I experienced the following problems on my desktop and laptop; the latter syncs with the desktop to ensure that I can use the laptop while I am on the road or if the desktop is used by other members of the household. The issues listed below are valid both for the desktop and the laptop, which is connected on a secured wireless connection.
Problem:
(1) In the last few weeks, I am seeing a significant slowing of browsing and loading of websites. (2) I can ping the IP through command prompt but cannot browse. Real time streaming of financial market data applications would lose connection, which become fine after a few troubleshooting and/or a reboot. I figured out conflicts with IPV4 and IPV6 and DNS (I think it is more of a DNS than IPV6 conflict). I disabled IPV6. I switched to Google's public DNS (8.8.8.8 / 8.8.4.4). The DNS lookup error appears sorted out and so is the real-time streaming of data in the last few days, although the laptop does play up at irregular intervals with DNS lookup error even now (3) The MSE does a full scan daily but on a boot the next day, it says that the computer is unprotected as the scan was not done for a while!. Several reinstalls did not address the problem. (4) Realtime market application, once I login, usually comes green immediately. These days, the login screen apppears late, connects late and turns green late.
I use Firefox and Chrome. The firefox and chrome takes ages (a few minutes even to load www.google.co.uk). The laptop is faster than desktop as the former has a 12GB RAM and the latter has 4GB. Of these, 2GB is used by system, processes and applications. I do not think RAM on the desktop is a problem as the 12GB RAM laptop also takes a lot of time to load the web sites/pages.
Is this a Malware problem? I think so; for the record, I had used Windows Firewall with Firewall Control Plus and MSE. I use MBAM, SuperAntiSpyware, Spyware Guard (on boot), PrevX (as the banks asked to me use it). I run MBAM and SuperAntiSpyware once or twice a week. CC cleaner is run daily on boot. The TFC is run a couple of times a month. I run ESET online scanner once in a while. All updates are taken care of automatically. I surf safely, do not use torrents or play online games or access any suspicious email with links.
Desktop: HP xw8600, Xeon x5450 3.00 GHz quad-core, 4 GB RAM and Win7 64 bit ultimate.
Laptop: Clevo model, i7 950 quad-core, 12 GB triple channel RAM, Win7 64 bit Pro.
Given the recent problems, I suspected that Windows Firewall / MSE are pretty ineffective, I recently installed comodo firewall. I am thinking of ditching MSE and go for a paid version of anti-virus; the choices are Avira, Avast and Kaspersky. I am skeptical of Avira as I believe it installs ask tool bar and can be a nuisance with ads? I want an AV, which is pretty light on resources and effective. Please suggest. Real time MBAM is an option that I am considering.
Steps taken:
(1) I ran an ESET online scanner. It did not show any infection. I tried running TDSSKiller. It did not pick up any issue. (2) I ran GMER on the desktop and laptop. The laptop turned a NIL report, while the desktop GMER run threw 3 rootkit at the registry (Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved.....). I did not believe this as GMER could generate false positives. (3) I downloaded Kaspersky Virus Removal Tool and ran on both the desktop and laptops.
strangely, it showed that two files were infected (false positive, I guess) on both the computers (this is not surprising as the laptop syncs all application drives). One was Zone Alarm extreme security setup file and another was Net Tools 5.0xxxx (I have never used it and do not remember downloading them). Since I no longer use them, I allowed it to delete / disinfect them. (4) after step 3, I ran GMER, which picked up the same infections. Please advise if you would like me to post these logs as well. In short, problems still remain at large.
I am posting the logs of the Desktop only. I am holding the logs of the laptop as may have to be taken up after addressing the desktop problem. Please advise if I could post the laptop logs as well, as both are having almost same issues.
DESKTOP LOGS:
(1) OTL Extras
I had problems running it as it froze while scanning Chrome settings. It threw an error message (LIST INDEX OUT OF BOUNCE - 1061). I ran fine after deleting a couple of chrome extensions.
OTL Extras logfile created on: 11/11/2011 11:11:02 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Sundars\Documents\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
4.00 Gb Total Physical Memory | 1.76 Gb Available Physical Memory | 43.92% Memory free
8.00 Gb Paging File | 5.77 Gb Available in Paging File | 72.17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.76 Gb Total Space | 377.42 Gb Free Space | 81.03% Space Free | Partition Type: NTFS
Drive D: | 1397.27 Gb Total Space | 1345.02 Gb Free Space | 96.26% Space Free | Partition Type: NTFS
Computer Name: SUNDARS-PC | User Name: Sundars | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [runas] -- cmd.exe /c takeown /f "%1" && icacls "%1" /grant administrators:F (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [runas] -- cmd.exe /c takeown /f "%1" && icacls "%1" /grant administrators:F (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0
"DefaultOutboundAction" = 1
"DefaultInboundAction" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04F9B09E-CDB5-46fc-AC30-2E7E7C7A8A34}" = Canon MP800
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{21BF1592-7D07-4516-930C-2BF40CE9E59B}" = PDF-XChange Viewer
"{26A24AE4-039D-4CA4-87B4-2F86417001FF}" = Java 7 Update 1 (64-bit)
"{3C5E60F1-0821-4B07-97EA-84EB5A927CF6}" = MobileMe Control Panel
"{42738DB0-FC3E-4672-A99B-9372F5696E30}" = Microsoft Security Client
"{4EAB2511-0135-48CA-A47B-CE1E6836793A}" = COMODO Internet Security
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.5
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{997C9EC4-B53D-479D-81B7-0AEC8D174BA1}" = iTunes
