Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirect causing by search.gugle.com


  • This topic is locked This topic is locked
9 replies to this topic

#1 rahularora

rahularora

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:22 PM

Posted 04 May 2010 - 12:42 PM

Hello,

My Laptop is running on Windows 7 64bit. I am facing a browser redirect malware issue from a long time. I formatted my laptop but i m still facing it. I have temporarily fixed the issue by changing the HOST file. But i am not able to resolve the issue permanently.

My system is running with NIS 2010 and MBAM.

I ran OTL but i was unable to use GMER (because of x64 OS)

OTL logfile created on: 5/4/2010 10:37:06 PM - Run 2
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\Rahul\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 68.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 159.69 Gb Total Space | 99.62 Gb Free Space | 62.38% Space Free | Partition Type: NTFS
Drive D: | 117.80 Gb Total Space | 9.00 Gb Free Space | 7.64% Space Free | Partition Type: NTFS
Drive E: | 20.51 Gb Total Space | 4.74 Gb Free Space | 23.11% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RAHUL-PC
Current User Name: Rahul
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/05/04 22:34:17 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\Rahul\Desktop\OTL.exe
PRC - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2010/04/13 14:30:33 | 000,057,752 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWOW64\rpcnet.exe
PRC - [2010/04/01 23:28:04 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/02/26 04:51:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\ccsvchst.exe
PRC - [2010/01/12 20:27:44 | 000,185,640 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
PRC - [2009/09/25 09:24:36 | 000,174,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
PRC - [2009/06/19 10:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
PRC - [2008/12/22 17:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
PRC - [2008/08/13 21:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
PRC - [2007/08/08 00:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe


========== Modules (SafeList) ==========

MOD - [2010/05/04 22:34:17 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\Rahul\Desktop\OTL.exe
MOD - [2009/07/14 06:45:07 | 000,486,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll
MOD - [2009/07/14 06:44:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009/07/14 06:33:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/04/14 13:37:19 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2009/07/14 07:11:59 | 000,229,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wwansvc.dll -- (WwanSvc)
SRV:64bit: - [2009/07/14 07:11:56 | 000,202,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbiosrvc.dll -- (WbioSrvc)
SRV:64bit: - [2009/07/14 07:11:56 | 000,195,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService)
SRV:64bit: - [2009/07/14 07:11:56 | 000,163,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpo.dll -- (Power)
SRV:64bit: - [2009/07/14 07:11:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2009/07/14 07:11:54 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sppuinotify.dll -- (sppuinotify)
SRV:64bit: - [2009/07/14 07:11:54 | 000,029,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sensrsvc.dll -- (SensrSvc)
SRV:64bit: - [2009/07/14 07:11:53 | 001,361,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\PeerDistSvc.dll -- (PeerDistSvc)
SRV:64bit: - [2009/07/14 07:11:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\pnrpsvc.dll -- (PNRPsvc)
SRV:64bit: - [2009/07/14 07:11:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\pnrpsvc.dll -- (p2pimsvc)
SRV:64bit: - [2009/07/14 07:11:53 | 000,187,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\provsvc.dll -- (HomeGroupProvider)
SRV:64bit: - [2009/07/14 07:11:53 | 000,067,072 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\SysNative\RpcEpMap.dll -- (RpcEptMapper)
SRV:64bit: - [2009/07/14 07:11:53 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\pnrpauto.dll -- (PNRPAutoReg)
SRV:64bit: - [2009/07/14 07:11:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 07:11:18 | 000,231,936 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ListSvc.dll -- (HomeGroupListener)
SRV:64bit: - [2009/07/14 07:10:54 | 001,127,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FntCache.dll -- (FontCache)
SRV:64bit: - [2009/07/14 07:10:28 | 000,314,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2009/07/14 07:10:28 | 000,291,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\defragsvc.dll -- (defragsvc)
SRV:64bit: - [2009/07/14 07:10:24 | 000,689,152 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cscsvc.dll -- (CscService)
SRV:64bit: - [2009/07/14 07:10:13 | 000,083,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\bthserv.dll -- (bthserv)
SRV:64bit: - [2009/07/14 07:10:10 | 000,100,864 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\SysNative\bdesvc.dll -- (BDESVC)
SRV:64bit: - [2009/07/14 07:10:05 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AxInstSv.dll -- (AxInstSV)
SRV:64bit: - [2009/07/14 07:10:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/07/14 07:10:01 | 000,032,256 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appidsvc.dll -- (AppIDSvc)
SRV:64bit: - [2009/07/14 07:09:51 | 001,503,744 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbengine.exe -- (wbengine)
SRV:64bit: - [2009/07/14 07:09:28 | 003,524,608 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\sppsvc.exe -- (sppsvc)
SRV:64bit: - [2009/07/14 07:09:11 | 000,689,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FXSSVC.exe -- (Fax)
SRV:64bit: - [2007/08/08 00:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/04/14 13:37:15 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/04/13 14:30:33 | 000,057,752 | ---- | M] (Absolute Software Corp.) [Auto | Running] -- C:\Windows\SysWOW64\rpcnet.exe -- (rpcnet) Remote Procedure Call (RPC)
SRV - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/02/26 04:51:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\ccSvcHst.exe -- (NIS)
SRV - [2010/01/12 20:27:44 | 000,185,640 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2009/07/14 08:50:14 | 000,000,000 | ---D | M] [On_Demand | Stopped] -- C:\Windows\Vss -- (VSS)
SRV - [2009/07/14 08:50:14 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2009/07/14 06:46:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/14 06:45:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/14 02:00:11 | 000,061,056 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2009/06/17 11:18:42 | 006,582,912 | ---- | M] () [On_Demand | Stopped] -- c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe -- (wampmysqld)
SRV - [2009/06/15 17:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Stopped] -- C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2009/06/11 02:09:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2008/12/10 01:10:14 | 000,024,636 | ---- | M] (Apache Software Foundation) [On_Demand | Stopped] -- c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe -- (wampapache)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/04/29 15:39:28 | 000,024,664 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2010/04/28 00:31:10 | 000,173,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2010/02/27 07:53:54 | 000,149,552 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1106000.020\ironx64.sys -- (SymIRON)
DRV:64bit: - [2010/02/27 07:53:21 | 000,505,392 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1106000.020\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2010/02/27 07:53:21 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1106000.020\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2010/02/26 04:52:52 | 000,615,040 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1106000.020\cchpx64.sys -- (ccHP)
DRV:64bit: - [2010/02/04 07:10:52 | 000,451,120 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1106000.020\symtdiv.sys -- (SYMTDIv)
DRV:64bit: - [2010/02/04 07:10:50 | 000,221,232 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1106000.020\symefa64.sys -- (SymEFA)
DRV:64bit: - [2009/10/16 02:33:06 | 000,050,176 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/10/15 09:20:05 | 000,433,200 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1106000.020\symds64.sys -- (SymDS)
DRV:64bit: - [2009/08/18 11:44:20 | 000,236,544 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/08/17 12:15:44 | 000,286,768 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/08/07 05:24:14 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/07/20 17:29:40 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009/07/14 07:22:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/14 07:22:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/14 07:22:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 07:18:04 | 000,153,152 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ksecpkg.sys -- (KSecPkg)
