.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_32
Run by Jthirumalai at 14:31:20 on 2012-05-31
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.8151.2748 [GMT -4:00]
.
AV: McAfee VirusScan Enterprise *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee VirusScan Enterprise Antispyware Module *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Citrix\Receiver\PrivService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Cobian Backup 10\cbVSCService.exe
C:\Program Files (x86)\Cobian Backup 10\cbService.exe
C:\Program Files (x86)\Citrix\GoToMyPC\g2svc.exe
C:\Program Files\Lumension\LEMSSAgent\LMAgent.exe
C:\Program Files (x86)\Citrix\GoToMyPC\g2comm.exe
C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
C:\Program Files (x86)\Common Files\Logishrd\LVMVFM\LVPrS64H.exe
C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files (x86)\Citrix\GoToMyPC\g2pre.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
C:\Program Files (x86)\McAfee\VirusScan Enterprise\mfeann.exe
C:\Windows\system32\conhost.exe
c:\oracle\product\111~1.1\oracle~1\ccr\bin\nmz.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
C:\Program Files (x86)\PostgresPlus\9.0SS\pgAgent\bin\pgagent.exe
C:\Program Files (x86)\PostgresPlus\9.0SS\bin\pg_ctl.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
C:\Program Files (x86)\PostgresPlus\9.0SS\bin\postgres.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\PostgresPlus\9.0SS\bin\postgres.exe
C:\Program Files (x86)\PostgresPlus\9.0SS\bin\postgres.exe
C:\Program Files (x86)\PostgresPlus\9.0SS\bin\postgres.exe
C:\Program Files (x86)\PostgresPlus\9.0SS\bin\postgres.exe
C:\Program Files (x86)\PostgresPlus\9.0SS\bin\postgres.exe
C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\PostgresPlus\9.0SS\bin\postgres.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Lumension\Patch Agent\GravitixService.exe
C:\Program Files (x86)\Citrix\ICA Client\ssonsvr.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\SPEnroll.exe
C:\Program Files (x86)\Citrix\GoToMeeting\880\g2mstart.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files\MIT\Kerberos\bin\netidmgr.exe
C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\TechSmith\SnagIt 8\SnagIt32.exe
C:\Program Files\MIT\Kerberos\bin\krbcc64s.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Users\jthirumalai\AppData\Local\Facebook\Messenger\2.1.4520.0\FacebookMessenger.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Cobian Backup 10\cbInterface.exe
C:\Program Files (x86)\TechSmith\SnagIt 8\TSCHelp.exe
C:\Program Files (x86)\Citrix\GoToMeeting\880\g2mcomm.exe
C:\Program Files (x86)\Citrix\GoToMeeting\880\g2mlauncher.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\TechSmith\SnagIt 8\SnagPriv.exe
C:\Program Files (x86)\McAfee\Common Framework\McTray.exe
C:\Program Files (x86)\Citrix\ICA Client\WFCRUN32.EXE
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Lumension\LEMSSAgent\epui\epui.exe
C:\Program Files (x86)\Lumension\Patch Agent\NotificationManager.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\oracle\sqldeveloper\sqldeveloper.exe
C:\Windows\splwow64.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files (x86)\Notepad++\notepad++.exe
C:\Program Files (x86)\Citrix\GoToMyPC\g2tray.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\notepad.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat.exe
C:\Program Files (x86)\Mentat Technologies\DreamCoder\DreamCoder.exe
C:\Windows\system32\notepad.exe
C:\Windows\notepad.exe
C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = 10.1.200.10
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120202205223.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
uRun: [AdobeBridge]
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [GoToMeeting] "C:\Program Files (x86)\Citrix\GoToMeeting\880\g2mstart.exe" "/Trigger RunAtLogon"
