:35:29 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Sundars\AppData\Roaming\Mozilla\Firefox\Profiles\h7xf00a3.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011/09/30 07:07:48 | 000,000,000 | ---D | M] (KeyScrambler) -- C:\Users\Sundars\AppData\Roaming\Mozilla\Firefox\Profiles\h7xf00a3.default\extensions\[email protected]
[2011/10/05 21:35:27 | 000,000,000 | ---D | M] (TACO with Abine) -- C:\Users\Sundars\AppData\Roaming\Mozilla\Firefox\Profiles\h7xf00a3.default\extensions\[email protected]
[2010/10/12 10:00:33 | 000,000,000 | ---D | M] (Toggle Private Browsing) -- C:\Users\Sundars\AppData\Roaming\Mozilla\Firefox\Profiles\h7xf00a3.default\extensions\[email protected]
[2011/11/09 09:12:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/11/04 14:55:12 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/11/07 12:36:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011/11/10 16:25:40 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR
() (No name found) -- C:\USERS\SUNDARS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7XF00A3.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
() (No name found) -- C:\USERS\SUNDARS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7XF00A3.DEFAULT\EXTENSIONS\{CF47767D-5F3A-4E32-9FCE-5D79565C9702}.XPI
() (No name found) -- C:\USERS\SUNDARS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7XF00A3.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\SUNDARS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7XF00A3.DEFAULT\EXTENSIONS\{D40F5E7B-D2CF-4856-B441-CC613EEFFBE3}.XPI
() (No name found) -- C:\USERS\SUNDARS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7XF00A3.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
() (No name found) -- C:\USERS\SUNDARS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7XF00A3.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\SUNDARS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7XF00A3.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\SUNDARS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7XF00A3.DEFAULT\EXTENSIONS\[email protected]
[2011/11/09 09:12:29 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[1999/12/31 16:00:00 | 000,167,704 | ---- | M] (Tracker Software Products Ltd.) -- C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
[2011/10/07 16:48:57 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/10/07 16:48:57 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/10/07 16:48:57 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/10/07 16:48:57 | 000,001,180 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/09/21 10:49:04 | 000,002,027 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2011/10/07 16:48:57 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Sundars\AppData\Local\Google\Chrome\Application\14.0.835.186\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Sundars\AppData\Local\Google\Chrome\Application\14.0.835.186\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Sundars\AppData\Local\Google\Chrome\Application\14.0.835.186\pdf.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Sundars\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\McChPlg.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Sundars\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8153_0\npSkypeChromePlugin.dll
CHR - plugin: HP Product Detection Plugin for Mozilla (Enabled) = C:\Users\Sundars\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnhbepgnjnaoahohppnffanmkjkjoglp\1.0.4.1_0\plugins/npProductDetectPlugin.dll
CHR - plugin: PDF-XChange Viewer (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Sundars\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Sundars\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\ITunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: WOT = C:\Users\Sundars\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\1.2.4_0\
CHR - Extension: Abine TACO = C:\Users\Sundars\AppData\Local\Google\Chrome\User Data\Default\Extensions\cadbkmipeldjmjfcpcjibfjgflahmphk\1.50_0\
CHR - Extension: Adblock Plus for Google Chrome\u2122 (Beta) = C:\Users\Sundars\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.1.4_0\
CHR - Extension: Read Later Fast = C:\Users\Sundars\AppData\Local\Google\Chrome\User Data\Default\Extensions\decdfngdidijkdjgbknlnepdljfaepji\1.3.4_0\
CHR - Extension: Chromeblock = C:\Users\Sundars\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd\1.55_0\
CHR - Extension: SiteAdvisor = C:\Users\Sundars\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\
CHR - Extension: KB SSL Enforcer = C:\Users\Sundars\AppData\Local\Google\Chrome\User Data\Default\Extensions\flcpelgcagfhfoegekianiofphddckof\1.0.20_0\
CHR - Extension: LastPass = C:\Users\Sundars\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\1.80.0_0\
CHR - Extension: View Thru = C:\Users\Sundars\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkncfnbcgbclefkbknfdbngiegdppgdd\1.17_0\
CHR - Extension: Credit Card Nanny = C:\Users\Sundars\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmmjpapolbaaddobpnlcjkgchmhhoog\0.2.11_0\
CHR - Extension: HP Product Detection Plugin = C:\Users\Sundars\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnhbepgnjnaoahohppnffanmkjkjoglp\1.0.4.1_0\
CHR - Extension: Download = C:\Users\Sundars\AppData\Local\Google\Chrome\User Data\Default\Extensions\nccjoeeljedbmkidebclpoabijggpbdp\0.1.5_0\
CHR - Extension: PasswordFail Extension = C:\Users\Sundars\AppData\Local\Google\Chrome\User Data\Default\Extensions\ockgeenjbijlgilppfieaklfopnbdpge\0.4_0\
CHR - Extension: Secbrowsing - plugin version checker = C:\Users\Sundars\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgkcfihepeihdlfphbndagmompiakeci\1.7_0\