DRV:64bit: - [2009/07/14 07:18:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 07:18:04 | 000,014,416 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hwpolicy.sys -- (hwpolicy)
DRV:64bit: - [2009/07/14 07:17:49 | 000,055,376 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fsdepends.sys -- (FsDepends)
DRV:64bit: - [2009/07/14 07:17:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 07:15:56 | 000,022,096 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wimmount.sys -- (WIMMount)
DRV:64bit: - [2009/07/14 07:15:55 | 000,217,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vhdmp.sys -- (vhdmp)
DRV:64bit: - [2009/07/14 07:15:55 | 000,200,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmbus.sys -- (vmbus)
DRV:64bit: - [2009/07/14 07:15:55 | 000,046,672 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmstorfl.sys -- (storflt)
DRV:64bit: - [2009/07/14 07:15:55 | 000,036,432 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vdrvroot.sys -- (vdrvroot)
DRV:64bit: - [2009/07/14 07:15:55 | 000,034,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\storvsc.sys -- (storvsc)
DRV:64bit: - [2009/07/14 07:15:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 07:15:46 | 000,214,096 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\rdyboost.sys -- (rdyboost)
DRV:64bit: - [2009/07/14 07:15:45 | 000,050,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pcw.sys -- (pcw)
DRV:64bit: - [2009/07/14 07:13:14 | 000,460,504 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\cng.sys -- (CNG)
DRV:64bit: - [2009/07/14 07:13:13 | 000,223,448 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fvevol.sys -- (fvevol)
DRV:64bit: - [2009/07/14 05:47:46 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rdpbus.sys -- (rdpbus)
DRV:64bit: - [2009/07/14 05:46:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV:64bit: - [2009/07/14 05:40:24 | 000,060,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV:64bit: - [2009/07/14 05:39:26 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\wfplwf.sys -- (WfpLwf)
DRV:64bit: - [2009/07/14 05:38:13 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ndiscap.sys -- (NdisCap)
DRV:64bit: - [2009/07/14 05:37:21 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vwifibus.sys -- (vwifibus)
DRV:64bit: - [2009/07/14 05:37:13 | 000,227,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\1394ohci.sys -- (1394ohci)
DRV:64bit: - [2009/07/14 05:37:00 | 000,350,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HdAudio.sys -- (HdAudAddService)
DRV:64bit: - [2009/07/14 05:37:00 | 000,184,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbvideo.sys -- (usbvideo) USB Video Device (WDM)
DRV:64bit: - [2009/07/14 05:36:52 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\umpass.sys -- (UmPass)
DRV:64bit: - [2009/07/14 05:36:28 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\winusb.sys -- (WinUsb)
DRV:64bit: - [2009/07/14 05:36:24 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV:64bit: - [2009/07/14 05:35:37 | 000,112,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WUDFPf.sys -- (WudfPf)
DRV:64bit: - [2009/07/14 05:32:08 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MTConfig.sys -- (MTConfig)
DRV:64bit: - [2009/07/14 05:30:34 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CompositeBus.sys -- (CompositeBus)
DRV:64bit: - [2009/07/14 05:30:13 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\beep.sys -- (Beep)
DRV:64bit: - [2009/07/14 05:22:39 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\appid.sys -- (AppID)
DRV:64bit: - [2009/07/14 05:20:17 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\SysNative\drivers\scfilter.sys -- (scfilter)
DRV:64bit: - [2009/07/14 05:12:58 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vms3cap.sys -- (s3cap)
DRV:64bit: - [2009/07/14 05:12:44 | 000,021,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMBusHID.sys -- (VMBusHID)
DRV:64bit: - [2009/07/14 05:07:18 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\discache.sys -- (discache)
DRV:64bit: - [2009/07/14 05:01:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/07/14 05:01:06 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidbatt.sys -- (HidBatt)
DRV:64bit: - [2009/07/14 05:01:03 | 000,017,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CmBatt.sys -- (CmBatt)
DRV:64bit: - [2009/07/14 04:57:17 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipmi.sys -- (AcpiPmi)
DRV:64bit: - [2009/07/14 04:54:27 | 000,514,048 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\csc.sys -- (CSC)
DRV:64bit: - [2009/07/14 04:49:25 | 000,060,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdppm.sys -- (AmdPPM)
DRV:64bit: - [2009/06/18 12:18:10 | 000,015,928 | ---- | M] (Windows ® Win 7 DDK provider) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\lullaby.sys -- (lullaby)
DRV:64bit: - [2009/06/11 02:05:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel®
DRV:64bit: - [2009/06/11 02:04:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 02:04:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 02:04:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 02:01:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/05 18:15:56 | 001,806,400 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/13 09:07:20 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor)
DRV:64bit: - [2009/05/01 10:13:34 | 000,081,440 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2009/03/09 16:58:00 | 000,060,416 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\itecir.sys -- (itecir)
DRV:64bit: - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
DRV:64bit: - [2008/06/27 07:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV:64bit: - [2007/07/24 11:11:32 | 000,014,904 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
DRV - [2010/04/28 01:06:31 | 001,742,896 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs\20100504.004\EX64.SYS -- (NAVEX15)
DRV - [2010/04/28 01:06:31 | 000,475,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2010/04/28 01:06:31 | 000,132,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/04/28 01:06:31 | 000,116,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs\20100504.004\ENG64.SYS -- (NAVENG)
DRV - [2010/04/13 11:54:15 | 000,000,000 | ---D | M] [Kernel | System | Running] -- C:\Windows\CSC -- (CSC)
DRV - [2010/03/25 02:08:07 | 000,678,960 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\BASHDefs\20100324.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2009/11/17 06:21:14 | 000,466,992 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\IPSDefs\20100429.001\IDSviA64.sys -- (IDSVia64)
DRV - [2009/07/14 06:49:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/14 06:46:19 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\winusb.dll -- (WinUsb)
DRV - [2009/07/14 06:46:02 | 000,014,336 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysWOW64\netbios.dll -- (NetBIOS)
DRV - [2009/06/11 02:58:14 | 000,001,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv)
DRV - [2009/06/11 02:45:18 | 000,003,066 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip)
DRV - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/08/14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\adfs.sys -- (adfs)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-580894621-3652817089-1282140699-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-580894621-3652817089-1282140699-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://in.msn.com/iat/us_in.aspx
IE - HKU\S-1-5-21-580894621-3652817089-1282140699-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-580894621-3652817089-1282140699-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6D DF 96 AA 8D E5 CA 01 [binary data]
IE - HKU\S-1-5-21-580894621-3652817089-1282140699-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-580894621-3652817089-1282140699-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.co.in"
FF - prefs.js..extensions.enabledItems: anttoolbar@ant.com:2.0.1
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.5.3
FF - prefs.js..extensions.enabledItems: firecookie@janodvarko.cz:1.0.2
FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.6.14
FF - prefs.js..extensions.enabledItems: izer@camelcamelcamel.com:1.2
FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.11.6
FF - prefs.js..extensions.enabledItems: ShortenURL@loucypher:0.3.6
FF - prefs.js..extensions.enabledItems: yslow@yahoo-inc.com:2.0.7
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3
FF - prefs.js..extensions.enabledItems: {6AC85730-7D0F-4de0-B3FA-21142DD85326}:2.0.2
FF - prefs.js..extensions.enabledItems: {8B72860F-C5F8-4286-865E-D2C2DB98A9E6}:0.9.3
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.47.4
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.2
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.9
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.3
FF - prefs.js..extensions.enabledItems: {F807FACD-E46A-4793-B345-D58CB177673C}:3.5.2
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6
FF - prefs.js..extensions.enabledItems: hootsuite@hootsuite.com:0.6.1

FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\IPSFFPlgn\ [2010/04/29 04:30:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\coFFPlgn\ [2010/04/28 00:31:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/04/13 17:15:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/04/20 01:17:29 | 000,000,000 | ---D | M]

[2010/04/13 00:36:28 | 000,000,000 | ---D | M] -- C:\Users\Rahul\AppData\Roaming\Mozilla\Extensions
[2010/05/04 06:57:46 | 000,000,000 | ---D | M] -- C:\Users\Rahul\AppData\Roaming\Mozilla\Firefox\Profiles\eb9gss0n.default\extensions
[2010/04/13 01:59:57 | 000,000,000 | ---D | M] (Screengrab) -- C:\Users\Rahul\AppData\Roaming\Mozilla\Firefox\Profiles\eb9gss0n.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2010/04/26 11:33:49 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\Rahul\AppData\Roaming\Mozilla\Firefox\Profiles\eb9gss0n.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2010/04/13 01:59:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rahul\AppData\Roaming\Mozilla\Firefox\Profiles\eb9gss0n.default\extensions\{8B72860F-C5F8-4286-865E-D2C2DB98A9E6}
[2010/05/01 00:47:29 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Rahul\AppData\Roaming\Mozilla\Firefox\Profiles\eb9gss0n.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/04/13 01:59:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rahul\AppData\Roaming\Mozilla\Firefox\Profiles\eb9gss0n.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2010/04/13 00:40:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rahul\AppData\Roaming\Mozilla\Firefox\Profiles\eb9gss0n.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010/04/26 14:06:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rahul\AppData\Roaming\Mozilla\Firefox\Profiles\eb9gss0n.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2010/04/22 16:02:16 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Rahul\AppData\Roaming\Mozilla\Firefox\Profiles\eb9gss0n.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010/04/13 01:21:33 | 000,000,000 | ---D | M] (FoxTab) -- C:\Users\Rahul\AppData\Roaming\Mozilla\Firefox\Profiles\eb9gss0n.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
[2010/04/21 00:34:42 | 000,000,000 | ---D | M] (ScribeFire) -- C:\Users\Rahul\AppData\Roaming\Mozilla\Firefox\Profiles\eb9gss0n.default\extensions\{F807FACD-E46A-4793-B345-D58CB177673C}
[2010/04/13 01:59:57 | 000,000,000 | ---D | M] -- C:\Users\Rahul\AppData\Roaming\Mozilla\Firefox\Profiles\eb9gss0n.default\extensions\anttoolbar@ant.com
[2010/04/26 11:33:49 | 000,000,000 | ---D | M] -- C:\Users\Rahul\AppData\Roaming\Mozilla\Firefox\Profiles\eb9gss0n.default\extensions\firebug@software.joehewitt.com
[2010/04/26 14:06:51 | 000,000,000 | ---D | M] -- C:\Users\Rahul\AppData\Roaming\Mozilla\Firefox\Profiles\eb9gss0n.default\extensions\firecookie@janodvarko.cz
[2010/04/28 23:22:45 | 000,000,000 | ---D | M] -- C:\Users\Rahul\AppData\Roaming\Mozilla\Firefox\Profiles\eb9gss0n.default\extensions\foxmarks@kei.com
[2010/04/29 08:36:35 | 000,000,000 | ---D | M] -- C:\Users\Rahul\AppData\Roaming\Mozilla\Firefox\Profiles\eb9gss0n.default\extensions\hootsuite@hootsuite.com
[2010/04/22 16:02:16 | 000,000,000 | ---D | M] -- C:\Users\Rahul\AppData\Roaming\Mozilla\Firefox\Profiles\eb9gss0n.default\extensions\izer@camelcamelcamel.com
[2010/04/13 01:21:31 | 000,000,000 | ---D | M] -- C:\Users\Rahul\AppData\Roaming\Mozilla\Firefox\Profiles\eb9gss0n.default\extensions\piclens@cooliris.com
[2010/04/23 11:14:50 | 000,000,000 | ---D | M] -- C:\Users\Rahul\AppData\Roaming\Mozilla\Firefox\Profiles\eb9gss0n.default\extensions\ShortenURL@loucypher
[2010/05/01 00:47:29 | 000,000,000 | ---D | M] -- C:\Users\Rahul\AppData\Roaming\Mozilla\Firefox\Profiles\eb9gss0n.default\extensions\staged-xpis
[2010/04/26 14:06:51 | 000,000,000 | ---D | M] -- C:\Users\Rahul\AppData\Roaming\Mozilla\Firefox\Profiles\eb9gss0n.default\extensions\yslow@yahoo-inc.com
[2010/04/24 00:37:10 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/04/19 00:17:25 | 000,001,570 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 domains.googlesyndication.com #[Parking Service]
O1 - Hosts: 127.0.0.1 pagead2.googlesyndication.com #[Google AdWords]
O1 - Hosts: 127.0.0.1 adservices.google.com
O1 - Hosts: 127.0.0.1 video-stats.video.google.com
O1 - Hosts: 127.0.0.1 www.google-analytics.com #[Google Analytics]
O1 - Hosts: 127.0.0.1 4.afs.googleadservices.com
O1 - Hosts: 127.0.0.1 feedads.googleadservices.com
O1 - Hosts: 127.0.0.1 imageads.googleadservices.com #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 pagead2.googleadservices.com
O1 - Hosts: 127.0.0.1 partner.googleadservices.com
O1 - Hosts: 127.0.0.1 www.googleadservices.com
O1 - Hosts: 127.0.0.1 apps5.oingo.com #[Microsoft.Typo-Patrol]
O1 - Hosts: 127.0.0.1 www.appliedsemantics.com
O1 - Hosts: 127.0.0.1 service.urchin.com #[Urchin Tracking Module]
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\ipsbho.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [DirectConsole2] C:\Program Files (x86)\ASUS\Direct Console\Direct Console.exe (ASUSTek.)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-580894621-3652817089-1282140699-1001..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - HKLM..\RunOnceEx: [Flags] Reg Error: Invalid data type. File not found
O4 - HKLM..\RunOnceEx: [Title] File not found
O4 - Startup: C:\Users\Rahul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Digsby.lnk = C:\Program Files (x86)\Digsby\digsby.exe ()
O4 - Startup: C:\Users\Rahul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to &Evernote - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O8 - Extra context menu item: Add to &Evernote - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_19)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (sasnative64) - File not found
O34 - HKLM BootExecute: (Execute settings...) - File not found
O34 - HKLM BootExecute: (ountPoints) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/05/04 22:34:06 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Users\Rahul\Desktop\OTL.exe
[2010/05/04 22:09:09 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Users\Rahul\Desktop\TFC.exe
[2010/05/03 23:20:37 | 031,647,016 | ---- | C] (Apple Inc.) -- C:\Users\Rahul\Desktop\SafariSetup.exe
[2010/05/03 20:39:56 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/05/03 06:53:25 | 000,000,000 | ---D | C] -- C:\Users\Rahul\Documents\RegRun2
[2010/05/03 06:53:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\UnHackMe
[2010/05/03 06:52:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos
[2010/05/03 06:39:28 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Rahul\Desktop\HiJackThis.exe
[2010/04/30 05:59:26 | 000,000,000 | ---D | C] -- C:\Users\Rahul\Desktop\gre
[2010/04/30 05:34:55 | 000,000,000 | ---D | C] -- C:\Users\Rahul\Documents\ASUS
[2010/04/30 05:34:45 | 000,000,000 | ---D | C] -- C:\ProgramData\ASUS
[2010/04/30 05:34:39 | 000,000,000 | ---D | C] -- C:\Users\Rahul\AppData\Local\ASUS
[2010/04/30 03:28:18 | 000,000,000 | ---D | C] -- C:\Users\Rahul\Sun
[2010/04/30 03:22:53 | 000,000,000 | ---D | C] -- C:\Users\Rahul\.javafx
[2010/04/28 11:49:46 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\http%3a%2f%2fcygwin.lilengine.com%2f
[2010/04/28 11:07:50 | 000,000,000 | ---D | C] -- C:\Users\Rahul\Desktop\CappuccinoStarter-0.8.1
[2010/04/28 02:22:03 | 000,451,120 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1106000.020\symtdiv.sys
[2010/04/28 02:22:02 | 000,615,040 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1106000.020\cchpx64.sys
[2010/04/28 02:22:02 | 000,505,392 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1106000.020\srtsp64.sys
[2010/04/28 02:22:02 | 000,433,200 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1106000.020\symds64.sys
[2010/04/28 02:22:02 | 000,221,232 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1106000.020\symefa64.sys
[2010/04/28 02:22:02 | 000,149,552 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1106000.020\ironx64.sys
[2010/04/28 02:22:02 | 000,032,304 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1106000.020\srtspx64.sys
[2010/04/28 02:21:49 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64\1106000.020
[2010/04/28 00:31:12 | 000,173,104 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2010/04/28 00:31:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2010/04/28 00:31:10 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2010/04/28 00:30:51 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64
[2010/04/28 00:30:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Internet Security
[2010/04/28 00:30:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2010/04/28 00:30:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2010/04/28 00:27:50 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2010/04/26 17:57:08 | 000,000,000 | ---D | C] -- C:\Users\Rahul\AppData\Local\Diagnostics
[2010/04/25 05:01:59 | 000,000,000 | ---D | C] -- C:\Users\Rahul\AppData\Roaming\Titanium
[2010/04/25 04:44:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Titanium
[2010/04/25 04:44:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Titanium Developer
[2010/04/23 11:28:33 | 000,000,000 | ---D | C] -- C:\Users\Rahul\AppData\Roaming\Media Player Classic
[2010/04/22 23:09:34 | 000,000,000 | ---D | C] -- C:\Users\Rahul\Desktop\design
[2010/04/22 14:30:33 | 000,000,000 | ---D | C] -- C:\Users\Rahul\AppData\Roaming\Fallon.957283BD7AE99C519B762F3E2F85073ED97331F2.1
[2010/04/22 14:30:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2010/04/19 19:24:20 | 000,000,000 | ---D | C] -- C:\Users\Rahul\AppData\Local\CrashDumps
[2010/04/19 02:00:47 | 000,000,000 | ---D | C] -- C:\Users\Rahul\AppData\Local\Mendeley Ltd
[2010/04/19 02:00:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mendeley Desktop
[2010/04/16 16:00:38 | 000,000,000 | ---D | C] -- C:\Users\Rahul\AppData\Local\CutePDF Writer
[2010/04/15 15:33:15 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2010/04/15 02:45:20 | 000,000,000 | ---D | C] -- C:\ProgramData\TrackMania
[2010/04/15 02:41:19 | 000,000,000 | ---D | C] -- C:\Users\Rahul\Documents\TrackMania
[2010/04/15 02:41:18 | 000,354,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_2.dll
[2010/04/15 02:41:18 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_2.dll