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [Facebook Update] "C:\Users\jthirumalai\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [Google Update] "C:\Users\jthirumalai\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun: [McAfeeUpdaterUI] "C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [<NO NAME>]
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun: [StartNowToolbarHelper] "C:\Program Files (x86)\StartNow Toolbar\ToolbarHelper.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [ShStatEXE] "C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
mRun: [Cobian Backup 10 Interface] "C:\Program Files (x86)\Cobian Backup 10\cbInterface.exe" -service
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
StartupFolder: C:\Users\JTHIRU~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\FACEBO~1.LNK - C:\Users\jthirumalai\AppData\Local\Facebook\Messenger\2.1.4520.0\FacebookMessenger.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NETWOR~1.LNK - C:\Program Files (x86)\MIT\Kerberos\bin\netidmgr.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SNAGIT~1.LNK - C:\Program Files (x86)\TechSmith\SnagIt 8\SnagIt32.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WDDMST~1.LNK - C:\Program Files (x86)\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: MaxGPOScriptWait = 120 (0x78)
mPolicies-system: SoftwareSASGeneration = 3 (0x3)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
Trusted Zone: citrite.net\access
Trusted Zone: citrixonline.com\remote
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} -
hxxp://download.eset.com/special/eos/OnlineScanner.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -
hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cabDPF: {C4866628-AD07-4309-B3AB-DB6A8627FEAD} -
hxxp://evunity-1.gol1/ciscopca/controls/MediaMasENU.cabDPF: {CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.5.0/jinsta ... s-i586.cabDPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cabTCP: DhcpNameServer = 10.1.80.20 10.1.80.21
TCP: Interfaces\{8B73B763-EED8-45A3-9B6A-3F44144CEF5E} : NameServer = 10.1.80.20,10.1.90.19
TCP: Interfaces\{8B73B763-EED8-45A3-9B6A-3F44144CEF5E} : DhcpNameServer = 10.1.80.20 10.1.80.21
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120202205223.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
mRun-x64: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun-x64: [McAfeeUpdaterUI] "C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
mRun-x64: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [(Default)]
mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun-x64: [StartNowToolbarHelper] "C:\Program Files (x86)\StartNow Toolbar\ToolbarHelper.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [ShStatEXE] "C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
mRun-x64: [Cobian Backup 10 Interface] "C:\Program Files (x86)\Cobian Backup 10\cbInterface.exe" -service
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
Hosts: 176.9.75.3
www.google-analytics.com.
Hosts: 176.9.75.3 ad-emea.doubleclick.net.
Hosts: 176.9.75.3
www.statcounter.com.
Hosts: 108.163.215.51
www.google-analytics.com.
Hosts: 108.163.215.51 ad-emea.doubleclick.net.
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\jthirumalai\AppData\Roaming\Mozilla\Firefox\Profiles\6mlsaafu.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage -
hxxp://www.msn.com/?pc=Z128&install_date=20110810FF - prefs.js: keyword.URL -
hxxp://www.bing.com/search?pc=Z128&form ... 0110810&q=FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npicaN.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\jthirumalai\AppData\Local\Facebook\Messenger\2.1.4520.0\npFbDesktopPlugin.dll
FF - plugin: C:\Users\jthirumalai\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Users\jthirumalai\AppData\Roaming\Mozilla\Firefox\Profiles\6mlsaafu.default\extensions\ietab@ip.cn\plugins\npCoralIETab.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false
.
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\system32\DRIVERS\ctxusbm.sys --> C:\Windows\system32\DRIVERS\ctxusbm.sys [?]