O1 HOSTS File: ([2011/10/13 13:37:30 | 000,612,606 | ---- | M]) - C:\Windows\SysNative\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost #[IPv6]
O1 - Hosts: 127.0.0.1 fr.a2dfp.net
O1 - Hosts: 127.0.0.1 m.fr.a2dfp.net
O1 - Hosts: 127.0.0.1 ad.a8.net
O1 - Hosts: 127.0.0.1 asy.a8ww.net
O1 - Hosts: 127.0.0.1 abcstats.com
O1 - Hosts: 127.0.0.1 a.abv.bg
O1 - Hosts: 127.0.0.1 adserver.abv.bg
O1 - Hosts: 127.0.0.1 adv.abv.bg
O1 - Hosts: 127.0.0.1 bimg.abv.bg
O1 - Hosts: 127.0.0.1 ca.abv.bg
O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua
O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com
O1 - Hosts: 127.0.0.1 accuserveadsystem.com
O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com
O1 - Hosts: 127.0.0.1 achmedia.com
O1 - Hosts: 127.0.0.1 aconti.net
O1 - Hosts: 127.0.0.1 secure.aconti.net
O1 - Hosts: 127.0.0.1 www.aconti.net #[Dialer.Aconti]
O1 - Hosts: 127.0.0.1 am1.activemeter.com
O1 - Hosts: 127.0.0.1 www.activemeter.com #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ads.activepower.net
O1 - Hosts: 127.0.0.1 stat.active24stats.nl #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ad2games.com
O1 - Hosts: 16290 more lines...
O2:64bit: - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files (x86)\KeyScrambler\x64\KeyScramblerIE.dll (QFX Software Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg64.dll (Google Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files (x86)\SpywareGuard\dlprotect.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKCU..\Run: [ccleaner] C:\Program Files (x86)\CCleaner\CCleaner64.exe (Piriform Ltd)
O4 - HKCU..\Run: [ConnectionCenter] C:\Users\Sundars\AppData\Local\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - Startup: C:\Users\Sundars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpywareGuard.lnk = C:\Program Files (x86)\SpywareGuard\sgmain.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMorePrograms = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCABattery = 1
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O9:64bit: - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files (x86)\KeyScrambler\x64\KeyScramblerIE.dll (QFX Software Corporation)
O9 - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: citibank.co.uk ([www] * in Trusted sites)
O15 - HKCU\..Trusted Domains: hsbc.co.uk ([www] * in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([*.update] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([*.update] https in Trusted sites)
O15 - HKCU\..Trusted Domains: secunia.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: theabbey.co.uk ([anywhere] https in Trusted sites)
O15 - HKCU\..Trusted Domains: tradingparameters.co.uk ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: windowsupdate.com ([download] http in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.1.0)
O16 - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6A49AD0A-816D-439D-9B47-238C7035947A}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{99363603-5181-4C8E-8AC9-B319396402E7}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{99363603-5181-4C8E-8AC9-B319396402E7}: NameServer = 8.8.8.8,8.8.4.4
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) -C:\Windows\SysWOW64\guard32.dll (COMODO)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files (x86)\SpywareGuard\spywareguard.dll ()
O29:64bit: - HKLM SecurityProviders - (credssp.dll) -credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) -credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/11 10:12:20 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IQFeed 4.7.2.0
[2011/11/10 19:50:11 | 000,111,408 | ---- | C] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\60288835.sys
[2011/11/10 13:52:28 | 000,460,888 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\28235625.sys
[2011/11/10 10:27:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011/11/10 10:19:18 | 000,000,000 | ---D | C] -- C:\Users\Sundars\Desktop\RegBackup
[2011/11/10 10:17:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011/11/10 10:17:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2011/11/10 07:21:10 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Local\Akamai
[2011/11/10 06:31:15 | 000,000,000 | -H-D | C] -- C:\VritualRoot
[2011/11/10 00:09:01 | 000,379,984 | ---- | C] (LSI Corporation) -- C:\Windows\SysWow64\storelibir-2.dll
[2011/11/10 00:09:01 | 000,367,696 | ---- | C] (LSI Corporation) -- C:\Windows\SysWow64\storelibir.dll
[2011/11/09 23:03:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO
[2011/11/09 23:02:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo
[2011/11/09 23:02:08 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2011/11/09 23:01:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo Downloader
[2011/11/09 22:22:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/11/09 22:22:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2011/11/09 22:18:28 | 003,470,688 | ---- | C] (TrueCrypt Foundation) -- C:\Users\Sundars\Desktop\TrueCrypt Setup 7.1.exe
[2011/11/09 22:13:49 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/11/09 22:13:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2011/11/09 20:52:22 | 000,111,408 | ---- | C] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\31991611.sys
[2011/11/08 14:05:58 | 000,111,408 | ---- | C] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\06381156.sys
[2011/11/08 14:05:40 | 001,564,464 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Sundars\Desktop\TDSSKiller.exe
[2011/11/07 12:38:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011/11/01 23:42:56 | 000,000,000 | ---D | C] -- C:\Users\Sundars\Desktop\HOSTS
[2011/10/17 21:38:05 | 000,000,000 | ---D | C] -- C:\Users\Sundars\.maitreya-6.0
[2011/06/15 20:23:27 | 000,099,840 | ---- | C] ( ) -- C:\Windows\SysWow64\Zipdll.dll
[2011/06/15 20:23:27 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\Unzdll.dll
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/11 10:13:23 | 000,022,400 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/11 10:13:23 | 000,022,400 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/11 10:12:06 | 000,733,884 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/11/11 10:12:06 | 000,633,446 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/11/11 10:12:06 | 000,112,470 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/11/11 10:04:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/11 08:18:21 | 000,973,460 | ---- | M] () -- C:\Users\Sundars\Desktop\test.cfgx
[2011/11/10 21:34:17 | 000,108,640 | ---- | M] () -- C:\Users\Sundars\Desktop\PSC report - Comodo Internet Security 5.3.176757.1236.pdf
[2011/11/10 20:33:33 | 000,375,692 | ---- | M] () -- C:\Users\Sundars\Desktop\avc_retro_may2011.pdf
[2011/11/10 20:28:15 | 000,463,967 | ---- | M] () -- C:\Users\Sundars\Desktop\avc_od_aug2011.pdf
[2011/11/10 19:54:26 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2011/11/10 19:50:11 | 000,111,408 | ---- | M] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\60288835.sys
[2011/11/10 10:10:23 | 001,564,464 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Sundars\Desktop\TDSSKiller.exe
[2011/11/10 06:17:14 | 000,428,912 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/11/10 00:08:59 | 000,000,070 | ---- | M] () -- C:\Windows\LSI_StorSNMP.ini
[2011/11/09 23:53:10 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\28235625.sys
[2011/11/09 23:03:11 | 000,001,846 | ---- | M] () -- C:\Users\Public\Desktop\COMODO Firewall.lnk
[2011/11/09 22:52:49 | 000,002,152 | ---- | M] () -- C:\Users\Sundars\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2011/11/09 22:52:49 | 000,002,128 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2011/11/09 22:22:52 | 000,001,883 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/11/09 22:18:32 | 003,470,688 | ---- | M] (TrueCrypt Foundation) -- C:\Users\Sundars\Desktop\TrueCrypt Setup 7.1.exe
[2011/11/09 20:52:22 | 000,111,408 | ---- | M] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\31991611.sys
[2011/11/09 20:46:37 | 000,000,848 | ---- | M] () -- C:\Users\Sundars\Desktop\Puran Defrag.lnk
[2011/11/08 14:05:58 | 000,111,408 | ---- | M] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\06381156.sys
[2011/11/07 12:28:56 | 000,007,640 | ---- | M] () -- C:\Users\Sundars\AppData\Local\Resmon.ResmonCfg
[2011/11/04 23:07:08 | 000,586,540 | ---- | M] () -- C:\Users\Sundars\Desktop\ashtalakshmi.jpg
[2011/11/04 14:55:08 | 000,000,198 | ---- | M] () -- C:\Windows\tasks\{2538A1AB-0542-4D49-AE91-89EDD3CC862D}.job
[2011/11/03 17:29:19 | 000,638,795 | ---- | M] () -- C:\Users\Sundars\Desktop\NUS_discount.pdf
[2011/10/21 15:56:03 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cc9009ef759fbf.job
[2011/10/21 10:25:06 | 000,268,637 | ---- | M] () -- C:\Users\Sundars\Desktop\y__INR_D.csv
[2011/10/21 10:24:48 | 000,268,637 | ---- | M] () -- C:\Users\Sundars\Desktop\INR01011995.csv
[2011/10/13 13:37:30 | 000,612,606 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\HOSTS.MVP
[2011/10/13 13:37:30 | 000,612,606 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\HOSTS
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/11 08:06:56 | 000,973,460 | ---- | C] () -- C:\Users\Sundars\Desktop\test.cfgx
[2011/11/10 21:34:15 | 000,108,640 | ---- | C] () -- C:\Users\Sundars\Desktop\PSC report - Comodo Internet Security 5.3.176757.1236.pdf
[2011/11/10 20:33:27 | 000,375,692 | ---- | C] () -- C:\Users\Sundars\Desktop\avc_retro_may2011.pdf
[2011/11/10 20:28:10 | 000,463,967 | ---- | C] () -- C:\Users\Sundars\Desktop\avc_od_aug2011.pdf
[2011/11/10 19:54:26 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2011/11/09 23:03:11 | 000,001,846 | ---- | C] () -- C:\Users\Public\Desktop\COMODO Firewall.lnk
[2011/11/09 22:22:52 | 000,001,883 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/11/09 20:46:37 | 000,000,848 | ---- | C] () -- C:\Users\Sundars\Desktop\Puran Defrag.lnk
[2011/11/04 23:04:35 | 000,586,540 | ---- | C] () -- C:\Users\Sundars\Desktop\ashtalakshmi.jpg
[2011/11/04 14:55:08 | 000,000,198 | ---- | C] () -- C:\Windows\tasks\{2538A1AB-0542-4D49-AE91-89EDD3CC862D}.job
[2011/11/03 17:29:23 | 000,638,795 | ---- | C] () -- C:\Users\Sundars\Desktop\NUS_discount.pdf
[2011/10/21 15:56:03 | 000,000,894 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cc9009ef759fbf.job
[2011/10/21 10:17:36 | 000,268,637 | ---- | C] () -- C:\Users\Sundars\Desktop\INR01011995.csv
[2011/10/20 09:23:20 | 000,007,640 | ---- | C] () -- C:\Users\Sundars\AppData\Local\Resmon.ResmonCfg
[2011/09/01 12:51:19 | 000,000,211 | ---- | C] () -- C:\Windows\SJDemo.INI
[2011/08/17 11:47:46 | 000,003,284 | ---- | C] () -- C:\Users\Sundars\AppData\Roaming\ANIWZCS{17C84199-DAD8-44D4-B805-728345B870E2}
[2011/08/01 21:44:11 | 000,000,064 | ---- | C] () -- C:\ProgramData\sandra.ldb
[2011/07/01 13:04:42 | 000,000,084 | ---- | C] () -- C:\Windows\csact.ini
[2011/06/15 20:23:27 | 000,314,880 | ---- | C] () -- C:\Windows\SysWow64\Tx32.dll
[2011/06/15 20:23:27 | 000,230,912 | ---- | C] () -- C:\Windows\SysWow64\Zipit.dll
[2011/06/13 17:03:17 | 000,000,028 | ---- | C] () -- C:\Windows\pdf995.ini
[2011/06/13 16:59:14 | 000,000,059 | ---- | C] () -- C:\Windows\wpd99.drv
[2011/06/13 16:59:13 | 000,047,616 | ---- | C] () -- C:\Windows\SysWow64\pdf995mon64.dll
[2011/03/18 21:22:51 | 000,000,036 | ---- | C] () -- C:\Windows\RET.INI
[2011/01/04 11:59:48 | 000,000,052 | ---- | C] () -- C:\Windows\wininit.ini
[2010/12/06 17:47:36 | 000,071,096 | ---- | C] () -- C:\Windows\SysWow64\NMSAccessU.exe
[2010/12/06 17:47:36 | 000,017,408 | ---- | C] () -- C:\Windows\SysWow64\SyncBackPro.dll
[2010/09/07 12:40:23 | 000,000,256 | ---- | C] () -- C:\Windows\SysWow64\pool.bin
[2010/08/19 06:13:28 | 000,000,036 | ---- | C] () -- C:\Users\Sundars\AppData\Local\housecall.guid.cache
[2010/08/17 20:35:24 | 000,010,240 | ---- | C] () -- C:\Users\Sundars\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/01 19:44:00 | 000,197,416 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2010/06/28 14:32:09 | 000,739,106 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/06/28 12:44:54 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/06/23 06:41:12 | 000,441,705 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll
[2010/06/23 06:41:12 | 000,055,808 | ---- | C] () -- C:\Windows\SysWow64\zlib1.dll
[2010/06/22 23:51:44 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/06/22 22:57:12 | 000,000,144 | ---- | C] () -- C:\Windows\SysWow64\lkfl.dat
[2009/07/14 05:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 02:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 02:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 00:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 23:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 23:16:42 | 000,056,880 | ---- | C] () -- C:\Windows\SysWow64\scvideo.dll
[2009/07/13 21:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 21:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/04/07 21:08:06 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\AlertStrings.dll
[2009/01/14 18:00:48 | 000,035,767 | ---- | C] () -- C:\Windows\sas_mib.dat
[2008/12/03 08:34:46 | 000,034,944 | ---- | C] () -- C:\Windows\sas_ir_mib.dat
[2008/11/26 09:06:36 | 000,000,070 | ---- | C] () -- C:\Windows\LSI_StorSNMP.ini
[2006/08/25 04:31:57 | 000,000,040 | ---- | C] () -- C:\Users\Sundars\AppData\Local\703911de9d20150.dat
[2000/07/01 08:14:06 | 000,000,040 | ---- | C] () -- C:\Windows\806e6f6e6963122.ini