[2010/04/15 02:41:17 | 000,352,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_1.dll
[2010/04/15 02:41:17 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_1.dll
[2010/04/15 02:41:17 | 000,083,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_1.dll
[2010/04/15 02:41:17 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_1.dll
[2010/04/15 02:41:13 | 003,927,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_30.dll
[2010/04/15 02:41:12 | 000,355,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_0.dll
[2010/04/15 02:41:12 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_0.dll
[2010/04/15 02:41:12 | 000,016,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_0.dll
[2010/04/15 02:41:12 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_0.dll
[2010/04/15 02:41:11 | 003,830,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_29.dll
[2010/04/15 02:41:10 | 003,815,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_28.dll
[2010/04/15 02:41:10 | 003,807,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_27.dll
[2010/04/15 02:41:09 | 003,767,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_26.dll
[2010/04/15 02:41:08 | 003,823,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_25.dll
[2010/04/15 02:41:08 | 003,544,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_24.dll
[2010/04/15 02:37:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TmUnitedForever
[2010/04/14 20:52:09 | 000,000,000 | ---D | C] -- C:\Users\Rahul\AppData\Roaming\Download Manager
[2010/04/14 13:41:55 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010/04/14 13:39:20 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\spool
[2010/04/14 13:39:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Media Player
[2010/04/14 13:37:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2010/04/14 13:37:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/04/14 13:37:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Macrovision Shared
[2010/04/14 13:31:18 | 000,000,000 | ---D | C] -- C:\Users\Rahul\Desktop\photoshop
[2010/04/13 23:55:06 | 000,000,000 | ---D | C] -- C:\Databases
[2010/04/13 23:54:55 | 000,000,000 | ---D | C] -- C:\Logs
[2010/04/13 23:48:41 | 000,000,000 | ---D | C] -- C:\Users\Rahul\AppData\Roaming\vlc
[2010/04/13 20:42:01 | 000,000,000 | ---D | C] -- C:\Users\Rahul\Documents\Downloads
[2010/04/13 20:40:24 | 000,000,000 | ---D | C] -- C:\Users\Rahul\AppData\Roaming\Skype
[2010/04/13 19:55:24 | 000,000,000 | ---D | C] -- C:\Users\Rahul\AppData\Roaming\Malwarebytes
[2010/04/13 19:55:16 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/04/13 19:55:14 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/04/13 19:55:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/04/13 19:55:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/04/13 18:59:32 | 000,000,000 | ---D | C] -- C:\ProgramData\eMule
[2010/04/13 17:27:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Evernote
[2010/04/13 17:16:01 | 000,000,000 | ---D | C] -- C:\Users\Rahul\AppData\Roaming\Apple Computer
[2010/04/13 17:16:01 | 000,000,000 | ---D | C] -- C:\Users\Rahul\AppData\Local\Apple Computer
[2010/04/13 17:15:53 | 000,126,312 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\GEARAspi64.dll
[2010/04/13 17:15:53 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysWow64\GEARAspi.dll
[2010/04/13 17:15:52 | 000,034,152 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2010/04/13 17:15:52 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2010/04/13 17:15:42 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/04/13 17:15:41 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/04/13 17:15:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2010/04/13 17:15:41 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2010/04/13 17:15:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2010/04/13 17:15:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2010/04/13 17:15:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010/04/13 17:15:08 | 000,000,000 | ---D | C] -- C:\Users\Rahul\AppData\Local\Apple
[2010/04/13 17:15:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2010/04/13 17:15:03 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/04/13 17:15:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2010/04/13 17:15:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2010/04/13 17:15:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2010/04/13 16:46:19 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2010/04/13 16:46:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2010/04/13 16:40:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2010/04/13 16:34:47 | 000,839,680 | ---- | C] (http://www.mp3dev.org/) -- C:\Windows\SysWow64\lameACM.acm
[2010/04/13 16:34:47 | 000,217,088 | ---- | C] (www.helixcommunity.org) -- C:\Windows\SysWow64\yv12vfw.dll
[2010/04/13 16:34:47 | 000,151,552 | ---- | C] (fccHandler) -- C:\Windows\SysWow64\ac3acm.acm
[2010/04/13 16:34:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\K-Lite Codec Pack
[2010/04/13 16:30:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2010/04/13 16:27:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Acro Software
[2010/04/13 16:26:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GPLGS
[2010/04/13 16:15:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\eMule
[2010/04/13 16:14:31 | 000,000,000 | ---D | C] -- C:\Users\Rahul\AppData\Roaming\Notepad++
[2010/04/13 16:14:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Notepad++
[2010/04/13 16:13:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner
[2010/04/13 16:13:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010/04/13 16:13:32 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/04/13 16:13:32 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/04/13 16:13:32 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010/04/13 16:13:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2010/04/13 16:07:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2010/04/13 16:05:05 | 000,000,000 | ---D | C] -- C:\Users\Rahul\AppData\Local\Google
[2010/04/13 14:31:07 | 000,057,752 | ---- | C] (Absolute Software Corp.) -- C:\Windows\SysWow64\rpcnet.exe
[2010/04/13 12:52:58 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2010/04/13 11:56:37 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2010/04/13 11:54:21 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2010/04/13 11:53:41 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2010/04/13 05:41:18 | 000,000,000 | ---D | C] -- C:\Users\Rahul\AppData\Local\Ironclad Games
[2010/04/13 05:41:02 | 000,000,000 | ---D | C] -- C:\Users\Rahul\AppData\Local\Stardock
[2010/04/13 05:28:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Stardock
[2010/04/13 05:16:21 | 000,304,128 | ---- | C] (InstallShield Software Corporation) -- C:\Windows\IsUninst.exe
[2010/04/13 05:11:55 | 000,000,000 | ---D | C] -- C:\cygwin
[2010/04/13 05:09:09 | 000,000,000 | ---D | C] -- C:\Users\Rahul\AppData\Roaming\e
[2010/04/13 05:08:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\e
[2010/04/13 02:59:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Merriam-Webster
[2010/04/13 02:39:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Sunbelt
[2010/04/13 02:37:42 | 000,000,000 | ---D | C] -- C:\Users\Rahul\Documents\FIFA 10
[2010/04/13 02:35:53 | 000,000,000 | ---D | C] -- C:\Users\Rahul\AppData\Roaming\Leadertech
[2010/04/13 02:27:23 | 000,000,000 | ---D | C] -- C:\Users\Rahul\AppData\Roaming\WinRAR
[2010/04/13 02:22:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EA Sports
[2010/04/13 02:22:47 | 004,910,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_37.dll
[2010/04/13 02:22:47 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_37.dll
[2010/04/13 02:22:47 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_35.dll
[2010/04/13 02:22:47 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_34.dll
[2010/04/13 02:22:46 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_33.dll
[2010/04/13 02:22:46 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_32.dll
[2010/04/13 02:22:46 | 000,107,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_3.dll
[2010/04/13 02:22:46 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_3.dll
[2010/04/13 02:22:45 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_31.dll
[2010/04/13 02:22:42 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_30.dll
[2010/04/13 02:22:41 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_25.dll
[2010/04/13 02:22:41 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_29.dll
[2010/04/13 02:22:41 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_28.dll
[2010/04/13 02:22:41 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_27.dll
[2010/04/13 02:22:41 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_26.dll
[2010/04/13 02:22:40 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_24.dll
[2010/04/13 02:06:33 | 000,000,000 | ---D | C] -- C:\Users\Rahul\Documents\Digsby Logs
[2010/04/13 02:05:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/04/13 02:05:31 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deploytk.dll
[2010/04/13 02:02:44 | 000,255,552 | ---- | C] (MagicISO, Inc.) -- C:\Windows\SysWow64\drivers\mcdbus.sys
[2010/04/13 02:02:44 | 000,255,552 | ---- | C] (MagicISO, Inc.) -- C:\Windows\SysNative\drivers\mcdbus.sys
[2010/04/13 02:02:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MagicDisc
[2010/04/13 01:59:29 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe
[2010/04/13 01:41:56 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2010/04/13 01:26:08 | 000,000,000 | ---D | C] -- C:\Users\Rahul\AppData\Roaming\Digsby
[2010/04/13 01:26:08 | 000,000,000 | ---D | C] -- C:\Users\Rahul\AppData\Local\Digsby
[2010/04/13 01:26:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Digsby
[2010/04/13 01:23:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Digsby
[2010/04/13 01:21:53 | 000,000,000 | ---D | C] -- C:\Users\Rahul\AppData\Local\Cooliris
[2010/04/13 01:21:44 | 000,000,000 | ---D | C] -- C:\Users\Rahul\AppData\Roaming\Macromedia
[2010/04/13 01:10:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Systweak
[2010/04/13 01:05:22 | 000,000,000 | ---D | C] -- C:\Windows\Repair