R1 EPS;EPS;C:\Windows\system32\drivers\eps.sys --> C:\Windows\system32\drivers\eps.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-8-16 98208]
R2 ARPriv;Citrix Receiver Install Helper Service;C:\Program Files (x86)\Citrix\Receiver\PrivService.exe [2010-1-22 238872]
R2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service;C:\Program Files (x86)\Cobian Backup 10\cbVSCService.exe [2012-4-20 67584]
R2 CobianBackup10;Cobian Backup Boletus;C:\Program Files (x86)\Cobian Backup 10\cbService.exe [2012-4-20 1125376]
R2 LEMSS Agent;LEMSS Agent;C:\Program Files\Lumension\LEMSSAgent\LMAgent.exe [2011-9-29 594000]
R2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe [2010-5-7 197976]
R2 McAfeeFramework;McAfee Framework Service;C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [2011-1-12 120128]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2012-2-2 199008]
R2 McTaskManager;McAfee Task Manager;C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe [2011-9-14 209760]
R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]
R2 Oraclec_oracle_product_111~1.1_oracle~1ConfigurationManager;Oraclec_oracle_product_111~1.1_oracle~1ConfigurationManager;c:\oracle\product\111~1.1\oracle~1\ccr\bin\nmz.exe c:\oracle\product\111~1.1\oracle~1\ccr\hosts\jthirumalai2.ad.corp.expertcity.com --> c:\oracle\product\111~1.1\oracle~1\ccr\bin\nmz.exe c:\oracle\product\111~1.1\oracle~1\ccr\hosts\jthirumalai2.ad.corp.expertcity.com [?]
R2 pgAgent;PostgreSQL Scheduling Agent - pgAgent;C:\Program Files (x86)\PostgresPlus\9.0SS\pgAgent\bin\pgagent.exe RUN pgAgent host=localhost port=5432 user=postgres dbname=postgres --> C:\Program Files (x86)\PostgresPlus\9.0SS\pgAgent\bin\pgagent.exe RUN pgAgent host=localhost port=5432 user=postgres dbname=postgres [?]
R2 postgresql-9.0;postgresql-9.0 - PostgreSQL Server 9.0;C:/Program Files (x86)/PostgresPlus/9.0SS/bin/pg_ctl.exe runservice -N "postgresql-9.0" -D "C:/Program Files (x86)/PostgresPlus/9.0SS/data" -w --> C:/Program Files (x86)/PostgresPlus/9.0SS/bin/pg_ctl.exe runservice -N postgresql-9.0 [?]
R2 WDDMService;WDDMService;C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2011-3-9 288768]
R2 WDFME;WD File Management Engine;C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [2011-3-9 1066896]
R2 WDSC;WD File Management Shadow Engine;C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [2011-3-9 491920]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\system32\DRIVERS\LVPr2M64.sys --> C:\Windows\system32\DRIVERS\LVPr2M64.sys [?]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
R3 LVUVC64;Logitech HD Webcam C510(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 Patch Agent;Patch Agent;C:\Program Files (x86)\Lumension\Patch Agent\GravitixService.exe [2011-9-20 95584]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-5-3 158856]
S2 Updater Service for StartNow Toolbar;Updater Service for StartNow Toolbar;C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe --> C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe [?]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-26 129976]
S3 pgbouncer;pgbouncer;C:\Program Files (x86)\PostgresPlus\9.0SS\pgbouncer\bin\pgbouncer.exe -service "C:\Program Files (x86)\PostgresPlus\9.0SS\pgbouncer\share\pgbouncer.ini" --> C:\Program Files (x86)\PostgresPlus\9.0SS\pgbouncer\bin\pgbouncer.exe -service C:\Program Files (x86)\PostgresPlus\9.0SS\pgbouncer\share\pgbouncer.ini [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