========== LOP Check ==========

[2011/11/11 10:05:08 | 000,032,644 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/10/31 10:06:25 | 000,000,250 | ---- | M] () -- C:\Windows\Tasks\Scheduled Update for Ask Toolbar.job
[2011/09/06 15:44:24 | 000,000,438 | ---- | M] () -- C:\Windows\Tasks\{01CC981E-42D9-4EE3-98AF-C9378453EDAE}.job
[2011/09/06 15:47:52 | 000,000,652 | ---- | M] () -- C:\Windows\Tasks\{0F9CE014-3DFC-4B0C-B774-596796D69321}.job
[2011/11/04 14:55:08 | 000,000,198 | ---- | M] () -- C:\Windows\Tasks\{2538A1AB-0542-4D49-AE91-89EDD3CC862D}.job
[2011/07/28 23:44:02 | 000,000,198 | ---- | M] () -- C:\Windows\Tasks\{29979165-3696-4D08-B373-2EB45A0151D1}.job
[2010/10/25 15:24:06 | 000,000,198 | ---- | M] () -- C:\Windows\Tasks\{2CE2402B-76A0-471D-A141-9DD53CE32324}.job
[2011/05/30 09:06:54 | 000,000,198 | ---- | M] () -- C:\Windows\Tasks\{2DBF0E5B-2844-4D45-9D59-4D42E809ABDB}.job
[2011/03/03 21:08:58 | 000,000,198 | ---- | M] () -- C:\Windows\Tasks\{3D24B11E-77BB-49B2-9DD0-46302BD6F2F8}.job
[2011/07/28 07:00:10 | 000,000,198 | ---- | M] () -- C:\Windows\Tasks\{42B37E56-B803-4374-9A82-45976BEE70ED}.job
[2011/09/06 15:46:52 | 000,000,686 | ---- | M] () -- C:\Windows\Tasks\{4FAD4BB6-E13C-436C-AD36-D21E5CC46F5B}.job
[2011/09/06 15:44:50 | 000,000,686 | ---- | M] () -- C:\Windows\Tasks\{583EC85D-9F3A-49EB-8E5C-C6949E6F71DF}.job
[2011/09/06 15:45:39 | 000,000,438 | ---- | M] () -- C:\Windows\Tasks\{6C4CF8AF-2CB1-4418-85D1-D42C5216CA2B}.job
[2011/09/06 15:51:45 | 000,000,198 | ---- | M] () -- C:\Windows\Tasks\{6E5D841A-FCBD-4628-BD7B-0A0B8EE03379}.job
[2011/01/07 08:58:34 | 000,000,198 | ---- | M] () -- C:\Windows\Tasks\{AA3F33A8-4B52-490B-A23B-D132AC1C2233}.job
[2011/09/06 15:47:32 | 000,000,438 | ---- | M] () -- C:\Windows\Tasks\{ACFA7A6C-ADBC-4819-807D-23AF552B7444}.job
[2011/05/30 09:22:41 | 000,000,198 | ---- | M] () -- C:\Windows\Tasks\{AD3B449D-3631-43D5-B472-A52AF949E207}.job
[2011/05/30 09:20:42 | 000,000,438 | ---- | M] () -- C:\Windows\Tasks\{ADA3D3A0-69B9-415F-B33B-8EE4AB4CBE52}.job
[2011/05/26 15:14:11 | 000,000,198 | ---- | M] () -- C:\Windows\Tasks\{AE72C6EB-13C2-4A8F-AF94-C5C30574A1AA}.job
[2010/10/25 15:21:49 | 000,000,410 | ---- | M] () -- C:\Windows\Tasks\{BD7E252E-00BA-493E-B174-DF8272D2E7B3}.job
[2011/09/06 15:48:04 | 000,000,646 | ---- | M] () -- C:\Windows\Tasks\{C0E43413-090A-4088-A001-314B1DC92CF0}.job
[2011/07/28 23:43:10 | 000,000,438 | ---- | M] () -- C:\Windows\Tasks\{C2F00A96-EE3E-4577-B997-AE77EB7D0F08}.job
[2011/09/06 15:48:13 | 000,000,438 | ---- | M] () -- C:\Windows\Tasks\{D0D8BAF1-E5AF-4F65-99CD-2835FB2076EC}.job
[2011/05/26 15:03:35 | 000,000,438 | ---- | M] () -- C:\Windows\Tasks\{DD9CEE28-9D73-4A8C-A768-8272D9F82AA2}.job
[2010/10/25 15:22:23 | 000,000,410 | ---- | M] () -- C:\Windows\Tasks\{ECF87D63-7CE9-47BB-BB1D-BBF5735370C7}.job
[2011/09/06 15:46:13 | 000,000,438 | ---- | M] () -- C:\Windows\Tasks\{F08A7E55-B22E-4C92-9EC6-4B50523F20FC}.job
[2011/09/06 15:54:11 | 000,000,198 | ---- | M] () -- C:\Windows\Tasks\{F3BE8694-724B-4593-A597-979B6E6040E9}.job
[2011/09/06 15:40:01 | 000,000,438 | ---- | M] () -- C:\Windows\Tasks\{FA6BBA3D-C02F-4602-A171-D5E51C380D84}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:5C321E34
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:B4AF47A7
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:84098FD3