"{9C98CA38-4C1A-4AC8-B55C-169497C8826B}" = Apple Mobile Device Support
"{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer
"{B7588D45-AFDC-4C93-9E2E-A100F3554B64}" = Microsoft Fix it Center
"{B860298B-CE03-4DE2-B92E-422F2C20A2D8}_is1" = PDF-XChange Lite 4
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"PCSI" = Prevx
"Puran Defrag Free Edition_is1" = Puran Defrag Free Edition 7.1
"WinRAR archiver" = WinRAR 4.01 (64-bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{007F778D-F15C-4EAB-AE92-071D21FAF632}" = Adobe Photoshop Elements 9
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0BCA9EFD-F2D6-4638-B053-8693BA0404BE}" = Citrix online plug-in (Web)
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java 6 Update 29
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{433EACD8-4747-4A6A-826A-FFA9F39B0D40}" = Elements 9 Organizer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{55392E52-1AAD-44C4-BE49-258FFE72434F}" = Citrix online plug-in (USB)
"{669A032D-4E28-3D11-BB26-8AD5D51EFE87}" = Google Talk Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{75157F34-02C6-4831-BD66-3BC49E7A8394}" = BlackBerry Desktop Software 6.1
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{812424AC-A8B5-44E6-8D48-07E939D1AD9A}" = Citrix online plug-in (HDX)
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_PROR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{964A0E79-160F-4F5F-97D0-9C03CFA434FA}" = Syrius Updater
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{B0A92733-C870-415C-A494-DF72C2C58402}" = BlackBerry Device Software Updater
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CF53CF7C-D996-43EB-9904-DBED57C25625}" = Citrix online plug-in (DV)
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E2AE009D-37E5-4724-A6B8-0ED6A6BA4F68}" = Elements STI Installer
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F302F4F0-588D-6501-1ACF-BE3FDCC9135D}" = Adobe Community Help
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 9" = Adobe Photoshop Elements 9
"AmiBroker_is1" = AmiBroker 5.40
"AutocompletePro3_is1" = AutocompletePro
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.1
"CanonMyPrinter" = Canon Utilities My Printer
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"CitrixOnlinePluginPackWeb" = Citrix online plug-in - web
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"ERUNT_is1" = ERUNT 1.1j
"ESET Online Scanner" = ESET Online Scanner v3
"EULAlyzer_is1" = EULAlyzer 2.0
"FileHippo.com" = FileHippo.com Update Checker
"Graph_is1" = Graph 4.3
"IQFeed Client" = IQFeed Client 4.7.2.0
"Jagannatha Hora_is1" = Jagannatha Hora 7.51
"KeyScrambler" = KeyScrambler
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Mozilla Firefox 8.0 (x86 en-GB)" = Mozilla Firefox 8.0 (x86 en-GB)
"Mozilla Thunderbird (8.0)" = Mozilla Thunderbird (8.0)
"MP Navigator 2.0" = Canon MP Navigator 2.0
"PROR" = Microsoft Office Professional 2007
"Rapport_msi" = Rapport
"Revo Uninstaller" = Revo Uninstaller 1.92
"SpywareBlaster_is1" = SpywareBlaster 4.4
"SpywareGuard_is1" = SpywareGuard v2.2
"SyncBackPro_is1" = SyncBackPro
"TaxCalc 2010" = TaxCalc 2010
"TrueCrypt" = TrueCrypt
"ZoneAlarm Backup Powered by IDrive_is1" = ZoneAlarm Backup Powered by IDrive version 1.0.5 March 11, 2010
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CitrixOnlinePluginPackWeb" = Citrix online plug-in - web
"Google Chrome" = Google Chrome
"PassportPhoto" = PassportPhoto (remove)
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 10/11/2011 09:41:04 | Computer Name = Sundars-PC | Source = VSS | ID = 8193
Description =
Error - 10/11/2011 09:41:04 | Computer Name = Sundars-PC | Source = VSS | ID = 8193
Description =
Error - 10/11/2011 09:43:48 | Computer Name = Sundars-PC | Source = Schedule | ID = 0
Description =
Error - 10/11/2011 09:49:14 | Computer Name = Sundars-PC | Source = Schedule | ID = 0
Description =
Error - 10/11/2011 15:36:35 | Computer Name = Sundars-PC | Source = Schedule | ID = 0
Description =
Error - 11/11/2011 02:29:56 | Computer Name = Sundars-PC | Source = Schedule | ID = 0
Description =
Error - 11/11/2011 05:49:30 | Computer Name = Sundars-PC | Source = Schedule | ID = 0
Description =
Error - 11/11/2011 05:53:05 | Computer Name = Sundars-PC | Source = Application Error | ID = 1000
Description = Faulting application name: PuranDefragS.exe, version: 7.1.0.0, time
stamp: 0x4bf0e4ee Faulting module name: PuranDefragS.exe, version: 7.1.0.0, time
stamp: 0x4bf0e4ee Exception code: 0xc0000094 Fault offset: 0x000000000000bc1a Faulting
process id: 0x854 Faulting application start time: 0x01cca0573a13ae8e Faulting application
path: C:\Windows\system32\PuranDefragS.exe Faulting module path: C:\Windows\system32\PuranDefragS.exe
Report
Id: f34a7084-0c4a-11e1-8181-00215ac6f264
Error - 11/11/2011 05:57:05 | Computer Name = Sundars-PC | Source = VSS | ID = 8194
Description =
Error - 11/11/2011 06:05:07 | Computer Name = Sundars-PC | Source = Schedule | ID = 0
Description =
[ System Events ]
Error - 10/11/2011 22:11:16 | Computer Name = Sundars-PC | Source = Service Control Manager | ID = 7031
Description = The CSIScanner service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 10000 milliseconds:
Restart the service.
Error - 10/11/2011 22:11:26 | Computer Name = Sundars-PC | Source = Service Control Manager | ID = 7000
Description = The CSIScanner service failed to start due to the following error:
%%3
Error - 11/11/2011 02:30:23 | Computer Name = Sundars-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.
Feature:
%%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842
Error - 11/11/2011 02:35:52 | Computer Name = Sundars-PC | Source = Service Control Manager | ID = 7022
Description = The Windows Update service hung on starting.
Error - 11/11/2011 05:47:26 | Computer Name = Sundars-PC | Source = Service Control Manager | ID = 7031
Description = The CSIScanner service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 10000 milliseconds:
Restart the service.