[2010/04/13 01:05:21 | 000,000,000 | ---D | C] -- C:\Users\Rahul\AppData\Roaming\Systweak
[2010/04/13 01:05:09 | 000,000,000 | ---D | C] -- C:\ProgramData\MyDefrag
[2010/04/13 01:05:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Advanced System Optimizer 3
[2010/04/13 00:58:28 | 000,000,000 | ---D | C] -- C:\Users\Rahul\AppData\Roaming\Trillian
[2010/04/13 00:58:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trillian
[2010/04/13 00:57:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2010/04/13 00:55:10 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2010/04/13 00:34:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileZilla FTP Client
[2010/04/13 00:34:21 | 000,000,000 | ---D | C] -- C:\Users\Rahul\AppData\Roaming\TeamViewer
[2010/04/13 00:34:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer
[2010/04/13 00:31:15 | 000,000,000 | ---D | C] -- C:\wamp
[2010/04/13 00:28:18 | 000,000,000 | ---D | C] -- C:\Users\Rahul\AppData\Roaming\Mozilla
[2010/04/13 00:28:18 | 000,000,000 | ---D | C] -- C:\Users\Rahul\AppData\Local\Mozilla
[2010/04/13 00:28:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2010/04/13 00:27:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Works
[2010/04/13 00:26:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio
[2010/04/13 00:26:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2010/04/13 00:26:45 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010/04/13 00:26:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2010/04/13 00:26:43 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2010/04/13 00:25:40 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2010/04/13 00:25:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinRAR
[2010/04/13 00:25:01 | 000,000,000 | ---D | C] -- C:\Users\Rahul\AppData\Local\Microsoft Help
[2010/04/13 00:25:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2010/04/13 00:24:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2010/04/13 00:24:48 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2010/04/13 00:22:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrent
[2010/04/13 00:21:57 | 000,000,000 | ---D | C] -- C:\Users\Rahul\AppData\Roaming\uTorrent
[2010/04/13 00:19:41 | 000,000,000 | ---D | C] -- C:\Users\Rahul\AppData\Roaming\Adobe
[2010/04/13 00:18:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2010/04/13 00:18:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2010/04/13 00:18:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2010/04/13 00:17:53 | 000,000,000 | ---D | C] -- C:\Users\Rahul\AppData\Local\Adobe
[2010/04/13 00:16:03 | 000,183,296 | ---- | C] (ASUSTeK) -- C:\Windows\SysWow64\ACEngSvr.exe
[2010/04/13 00:15:25 | 000,060,416 | ---- | C] (ITE Tech. Inc. ) -- C:\Windows\SysNative\drivers\itecir.sys
[2010/04/13 00:15:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ITE
[2010/04/13 00:15:09 | 000,000,000 | ---D | C] -- C:\ProgramData\P4G
[2010/04/13 00:15:09 | 000,000,000 | ---D | C] -- C:\Program Files\P4G
[2010/04/13 00:14:05 | 000,236,544 | ---- | C] (Realtek ) -- C:\Windows\SysNative\drivers\Rt64win7.sys
[2010/04/13 00:14:05 | 000,097,792 | ---- | C] (Realtek Semiconductor Corporation) -- C:\Windows\SysNative\RTNUninst64.dll
[2010/04/13 00:13:01 | 000,015,928 | ---- | C] (Windows ® Win 7 DDK provider) -- C:\Windows\SysNative\drivers\lullaby.sys
[2010/04/13 00:12:40 | 000,000,000 | ---D | C] -- C:\ProgramData\AmUStor
[2010/04/13 00:12:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AmIcoSingLun
[2010/04/13 00:11:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASUS
[2010/04/13 00:10:48 | 000,000,000 | ---D | C] -- C:\Program Files\ATKGFNEX
[2010/04/13 00:10:44 | 000,000,000 | ---D | C] -- C:\Users\Rahul\AppData\Roaming\InstallShield
[2010/04/13 00:09:36 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\AGEIA
[2010/04/13 00:09:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2010/04/13 00:09:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2010/04/13 00:09:07 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2010/04/13 00:09:07 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2010/04/13 00:08:54 | 001,445,920 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtPgEx64.dll
[2010/04/13 00:08:54 | 000,611,872 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTSnMg64.cpl
[2010/04/13 00:08:54 | 000,513,536 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2010/04/13 00:08:54 | 000,332,320 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtlCPAPI64.dll
[2010/04/13 00:08:54 | 000,211,376 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2010/04/13 00:08:54 | 000,193,536 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2010/04/13 00:08:54 | 000,150,528 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2010/04/13 00:08:53 | 001,670,176 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkAPO64.dll
[2010/04/13 00:08:53 | 001,178,656 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTCOM64.dll
[2010/04/13 00:08:53 | 000,601,088 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\MBAPO64.dll
[2010/04/13 00:08:53 | 000,524,288 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysWow64\MBAPO32.dll
[2010/04/13 00:08:53 | 000,436,768 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkApi64.dll
[2010/04/13 00:08:53 | 000,363,008 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2010/04/13 00:08:53 | 000,320,512 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2010/04/13 00:08:53 | 000,307,200 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2010/04/13 00:08:53 | 000,304,640 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2010/04/13 00:08:53 | 000,304,640 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2010/04/13 00:08:53 | 000,198,656 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2010/04/13 00:08:53 | 000,166,400 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAC64.dll
[2010/04/13 00:08:53 | 000,149,536 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCfg64.dll
[2010/04/13 00:08:53 | 000,108,032 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAR64.dll
[2010/04/13 00:08:53 | 000,095,744 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2010/04/13 00:08:53 | 000,073,216 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2010/04/13 00:08:53 | 000,072,192 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\MBWrp64.dll
[2010/04/13 00:08:53 | 000,064,032 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoInst64.dll
[2010/04/13 00:08:53 | 000,057,856 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\MBppld64.dll
[2010/04/13 00:08:53 | 000,053,760 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\MBPPCn64.dll
[2010/04/13 00:08:53 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2010/04/13 00:08:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2010/04/13 00:08:47 | 000,831,488 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll
[2010/04/13 00:08:47 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp
[2010/04/13 00:08:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2010/04/13 00:05:13 | 000,542,312 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvuninst.exe
[2010/04/12 23:57:19 | 000,057,752 | ---- | C] (Absolute Software Corp.) -- C:\Windows\SysWow64\rpcnet.dll
[2010/04/12 23:56:47 | 000,013,160 | ---- | C] (Absolute Software Corp.) -- C:\Windows\SysWow64\Upgrd.exe
[2010/04/12 23:48:06 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2010/04/12 23:44:21 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2010/04/12 23:42:16 | 000,000,000 | R--D | C] -- C:\Users\Rahul\Searches
[2010/04/12 23:42:07 | 000,000,000 | ---D | C] -- C:\Users\Rahul\AppData\Roaming\Identities
[2010/04/12 23:42:05 | 000,000,000 | R--D | C] -- C:\Users\Rahul\Contacts
[2010/04/12 23:42:02 | 000,000,000 | ---D | C] -- C:\Users\Rahul\AppData\Local\VirtualStore
[2010/04/12 23:41:51 | 000,000,000 | --SD | C] -- C:\Users\Rahul\AppData\Roaming\Microsoft
[2010/04/12 23:41:51 | 000,000,000 | R--D | C] -- C:\Users\Rahul\Videos
[2010/04/12 23:41:51 | 000,000,000 | R--D | C] -- C:\Users\Rahul\Saved Games
[2010/04/12 23:41:51 | 000,000,000 | R--D | C] -- C:\Users\Rahul\Pictures
[2010/04/12 23:41:51 | 000,000,000 | R--D | C] -- C:\Users\Rahul\Music
[2010/04/12 23:41:51 | 000,000,000 | R--D | C] -- C:\Users\Rahul\Links
[2010/04/12 23:41:51 | 000,000,000 | R--D | C] -- C:\Users\Rahul\Favorites
[2010/04/12 23:41:51 | 000,000,000 | R--D | C] -- C:\Users\Rahul\Downloads
[2010/04/12 23:41:51 | 000,000,000 | R--D | C] -- C:\Users\Rahul\My Documents
[2010/04/12 23:41:51 | 000,000,000 | R--D | C] -- C:\Users\Rahul\Desktop
[2010/04/12 23:41:51 | 000,000,000 | -HSD | C] -- C:\Users\Rahul\AppData\Local\Temporary Internet Files
[2010/04/12 23:41:51 | 000,000,000 | -HSD | C] -- C:\Users\Rahul\Templates
[2010/04/12 23:41:51 | 000,000,000 | -HSD | C] -- C:\Users\Rahul\Start Menu
[2010/04/12 23:41:51 | 000,000,000 | -HSD | C] -- C:\Users\Rahul\SendTo
[2010/04/12 23:41:51 | 000,000,000 | -HSD | C] -- C:\Users\Rahul\Recent
[2010/04/12 23:41:51 | 000,000,000 | -HSD | C] -- C:\Users\Rahul\PrintHood
[2010/04/12 23:41:51 | 000,000,000 | -HSD | C] -- C:\Users\Rahul\NetHood
[2010/04/12 23:41:51 | 000,000,000 | -HSD | C] -- C:\Users\Rahul\Documents\My Videos
[2010/04/12 23:41:51 | 000,000,000 | -HSD | C] -- C:\Users\Rahul\Documents\My Pictures
[2010/04/12 23:41:51 | 000,000,000 | -HSD | C] -- C:\Users\Rahul\Documents\My Music
[2010/04/12 23:41:51 | 000,000,000 | -HSD | C] -- C:\Users\Rahul\My Documents
[2010/04/12 23:41:51 | 000,000,000 | -HSD | C] -- C:\Users\Rahul\Local Settings
[2010/04/12 23:41:51 | 000,000,000 | -HSD | C] -- C:\Users\Rahul\AppData\Local\History
[2010/04/12 23:41:51 | 000,000,000 | -HSD | C] -- C:\Users\Rahul\Cookies
[2010/04/12 23:41:51 | 000,000,000 | -HSD | C] -- C:\Users\Rahul\Application Data
[2010/04/12 23:41:51 | 000,000,000 | -HSD | C] -- C:\Users\Rahul\AppData\Local\Application Data
[2010/04/12 23:41:51 | 000,000,000 | -H-D | C] -- C:\Users\Rahul\AppData
[2010/04/12 23:41:51 | 000,000,000 | ---D | C] -- C:\Users\Rahul\AppData\Local\Temp
[2010/04/12 23:41:51 | 000,000,000 | ---D | C] -- C:\Users\Rahul\AppData\Local\Microsoft
[2010/04/12 23:41:51 | 000,000,000 | ---D | C] -- C:\Users\Rahul\AppData\Roaming\Media Center Programs
[2010/04/12 23:39:33 | 000,000,000 | -HSD | C] -- C:\Recovery