< End of report >
  • 0

Advertisements


#2
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi and welcome to GeeksToGo! Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any queries or you are unsure about anything, just say and I'll help you out :)

It may well be worth you printing/saving the instructions throughout the fix, so you have them to hand just in case you are unable to access this site.

Please note:
  • Remember to post your logs, not attach them. So, any logs from any programs we run, should be just 'copied & pasted' into your reply.
  • Please only run the tools that I request. I know malware can be frustrating but running other tools in the meantime and between posts, only makes it harder for us to analyse and fix your PC in the long run.
  • Please subscribe to this topic if you have not already done so. Please check back just in case, as the email system can fail at times.
  • Just because your machine is running better does not mean it is completely cleaned. Please wait for the 'all clear' from me to say when we are done.
  • Please reply within 3 days to be fair to other people asking for help.
  • Please tell me if you have your original Windows CD/DVD available
  • When in doubt, please stop and ask first. There's no harm in asking questions!

If you have since resolved the original problem you were having, I would appreciate you letting me know. If not please perform the following steps below so I can have a look at the current condition of your machine.

  • Please download aswMBR.exe to your desktop.
  • Double click the aswMBR.exe to run it.

    Posted Image
  • When asked if you want to download Avast's virus definitions please select Yes.
  • Click the Scan button to start scan.

    Posted Image
  • On completion of the scan click Save log, save it to your desktop and post in your next reply.
  • Also on Desktop there should be a file called MBR.dat after that, zip it and then attach it here

How to add an attachment to a new topic or reply
  • 0

#3
SSri09

SSri09

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 144 posts
Thank you very much Render for your kind help, which is greatly appreciated.

Unless advised or mentioned in my reply, all scan is done in Normal mode, after disabling Windows Defender, PrevX Online, Spyware Guard, MSE and
Comodo firewall.

The logs are for my desktop, while I have safely kept aside laptop logs of OTLs. The laptop is also infected as it is in sync with desktop.
The GMERs of laptop and desktop show Rootkits (different to each other). I suspect that the GMER rootkit in desktop not false positive as I could not identify
the registry entries of HKCU/..../shell extensions/approved....to any application. The GMER logs of laptop show rootkit through bluetooth (enabled accidentally and quickly disabled; I have disabled the services of bluetooth adaptor)/
I hope you would be able to help with the laptop once the desktop is fixed. Until then, I have stopped syncing them.

The aswMBR caused BSOD. It loaded the virus definition and crashed the system while scanning.
Strangley, the minimum dump file in \wndows\minidump is missing. If therer is a BSOD, the system is set not to autoboot to facilitate the minidump to be created. I therefore
ran the aswMBR in safe mode. In this mode, it did not ask me to update the virus definition file.

To be safe, I also copied MBR.dat as a text file. Both versions (mbr.dat and mbr.txt) are attached as a zip file as requested.

The log of aswMBR, scanned in safe mode, is shown below. I am not sure if safe mode logs are helpful.

I am unable to attach a *.rar file. I am therefore renaming it as mbr.zip. Hopefully, it would be fine.

Thanks
SSri

aswMBR log

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-11-16 16:26:54
-----------------------------
16:26:54.634 OS Version: Windows x64 6.1.7601 Service Pack 1
16:26:54.634 Number of processors: 4 586 0x170A
16:26:54.634 ComputerName: SUNDARS-PC UserName: Sundars
16:26:55.430 Initialize success
16:26:58.612 AVAST engine defs: 11111600
16:27:10.406 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:27:10.406 Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 8
16:27:10.421 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
16:27:10.437 Disk 1 Vendor: Intel___ 1.0. Size: 1430812MB BusType: 8
16:27:10.453 Disk 0 MBR read successfully
16:27:10.453 Disk 0 MBR scan
16:27:10.453 Disk 0 Windows 7 default MBR code
16:27:10.453 Service scanning
16:27:12.309 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
16:27:12.917 Modules scanning
16:27:12.917 Disk 0 trace - called modules:
16:27:12.917
16:27:13.822 AVAST engine scan C:\Windows
16:27:15.445 AVAST engine scan C:\Windows\system32
16:28:27.220 AVAST engine scan C:\Windows\system32\drivers
16:28:35.364 AVAST engine scan C:\Users\Sundars
16:30:59.009 AVAST engine scan C:\ProgramData
16:32:19.084 Scan finished successfully
16:40:08.676 Disk 0 MBR has been saved successfully to "C:\Users\Sundars\Desktop\MALWARE - GTG\MBR.dat"
16:40:08.691 The log file has been saved successfully to "C:\Users\Sundars\Desktop\MALWARE - GTG\aswMBR.txt"

Attached Files


  • 0

#4
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Posted Image GMER Rootkit Scanner

  • Download GMER from HERE.
  • Extract the contents of zipped file to your desktop.
  • Double click GMER.exe.