Error - 11/11/2011 05:47:36 | Computer Name = Sundars-PC | Source = Service Control Manager | ID = 7000
Description = The CSIScanner service failed to start due to the following error:
%%109
Error - 11/11/2011 05:50:01 | Computer Name = Sundars-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.
Feature:
%%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842
Error - 11/11/2011 05:53:08 | Computer Name = Sundars-PC | Source = Service Control Manager | ID = 7034
Description = The PuranDefrag service terminated unexpectedly. It has done this
1 time(s).
Error - 11/11/2011 06:03:00 | Computer Name = Sundars-PC | Source = Service Control Manager | ID = 7031
Description = The CSIScanner service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 10000 milliseconds:
Restart the service.
Error - 11/11/2011 06:05:33 | Computer Name = Sundars-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.
Feature:
%%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842
< End of report >
(2) OTL LOGS
OTL logfile created on: 11/11/2011 11:11:02 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Sundars\Documents\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
4.00 Gb Total Physical Memory | 1.76 Gb Available Physical Memory | 43.92% Memory free
8.00 Gb Paging File | 5.77 Gb Available in Paging File | 72.17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.76 Gb Total Space | 377.42 Gb Free Space | 81.03% Space Free | Partition Type: NTFS
Drive D: | 1397.27 Gb Total Space | 1345.02 Gb Free Space | 96.26% Space Free | Partition Type: NTFS
Computer Name: SUNDARS-PC | User Name: Sundars | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/11/11 10:56:51 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Sundars\My Documents\Downloads\OTL.exe
PRC - [2011/11/09 09:12:29 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/11/07 21:28:26 | 001,652,536 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
PRC - [2011/11/07 21:28:26 | 000,931,640 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/02/18 10:47:12 | 000,079,192 | ---- | M] (Research In Motion Limited) -- C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2010/09/06 01:19:58 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
PRC - [2010/04/26 10:06:44 | 000,096,112 | ---- | M] (Microsoft Corp.) -- C:\Program Files (x86)\Microsoft\Office Live\OfficeLiveSignIn.exe
PRC - [2010/03/11 11:07:54 | 000,124,432 | ---- | M] ( Pro-Softnet) -- C:\ZoneAlarmBackup\ZABackupWebM.exe
PRC - [2010/03/11 11:01:32 | 000,149,008 | ---- | M] (Pro Softnet Corporation) -- C:\ZoneAlarmBackup\ZABackup Service.exe
PRC - [2010/03/03 19:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/03/03 19:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2009/09/12 23:09:10 | 000,103,768 | ---- | M] (Citrix Systems, Inc.) -- C:\Users\Sundars\AppData\Local\Citrix\ICA Client\concentr.exe
PRC - [2009/09/12 23:09:04 | 000,550,232 | ---- | M] (Citrix Systems, Inc.) -- C:\Users\Sundars\AppData\Local\Citrix\ICA Client\wfcrun32.exe
PRC - [2009/01/12 08:15:52 | 000,071,096 | ---- | M] () -- C:\Windows\SysWOW64\NMSAccessU.exe
PRC - [2003/08/29 18:05:35 | 000,360,448 | ---- | M] () -- C:\Program Files (x86)\SpywareGuard\sgmain.exe
========== Modules (No Company Name) ==========
MOD - [2011/11/09 09:12:28 | 001,989,592 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/10/30 20:57:06 | 000,557,056 | ---- | M] () -- C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
MOD - [2011/10/13 12:54:18 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\3c8f9ba115087754b5b1d8394fc818ba\IAStorUtil.ni.dll
MOD - [2011/10/13 12:44:52 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b2622080e047040fa044dd21a04ff10d\System.Runtime.Remoting.ni.dll
MOD - [2011/10/13 12:44:32 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll
MOD - [2011/10/13 12:44:27 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll
MOD - [2011/10/13 12:44:17 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll
MOD - [2011/10/13 12:44:13 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll
MOD - [2011/10/13 12:44:10 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2011/10/13 12:44:10 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll
MOD - [2011/10/13 12:44:05 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/09/20 03:07:39 | 000,412,728 | ---- | M] () -- C:\Users\Sundars\AppData\Local\Google\Chrome\Application\14.0.835.186\ppgooglenaclpluginchrome.dll
MOD - [2011/09/20 03:07:37 | 003,696,184 | ---- | M] () -- C:\Users\Sundars\AppData\Local\Google\Chrome\Application\14.0.835.186\pdf.dll
MOD - [2011/09/20 03:06:11 | 000,142,568 | ---- | M] () -- C:\Users\Sundars\AppData\Local\Google\Chrome\Application\14.0.835.186\avutil-51.dll
MOD - [2011/09/20 03:06:10 | 000,253,320 | ---- | M] () -- C:\Users\Sundars\AppData\Local\Google\Chrome\Application\14.0.835.186\avformat-53.dll
MOD - [2011/09/20 03:06:09 | 002,403,240 | ---- | M] () -- C:\Users\Sundars\AppData\Local\Google\Chrome\Application\14.0.835.186\avcodec-53.dll
MOD - [2011/08/19 04:36:19 | 006,277,280 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011/07/19 09:03:43 | 000,516,368 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\28896\RapportMS.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/02/14 04:04:38 | 000,756,040 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL
MOD - [2003/08/29 18:05:35 | 000,360,448 | ---- | M] () -- C:\Program Files (x86)\SpywareGuard\sgmain.exe
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2011/10/07 18:47:16 | 002,663,568 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV:64bit: - [2011/09/11 08:40:46 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2011/06/13 21:21:14 | 000,343,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV:64bit: - [2011/04/27 16:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011/04/27 16:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011/01/04 12:00:35 | 006,724,632 | ---- | M] (Prevx) [Auto | Running] -- C:\Program Files\Prevx\prevx.exe -- (CSIScanner)
SRV:64bit: - [2010/05/17 12:11:42 | 000,290,816 | ---- | M] (Puran Software) [Auto | Running] -- C:\Windows\SysNative\PuranDefragS.exe -- (PuranDefrag)
SRV:64bit: - [2009/07/14 01:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 01:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011/11/07 21:28:26 | 000,931,640 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2011/08/31 16:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/08/10 10:53:46 | 000,102,608 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe -- (McAfee SiteAdvisor Service)
SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/11/20 12:21:36 | 000,351,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2010/09/06 01:19:58 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor9.0)
SRV - [2010/06/23 08:09:57 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/11 11:07:54 | 000,124,432 | ---- | M] ( Pro-Softnet) [Auto | Running] -- C:\ZoneAlarmBackup\ZABackupWebM.exe -- (ZABackupWebM)
SRV - [2010/03/11 11:01:32 | 000,149,008 | ---- | M] (Pro Softnet Corporation) [Auto | Running] -- C:\ZoneAlarmBackup\ZABackup Service.exe -- (ZoneAlarmBackup Service)