========== Files - Modified Within 30 Days ==========

[2010/05/04 22:39:20 | 001,572,864 | ---- | M] () -- C:\Users\Rahul\NTUSER.DAT
[2010/05/04 22:34:17 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\Rahul\Desktop\OTL.exe
[2010/05/04 22:21:30 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/05/04 22:21:30 | 000,615,360 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/05/04 22:21:30 | 000,103,702 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/05/04 22:17:27 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/05/04 22:17:27 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/05/04 22:12:28 | 000,017,408 | ---- | M] () -- C:\Windows\SysNative\rpcnetp.exe
[2010/05/04 22:12:26 | 000,057,752 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWow64\rpcnet.dll
[2010/05/04 22:12:25 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/05/04 22:12:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/05/04 22:12:13 | 3220,623,360 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/04 22:11:27 | 002,515,855 | -H-- | M] () -- C:\Users\Rahul\AppData\Local\IconCache.db
[2010/05/04 22:10:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-580894621-3652817089-1282140699-1001UA.job
[2010/05/04 21:23:50 | 001,033,776 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1106000.020\Cat.DB
[2010/05/04 16:10:01 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-580894621-3652817089-1282140699-1001Core.job
[2010/05/03 19:55:58 | 000,003,193 | ---- | M] () -- C:\Users\Rahul\AppData\Local\Temp6.html
[2010/05/03 19:55:58 | 000,001,293 | ---- | M] () -- C:\Users\Rahul\AppData\Local\Temp1.html
[2010/05/03 06:53:48 | 000,000,002 | RHS- | M] () -- C:\Windows\winstart.bat
[2010/05/03 06:53:48 | 000,000,002 | RHS- | M] () -- C:\Windows\SysWow64\CONFIG.NT
[2010/05/03 06:53:48 | 000,000,002 | RHS- | M] () -- C:\Windows\SysWow64\AUTOEXEC.NT
[2010/05/03 06:47:35 | 000,003,367 | ---- | M] () -- C:\Users\Rahul\AppData\Local\Temp12.html
[2010/05/03 06:47:35 | 000,003,193 | ---- | M] () -- C:\Users\Rahul\AppData\Local\Temp11.html
[2010/05/02 22:26:35 | 003,926,150 | ---- | M] () -- C:\Users\Rahul\Desktop\ComboFix.exe
[2010/04/30 05:34:21 | 000,001,092 | ---- | M] () -- C:\Users\Public\Desktop\LifeFrame.lnk
[2010/04/30 05:32:52 | 000,001,760 | ---- | M] () -- C:\Users\Public\Desktop\ASUS MultiFrame.lnk
[2010/04/30 03:22:57 | 000,000,017 | ---- | M] () -- C:\Users\Rahul\.javafx_ping_sent
[2010/04/30 03:22:53 | 000,000,000 | ---- | M] () -- C:\Users\Rahul\.javafx_eula_accepted
[2010/04/30 02:33:47 | 000,002,251 | ---- | M] () -- C:\Users\Rahul\Desktop\Google Chrome.lnk
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/04/29 15:39:28 | 000,024,664 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/04/29 07:22:53 | 000,164,234 | ---- | M] () -- C:\Users\Rahul\Desktop\smallcar_comparision.pdf
[2010/04/29 02:04:20 | 000,086,472 | ---- | M] () -- C:\Users\Rahul\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/04/29 02:03:16 | 000,002,489 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2010/04/29 02:03:01 | 002,952,056 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/04/28 22:44:24 | 000,086,550 | ---- | M] () -- C:\Users\Rahul\Desktop\pubwich-1.3.tar.gz
[2010/04/28 00:31:10 | 000,173,104 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2010/04/28 00:31:10 | 000,007,440 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2010/04/28 00:31:10 | 000,000,854 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2010/04/28 00:29:47 | 000,017,408 | ---- | M] () -- C:\Windows\SysWow64\rpcnetp.dll
[2010/04/28 00:29:34 | 000,017,408 | ---- | M] () -- C:\Windows\SysWow64\rpcnetp.exe
[2010/04/25 05:01:37 | 000,002,551 | ---- | M] () -- C:\Users\Public\Desktop\Titanium Developer.lnk
[2010/04/23 22:25:28 | 000,151,328 | -H-- | M] () -- C:\Windows\SysWow64\mlfcache.dat
[2010/04/20 04:44:47 | 000,008,468 | ---- | M] () -- C:\Users\Rahul\Documents\Kartik_EADS_SOP.pdf
[2010/04/20 01:29:08 | 000,036,679 | ---- | M] () -- C:\Users\Rahul\Documents\SOP_HARIT.pdf
[2010/04/20 01:17:30 | 000,002,014 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/04/19 02:00:44 | 000,001,098 | ---- | M] () -- C:\Users\Public\Desktop\Mendeley Desktop.lnk
[2010/04/15 16:51:49 | 000,136,067 | ---- | M] () -- C:\Users\Rahul\Documents\First.png
[2010/04/15 02:40:58 | 000,001,101 | ---- | M] () -- C:\Users\Public\Desktop\TmUnitedForever.lnk
[2010/04/14 19:41:17 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010/04/13 19:55:18 | 000,001,009 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/13 19:52:03 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010/04/13 17:27:14 | 000,001,109 | ---- | M] () -- C:\Users\Rahul\Desktop\Evernote3.5.lnk
[2010/04/13 17:15:55 | 000,002,429 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/04/13 16:46:20 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2010/04/13 16:30:33 | 000,001,124 | ---- | M] () -- C:\Users\Public\Desktop\Picasa 3.lnk
[2010/04/13 16:14:33 | 000,001,045 | ---- | M] () -- C:\Users\Public\Desktop\Notepad++.lnk
[2010/04/13 16:13:47 | 000,001,885 | ---- | M] () -- C:\Users\Rahul\Desktop\CCleaner.lnk
[2010/04/13 16:13:27 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/04/13 16:13:27 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/04/13 16:13:27 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010/04/13 16:13:26 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deploytk.dll
[2010/04/13 14:30:46 | 000,013,160 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWow64\Upgrd.exe
[2010/04/13 14:30:33 | 000,057,752 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWow64\rpcnet.exe
[2010/04/13 11:56:43 | 000,042,045 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2010/04/13 11:56:43 | 000,042,045 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2010/04/13 02:48:18 | 000,524,288 | -HS- | M] () -- C:\Users\Rahul\NTUSER.DAT{e6300d96-4668-11df-92c6-00248c11cb7a}.TMContainer00000000000000000002.regtrans-ms
[2010/04/13 02:48:18 | 000,524,288 | -HS- | M] () -- C:\Users\Rahul\NTUSER.DAT{e6300d96-4668-11df-92c6-00248c11cb7a}.TMContainer00000000000000000001.regtrans-ms
[2010/04/13 02:48:18 | 000,065,536 | -HS- | M] () -- C:\Users\Rahul\NTUSER.DAT{e6300d96-4668-11df-92c6-00248c11cb7a}.TM.blf
[2010/04/13 02:02:52 | 000,000,989 | ---- | M] () -- C:\Users\Rahul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
[2010/04/13 01:26:05 | 000,001,015 | ---- | M] () -- C:\Users\Rahul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Digsby.lnk
[2010/04/13 01:05:43 | 000,000,218 | ---- | M] () -- C:\Windows\tasks\Advanced System Optimizer Scheduler.job
[2010/04/13 00:34:41 | 000,002,000 | ---- | M] () -- C:\Users\Public\Desktop\FileZilla Client.lnk
[2010/04/13 00:34:14 | 000,001,162 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 5.lnk
[2010/04/13 00:28:20 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2010/04/13 00:24:24 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\1043_ASUSTeK_G50VT.alu
[2010/04/13 00:09:24 | 000,000,159 | RH-- | M] () -- C:\Windows\ctfile.rfc
[2010/04/12 23:44:32 | 000,524,288 | -HS- | M] () -- C:\Users\Rahul\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2010/04/12 23:44:32 | 000,524,288 | -HS- | M] () -- C:\Users\Rahul\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2010/04/12 23:44:32 | 000,065,536 | -HS- | M] () -- C:\Users\Rahul\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2010/04/12 23:44:24 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2010/04/12 23:41:51 | 000,000,020 | -HS- | M] () -- C:\Users\Rahul\ntuser.ini
[2010/04/12 22:21:28 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Rahul\Desktop\HiJackThis.exe
[2010/04/07 00:04:41 | 006,096,384 | ---- | M] () -- C:\Users\Rahul\Desktop\Titanium Developer.msi