    Posted Image
  • If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
  • In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED:
  • IAT/EAT
  • Drives/Partition other than Systemdrive (typically C:\)
  • Show All (don't miss this one)

NOTE - Not all of the tick boxes will be available if you are running a 64bit Operating System. You may also get an error message display on the screen when using a 64bit Operating System, this is normal, just click on OK and let it carry on.

Posted Image

  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "ark.txt"
  • Save the log where you can easily find it, such as your desktop.
  • Please copy and paste the report into your Post.

Caution - Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
  • 0

#5
SSri09

SSri09

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 144 posts
Thanks for your help Render.

GMER LOGS

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-11-16 19:09:26
Windows 6.1.7601 Service Pack 1
Running: gmer.exe


---- Registry - GMER 1.0.15 ----

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7F55B06B-8F39-CB49-9C20-0FD87F856BD7}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7F55B06B-8F39-CB49-9C20-0FD87F856BD7}@nagmjkiaojifpiknlmjepkpbcknp 0x6A 0x61 0x6C 0x64 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7F55B06B-8F39-CB49-9C20-0FD87F856BD7}@maamimlhfmdinimgcbpcegijmg 0x6A 0x61 0x6C 0x64 ...

---- EOF - GMER 1.0.15 ----

Please advise if you want me to try and run aswMBR in normal mode.

Regards,
SSri
  • 0

#6
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Yes. Try to run aswMBR in normal mode without AV scan (at AV scan select (none)) and then click on Scan button.
  • 0

#7
SSri09

SSri09

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 144 posts
Thanks Render!

I forgot to mention about win DVD. Yes, I have the retail win7 DVD.

aswMBR in Normal mode, AV Scan (none):

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-11-16 20:11:47
-----------------------------
20:11:47.867 OS Version: Windows x64 6.1.7601 Service Pack 1
20:11:47.867 Number of processors: 4 586 0x170A
20:11:47.868 ComputerName: SUNDARS-PC UserName: Sundars
20:11:48.873 Initialize success
20:11:52.146 AVAST engine defs: 11111600
20:12:15.780 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:12:15.783 Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 8
20:12:15.785 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
20:12:15.787 Disk 1 Vendor: Intel___ 1.0. Size: 1430812MB BusType: 8
20:12:15.846 Disk 0 MBR read successfully
20:12:15.849 Disk 0 MBR scan
20:12:15.855 Disk 0 Windows 7 default MBR code
20:12:15.858 Service scanning
20:12:16.549 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
20:12:16.591 Service pxkbf C:\Windows\System32\drivers\pxkbf.sys **LOCKED** 32
20:12:16.596 Service pxscan C:\Windows\System32\drivers\pxscan.sys **LOCKED** 32
20:12:17.197 Modules scanning
20:12:17.201 Disk 0 trace - called modules:
20:12:17.229 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
20:12:17.236 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80068c0060]
20:12:17.242 3 CLASSPNP.SYS[fffff88001a0143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004808050]
20:12:17.246 Scan finished successfully
20:13:07.996 Disk 0 MBR has been saved successfully to "C:\Users\Sundars\Desktop\MALWARE - GTG\MBR.dat"
20:13:08.001 The log file has been saved successfully to "C:\Users\Sundars\Desktop\MALWARE - GTG\aswMBR_normal.txt"

GMER LOGS - are the logs shown by GMER false positive?

Thanks - SSri

Attached Files


  • 0

#8
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
From logs I can't see any rootkit activity.

It appears from your logs you've three antivirus programs (Prevx, MSE, Comodo Internet Security) running simultaneously, which is not a safe practice at all, as you're more likely to get infected and have other performance issues with your computer. Please uninstall two of them and then update me with your current problems.
  • 0

#9
SSri09

SSri09

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 144 posts
Thanks Render! Please read these details below and advise.

Comodo is just a firewall

MSE is the only antivirus

Prevx Safeonline: loads at boot for (a) scanning and detection, (b) realtime infection detecdtion and © does not provide realtime malware, browser security and cleaning. The banks are insisting on using this for online banking. If my account is compromised, and if they realise I did not have this protection, I may not get anything back! Do I still need to uninstall or could I boot out from the start up and run only if I am going online banking? Please advise.

There is a realtime spyware guard, which provides realtime scanning engine and download protection. Could I uninstall this as well.

At this moment, I have disabled spyware guard and prevx online. Neither they run at startup nor provide any realtime protection. I powered down the PC and booted after a while. At boot, MSE and comodo firewall run. MSE as usual showing amber (i.e. not run a scan for a while and unprotected, although it runs a scan daily). Several uninstall/clean install of MSE have been done without any success. The browsers still play up at irregular intervals about DNS lookup failure (even www.google.co.uk). It loads after a couple of times. The pages / browsing still take a lot of time to load. In short, diabling PrevX and SG have not made any difference. Memory occupied is 2GB out of 4.

Thanks - SSri
  • 0

#10
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
OK. Then don't remove these programs.

Do you use a router and are any other computers using it experiencing the same or similar issues?
  • 0

Advertisements


#11
SSri09

SSri09

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 144 posts
Thanks Render. I thought Comodo firewall, MSE and Spyware guard should not pose any conflict as Spyware guard is the only real-time malware guard, which I believe, unlike other spyware programs, is more of a heuristic protection. One could probably mutually add them as exceptions in these programs to avoid confilcts. The only area of concern would be a potential conflict between Spyware Guard and PrevX Safeonline. Are they vulnerable to conflict each other, given my previous explanations?

Router: I use a virgin cable modem. It is a 20GB broadband and stays steady between 18 and 20 24x7. I powerdown the router every 2-3 days. The virgin modem is connected to a vigor dual-wan router. I have an adsl line, which is used as a backup. I have never used it in the last two years as Virgin cable has not gone down at all!

LaptopAs I wrote before, I have a clevo notebook (i7 950, 12 gb triple channel ram, win7 64 bit pro). I use this laptop if I am travelling or if the desktop is used by my family. The laptop syncs daily with the desktop. The laptop also has an infection, given the sync. Like the desktop, it pops us DNS lookup issue at irregular intervals; the browsing is slower than it was 4 weeks ago. It is obviously faster than the desktop, given the 12 GB RAM. The GMER log of laptop shows a rootkit (through bluetooth, which got enabled for a few minutes. It is disabled at service level and I never use the bluetooth.

Just to satisfy my curiosity, what are those registry entries shown by GMER for please?

Regards - SSri

Edited by SSri09, 16 November 2011 - 05:14 PM.

  • 0

#12
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts

Just to satisfy my curiosity, what are those registry entries shown by GMER for please?

HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\.... is one of many autostart locations for programs, services and similar bunches of code. These entries showing in your GMER log are not flagged as potentially malicious. So we will presume that they are safe.

Are they vulnerable to conflict each other, given my previous explanations?

I can't say as I'm not using them. If they have been installed prior this issue start then I assume that they are not in conflict with each other.

Let's see if Combofix will find something.

Please download ComboFix from Here or Here to your Desktop.

Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop.

  • If you are using Firefox, make sure that your download settings are as follows:
    • Tools->Options->Main tab
    • Set to "Always ask me where to Save the files".
  • During the download, rename Combofix to Combo-Fix as follows:

    Posted Image

    Posted Image
  • It is important you rename Combofix during the download, but not after.
  • Please do not rename Combofix to other names, but only to the one indicated.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection
  • Double click on combo-Fix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\Combo-Fix.txt" for further review

Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall.
  • 0

#13
SSri09

SSri09

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 144 posts
Thank you!