SRV - [2010/03/03 19:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2009/06/10 21:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/01/12 08:15:52 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\NMSAccessU.exe -- (NMSAccess)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2011/11/09 23:53:10 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\28235625.sys -- (28235625)
DRV:64bit: - [2011/09/14 13:58:46 | 000,274,616 | ---- | M] (QFX Software Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\keyscrambler.sys -- (KeyScrambler)
DRV:64bit: - [2011/08/31 16:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/07/22 16:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 21:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/06/07 22:32:07 | 000,230,352 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2011/05/10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/04/27 14:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2011/03/11 06:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 06:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/16 17:23:46 | 000,074,240 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2011/01/04 12:00:35 | 000,065,736 | ---- | M] (Prevx) [File_System | System | Running] -- C:\Windows\SysNative\drivers\pxrts.sys -- (pxrts)
DRV:64bit: - [2011/01/04 12:00:35 | 000,036,384 | ---- | M] (Prevx) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pxscan.sys -- (pxscan)
DRV:64bit: - [2011/01/04 12:00:35 | 000,024,024 | ---- | M] (Prevx) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pxkbf.sys -- (pxkbf)
DRV:64bit: - [2010/11/20 13:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 11:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 11:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/03/19 02:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/03/03 18:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/12/30 11:21:26 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt)
DRV:64bit: - [2009/09/08 18:13:16 | 000,087,600 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ctxusbm.sys -- (ctxusbm)
DRV:64bit: - [2009/07/14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 00:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/07/14 00:06:43 | 000,060,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\61883.sys -- (61883)
DRV:64bit: - [2009/07/14 00:06:43 | 000,048,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avc.sys -- (Avc)
DRV:64bit: - [2009/07/14 00:06:42 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msdv.sys -- (MSDV)
DRV:64bit: - [2009/07/13 23:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/06/10 20:35:36 | 000,867,328 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2009/06/10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 20:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/03/06 17:10:10 | 000,015,872 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\anodlwfx.sys -- (anodlwf)
DRV:64bit: - [2009/01/09 14:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV - [2011/11/07 21:32:12 | 000,396,944 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_32301.sys -- (RapportCerberus_32301)
DRV - [2011/11/07 21:28:40 | 000,061,712 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys -- (RapportPG64)
DRV - [2011/11/07 21:28:40 | 000,055,056 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys -- (RapportEI64)
DRV - [2009/07/14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D6 05 80 23 B2 3A CB 01 [binary data]
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..abine.backup.network.proxy.autoconfig_url: ""
FF - prefs.js..abine.backup.network.proxy.type: 5
FF - prefs.js..browser.search.defaultenginename: "Secure Search"
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.order.2: "Google"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110323
FF - prefs.js..extensions.enabledItems: [email protected]:1.8
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.50
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.0.2
FF - prefs.js..extensions.enabledItems: {4776510a-a1f4-41f3-a3c8-35b474ecef23}:1.0.8
FF - prefs.js..extensions.enabledItems: [email protected]:2.7.1.0
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://uk.search.yah...h?fr=mcafee&p="
FF - prefs.js..network.proxy.autoconfig_url: "abine://auto-conf.js"
FF - prefs.js..network.proxy.type: 2
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\ITunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Sundars\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Sundars\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Sundars\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Sundars\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2011/11/10 16:25:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/09 22:23:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/11/09 22:23:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/09 22:23:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/11/09 22:23:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/09 22:23:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/11/09 22:23:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.14\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/09 22:23:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.14\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/11/09 22:23:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/09 22:23:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/11/09 22:23:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/09 22:23:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/11/09 22:23:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/09 22:23:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/11/09 22:23:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/09 22:23:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/11/09 22:23:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/09 22:23:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/11/09 22:23:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/09 22:23:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/11/09 22:23:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/09 22:23:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/11/09 22:23:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/09 22:23:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/11/09 22:23:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/09 22:23:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/11/09 22:23:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/09 22:23:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/11/09 22:23:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.11\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011/11/09 22:52:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.11\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011/11/09 22:52:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
[2010/06/29 17:47:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sundars\AppData\Roaming\Mozilla\Extensions