========== Files Created - No Company Name ==========

[2010/05/03 06:57:06 | 003,926,150 | ---- | C] () -- C:\Users\Rahul\Desktop\ComboFix.exe
[2010/05/03 06:56:56 | 000,003,193 | ---- | C] () -- C:\Users\Rahul\AppData\Local\Temp6.html
[2010/05/03 06:53:48 | 000,000,002 | RHS- | C] () -- C:\Windows\winstart.bat
[2010/05/03 06:53:48 | 000,000,002 | RHS- | C] () -- C:\Windows\SysWow64\CONFIG.NT
[2010/05/03 06:53:48 | 000,000,002 | RHS- | C] () -- C:\Windows\SysWow64\AUTOEXEC.NT
[2010/05/03 06:47:35 | 000,003,367 | ---- | C] () -- C:\Users\Rahul\AppData\Local\Temp12.html
[2010/05/03 06:47:35 | 000,003,193 | ---- | C] () -- C:\Users\Rahul\AppData\Local\Temp11.html
[2010/05/03 06:47:33 | 000,001,293 | ---- | C] () -- C:\Users\Rahul\AppData\Local\Temp1.html
[2010/04/30 05:34:21 | 000,001,092 | ---- | C] () -- C:\Users\Public\Desktop\LifeFrame.lnk
[2010/04/30 05:32:52 | 000,001,760 | ---- | C] () -- C:\Users\Public\Desktop\ASUS MultiFrame.lnk
[2010/04/30 03:22:57 | 000,000,017 | ---- | C] () -- C:\Users\Rahul\.javafx_ping_sent
[2010/04/30 03:22:53 | 000,000,000 | ---- | C] () -- C:\Users\Rahul\.javafx_eula_accepted
[2010/04/29 02:02:33 | 001,033,776 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1106000.020\Cat.DB
[2010/04/28 22:44:25 | 000,086,550 | ---- | C] () -- C:\Users\Rahul\Desktop\pubwich-1.3.tar.gz
[2010/04/28 02:22:03 | 000,007,787 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1106000.020\symnetv64.cat
[2010/04/28 02:22:03 | 000,007,368 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1106000.020\symnet64.cat
[2010/04/28 02:22:03 | 000,001,473 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1106000.020\symnetv.inf
[2010/04/28 02:22:03 | 000,001,445 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1106000.020\symnet.inf
[2010/04/28 02:22:02 | 000,007,414 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1106000.020\srtspx64.cat
[2010/04/28 02:22:02 | 000,007,412 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1106000.020\symefa64.cat
[2010/04/28 02:22:02 | 000,007,410 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1106000.020\srtsp64.cat
[2010/04/28 02:22:02 | 000,007,406 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1106000.020\symds64.cat
[2010/04/28 02:22:02 | 000,007,402 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1106000.020\iron.cat
[2010/04/28 02:22:02 | 000,007,358 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1106000.020\cchpx64.cat
[2010/04/28 02:22:02 | 000,003,374 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1106000.020\symefa.inf
[2010/04/28 02:22:02 | 000,002,793 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1106000.020\symds.inf
[2010/04/28 02:22:02 | 000,001,838 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1106000.020\cchpx64.inf
[2010/04/28 02:22:02 | 000,001,437 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1106000.020\srtsp64.inf
[2010/04/28 02:22:02 | 000,001,421 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1106000.020\srtspx64.inf
[2010/04/28 02:22:02 | 000,000,771 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1106000.020\iron.inf
[2010/04/28 02:21:49 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1106000.020\isolate.ini
[2010/04/28 00:31:13 | 000,007,440 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2010/04/28 00:31:12 | 000,000,854 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2010/04/28 00:31:06 | 000,002,489 | ---- | C] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2010/04/25 05:01:37 | 000,002,551 | ---- | C] () -- C:\Users\Public\Desktop\Titanium Developer.lnk
[2010/04/25 04:40:52 | 006,096,384 | ---- | C] () -- C:\Users\Rahul\Desktop\Titanium Developer.msi
[2010/04/23 22:25:28 | 000,151,328 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2010/04/22 22:07:05 | 000,164,234 | ---- | C] () -- C:\Users\Rahul\Desktop\smallcar_comparision.pdf
[2010/04/20 04:44:47 | 000,008,468 | ---- | C] () -- C:\Users\Rahul\Documents\Kartik_EADS_SOP.pdf
[2010/04/20 01:29:08 | 000,036,679 | ---- | C] () -- C:\Users\Rahul\Documents\SOP_HARIT.pdf
[2010/04/20 01:17:30 | 000,002,014 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/04/19 02:00:44 | 000,001,098 | ---- | C] () -- C:\Users\Public\Desktop\Mendeley Desktop.lnk
[2010/04/15 16:51:48 | 000,136,067 | ---- | C] () -- C:\Users\Rahul\Documents\First.png
[2010/04/15 02:40:58 | 000,001,101 | ---- | C] () -- C:\Users\Public\Desktop\TmUnitedForever.lnk
[2010/04/14 20:54:12 | 000,002,266 | ---- | C] () -- C:\Windows\Uninstvga.bat
[2010/04/14 20:54:12 | 000,002,008 | ---- | C] () -- C:\Windows\Uninstsxga.bat
[2010/04/14 20:54:12 | 000,001,682 | ---- | C] () -- C:\Windows\Uninstuxga.bat
[2010/04/14 20:54:12 | 000,000,386 | ---- | C] () -- C:\Windows\Uninstuxga.reg
[2010/04/14 20:54:12 | 000,000,386 | ---- | C] () -- C:\Windows\Uninstsxga.reg
[2010/04/14 20:54:12 | 000,000,384 | ---- | C] () -- C:\Windows\Uninstvga.reg
[2010/04/14 19:41:17 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010/04/13 19:55:18 | 000,001,009 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/13 19:52:03 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010/04/13 17:27:14 | 000,001,109 | ---- | C] () -- C:\Users\Rahul\Desktop\Evernote3.5.lnk
[2010/04/13 17:15:55 | 000,002,429 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/04/13 16:46:20 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2010/04/13 16:34:48 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2010/04/13 16:34:48 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010/04/13 16:34:47 | 000,000,414 | ---- | C] () -- C:\Windows\SysWow64\lame_acm.xml
[2010/04/13 16:34:46 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010/04/13 16:34:46 | 000,205,824 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010/04/13 16:34:45 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010/04/13 16:34:45 | 000,000,547 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll.manifest
[2010/04/13 16:30:39 | 000,001,124 | ---- | C] () -- C:\Users\Public\Desktop\Picasa 3.lnk
[2010/04/13 16:27:06 | 000,085,504 | ---- | C] () -- C:\Windows\SysNative\cpwmon64.dll
[2010/04/13 16:14:33 | 000,001,045 | ---- | C] () -- C:\Users\Public\Desktop\Notepad++.lnk
[2010/04/13 16:13:47 | 000,001,885 | ---- | C] () -- C:\Users\Rahul\Desktop\CCleaner.lnk
[2010/04/13 16:05:13 | 000,002,251 | ---- | C] () -- C:\Users\Rahul\Desktop\Google Chrome.lnk
[2010/04/13 16:05:13 | 000,000,908 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-580894621-3652817089-1282140699-1001UA.job
[2010/04/13 16:05:13 | 000,000,856 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-580894621-3652817089-1282140699-1001Core.job
[2010/04/13 11:54:21 | 000,017,408 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.dll
[2010/04/13 11:53:39 | 3220,623,360 | -HS- | C] () -- C:\hiberfil.sys
[2010/04/13 11:53:38 | 000,017,408 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.exe
[2010/04/13 11:53:38 | 000,017,408 | ---- | C] () -- C:\Windows\SysNative\rpcnetp.exe
[2010/04/13 02:02:52 | 000,000,989 | ---- | C] () -- C:\Users\Rahul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
[2010/04/13 01:26:05 | 000,001,015 | ---- | C] () -- C:\Users\Rahul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Digsby.lnk
[2010/04/13 01:20:41 | 000,524,288 | -HS- | C] () -- C:\Users\Rahul\NTUSER.DAT{e6300d96-4668-11df-92c6-00248c11cb7a}.TMContainer00000000000000000002.regtrans-ms
[2010/04/13 01:20:41 | 000,524,288 | -HS- | C] () -- C:\Users\Rahul\NTUSER.DAT{e6300d96-4668-11df-92c6-00248c11cb7a}.TMContainer00000000000000000001.regtrans-ms
[2010/04/13 01:20:41 | 000,065,536 | -HS- | C] () -- C:\Users\Rahul\NTUSER.DAT{e6300d96-4668-11df-92c6-00248c11cb7a}.TM.blf
[2010/04/13 01:05:43 | 000,000,218 | ---- | C] () -- C:\Windows\tasks\Advanced System Optimizer Scheduler.job
[2010/04/13 00:34:41 | 000,002,000 | ---- | C] () -- C:\Users\Public\Desktop\FileZilla Client.lnk
[2010/04/13 00:34:14 | 000,001,162 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 5.lnk
[2010/04/13 00:28:20 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/04/13 00:24:24 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\1043_ASUSTeK_G50VT.alu
[2010/04/13 00:14:05 | 000,067,584 | ---- | C] () -- C:\Windows\SysNative\RtNicProp64.dll
[2010/04/13 00:09:24 | 000,188,416 | ---- | C] () -- C:\Windows\SysNative\APOMgr64.DLL
[2010/04/13 00:09:24 | 000,146,432 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2010/04/13 00:09:24 | 000,088,064 | ---- | C] () -- C:\Windows\SysNative\CmdRtr64.DLL
[2010/04/13 00:09:24 | 000,072,704 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2010/04/13 00:09:24 | 000,000,159 | RH-- | C] () -- C:\Windows\ctfile.rfc
[2010/04/12 23:44:24 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2010/04/12 23:41:51 | 001,572,864 | ---- | C] () -- C:\Users\Rahul\NTUSER.DAT
[2010/04/12 23:41:51 | 000,524,288 | -HS- | C] () -- C:\Users\Rahul\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2010/04/12 23:41:51 | 000,524,288 | -HS- | C] () -- C:\Users\Rahul\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2010/04/12 23:41:51 | 000,262,144 | -HS- | C] () -- C:\Users\Rahul\ntuser.dat.LOG1
[2010/04/12 23:41:51 | 000,065,536 | -HS- | C] () -- C:\Users\Rahul\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2010/04/12 23:41:51 | 000,000,020 | -HS- | C] () -- C:\Users\Rahul\ntuser.ini
[2010/04/12 23:41:51 | 000,000,000 | -HS- | C] () -- C:\Users\Rahul\ntuser.dat.LOG2
[2009/07/14 05:12:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/14 02:33:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
< End of report >


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:52 AM

Posted 06 May 2010 - 08:37 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks thumbup2.gif
Posted Image
m0le is a proud member of UNITE

#3 rahularora

rahularora
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:22 PM

Posted 07 May 2010 - 09:12 AM

Hello m0le,

I am tracking the topic smile.gif

Thanks
Rahul

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:52 AM

Posted 07 May 2010 - 05:29 PM

Please run Sophos. We need to find out if something is resetting the Hosts file that you are editing.

Please download Sophos Anti-rootkit & save it to your desktop.
alternate download link
Note: If using the vendor's download site you will be asked to register with MySophos so an email containing an activation link can be sent to your email address.

Be sure to print out and read the Sophos Anti-Rookit User Manual and Release Notes.
  • Double-click sar_15_sfx.exe to begin the installation, read the license agreement and click Accept.
  • Allow the default location of C:\Program Files\Sophos\Sophos Anti-Rootkit and click Install.
  • A message will appear "Sophos Anti-Rootkit was successfully installed. Click 'yes' to start it now".
  • Click Yes and allow the driver and its randomly named .tmp file (i.e. F.tmp) to load if asked.
  • If the scan did not start automatically, make sure the following are checked:
    • Running processes
    • Windows Registry
    • Local Hard Drives
  • Click Start scan.
  • Sophos Anti-Rootkit will scan the selected areas and display any suspicious files in the upper panel.
  • When the scan is complete, a pop-up screen will appear with "Rootkit Scan Results". Click OK to continue.
  • Click on the suspicious file to display more information about it in the lower panel which also includes whether the item is recommended for removal.
    • Files tagged as Removable: No are not marked for removal and cannot be removed.
    • Files tagged as Removable: Yes (clean up recommended) are marked for removal by default.
    • Files tagged as Removable: Yes (but clean up not recommended) are not marked for removal because Sophos did not recognize them. These files will require further investigation.
  • Select only items recommended for removal, then click "Clean up checked items". You will be asked to confirm, click Yes.
  • A pop up window will appear advising the cleanup will finish when you restart your computer. Click Restart Now.
  • After reboot, a dialog box displays the files you selected for removal and the action taken.
  • Click Empty list and then click Continue to re-scan your computer a second time to ensure everything was cleaned.
  • When done, go to Start > Run and type or copy/paste: %temp%\sarscan.log
  • This should open the log from the rootkit scan. Please post this log in your next reply. If you have a problem, you can find sarscan.log in C:\Documents and Settings\\Local Settings\Temp\.
Before performing an ARK scan it is recommended to do the following to ensure more accurate results and avoid common issues that may cause false detections.
  • Disconnect from the Internet or physically unplug you Internet cable connection.
  • Clean out your temporary files.
  • Close all open programs, scheduling/updating tasks and background processes that might activate during the scan including the screensaver.
  • Temporarily disable your anti-virus and real-time anti-spyware protection.
  • After starting the scan, do not use the computer until the scan has completed.
  • When finished, re-enable your anti-virus/anti-malware (or reboot) and then you can reconnect to the Internet.

Posted Image
m0le is a proud member of UNITE

#5 rahularora

rahularora
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:22 PM

Posted 08 May 2010 - 01:13 PM

Nothing was detected. One more thing, I was unable to check "Running Processes". It was not clickable (grey in color).

Sarscan.log

Sophos Anti-Rootkit Version 1.5.0 © 2009 Sophos Plc
Started logging on 5/8/2010 at 23:04:28 PM
User "Rahul" on computer "RAHUL-PC"
Windows version 6.1 SP 0.0 build 7600 SM=0x100 PT=0x1 WOW64
Info: Starting registry scan.
Info: Starting disk scan of C: (NTFS).
Hidden: file C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb
Hidden: file C:\ProgramData\Norton\00000082\00000109\000003c3\cltLMS1.dat
Hidden: file C:\ProgramData\Norton\00000082\00000109\000003c3\cltLMS2.dat
Hidden: file C:\Windows\System32\Wat\WatAdminSvc.exe
Hidden: file C:\Windows\System32\Wat\npWatWeb.dll
Hidden: file C:\Windows\System32\Wat\WatWeb.dll
Hidden: file C:\Windows\System32\Wat\WatUX.exe
Info: Starting disk scan of D: (NTFS).
Hidden: file D:\Learning Center\Ebooks\Web eBook Collection 2009 (HTML, CSS, JavaScript, PHP, JQuery, Ajax, Semantic Web)\semantic web\semantic-web-based-information-systems-state-of-the-art-applications-advances-in-semantic-web-and-information-systems-vol-1.9781599044279.47602.pdf
Hidden: file D:\Learning Center\Ebooks\Web eBook Collection 2009 (HTML, CSS, JavaScript, PHP, JQuery, Ajax, Semantic Web)\web design and web soft eng\professional-web-design-techniques-and-templates-css-amp-xhtml-third-edition-charles-river-media-internet.9781584505679.44370.pdf
Hidden: file D:\Learning Center\Ebooks\Web eBook Collection 2009 (HTML, CSS, JavaScript, PHP, JQuery, Ajax, Semantic Web)\web design and web soft eng\software-engineering-for-modern-web-applications-methodologies-and-technologies-premier-reference-source.9781599044927.33276.pdf
Info: Starting disk scan of E: (NTFS).
Stopped logging on 5/8/2010 at 23:31:14 PM



#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:52 AM

Posted 08 May 2010 - 02:17 PM

Good. There are no rootkits on the 64 bit so far but we always need to check.

These steps are for Vista but they should be similar for the Windows 7
  • Open Control Panel and navigate to "Network and Internet Connections"
  • Then click Network and Internet Connections
  • Now select your active Internet connection and right click on it. Suppose if you are using wireless connection right click on "Wireless Network Connection"
  • Select the TCP/IP service in the list and then click properties
  • Change DNS to "Obtain DNS server automatically"


Then

Please download HostsXpert 4.3
  • Extract (unzip) HostsXpert.zip to a permanent folder on your hard drive such as C:\HostsXpert
  • Double-click HostsXpert.exe to run the program.
  • Click "Restore MS Hosts File".
  • Click OK at the confirmation box.
  • Click "Make Read Only".
  • Click the X to exit the program.
-- Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.


Finally

Right-click on the Command Prompt icon (find it by opening the bottom left windows logo and type cmd in the search bar) and select
"Run as administrator".

Then type in:
CODE
ipconfig /flushdns

and press Enter

Now reboot and let me know if this fixes the issue. smile.gif
Posted Image
m0le is a proud member of UNITE

#7 rahularora

rahularora
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:22 PM

Posted 08 May 2010 - 05:14 PM

I had already done this all .. Again i will do so!

My TCP/IP DNS setting was already set to Auto.
Using HostsXpert, previously i had merged the MVPs Host file to the original host file. Now i have clicked on 'Restore MS Hosts file' as you have instructed.

Redirects are still happening
hxxp://smartbizsearch.com/search.php]http://smartbizsearch.com/search.php
hxxp://google-analytics.com]http://google-analytics.com
hxxp://52611.123bounce.com/xtr_new]http://52611.123bounce.com/xtr_new

I still cannot access
http://www.pctools.com/spyware-doctor/
http://windowsupdate.microsoft.com/

Edited by m0le, 08 May 2010 - 05:30 PM.
deactivated links


#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:52 AM

Posted 08 May 2010 - 05:31 PM

Do you have a second system or a laptop (even a borrowed one from a friend or family member) that you can attach to the router (either wired or wireless, doesn't make any difference) and see if that gets redirects as well? We are seeing an increasing number of hacked router/firewalls where the redirection is at that level rather than at the computer itself. If you have another system you can test that with, that system should also show redirects if the router has been hacked.

Now, this usually easy to fix if it is the problem. Download the latest firmware for the router from the manufacturer's site. Go into the router's setup via your browser and copy on paper all the critical settings in the router. Disconnect all systems attached to the router, wired or wireless. Disconnect the router from any gateway (it might be the gateway with some units provided by ISPs). Disconnect the router power supply and let sit for 15 minutes.

Next, on the rear, bottom or side of the router you should see a small button marked Reset. Depress the Reset button with some small pointed object (a bent paperclip will work), and plug the modem back into the power supply. Watch the LEDs on the front of the router and when they stop flashing the router has been reset and you can release the reset button. Connect the router to the gateway and systems. Upload the latest firmware and then reenter the critical settings manually. Do not restore a previously saved settings file.

You should check the router reset steps with the router manual first, but the steps I outlined are usually what it used. If the router was hacked, that should clear out the hack and the redirects should end. Try it, let's see what happens.
Posted Image
m0le is a proud member of UNITE

#9 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:52 AM

Posted 10 May 2010 - 07:01 PM

Did that work?
Posted Image
m0le is a proud member of UNITE

#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:52 AM

Posted 11 May 2010 - 06:36 PM

Since this issue appears to be resolved ... this topic has been closed. Glad we could help. smile.gif

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users