I got the procedure for MSE, COMODO FIREWALL, Spyware Guard, Windows Defender (disabled it at services.exe itself).

(1) I would disable Keyscrambler by right clicking it and turn off before running CF.

(2) Please advise the procedure for disabling script blocking.

(3) PrevX Safeonline is different to the one listed on your link. However, if I right click this application on the system tray, there is a menu (stop monitoring). Is that it? The process may still run on the background, is it not?

Regards - SSri
  • 0

#14
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
1. Disable it if you wish.

2. You don't need to disable that.

3. You said that it is not real-time engine. So you don't have to disable it.
  • 0

#15
SSri09

SSri09

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 144 posts
Thanks Render! Your pretty fast help is greatly appreciated! It appears to have deleted 5 files.

ComboFix 11-11-16.02 - Sundars 17/11/2011 0:21.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.4095.2166 [GMT 0:00]
Running from: c:\users\Sundars\Desktop\XW8600 MALWARE FIX NOV 2011\Combo-Fix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
FW: COMODO Firewall *Disabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}
SP: COMODO Defense+ *Disabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\xml34D.tmp
c:\programdata\xmlC801.tmp
c:\programdata\xmlDC2D.tmp
c:\windows\security\Database\tmp.edb
D:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-10-17 to 2011-11-17 )))))))))))))))))))))))))))))))
.
.
2011-11-17 00:30 . 2011-11-17 00:30 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A2F43FAA-F471-4F76-9141-7FF0CCC5C053}\offreg.dll
2011-11-16 22:52 . 2011-11-16 22:52 -------- d-----w- c:\windows\system32\drivers\NSTx64
2011-11-16 22:52 . 2011-11-16 22:52 -------- d-----w- c:\program files (x86)\Norton Safe Web Lite
2011-11-16 22:52 . 2011-11-16 22:52 -------- d-----w- c:\programdata\Norton
2011-11-16 22:51 . 2011-11-16 22:51 -------- d-----w- c:\program files (x86)\NortonInstaller
2011-11-16 22:03 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A2F43FAA-F471-4F76-9141-7FF0CCC5C053}\mpengine.dll
2011-11-16 11:49 . 2011-11-16 11:56 -------- d-----w- c:\program files (x86)\AmiBroker32
2011-11-16 11:30 . 2011-11-16 21:08 -------- d-----w- c:\program files\AmiBroker
2011-11-15 21:55 . 2011-11-15 21:55 -------- d-----w- c:\program files\iPod
2011-11-15 21:55 . 2011-11-15 21:55 -------- d-----w- c:\program files\iTunes
2011-11-14 23:34 . 2011-11-14 23:34 111408 ----a-w- c:\windows\system32\drivers\36678746.sys
2011-11-13 19:06 . 2011-11-13 19:06 111408 ----a-w- c:\windows\system32\drivers\78803466.sys
2011-11-13 19:03 . 2011-11-13 19:03 111408 ----a-w- c:\windows\system32\drivers\24948174.sys
2011-11-10 19:50 . 2011-11-10 19:50 111408 ----a-w- c:\windows\system32\drivers\60288835.sys
2011-11-10 13:52 . 2011-11-09 23:53 460888 ----a-w- c:\windows\system32\drivers\28235625.sys
2011-11-10 10:27 . 2011-11-10 10:27 -------- d-----w- c:\programdata\Kaspersky Lab
2011-11-10 10:17 . 2011-11-10 10:18 -------- d-----w- c:\program files (x86)\ERUNT
2011-11-10 07:21 . 2011-11-10 08:37 -------- d-----w- c:\users\Sundars\AppData\Local\Akamai
2011-11-10 06:31 . 2011-11-10 06:31 -------- d-----w- C:\VritualRoot
2011-11-10 00:09 . 2009-07-07 16:09 367696 ------w- c:\windows\SysWow64\storelibir.dll
2011-11-10 00:09 . 2009-06-25 13:22 379984 ------w- c:\windows\SysWow64\storelibir-2.dll
2011-11-09 23:02 . 2011-11-10 00:02 -------- d-----w- c:\programdata\Comodo
2011-11-09 23:02 . 2011-11-09 23:02 -------- d-----w- c:\program files\COMODO
2011-11-09 23:01 . 2011-11-09 23:02 -------- d-----w- c:\programdata\Comodo Downloader
2011-11-09 22:13 . 2011-11-09 22:13 -------- d-----w- c:\program files\Bonjour
2011-11-09 22:13 . 2011-11-09 22:13 -------- d-----w- c:\program files (x86)\Bonjour
2011-11-09 20:52 . 2011-11-09 20:52 111408 ----a-w- c:\windows\system32\drivers\31991611.sys
2011-11-09 17:54 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-09 17:54 . 2011-10-01 04:37 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2011-11-09 17:54 . 2011-09-29 16:29 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 17:54 . 2011-09-29 04:03 3144704 ----a-w- c:\windows\system32\win32k.sys
2011-11-08 14:05 . 2011-11-08 14:05 111408 ----a-w- c:\windows\system32\drivers\06381156.sys
2011-11-07 12:38 . 2011-11-07 12:38 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-10-24 14:29 . 2011-10-24 14:29 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2011-10-24 14:29 . 2011-10-24 14:29 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-15 22:21 . 2011-05-19 05:52 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-15 22:07 . 2011-06-07 22:32 230864 ----a-w- c:\windows\system32\drivers\truecrypt.sys
2011-11-09 22:17 . 2011-08-06 11:09 627600 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-11 05:38 . 2011-10-11 05:38 917840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CFA9A856-C162-4DF6-83F8-73473BB58DCC}\gapaengine.dll
2011-10-07 18:48 . 2011-10-07 18:48 93200 ----a-w- c:\windows\system32\drivers\inspect.sys
2011-10-07 18:47 . 2011-10-07 18:47 574216 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2011-10-07 18:47 . 2011-10-07 18:47 43248 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-10-07 18:47 . 2011-10-07 18:47 16528 ----a-w- c:\windows\system32\drivers\cmderd.sys
2011-10-07 18:47 . 2011-10-07 18:47 41200 ----a-w- c:\windows\system32\cmdcsr.dll
2011-10-07 18:47 . 2011-10-07 18:47 300200 ----a-w- c:\windows\SysWow64\guard32.dll
2011-10-07 18:47 . 2011-10-07 18:47 388280 ----a-w- c:\windows\system32\guard64.dll
2011-10-07 04:16 . 2011-10-06 14:28 8570192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-10-05 12:20 . 2011-10-11 05:39 601424 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2011-10-03 05:06 . 2010-06-23 08:20 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-09-15 13:17 . 2011-09-15 13:17 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-09-15 13:17 . 2011-09-15 13:17 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-09-15 13:17 . 2011-09-15 13:17 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-09-15 13:17 . 2011-09-15 13:17 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-09-15 13:17 . 2011-09-15 13:17 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-09-15 13:17 . 2011-09-15 13:17 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-09-15 13:17 . 2011-09-15 13:17 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-09-15 13:17 . 2011-09-15 13:17 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-09-15 13:17 . 2011-09-15 13:17 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-09-15 13:17 . 2011-09-15 13:17 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-09-15 13:17 . 2011-09-15 13:17 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-09-15 13:17 . 2011-09-15 13:17 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-09-15 13:17 . 2011-09-15 13:17 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-09-15 13:17 . 2011-09-15 13:17 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-09-15 13:17 . 2011-09-15 13:17 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-09-15 13:17 . 2011-09-15 13:17 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-09-15 13:17 . 2011-09-15 13:17 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-09-15 13:17 . 2011-09-15 13:17 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-09-15 13:17 . 2011-09-15 13:17 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-09-15 13:17 . 2011-09-15 13:17 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-09-15 13:17 . 2011-09-15 13:17 222208 ----a-w- c:\windows\system32\msls31.dll