S4 SmartDeploy;SmartDeploy;C:\Windows\SysWOW64\SmartDeploy.exe [2011-4-1 206832]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
vbefile\shell\open2\command="%SystemRoot%\System32\CScript.exe" "%1" %*
vbsfile\shell\open2\command="%SystemRoot%\System32\CScript.exe" "%1" %*
jsefile\shell\open2\command=C:\Windows\System32\CScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2012-05-31 17:47:31 -------- d-----w- C:\Users\jthirumalai\AppData\Roaming\WinPatrol
2012-05-31 17:47:26 -------- d-----w- C:\ProgramData\InstallMate
2012-05-31 17:47:26 -------- d-----w- C:\Program Files (x86)\BillP Studios
2012-05-31 17:45:12 -------- d-----w- C:\Users\jthirumalai\AppData\Roaming\FreeFixer
2012-05-31 17:45:12 -------- d-----w- C:\Users\jthirumalai\AppData\Local\FreeFixer
2012-05-31 17:45:07 -------- d-----w- C:\Program Files\FreeFixer
2012-05-31 17:35:08 -------- d-----w- C:\Program Files\HitmanPro
2012-05-31 17:34:23 -------- d-----w- C:\ProgramData\HitmanPro
2012-05-31 16:19:16 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-05-31 16:19:16 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-05-31 15:57:07 -------- d-----w- C:\Program Files (x86)\ESET
2012-05-31 10:02:58 -------- d-----w- C:\Users\jthirumalai\AppData\Local\{6082143B-A2F6-4E8D-880B-6A741244F548}
2012-05-30 22:02:55 -------- d-----w- C:\Users\jthirumalai\AppData\Local\{DC06C60A-378B-49DA-AD30-6BEC2BB40CB3}
2012-05-30 19:51:23 -------- d-----w- C:\Users\jthirumalai\AppData\Roaming\Business Objects
2012-05-30 19:31:46 -------- d-----w- C:\Program Files (x86)\Business Objects
2012-05-30 10:02:52 -------- d-----w- C:\Users\jthirumalai\AppData\Local\{3ABE1A20-D458-490A-902E-84C3CBBF915D}
2012-05-29 22:02:49 -------- d-----w- C:\Users\jthirumalai\AppData\Local\{92B8A6A4-C206-4836-8CC7-28A428BA6065}
2012-05-29 10:02:47 -------- d-----w- C:\Users\jthirumalai\AppData\Local\{BD0ACF74-89C7-49C3-B041-D844971A4F0C}
2012-05-28 22:02:44 -------- d-----w- C:\Users\jthirumalai\AppData\Local\{E9B280F9-12B5-45D1-9FFA-35628C43A89A}
2012-05-28 10:02:42 -------- d-----w- C:\Users\jthirumalai\AppData\Local\{99454ED5-B4B5-48E7-B8B2-D8BB553C1E86}
2012-05-27 22:02:39 -------- d-----w- C:\Users\jthirumalai\AppData\Local\{01E344B3-291E-4A0C-8A03-2F0E7A8E0126}
2012-05-27 10:02:36 -------- d-----w- C:\Users\jthirumalai\AppData\Local\{66CB48A1-5436-4C72-907D-D2C4FA348E68}
2012-05-26 22:02:34 -------- d-----w- C:\Users\jthirumalai\AppData\Local\{7545A71E-4CE4-4564-8DBD-E29215C707C8}
2012-05-26 10:02:31 -------- d-----w- C:\Users\jthirumalai\AppData\Local\{D4D6717A-5E08-4BAD-A544-79D00F3FD654}
2012-05-25 22:02:27 -------- d-----w- C:\Users\jthirumalai\AppData\Local\{18F0DB74-87B9-4EF2-8666-74531633E550}
2012-05-25 22:02:26 -------- d-----w- C:\Users\jthirumalai\AppData\Local\{FC1BCBA7-42C0-486E-B6BB-92E3E5892308}
2012-05-25 14:02:08 -------- d-----w- C:\ProgramData\GFI Software
2012-05-25 13:52:20 -------- d-----w- C:\Users\jthirumalai\AppData\Local\adawarebp
2012-05-25 10:02:12 -------- d-----w- C:\Users\jthirumalai\AppData\Local\{AD094BC5-9AFB-4014-BC30-E8460A125E3C}
2012-05-25 10:02:12 -------- d-----w- C:\Users\jthirumalai\AppData\Local\{004B42AA-4645-4FA3-A496-2A068BFB989D}
2012-05-24 22:04:12 -------- d-----w- C:\Windows\en
2012-05-24 22:02:34 48488 ----a-w- C:\Windows\System32\drivers\fssfltr.sys
2012-05-24 22:00:55 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\b12e56f51cd39f801\DSETUP.dll
2012-05-24 22:00:55 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\b12e56f51cd39f801\DXSETUP.exe
2012-05-24 22:00:55 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\b12e56f51cd39f801\dsetup32.dll
2012-05-24 22:00:55 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\b18406ef1cd39f802\MeshBetaRemover.exe
2012-05-24 21:59:26 -------- d-----w- C:\Users\jthirumalai\AppData\Local\{89CCD42F-0943-477A-A6B9-2B2AB551FA32}
2012-05-24 21:59:23 -------- d-----w- C:\Users\jthirumalai\AppData\Local\{103B97F4-68DC-42A9-BD9C-C460DAE1D1CA}
2012-05-24 21:42:25 -------- d-----w- C:\Users\jthirumalai\AppData\Local\{797D43FC-B3F3-41B5-9C1F-0AD48D685BE3}
2012-05-24 21:42:24 -------- d-----w- C:\Users\jthirumalai\AppData\Local\{DC6A0E99-99EB-4BD7-825A-130D36CB8AB5}
2012-05-24 21:33:20 -------- d-----w- C:\Users\jthirumalai\AppData\Roaming\Malwarebytes
2012-05-24 21:33:05 -------- d-----w- C:\ProgramData\Malwarebytes
2012-05-24 21:18:41 -------- d-----w- C:\Users\jthirumalai\AppData\Roaming\ShareFile
2012-05-24 21:18:26 -------- d-----w- C:\Users\jthirumalai\AppData\Local\assembly
2012-05-24 21:17:52 -------- d-----w- C:\Users\jthirumalai\AppData\Local\{E2AD4232-2601-4259-AF25-15F1BBE518A7}
2012-05-24 21:17:44 -------- d-----w- C:\Users\jthirumalai\AppData\Local\{82A1DD0C-5CF4-42BB-B1D8-BC530DE8A923}
2012-05-24 21:17:39 -------- dc-h--w- C:\Users\jthirumalai\AppData\Local\{E9DB13C1-B6BE-4DCD-9F30-EF6A37CB7D79}
2012-05-24 21:17:36 -------- d-----w- C:\Program Files (x86)\ShareFile Outlook Plugin
2012-05-24 21:17:19 -------- d-----w- C:\Users\jthirumalai\AppData\Local\PackageAware
2012-05-24 21:01:34 -------- d-----w- C:\Users\jthirumalai\AppData\Roaming\SUPERAntiSpyware.com
2012-05-24 21:01:16 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-05-24 21:01:16 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-05-24 14:22:43 -------- d-----w- C:\Users\jthirumalai\sofastats_recovery
2012-05-24 14:22:42 -------- d-----w- C:\Users\jthirumalai\sofastats
2012-05-24 14:22:34 -------- d-----w- C:\Users\jthirumalai\.matplotlib
2012-05-22 21:38:37 -------- d-----w- C:\Program Files (x86)\sofastats
2012-05-17 22:43:10 476960 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2012-05-17 22:35:56 -------- d-----w- C:\Users\jthirumalai\AppData\Local\{5275764A-F167-4DB4-82D3-B6C14A19FF7A}
2012-05-17 22:35:54 -------- d-----w- C:\Users\jthirumalai\AppData\Local\{F1260456-A155-498C-9DD9-AAE159112EE1}
2012-05-09 18:49:50 -------- d-----w- C:\Users\jthirumalai\AppData\Local\Eclipse
2012-05-09 18:49:34 -------- d-----w- C:\Users\jthirumalai\workspace
2012-05-09 17:39:24 -------- d-----w- C:\ProgramData\Tarma Installer
2012-05-03 17:24:33 -------- d-----w- C:\Users\jthirumalai\.businessobjects
.
==================== Find3M ====================
.
2012-05-17 22:43:03 472864 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-05-17 22:36:07 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-17 22:36:07 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-03-27 12:14:55 60304 ----a-w- C:\Users\jthirumalai\g2mdlhlpx.exe
2012-03-08 22:50:28 49016 ----a-w- C:\Windows\SysWow64\sirenacm.dll
2012-03-08 22:37:20 302448 ----a-w- C:\Windows\WLXPGSS.SCR
.
============= FINISH: 14:31:47.79 ===============