[2010/06/29 17:47:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sundars\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/11/09 09:10:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sundars\AppData\Roaming\Mozilla\Firefox\Profiles\h7xf00a3.default\extensions
[2011/07/11 06:35:29 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Sundars\AppData\Roaming\Mozilla\Firefox\Profiles\h7xf00a3.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011/09/30 07:07:48 | 000,000,000 | ---D | M] (KeyScrambler) -- C:\Users\Sundars\AppData\Roaming\Mozilla\Firefox\Profiles\h7xf00a3.default\extensions\[email protected]
[2011/10/05 21:35:27 | 000,000,000 | ---D | M] (TACO with Abine) -- C:\Users\Sundars\AppData\Roaming\Mozilla\Firefox\Profiles\h7xf00a3.default\extensions\[email protected]
[2010/10/12 10:00:33 | 000,000,000 | ---D | M] (Toggle Private Browsing) -- C:\Users\Sundars\AppData\Roaming\Mozilla\Firefox\Profiles\h7xf00a3.default\extensions\[email protected]
[2011/11/09 09:12:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/11/04 14:55:12 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/11/07 12:36:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011/11/10 16:25:40 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR
() (No name found) -- C:\USERS\SUNDARS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7XF00A3.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
() (No name found) -- C:\USERS\SUNDARS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7XF00A3.DEFAULT\EXTENSIONS\{CF47767D-5F3A-4E32-9FCE-5D79565C9702}.XPI
() (No name found) -- C:\USERS\SUNDARS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7XF00A3.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\SUNDARS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7XF00A3.DEFAULT\EXTENSIONS\{D40F5E7B-D2CF-4856-B441-CC613EEFFBE3}.XPI
() (No name found) -- C:\USERS\SUNDARS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7XF00A3.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
() (No name found) -- C:\USERS\SUNDARS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7XF00A3.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\SUNDARS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7XF00A3.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\SUNDARS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H7XF00A3.DEFAULT\EXTENSIONS\[email protected]
[2011/11/09 09:12:29 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[1999/12/31 16:00:00 | 000,167,704 | ---- | M] (Tracker Software Products Ltd.) -- C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
[2011/10/07 16:48:57 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/10/07 16:48:57 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/10/07 16:48:57 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/10/07 16:48:57 | 000,001,180 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/09/21 10:49:04 | 000,002,027 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2011/10/07 16:48:57 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Sundars\AppData\Local\Google\Chrome\Application\14.0.835.186\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Sundars\AppData\Local\Google\Chrome\Application\14.0.835.186\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Sundars\AppData\Local\Google\Chrome\Application\14.0.835.186\pdf.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Sundars\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\McChPlg.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Sundars\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8153_0\npSkypeChromePlugin.dll
CHR - plugin: HP Product Detection Plugin for Mozilla (Enabled) = C:\Users\Sundars\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnhbepgnjnaoahohppnffanmkjkjoglp\1.0.4.1_0\plugins/npProductDetectPlugin.dll
CHR - plugin: PDF-XChange Viewer (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Sundars\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Sundars\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\ITunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: WOT = C:\Users\Sundars\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\1.2.4_0\
CHR - Extension: Abine TACO = C:\Users\Sundars\AppData\Local\Google\Chrome\User Data\Default\Extensions\cadbkmipeldjmjfcpcjibfjgflahmphk\1.50_0\
CHR - Extension: Adblock Plus for Google Chrome\u2122 (Beta) = C:\Users\Sundars\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.1.4_0\
CHR - Extension: Read Later Fast = C:\Users\Sundars\AppData\Local\Google\Chrome\User Data\Default\Extensions\decdfngdidijkdjgbknlnepdljfaepji\1.3.4_0\
CHR - Extension: Chromeblock = C:\Users\Sundars\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd\1.55_0\
CHR - Extension: SiteAdvisor = C:\Users\Sundars\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\
CHR - Extension: KB SSL Enforcer = C:\Users\Sundars\AppData\Local\Google\Chrome\User Data\Default\Extensions\flcpelgcagfhfoegekianiofphddckof\1.0.20_0\
CHR - Extension: LastPass = C:\Users\Sundars\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\1.80.0_0\
CHR - Extension: View Thru = C:\Users\Sundars\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkncfnbcgbclefkbknfdbngiegdppgdd\1.17_0\
CHR - Extension: Credit Card Nanny = C:\Users\Sundars\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmmjpapolbaaddobpnlcjkgchmhhoog\0.2.11_0\
CHR - Extension: HP Product Detection Plugin = C:\Users\Sundars\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnhbepgnjnaoahohppnffanmkjkjoglp\1.0.4.1_0\
CHR - Extension: Download = C:\Users\Sundars\AppData\Local\Google\Chrome\User Data\Default\Extensions\nccjoeeljedbmkidebclpoabijggpbdp\0.1.5_0\
CHR - Extension: PasswordFail Extension = C:\Users\Sundars\AppData\Local\Google\Chrome\User Data\Default\Extensions\ockgeenjbijlgilppfieaklfopnbdpge\0.4_0\
CHR - Extension: Secbrowsing - plugin version checker = C:\Users\Sundars\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgkcfihepeihdlfphbndagmompiakeci\1.7_0\
O1 HOSTS File: ([2011/10/13 13:37:30 | 000,612,606 | ---- | M]) - C:\Windows\SysNative\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost #[IPv6]
O1 - Hosts: 127.0.0.1 fr.a2dfp.net
O1 - Hosts: 127.0.0.1 m.fr.a2dfp.net
O1 - Hosts: 127.0.0.1 ad.a8.net
O1 - Hosts: 127.0.0.1 asy.a8ww.net
O1 - Hosts: 127.0.0.1 abcstats.com
O1 - Hosts: 127.0.0.1 a.abv.bg
O1 - Hosts: 127.0.0.1 adserver.abv.bg
O1 - Hosts: 127.0.0.1 adv.abv.bg
O1 - Hosts: 127.0.0.1 bimg.abv.bg
O1 - Hosts: 127.0.0.1 ca.abv.bg
O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua
O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com
O1 - Hosts: 127.0.0.1 accuserveadsystem.com
O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com
O1 - Hosts: 127.0.0.1 achmedia.com
O1 - Hosts: 127.0.0.1 aconti.net
O1 - Hosts: 127.0.0.1 secure.aconti.net
O1 - Hosts: 127.0.0.1 www.aconti.net #[Dialer.Aconti]
O1 - Hosts: 127.0.0.1 am1.activemeter.com
O1 - Hosts: 127.0.0.1 www.activemeter.com #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ads.activepower.net
O1 - Hosts: 127.0.0.1 stat.active24stats.nl #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ad2games.com
O1 - Hosts: 16290 more lines...
O2:64bit: - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files (x86)\KeyScrambler\x64\KeyScramblerIE.dll (QFX Software Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg64.dll (Google Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files (x86)\SpywareGuard\dlprotect.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKCU..\Run: [ccleaner] C:\Program Files (x86)\CCleaner\CCleaner64.exe (Piriform Ltd)
O4 - HKCU..\Run: [ConnectionCenter] C:\Users\Sundars\AppData\Local\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - Startup: C:\Users\Sundars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpywareGuard.lnk = C:\Program Files (x86)\SpywareGuard\sgmain.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMorePrograms = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCABattery = 1
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O9:64bit: - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files (x86)\KeyScrambler\x64\KeyScramblerIE.dll (QFX Software Corporation)
O9 - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: citibank.co.uk ([www] * in Trusted sites)
O15 - HKCU\..Trusted Domains: hsbc.co.uk ([www] * in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([*.update] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([*.update] https in Trusted sites)
O15 - HKCU\..Trusted Domains: secunia.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: theabbey.co.uk ([anywhere] https in Trusted sites)
O15 - HKCU\..Trusted Domains: tradingparameters.co.uk ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: windowsupdate.com ([download] http in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.1.0)
O16 - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6A49AD0A-816D-439D-9B47-238C7035947A}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{99363603-5181-4C8E-8AC9-B319396402E7}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{99363603-5181-4C8E-8AC9-B319396402E7}: NameServer = 8.8.8.8,8.8.4.4
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) -C:\Windows\SysWOW64\guard32.dll (COMODO)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files (x86)\SpywareGuard\spywareguard.dll ()
O29:64bit: - HKLM SecurityProviders - (credssp.dll) -credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) -credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/11/11 10:12:20 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IQFeed 4.7.2.0
[2011/11/10 19:50:11 | 000,111,408 | ---- | C] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\60288835.sys
[2011/11/10 13:52:28 | 000,460,888 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\28235625.sys
[2011/11/10 10:27:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011/11/10 10:19:18 | 000,000,000 | ---D | C] -- C:\Users\Sundars\Desktop\RegBackup
[2011/11/10 10:17:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011/11/10 10:17:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2011/11/10 07:21:10 | 000,000,000 | ---D | C] -- C:\Users\Sundars\AppData\Local\Akamai
[2011/11/10 06:31:15 | 000,000,000 | -H-D | C] -- C:\VritualRoot
[2011/11/10 00:09:01 | 000,379,984 | ---- | C] (LSI Corporation) -- C:\Windows\SysWow64\storelibir-2.dll
[2011/11/10 00:09:01 | 000,367,696 | ---- | C] (LSI Corporation) -- C:\Windows\SysWow64\storelibir.dll
[2011/11/09 23:03:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO
[2011/11/09 23:02:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo
[2011/11/09 23:02:08 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2011/11/09 23:01:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo Downloader
[2011/11/09 22:22:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/11/09 22:22:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2011/11/09 22:18:28 | 003,470,688 | ---- | C] (TrueCrypt Foundation) -- C:\Users\Sundars\Desktop\TrueCrypt Setup 7.1.exe
[2011/11/09 22:13:49 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/11/09 22:13:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2011/11/09 20:52:22 | 000,111,408 | ---- | C] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\31991611.sys
[2011/11/08 14:05:58 | 000,111,408 | ---- | C] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\06381156.sys
[2011/11/08 14:05:40 | 001,564,464 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Sundars\Desktop\TDSSKiller.exe
[2011/11/07 12:38:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011/11/01 23:42:56 | 000,000,000 | ---D | C] -- C:\Users\Sundars\Desktop\HOSTS
[2011/10/17 21:38:05 | 000,000,000 | ---D | C] -- C:\Users\Sundars\.maitreya-6.0
[2011/06/15 20:23:27 | 000,099,840 | ---- | C] ( ) -- C:\Windows\SysWow64\Zipdll.dll
[2011/06/15 20:23:27 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\Unzdll.dll
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/11/11 10:13:23 | 000,022,400 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/11 10:13:23 | 000,022,400 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/11 10:12:06 | 000,733,884 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/11/11 10:12:06 | 000,633,446 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/11/11 10:12:06 | 000,112,470 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/11/11 10:04:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/11 08:18:21 | 000,973,460 | ---- | M] () -- C:\Users\Sundars\Desktop\test.cfgx
[2011/11/10 21:34:17 | 000,108,640 | ---- | M] () -- C:\Users\Sundars\Desktop\PSC report - Comodo Internet Security 5.3.176757.1236.pdf
[2011/11/10 20:33:33 | 000,375,692 | ---- | M] () -- C:\Users\Sundars\Desktop\avc_retro_may2011.pdf
[2011/11/10 20:28:15 | 000,463,967 | ---- | M] () -- C:\Users\Sundars\Desktop\avc_od_aug2011.pdf
[2011/11/10 19:54:26 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2011/11/10 19:50:11 | 000,111,408 | ---- | M] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\60288835.sys
[2011/11/10 10:10:23 | 001,564,464 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Sundars\Desktop\TDSSKiller.exe
[2011/11/10 06:17:14 | 000,428,912 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/11/10 00:08:59 | 000,000,070 | ---- | M] () -- C:\Windows\LSI_StorSNMP.ini
[2011/11/09 23:53:10 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\28235625.sys
[2011/11/09 23:03:11 | 000,001,846 | ---- | M] () -- C:\Users\Public\Desktop\COMODO Firewall.lnk
[2011/11/09 22:52:49 | 000,002,152 | ---- | M] () -- C:\Users\Sundars\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2011/11/09 22:52:49 | 000,002,128 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2011/11/09 22:22:52 | 000,001,883 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/11/09 22:18:32 | 003,470,688 | ---- | M] (TrueCrypt Foundation) -- C:\Users\Sundars\Desktop\TrueCrypt Setup 7.1.exe
[2011/11/09 20:52:22 | 000,111,408 | ---- | M] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\31991611.sys
[2011/11/09 20:46:37 | 000,000,848 | ---- | M] () -- C:\Users\Sundars\Desktop\Puran Defrag.lnk
[2011/11/08 14:05:58 | 000,111,408 | ---- | M] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\06381156.sys
[2011/11/07 12:28:56 | 000,007,640 | ---- | M] () -- C:\Users\Sundars\AppData\Local\Resmon.ResmonCfg
[2011/11/04 23:07:08 | 000,586,540 | ---- | M] () -- C:\Users\Sundars\Desktop\ashtalakshmi.jpg
[2011/11/04 14:55:08 | 000,000,198 | ---- | M] () -- C:\Windows\tasks\{2538A1AB-0542-4D49-AE91-89EDD3CC862D}.job
[2011/11/03 17:29:19 | 000,638,795 | ---- | M] () -- C:\Users\Sundars\Desktop\NUS_discount.pdf
[2011/10/21 15:56:03 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cc9009ef759fbf.job
[2011/10/21 10:25:06 | 000,268,637 | ---- | M] () -- C:\Users\Sundars\Desktop\y__INR_D.csv
[2011/10/21 10:24:48 | 000,268,637 | ---- | M] () -- C:\Users\Sundars\Desktop\INR01011995.csv
[2011/10/13 13:37:30 | 000,612,606 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\HOSTS.MVP
[2011/10/13 13:37:30 | 000,612,606 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\HOSTS
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/11/11 08:06:56 | 000,973,460 | ---- | C] () -- C:\Users\Sundars\Desktop\test.cfgx
[2011/11/10 21:34:15 | 000,108,640 | ---- | C] () -- C:\Users\Sundars\Desktop\PSC report - Comodo Internet Security 5.3.176757.1236.pdf
[2011/11/10 20:33:27 | 000,375,692 | ---- | C] () -- C:\Users\Sundars\Desktop\avc_retro_may2011.pdf
[2011/11/10 20:28:10 | 000,463,967 | ---- | C] () -- C:\Users\Sundars\Desktop\avc_od_aug2011.pdf
[2011/11/10 19:54:26 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2011/11/09 23:03:11 | 000,001,846 | ---- | C] () -- C:\Users\Public\Desktop\COMODO Firewall.lnk
[2011/11/09 22:22:52 | 000,001,883 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/11/09 20:46:37 | 000,000,848 | ---- | C] () -- C:\Users\Sundars\Desktop\Puran Defrag.lnk
[2011/11/04 23:04:35 | 000,586,540 | ---- | C] () -- C:\Users\Sundars\Desktop\ashtalakshmi.jpg
[2011/11/04 14:55:08 | 000,000,198 | ---- | C] () -- C:\Windows\tasks\{2538A1AB-0542-4D49-AE91-89EDD3CC862D}.job
[2011/11/03 17:29:23 | 000,638,795 | ---- | C] () -- C:\Users\Sundars\Desktop\NUS_discount.pdf
[2011/10/21 15:56:03 | 000,000,894 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cc9009ef759fbf.job
[2011/10/21 10:17:36 | 000,268,637 | ---- | C] () -- C:\Users\Sundars\Desktop\INR01011995.csv
[2011/10/20 09:23:20 | 000,007,640 | ---- | C] () -- C:\Users\Sundars\AppData\Local\Resmon.ResmonCfg
[2011/09/01 12:51:19 | 000,000,211 | ---- | C] () -- C:\Windows\SJDemo.INI
[2011/08/17 11:47:46 | 000,003,284 | ---- | C] () -- C:\Users\Sundars\AppData\Roaming\ANIWZCS{17C84199-DAD8-44D4-B805-728345B870E2}
[2011/08/01 21:44:11 | 000,000,064 | ---- | C] () -- C:\ProgramData\sandra.ldb
[2011/07/01 13:04:42 | 000,000,084 | ---- | C] () -- C:\Windows\csact.ini
[2011/06/15 20:23:27 | 000,314,880 | ---- | C] () -- C:\Windows\SysWow64\Tx32.dll
[2011/06/15 20:23:27 | 000,230,912 | ---- | C] () -- C:\Windows\SysWow64\Zipit.dll
[2011/06/13 17:03:17 | 000,000,028 | ---- | C] () -- C:\Windows\pdf995.ini
[2011/06/13 16:59:14 | 000,000,059 | ---- | C] () -- C:\Windows\wpd99.drv
[2011/06/13 16:59:13 | 000,047,616 | ---- | C] () -- C:\Windows\SysWow64\pdf995mon64.dll
[2011/03/18 21:22:51 | 000,000,036 | ---- | C] () -- C:\Windows\RET.INI
[2011/01/04 11:59:48 | 000,000,052 | ---- | C] () -- C:\Windows\wininit.ini
[2010/12/06 17:47:36 | 000,071,096 | ---- | C] () -- C:\Windows\SysWow64\NMSAccessU.exe
[2010/12/06 17:47:36 | 000,017,408 | ---- | C] () -- C:\Windows\SysWow64\SyncBackPro.dll
[2010/09/07 12:40:23 | 000,000,256 | ---- | C] () -- C:\Windows\SysWow64\pool.bin
[2010/08/19 06:13:28 | 000,000,036 | ---- | C] () -- C:\Users\Sundars\AppData\Local\housecall.guid.cache
[2010/08/17 20:35:24 | 000,010,240 | ---- | C] () -- C:\Users\Sundars\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/01 19:44:00 | 000,197,416 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2010/06/28 14:32:09 | 000,739,106 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/06/28 12:44:54 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/06/23 06:41:12 | 000,441,705 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll
[2010/06/23 06:41:12 | 000,055,808 | ---- | C] () -- C:\Windows\SysWow64\zlib1.dll
[2010/06/22 23:51:44 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/06/22 22:57:12 | 000,000,144 | ---- | C] () -- C:\Windows\SysWow64\lkfl.dat
[2009/07/14 05:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 02:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 02:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 00:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 23:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 23:16:42 | 000,056,880 | ---- | C] () -- C:\Windows\SysWow64\scvideo.dll
[2009/07/13 21:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 21:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/04/07 21:08:06 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\AlertStrings.dll
[2009/01/14 18:00:48 | 000,035,767 | ---- | C] () -- C:\Windows\sas_mib.dat
[2008/12/03 08:34:46 | 000,034,944 | ---- | C] () -- C:\Windows\sas_ir_mib.dat
[2008/11/26 09:06:36 | 000,000,070 | ---- | C] () -- C:\Windows\LSI_StorSNMP.ini
[2006/08/25 04:31:57 | 000,000,040 | ---- | C] () -- C:\Users\Sundars\AppData\Local\703911de9d20150.dat
[2000/07/01 08:14:06 | 000,000,040 | ---- | C] () -- C:\Windows\806e6f6e6963122.ini
========== LOP Check ==========
[2011/11/11 10:05:08 | 000,032,644 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/10/31 10:06:25 | 000,000,250 | ---- | M] () -- C:\Windows\Tasks\Scheduled Update for Ask Toolbar.job
[2011/09/06 15:44:24 | 000,000,438 | ---- | M] () -- C:\Windows\Tasks\{01CC981E-42D9-4EE3-98AF-C9378453EDAE}.job
[2011/09/06 15:47:52 | 000,000,652 | ---- | M] () -- C:\Windows\Tasks\{0F9CE014-3DFC-4B0C-B774-596796D69321}.job
[2011/11/04 14:55:08 | 000,000,198 | ---- | M] () -- C:\Windows\Tasks\{2538A1AB-0542-4D49-AE91-89EDD3CC862D}.job
[2011/07/28 23:44:02 | 000,000,198 | ---- | M] () -- C:\Windows\Tasks\{29979165-3696-4D08-B373-2EB45A0151D1}.job
[2010/10/25 15:24:06 | 000,000,198 | ---- | M] () -- C:\Windows\Tasks\{2CE2402B-76A0-471D-A141-9DD53CE32324}.job
[2011/05/30 09:06:54 | 000,000,198 | ---- | M] () -- C:\Windows\Tasks\{2DBF0E5B-2844-4D45-9D59-4D42E809ABDB}.job
[2011/03/03 21:08:58 | 000,000,198 | ---- | M] () -- C:\Windows\Tasks\{3D24B11E-77BB-49B2-9DD0-46302BD6F2F8}.job
[2011/07/28 07:00:10 | 000,000,198 | ---- | M] () -- C:\Windows\Tasks\{42B37E56-B803-4374-9A82-45976BEE70ED}.job
[2011/09/06 15:46:52 | 000,000,686 | ---- | M] () -- C:\Windows\Tasks\{4FAD4BB6-E13C-436C-AD36-D21E5CC46F5B}.job
[2011/09/06 15:44:50 | 000,000,686 | ---- | M] () -- C:\Windows\Tasks\{583EC85D-9F3A-49EB-8E5C-C6949E6F71DF}.job
[2011/09/06 15:45:39 | 000,000,438 | ---- | M] () -- C:\Windows\Tasks\{6C4CF8AF-2CB1-4418-85D1-D42C5216CA2B}.job
[2011/09/06 15:51:45 | 000,000,198 | ---- | M] () -- C:\Windows\Tasks\{6E5D841A-FCBD-4628-BD7B-0A0B8EE03379}.job
[2011/01/07 08:58:34 | 000,000,198 | ---- | M] () -- C:\Windows\Tasks\{AA3F33A8-4B52-490B-A23B-D132AC1C2233}.job
[2011/09/06 15:47:32 | 000,000,438 | ---- | M] () -- C:\Windows\Tasks\{ACFA7A6C-ADBC-4819-807D-23AF552B7444}.job
[2011/05/30 09:22:41 | 000,000,198 | ---- | M] () -- C:\Windows\Tasks\{AD3B449D-3631-43D5-B472-A52AF949E207}.job
[2011/05/30 09:20:42 | 000,000,438 | ---- | M] () -- C:\Windows\Tasks\{ADA3D3A0-69B9-415F-B33B-8EE4AB4CBE52}.job
[2011/05/26 15:14:11 | 000,000,198 | ---- | M] () -- C:\Windows\Tasks\{AE72C6EB-13C2-4A8F-AF94-C5C30574A1AA}.job
[2010/10/25 15:21:49 | 000,000,410 | ---- | M] () -- C:\Windows\Tasks\{BD7E252E-00BA-493E-B174-DF8272D2E7B3}.job
[2011/09/06 15:48:04 | 000,000,646 | ---- | M] () -- C:\Windows\Tasks\{C0E43413-090A-4088-A001-314B1DC92CF0}.job
[2011/07/28 23:43:10 | 000,000,438 | ---- | M] () -- C:\Windows\Tasks\{C2F00A96-EE3E-4577-B997-AE77EB7D0F08}.job
[2011/09/06 15:48:13 | 000,000,438 | ---- | M] () -- C:\Windows\Tasks\{D0D8BAF1-E5AF-4F65-99CD-2835FB2076EC}.job
[2011/05/26 15:03:35 | 000,000,438 | ---- | M] () -- C:\Windows\Tasks\{DD9CEE28-9D73-4A8C-A768-8272D9F82AA2}.job
[2010/10/25 15:22:23 | 000,000,410 | ---- | M] () -- C:\Windows\Tasks\{ECF87D63-7CE9-47BB-BB1D-BBF5735370C7}.job
[2011/09/06 15:46:13 | 000,000,438 | ---- | M] () -- C:\Windows\Tasks\{F08A7E55-B22E-4C92-9EC6-4B50523F20FC}.job
[2011/09/06 15:54:11 | 000,000,198 | ---- | M] () -- C:\Windows\Tasks\{F3BE8694-724B-4593-A597-979B6E6040E9}.job
[2011/09/06 15:40:01 | 000,000,438 | ---- | M] () -- C:\Windows\Tasks\{FA6BBA3D-C02F-4602-A171-D5E51C380D84}.job
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:5C321E34
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:B4AF47A7
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:84098FD3
< End of report >