2011-09-15 13:17 . 2011-09-15 13:17 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-09-15 13:17 . 2011-09-15 13:17 12288 ----a-w- c:\windows\system32\mshta.exe
2011-09-15 13:17 . 2011-09-15 13:17 114176 ----a-w- c:\windows\system32\admparse.dll
2011-09-15 13:17 . 2011-09-15 13:17 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-09-15 13:17 . 2011-09-15 13:17 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-09-15 13:17 . 2011-09-15 13:17 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-09-15 13:17 . 2011-09-15 13:17 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-09-15 13:17 . 2011-09-15 13:17 448512 ----a-w- c:\windows\system32\html.iec
2011-09-15 13:17 . 2011-09-15 13:17 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-09-15 13:17 . 2011-09-15 13:17 160256 ----a-w- c:\windows\system32\wextract.exe
2011-09-15 13:17 . 2011-09-15 13:17 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
2011-09-15 13:17 . 2011-09-15 13:17 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-09-15 13:17 . 2011-09-15 13:17 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-09-15 13:17 . 2011-09-15 13:17 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-09-15 13:17 . 2011-09-15 13:17 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-09-14 13:58 . 2010-10-25 22:17 274616 ----a-w- c:\windows\system32\drivers\keyscrambler.sys
2011-09-01 05:24 . 2011-10-13 11:00 2309120 ----a-w- c:\windows\system32\jscript9.dll
2011-09-01 05:17 . 2011-10-13 11:00 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-09-01 05:12 . 2011-10-13 11:01 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-09-01 02:35 . 2011-10-13 11:00 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-09-01 02:28 . 2011-10-13 11:00 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-09-01 02:22 . 2011-10-13 11:01 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-08-31 16:00 . 2010-06-22 23:57 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-30 23:05 . 2011-08-30 23:05 96104 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-30 23:05 . 2011-08-30 23:05 85864 ----a-w- c:\windows\system32\dnssd.dll
2011-08-30 23:05 . 2011-08-30 23:05 61288 ----a-w- c:\windows\system32\jdns_sd.dll
2011-08-30 23:05 . 2011-08-30 23:05 212840 ----a-w- c:\windows\system32\dnssdX.dll
2011-08-30 23:05 . 2011-08-30 23:05 83816 ----a-w- c:\windows\SysWow64\dns-sd.exe
2011-08-30 23:05 . 2011-08-30 23:05 73064 ----a-w- c:\windows\SysWow64\dnssd.dll
2011-08-30 23:05 . 2011-08-30 23:05 50536 ----a-w- c:\windows\SysWow64\jdns_sd.dll
2011-08-30 23:05 . 2011-08-30 23:05 178536 ----a-w- c:\windows\SysWow64\dnssdX.dll
2011-08-27 05:37 . 2011-10-13 10:36 861696 ----a-w- c:\windows\system32\oleaut32.dll
2011-08-27 05:37 . 2011-10-13 10:36 331776 ----a-w- c:\windows\system32\oleacc.dll
2011-08-27 04:26 . 2011-10-13 10:36 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2011-08-27 04:26 . 2011-10-13 10:36 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"ConnectionCenter"="c:\users\Sundars\AppData\Local\Citrix\ICA Client\concentr.exe" [2009-09-12 103768]
"ccleaner"="c:\program files (x86)\CCleaner\CCleaner64.exe" [2011-10-21 4499264]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-03 284696]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\ITunes\iTunesHelper.exe" [2011-11-13 421736]
.
c:\users\Sundars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
SpywareGuard.lnk - c:\program files (x86)\SpywareGuard\sgmain.exe [2003-8-29 360448]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HideSCABattery"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg
.
R1 RapportKE64;RapportKE64;c:\program files (x86)\Trusteer\Rapport\bin\RapportKE64.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-04 135664]
R2 PuranDefrag;PuranDefrag;c:\windows\system32\PuranDefragS.exe [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-04 135664]
R3 icsak;icsak;c:\program files\CheckPoint\ZAForceField\AK\icsak.sys [x]
R3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [2011-06-13 343856]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 netr28ux;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28ux.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S0 28235625;28235625;c:\windows\system32\DRIVERS\28235625.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 pxscan;pxscan;c:\windows\System32\drivers\pxscan.sys [x]
S1 anodlwf;ANOD Network Security Filter driver;c:\windows\system32\DRIVERS\anodlwfx.sys [x]
S1 ccSet_NST;Norton Safe Web Lite Settings Manager;c:\windows\system32\drivers\NSTx64\0200000.010\ccSetx64.sys [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [x]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [x]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [x]
S1 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [x]
S1 RapportCerberus_32301;RapportCerberus_32301;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_32301.sys [2011-11-07 396944]
S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2011-11-07 55056]
S1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2011-11-07 61712]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-09-11 140672]
S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-09-06 169408]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 CSIScanner;CSIScanner;c:\program files\Prevx\prevx.exe [2011-01-04 6724632]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-03 13336]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe [2011-08-10 102608]
S2 NSL;Norton Safe Web Lite;c:\program files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe [2011-08-10 138760]
S2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2011-11-07 931640]
S2 ZABackupWebM;ZoneAlarmBackup WebManager;c:\zonealarmbackup\ZABackupWebM.exe [2010-03-11 124432]
S2 ZoneAlarmBackup Service;ZoneAlarmBackup Service;c:\zonealarmbackup\ZABackup Service.exe [2010-03-11 149008]
S3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [x]
S3 pxkbf;pxkbf;c:\windows\system32\drivers\pxkbf.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cc9009ef759fbf.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-04 17:12]
.
2011-03-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1248678023-3426249870-1742254041-1000Core1cbd9df3ffa30d5.job
- c:\users\Sundars\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-03 21:14]
.
2011-08-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1248678023-3426249870-1742254041-1000Core1cc53b818b3e754.job
- c:\users\Sundars\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-03 21:14]
.
2010-10-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1248678023-3426249870-1742254041-1000UA.job
- c:\users\Sundars\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-03 21:14]
.
2011-09-06 c:\windows\Tasks\{01CC981E-42D9-4EE3-98AF-C9378453EDAE}.job
- c:\users\sundars\appdata\local\google\chrome\application\chrome.exe [2010-10-04 03:07]
.
2011-09-06 c:\windows\Tasks\{0F9CE014-3DFC-4B0C-B774-596796D69321}.job
- c:\users\sundars\appdata\local\google\chrome\application\chrome.exe [2010-10-04 03:07]
.
2011-11-04 c:\windows\Tasks\{2538A1AB-0542-4D49-AE91-89EDD3CC862D}.job
- c:\program files (x86)\Skype\Phone\Skype.exe [2011-10-13 09:27]
.
2011-07-28 c:\windows\Tasks\{29979165-3696-4D08-B373-2EB45A0151D1}.job
- c:\program files (x86)\Skype\Phone\Skype.exe [2011-10-13 09:27]
.
2010-10-25 c:\windows\Tasks\{2CE2402B-76A0-471D-A141-9DD53CE32324}.job
- c:\program files (x86)\Skype\Phone\Skype.exe [2011-10-13 09:27]
.
2011-05-30 c:\windows\Tasks\{2DBF0E5B-2844-4D45-9D59-4D42E809ABDB}.job
- c:\program files (x86)\Skype\Phone\Skype.exe [2011-10-13 09:27]
.
2011-03-03 c:\windows\Tasks\{3D24B11E-77BB-49B2-9DD0-46302BD6F2F8}.job
- c:\program files (x86)\Skype\Phone\Skype.exe [2011-10-13 09:27]
.
2011-07-28 c:\windows\Tasks\{42B37E56-B803-4374-9A82-45976BEE70ED}.job
- c:\program files (x86)\Skype\Phone\Skype.exe [2011-10-13 09:27]
.
2011-09-06 c:\windows\Tasks\{4FAD4BB6-E13C-436C-AD36-D21E5CC46F5B}.job
- c:\users\sundars\appdata\local\google\chrome\application\chrome.exe [2010-10-04 03:07]
.
2011-09-06 c:\windows\Tasks\{583EC85D-9F3A-49EB-8E5C-C6949E6F71DF}.job
- c:\users\sundars\appdata\local\google\chrome\application\chrome.exe [2010-10-04 03:07]
.
2011-09-06 c:\windows\Tasks\{6C4CF8AF-2CB1-4418-85D1-D42C5216CA2B}.job
- c:\users\sundars\appdata\local\google\chrome\application\chrome.exe [2010-10-04 03:07]
.
2011-09-06 c:\windows\Tasks\{6E5D841A-FCBD-4628-BD7B-0A0B8EE03379}.job
- c:\program files (x86)\Skype\Phone\Skype.exe [2011-10-13 09:27]
.
2011-01-07 c:\windows\Tasks\{AA3F33A8-4B52-490B-A23B-D132AC1C2233}.job
- c:\program files (x86)\Skype\Phone\Skype.exe [2011-10-13 09:27]
.
2011-09-06 c:\windows\Tasks\{ACFA7A6C-ADBC-4819-807D-23AF552B7444}.job
- c:\users\sundars\appdata\local\google\chrome\application\chrome.exe [2010-10-04 03:07]
.
2011-05-30 c:\windows\Tasks\{AD3B449D-3631-43D5-B472-A52AF949E207}.job
- c:\program files (x86)\Skype\Phone\Skype.exe [2011-10-13 09:27]
.
2011-05-30 c:\windows\Tasks\{ADA3D3A0-69B9-415F-B33B-8EE4AB4CBE52}.job
- c:\users\sundars\appdata\local\google\chrome\application\chrome.exe [2010-10-04 03:07]
.
2011-05-26 c:\windows\Tasks\{AE72C6EB-13C2-4A8F-AF94-C5C30574A1AA}.job
- c:\program files (x86)\Skype\Phone\Skype.exe [2011-10-13 09:27]
.
2010-10-25 c:\windows\Tasks\{BD7E252E-00BA-493E-B174-DF8272D2E7B3}.job
- c:\program files (x86)\Internet Explorer\iexplore.exe [2011-09-15 13:17]
.
2011-09-06 c:\windows\Tasks\{C0E43413-090A-4088-A001-314B1DC92CF0}.job
- c:\users\sundars\appdata\local\google\chrome\application\chrome.exe [2010-10-04 03:07]
.
2011-07-28 c:\windows\Tasks\{C2F00A96-EE3E-4577-B997-AE77EB7D0F08}.job
- c:\users\sundars\appdata\local\google\chrome\application\chrome.exe [2010-10-04 03:07]
.
2011-09-06 c:\windows\Tasks\{D0D8BAF1-E5AF-4F65-99CD-2835FB2076EC}.job
- c:\users\sundars\appdata\local\google\chrome\application\chrome.exe [2010-10-04 03:07]
.
2011-05-26 c:\windows\Tasks\{DD9CEE28-9D73-4A8C-A768-8272D9F82AA2}.job
- c:\users\sundars\appdata\local\google\chrome\application\chrome.exe [2010-10-04 03:07]
.
2010-10-25 c:\windows\Tasks\{ECF87D63-7CE9-47BB-BB1D-BBF5735370C7}.job
- c:\program files (x86)\Internet Explorer\iexplore.exe [2011-09-15 13:17]
.
2011-09-06 c:\windows\Tasks\{F08A7E55-B22E-4C92-9EC6-4B50523F20FC}.job
- c:\users\sundars\appdata\local\google\chrome\application\chrome.exe [2010-10-04 03:07]
.
2011-09-06 c:\windows\Tasks\{F3BE8694-724B-4593-A597-979B6E6040E9}.job
- c:\program files (x86)\Skype\Phone\Skype.exe [2011-10-13 09:27]
.
2011-09-06 c:\windows\Tasks\{FA6BBA3D-C02F-4602-A171-D5E51C380D84}.job
- c:\users\sundars\appdata\local\google\chrome\application\chrome.exe [2010-10-04 03:07]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-10-20 9264456]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\guard64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page =
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
Trusted Zone: citibank.co.uk\www
Trusted Zone: hsbc.co.uk\www
Trusted Zone: microsoft.com\*.update
Trusted Zone: secunia.com
Trusted Zone: theabbey.co.uk\anywhere
Trusted Zone: tradingparameters.co.uk\www
Trusted Zone: windowsupdate.com\download
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{6A49AD0A-816D-439D-9B47-238C7035947A}: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{99363603-5181-4C8E-8AC9-B319396402E7}: NameServer = 8.8.8.8,8.8.4.4
FF - ProfilePath - c:\users\Sundars\AppData\Roaming\Mozilla\Firefox\Profiles\h7xf00a3.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=mcafee&p=
FF - prefs.js: network.proxy.type - 2
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NSL]
"ImagePath"="\"c:\program files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe\" /s \"NSL\" /m \"c:\program files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1248678023-3426249870-1742254041-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7F55B06B-8F39-CB49-9C20-0FD87F856BD7}*]
"nagmjkiaojifpiknlmjepkpbcknp"=hex:6a,61,6c,64,62,61,68,69,6c,69,64,6e,6e,62,
6f,64,65,6c,6b,63,00,00
"maamimlhfmdinimgcbpcegijmg"=hex:6a,61,6c,64,62,61,68,69,6c,69,64,6e,6e,62,6f,
64,65,6c,6b,63,00,bb
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\SysWOW64\NMSAccessU.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Trusteer\Rapport\bin\RapportService.exe
c:\users\Sundars\AppData\Local\Citrix\ICA Client\wfcrun32.exe
.
**************************************************************************
.
Completion time: 2011-11-17 00:36:30 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-17 00:36
.
Pre-Run: 414,810,497,024 bytes free
Post-Run: 415,949,332,480 bytes free
.
- - End Of File - - 4FC1909D7469A11A9E499CE799DF42F6

Please note that the rapport services run at the browser level.

Regards,
SSri09
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP