Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

trojan.js.tracur!ik - Google redirect virus?

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

trojan.js.tracur!ik - Google redirect virus?

Unread postby jayden » February 17th, 2011, 7:18 pm

Hi all!

Firstly - what a great forum. Once I get a bit of spare cash I'll be donating to you guys for sure. Apart from my virus issues - I've learned a lot already about speeding up my machine, and how nasty P2P programs are.

So I've had the "Google redirect" virus on my machine for some time now and have been trying in vain to remove it on my own. AVG never picked it up, and I've been running a couple of other programs like SuperAntiSpyware and Emsisoft Anti-Malware. Emsisoft ended up finding "trojan.js.tracur!ik" in a Google Chrome file, and here is the log after it deleted it:

C:\Users\Jayden\AppData\Local\{83198F9A-4343-4828-9184-DB03D9F210DD}\chrome\content\overlay.xul Deleted Trojan.JS.Tracur!IK

Here is my HijackThis.log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:12:13 AM, on 18/02/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16722)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Boot Camp\Bootcamp.exe
C:\Program Files\Razer\Lachesis\razerhid.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Razer\Lachesis\razerofa.exe
C:\Windows\System32\dinotify.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Users\Jayden\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\Program Files\Razer\Lachesis\OSD.exe
C:\Program Files\Razer\Lachesis\razertra.exe
C:\Windows\system32\taskhost.exe
C:\Windows\explorer.exe
C:\Windows\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\taskeng.exe
C:\Windows\explorer.exe
C:\Users\Jayden\Desktop\Malware removal\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://co107w.col107.mail.live.com/defa ... wsignin1.0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Apple_KbdMgr] C:\Program Files\Boot Camp\Bootcamp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Lachesis] C:\Program Files\Razer\Lachesis\razerhid.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/2.9 ... ontrol.CAB
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Emsisoft Anti-Malware 5.0 - Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\Emsisoft Anti-Malware\a2service.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Apple OS Switch Manager (AppleOSSMgr) - Unknown owner - C:\Windows\system32\AppleOSSMgr.exe
O23 - Service: Apple Time Service (AppleTimeSrv) - Apple Inc. - C:\Windows\system32\AppleTimeSrv.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PEVSystemStart - Unknown owner - C:\ComboFix\PEV.cfxxe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Program Files\Tablet\Pen\Pen_Tablet.exe
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe

--
End of file - 8376 bytes



Here is my uninstall_list.txt

ACDSee Classic
Acrobat.com
Acrobat.com
Adobe Acrobat 9 Pro - English, Français, Deutsch
Adobe After Effects CS4
Adobe After Effects CS4 Presets
Adobe After Effects CS4 Template Projects & Footage
Adobe After Effects CS4 Third Party Content
Adobe AIR
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles AE CS4
Adobe Color Video Profiles CS CS4
Adobe Community Help
Adobe Community Help
Adobe Creative Suite 4 Master Collection
Adobe Creative Suite 4 Master Collection
Adobe CS4 American English Speech Analysis Models
Adobe CS4 International English Speech Analysis Models
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Dreamweaver CS4
Adobe Dynamiclink Support
Adobe Encore CS4
Adobe Encore CS4 Codecs
Adobe Encore CS4 Library
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash CS4
Adobe Flash CS4 Extension - Flash Lite STI en
Adobe Flash CS4 STI-en
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Illustrator CS4
Adobe InDesign CS4
Adobe InDesign CS4 Application Feature Set Files (Roman)
Adobe InDesign CS4 Common Base Files
Adobe InDesign CS4 Icon Handler
Adobe Linguistics CS4
Adobe Media Encoder CS4
Adobe Media Encoder CS4 Additional Exporter
Adobe Media Encoder CS4 Dolby
Adobe Media Encoder CS4 Exporter
Adobe Media Encoder CS4 Importer
Adobe Media Player
Adobe Media Player
Adobe MotionPicture Color Files CS4
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Premiere Pro CS4
Adobe Premiere Pro CS4 Functional Content
Adobe Premiere Pro CS4 Third Party Content
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe SGM CS4
Adobe SING CS4
Adobe Soundbooth CS4
Adobe Soundbooth CS4 Codecs
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Any Video Converter 3.0.7
AnyDVD
A-PDF Page Cut 1.8
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Aunsoft MTS Converter version 1.0.2.2185
AVG 2011
AVG 2011
AVG 2011
AviSynth 2.5
Bamboo
Bonjour
Boot Camp Services
CamStudio
CamStudio Lossless Codec v1.4
Canon CanoScan Toolbox 5.0
CanoScan LiDE 600F
CCleaner
COMODO BackUp
Connect
Connectify
Convert AVI to MP4 1.3
D3DX10
Date With Destiny
Definition update for Microsoft Office 2010 (KB982726)
Definition update for Microsoft Office 2010 (KB982726)
Defraggler
DHTML Editing Component
Emsisoft Anti-Malware 5.1
FileZilla Client 3.3.5.1
FlippingBook PDF Publisher
FlippingBook PDF Publisher
Foxtel Download Manager 4.1.500.11
FOXTEL Download Player
Free HD Converter V 1.7
Glo Bible Software
Google Calendar Sync
Google Earth Plug-in
Google Gears
Google Update Helper
HiJackThis
Hugin 2009.4.0
HxD Hex Editor version 1.7.7.0
IETester v0.4.7 (remove only)
iTunes
Java(TM) 6 Update 23
Jing
Junk Mail filter update
kuler
Magic ISO Maker v5.5 (build 0276)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Professional Plus 2010
Microsoft Office Project MUI (English) 2010
Microsoft Office Project Professional 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Project Professional 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Mindjet MindManager Lite 7
Mozilla Firefox (3.6.13)
Mozilla Thunderbird (3.1.7)
MSVCRT
MysticThumbs
No-IP DUC
Notepad++
NVIDIA Drivers
Optus Wireless Broadband
PDF Settings CS4
PDF-XChange 3
Photoshop Camera Raw
Picasa 3
Pixel Bender Toolkit
PlayReady PC Runtime x86
PQ DVD to iPhone Video Suite (remove only)
PTGui 9.0.1
PWF Time Tracker
PWF Time Tracker
QuickTime
RAIDar 4.1.3
Razer Lachesis
Realtek High Definition Audio Driver
Safari
Screencast.com Desktop Uploader
Security Update for Microsoft Office 2010 (KB2289078)
Security Update for Microsoft Office 2010 (KB2289078)
Security Update for Microsoft Office 2010 (KB2289161)
Security Update for Microsoft Office 2010 (KB2289161)
Security Update for Microsoft Publisher 2010 (KB2409055)
Security Update for Microsoft Word 2010 (KB2345000)
Skype™ 5.0
Sothink SWF Decompiler
Space Screensaver
Suite Shared Configuration CS4
SUPERAntiSpyware
SyncBack
TeamViewer 6
The KMPlayer (remove only)
True Time Tracker
TV Jukebox 3.5
Update for Microsoft Office 2010 (KB2202188)
Update for Microsoft Office 2010 (KB2202188)
Update for Microsoft Office 2010 (KB2413186)
Update for Microsoft Office 2010 (KB2413186)
Update for Microsoft Office 2010 (KB2413186)
Update for Microsoft OneNote 2010 (KB2433299)
Update for Microsoft Outlook Social Connector (KB2289116)
Update for Microsoft Outlook Social Connector (KB2289116)
Videora iPad Converter 5.04
Visual Studio 2005 Tools for Office Second Edition Runtime
WebTablet IE Plugin
WebTablet Netscape Plugin
Windows Driver Package - Apple Inc. (AppleUSBEthernet) Net (01/11/2008 3.4.3.18)
Windows Driver Package - Apple Inc. (AppleUSBEthernet) Net (02/01/2008 3.8.3.10)
Windows Driver Package - Apple Inc. Apple Bluetooth Enabler (06/27/2007 2.0.0.1)
Windows Driver Package - Apple Inc. Apple Broadcom Bluetooth (11/23/2009 3.1.0.1)
Windows Driver Package - Apple Inc. Apple Built-in iSight (10/25/2007 2.0.1.0)
Windows Driver Package - Apple Inc. Apple Display (01/23/2009 3.0.0.0)
Windows Driver Package - Apple Inc. Apple IR Receiver (02/21/2008 2.0.4.0)
Windows Driver Package - Apple Inc. Apple Keyboard (03/05/2009 3.0.0.0)
Windows Driver Package - Apple Inc. Apple Keyboard (04/06/2009 3.0.0.0)
Windows Driver Package - Apple Inc. Apple Multitouch (03/25/2009 2.1.2.112)
Windows Driver Package - Apple Inc. Apple Multitouch (09/10/2009 3.0.0.0)
Windows Driver Package - Apple Inc. Apple Multitouch (10/05/2010 3.2.0.1)
Windows Driver Package - Apple Inc. Apple Multitouch Mouse (03/25/2009 2.1.2.112)
Windows Driver Package - Apple Inc. Apple Multitouch Mouse (09/10/2009 3.0.0.0)
Windows Driver Package - Apple Inc. Apple Multitouch Mouse (10/05/2010 3.2.0.1)
Windows Driver Package - Apple Inc. Apple ODD (01/17/2008 2.0.2.2)
Windows Driver Package - Apple Inc. Apple ODD (05/17/2010 3.1.0.0)
Windows Driver Package - Apple Inc. Apple Trackpad (03/05/2009 3.0.0.0)
Windows Driver Package - Apple Inc. Apple Trackpad (07/13/2009 3.0.0.1)
Windows Driver Package - Apple Inc. Apple Trackpad Enabler (02/19/2009 3.0.0.0)
Windows Driver Package - Apple Inc. Apple Trackpad Enabler (07/13/2009 3.0.0.1)
Windows Driver Package - Apple Inc. Apple Wireless Mouse (11/30/2009 3.0.0.6)
Windows Driver Package - Apple Inc. Apple Wireless Trackpad (08/24/2010 3.1.0.7)
Windows Driver Package - Apple Inc. Bluetooth (11/23/2009 3.0.0.4)
Windows Driver Package - Apple Inc. System (08/22/2008 2.1.1.1)
Windows Driver Package - Atheros Communications Inc. (athr) Net (09/18/2008 7.6.1.122)
Windows Driver Package - Atheros Communications Inc. (athr) Net (11/18/2009 8.0.0.258)
Windows Driver Package - Atheros Communications Inc. Net (09/18/2008 7.6.1.122)
Windows Driver Package - Broadcom (b57nd60x) Net (05/28/2009 12.2.0.3)
Windows Driver Package - Broadcom (BCM43XX) Net (08/21/2009 5.60.18.8)
Windows Driver Package - Broadcom (BCM43XX) Net (10/22/2008 5.10.38.26)
Windows Driver Package - Cirrus Logic, Inc. (CirrusFilter) MEDIA (01/02/2010 6.6001.1.21)
Windows Driver Package - Cirrus Logic, Inc. (CirrusFilter) MEDIA (04/29/2009 6.6001.1.8)
Windows Driver Package - Cirrus Logic, Inc. (CirrusFilter) MEDIA (08/16/2010 6.6001.1.26)
Windows Driver Package - Intel (e1express) Net (02/06/2008 9.12.17.0)
Windows Driver Package - Intel (E1G60) Net (01/08/2008 8.3.9.0)
Windows Driver Package - Intel (e1kexpress) Net (07/22/2008 10.3.45.0)
Windows Driver Package - Intel (e1qexpress) Net (08/05/2008 10.3.49.0)
Windows Driver Package - Intel (e1yexpress) Net (07/16/2008 9.52.10.0)
Windows Driver Package - Intel Net (02/06/2008 9.12.18.0)
Windows Driver Package - Intel Net (06/13/2008 9.52.9.0)
Windows Driver Package - Intel Net (07/22/2008 10.3.45.0)
Windows Driver Package - Intel Net (08/05/2008 10.3.49.0)
Windows Driver Package - Intel Net (11/07/2007 8.10.1.0)
Windows Driver Package - Intel System (07/20/2007 1.2.76.0)
Windows Driver Package - Marvell (yukonwlh) Net (03/23/2007 10.12.7.3)
Windows Installer Clean Up
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Messenger
Windows Live Messenger
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Media Player Firefox Plugin
Windows Mobile Device Center
Windows Mobile Device Center Driver Update
Windows Resource Kit Tools - SubInAcl.exe
WinRAR archiver
X-Lite Beta
Xvid 1.2.2 final uninstall
YouSendIt Express
YouSendIt Express
Zinc 3



I know uTorrent is on my machine, so feel free to tell me to delete it. I can't see it in the uninstall list, so it must be a self-executable or something?

Thanks very much!
jayden
Active Member
 
Posts: 11
Joined: February 17th, 2011, 6:52 pm
Advertisement
Register to Remove

Re: trojan.js.tracur!ik - Google redirect virus?

Unread postby Blade81 » February 21st, 2011, 12:09 pm

Hi,

Download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds file to run the tool.
  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt
  • Save both reports to your desktop. Post them back to your topic.
User avatar
Blade81
Admin/Teacher
Admin/Teacher
 
Posts: 5245
Joined: July 17th, 2006, 3:36 am
Location: Finland

Re: trojan.js.tracur!ik - Google redirect virus?

Unread postby jayden » February 23rd, 2011, 8:09 pm

Hi Blade81,

I've been trying this over the last couple of days, but dds keeps freezing my machine after about 2 minutes. I uninstalled AVG, I now have no antivirus programs running, restarted a couple of times, reduced my startup items to only the bare essentials, but it still freezes my machine.

Any ideas?
jayden
Active Member
 
Posts: 11
Joined: February 17th, 2011, 6:52 pm

Re: trojan.js.tracur!ik - Google redirect virus?

Unread postby Blade81 » February 24th, 2011, 11:56 am

Hi,

1. Download TDSSKiller and extract its contents into a folder in desired location (i.e. c:\tdsskiller).
2. Execute the file TDSSKiller.exe.
3. Click Start Scan. If threats are found, select cure and click Continue (tool may prompt for a reboot).
4. Post back contents of log file in c: drive root (name should be in UtilityName.Version_Date_Time_log.txt format)
User avatar
Blade81
Admin/Teacher
Admin/Teacher
 
Posts: 5245
Joined: July 17th, 2006, 3:36 am
Location: Finland

Re: trojan.js.tracur!ik - Google redirect virus?

Unread postby jayden » February 24th, 2011, 6:13 pm

That one worked...

2011/02/25 07:50:10.0513 5552 TDSS rootkit removing tool 2.4.18.0 Feb 21 2011 11:08:08
2011/02/25 07:50:11.0262 5552 ================================================================================
2011/02/25 07:50:11.0262 5552 SystemInfo:
2011/02/25 07:50:11.0262 5552
2011/02/25 07:50:11.0262 5552 OS Version: 6.1.7600 ServicePack: 0.0
2011/02/25 07:50:11.0262 5552 Product type: Workstation
2011/02/25 07:50:11.0262 5552 ComputerName: STEALTH
2011/02/25 07:50:11.0278 5552 UserName: Jayden
2011/02/25 07:50:11.0278 5552 Windows directory: C:\Windows
2011/02/25 07:50:11.0278 5552 System windows directory: C:\Windows
2011/02/25 07:50:11.0278 5552 Processor architecture: Intel x86
2011/02/25 07:50:11.0278 5552 Number of processors: 2
2011/02/25 07:50:11.0278 5552 Page size: 0x1000
2011/02/25 07:50:11.0278 5552 Boot type: Normal boot
2011/02/25 07:50:11.0278 5552 ================================================================================
2011/02/25 07:50:11.0668 5552 Initialize success
2011/02/25 07:50:17.0955 4176 ================================================================================
2011/02/25 07:50:17.0955 4176 Scan started
2011/02/25 07:50:17.0955 4176 Mode: Manual;
2011/02/25 07:50:17.0955 4176 ================================================================================
2011/02/25 07:50:23.0695 4176 ================================================================================
2011/02/25 07:50:23.0695 4176 Scan finished
2011/02/25 07:50:23.0695 4176 ================================================================================
2011/02/25 08:11:50.0350 1400 ================================================================================
2011/02/25 08:11:50.0350 1400 Scan started
2011/02/25 08:11:50.0350 1400 Mode: Manual;
2011/02/25 08:11:50.0350 1400 ================================================================================
2011/02/25 08:11:53.0928 1400 ================================================================================
2011/02/25 08:11:53.0928 1400 Scan finished
2011/02/25 08:11:53.0928 1400 ================================================================================
jayden
Active Member
 
Posts: 11
Joined: February 17th, 2011, 6:52 pm

Re: trojan.js.tracur!ik - Google redirect virus?

Unread postby Blade81 » February 25th, 2011, 12:42 pm

Good. That looks clean. Let's run another tool.

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
User avatar
Blade81
Admin/Teacher
Admin/Teacher
 
Posts: 5245
Joined: July 17th, 2006, 3:36 am
Location: Finland

Re: trojan.js.tracur!ik - Google redirect virus?

Unread postby jayden » February 25th, 2011, 8:51 pm

Thanks very much. Here's OTL.Txt:

OTL logfile created on: 26/02/2011 10:42:28 AM - Run 1
OTL by OldTimer - Version 3.2.21.0 Folder = C:\Users\Jayden\Desktop\Malware removal\OTL
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 70.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 414.57 Gb Total Space | 207.28 Gb Free Space | 50.00% Space Free | Partition Type: NTFS
Drive E: | 50.88 Gb Total Space | 7.79 Gb Free Space | 15.32% Space Free | Partition Type: HFS
Drive T: | 1853.45 Gb Total Space | 1244.51 Gb Free Space | 67.15% Space Free | Partition Type: NTFS

Computer Name: STEALTH | User Name: Jayden | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Jayden\Desktop\Malware removal\OTL\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Boot Camp\Bootcamp.exe (Apple Inc.)
PRC - C:\Windows\System32\AppleOSSMgr.exe ()
PRC - C:\Users\Jayden\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe (Apple Inc.)
PRC - C:\Windows\System32\AppleTimeSrv.exe (Apple Inc.)
PRC - C:\Program Files\Razer\Lachesis\razerhid.exe ()
PRC - C:\Program Files\Razer\Lachesis\razertra.exe ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Razer\Lachesis\OSD.exe (razercfg MFC Application)
PRC - C:\Program Files\Razer\Lachesis\razerofa.exe (Razer Inc.)


========== Modules (SafeList) ==========

MOD - C:\Users\Jayden\Desktop\Malware removal\OTL\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (PEVSystemStart) -- File not found
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (TeamViewer6) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (AppleOSSMgr) -- C:\Windows\System32\AppleOSSMgr.exe ()
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (TouchServicePen) -- C:\Program Files\Tablet\Pen\Pen_TouchService.exe (Wacom Technology, Corp.)
SRV - (TabletServicePen) -- C:\Program Files\Tablet\Pen\Pen_Tablet.exe (Wacom Technology, Corp.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (AppleTimeSrv) -- C:\Windows\System32\AppleTimeSrv.exe (Apple Inc.)
SRV - (Foxtel) -- C:\Program Files\FOXTEL\Download Player\Download Control\DCBin\DCService.exe (Entriq, Inc.)
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (AppleHFS) -- C:\Windows\System32\drivers\AppleHFS.sys (Apple Inc.)
DRV - (MacHALDriver) -- C:\Windows\System32\drivers\MacHALDriver.sys (Apple Inc.)
DRV - (AppleMNT) -- C:\Windows\System32\drivers\AppleMNT.sys (Apple Inc.)
DRV - (KeyAgent) -- C:\Windows\System32\drivers\KeyAgent.sys (Apple Inc.)
DRV - (CirrusFilter) -- C:\Windows\System32\drivers\CS420x86.sys (Cirrus Logic)
DRV - (applemtp) -- C:\Windows\System32\drivers\applemtp.sys (Apple Inc.)
DRV - (applemtm) -- C:\Windows\System32\drivers\applemtm.sys (Apple Inc.)
DRV - (NVNET) -- C:\Windows\System32\drivers\nvmf6232.sys (NVIDIA Corporation)
DRV - (Netaapl) -- C:\Windows\System32\drivers\netaapl.sys (Apple Inc.)
DRV - (btusbflt) -- C:\Windows\System32\drivers\btusbflt.sys (Broadcom Corporation.)
DRV - (AnyDVD) -- C:\Windows\System32\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (1394ohci) -- C:\Windows\system32\DRIVERS\1394ohci.sys (Microsoft Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (BCM43XX) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corporation)
DRV - (ElbyCDIO) -- C:\Windows\System32\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (LachesisFltr) -- C:\Windows\System32\drivers\Lachesis.sys (Razer (Asia-Pacific) Pte Ltd)
DRV - (wacomvhid) -- C:\Windows\System32\drivers\wacomvhid.sys (Wacom Technology)
DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (IRRemoteFlt) -- C:\Windows\System32\drivers\IRFilter.sys (Apple Inc.)
DRV - (KeyMagic) -- C:\Windows\System32\drivers\KeyMagic.sys (Apple Inc.)
DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)
DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)
DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (vwififlt) -- C:\Windows\System32\drivers\vwififlt.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (AF15BDA) -- C:\Windows\System32\drivers\AF15BDA.sys (ITETech )
DRV - (USBPNPA) -- C:\Windows\System32\drivers\CM108.sys (C-Media Inc)
DRV - (wacommousefilter) -- C:\Windows\System32\drivers\wacommousefilter.sys (Wacom Technology)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://co107w.col107.mail.live.com/defa ... wsignin1.0
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B0 91 3D 20 66 B5 CA 01 [binary data]
IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://mail.google.com/a/thermosis.com/#inbox|https://www.google.com/calendar/hosted/thermosis.com/renderOnline|https://thermosis.freshbooks.com/menu.php?CB431CBbG9naW49L0ZCMjAxOTE=|https://www.kazeli.com/weboffice/indexs.cfm"
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.1
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.3
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.6.2
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9
FF - prefs.js..extensions.enabledItems: {83198F9A-4343-4828-9184-DB03D9F210DD}:1.9.1
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: fox@replace.fx:0.12.2
FF - prefs.js..extensions.enabledItems: afom@idevfh:2.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {4D144BC3-23FB-47de-90C5-63CCB0139CCF}:1.0
FF - prefs.js..extensions.enabledItems: VacuumPlacesImproved@lultimouomo-gmail.com:1.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\{83198F9A-4343-4828-9184-DB03D9F210DD}: C:\Users\Jayden\AppData\Local\{83198F9A-4343-4828-9184-DB03D9F210DD} [2010/05/25 11:58:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/07/26 02:36:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/15 17:18:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/02/11 10:33:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/02/07 15:07:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2011/02/07 15:07:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jayden\AppData\Roaming\Mozilla\Extensions
[2011/02/07 15:07:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jayden\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/02/25 10:50:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jayden\AppData\Roaming\Mozilla\Firefox\Profiles\h7grwyx9.default\extensions
[2011/02/03 08:35:09 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Jayden\AppData\Roaming\Mozilla\Firefox\Profiles\h7grwyx9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/11/13 12:14:31 | 000,000,000 | ---D | M] (TradeManager-Plugin) -- C:\Users\Jayden\AppData\Roaming\Mozilla\Firefox\Profiles\h7grwyx9.default\extensions\{4D144BC3-23FB-47de-90C5-63CCB0139CCF}
[2011/02/16 09:16:43 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Jayden\AppData\Roaming\Mozilla\Firefox\Profiles\h7grwyx9.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/01/08 18:05:37 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\Jayden\AppData\Roaming\Mozilla\Firefox\Profiles\h7grwyx9.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2011/02/09 14:20:42 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Jayden\AppData\Roaming\Mozilla\Firefox\Profiles\h7grwyx9.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010/09/29 16:43:17 | 000,000,000 | ---D | M] (AFOM Addon) -- C:\Users\Jayden\AppData\Roaming\Mozilla\Firefox\Profiles\h7grwyx9.default\extensions\afom@idevfh
[2011/02/07 14:52:16 | 000,000,000 | ---D | M] (Firebug) -- C:\Users\Jayden\AppData\Roaming\Mozilla\Firefox\Profiles\h7grwyx9.default\extensions\firebug@software.joehewitt.com
[2010/08/28 09:42:51 | 000,000,000 | ---D | M] ("FoxReplace") -- C:\Users\Jayden\AppData\Roaming\Mozilla\Firefox\Profiles\h7grwyx9.default\extensions\fox@replace.fx
[2010/05/11 08:56:48 | 000,000,000 | ---D | M] (reQall on Firefox) -- C:\Users\Jayden\AppData\Roaming\Mozilla\Firefox\Profiles\h7grwyx9.default\extensions\giridhar@reqall.com
[2010/09/19 10:33:36 | 000,000,000 | ---D | M] (Personas) -- C:\Users\Jayden\AppData\Roaming\Mozilla\Firefox\Profiles\h7grwyx9.default\extensions\personas@christopher.beard
[2011/01/14 13:59:01 | 000,000,000 | ---D | M] (Vacuum Places Improved) -- C:\Users\Jayden\AppData\Roaming\Mozilla\Firefox\Profiles\h7grwyx9.default\extensions\VacuumPlacesImproved@lultimouomo-gmail.com
[2010/03/04 10:06:05 | 000,002,255 | ---- | M] () -- C:\Users\Jayden\AppData\Roaming\Mozilla\Firefox\Profiles\h7grwyx9.default\searchplugins\askcom.xml
[2011/02/25 10:50:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/10/07 11:13:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/10/08 08:58:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/01/27 12:11:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/28 11:13:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010/07/26 02:36:51 | 000,000,000 | ---D | M] (Google Gears) -- C:\PROGRAM FILES\GOOGLE\GOOGLE GEARS\FIREFOX
[2010/05/25 11:58:24 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\JAYDEN\APPDATA\LOCAL\{83198F9A-4343-4828-9184-DB03D9F210DD}
[2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/01/16 10:55:13 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/01/16 10:55:13 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/01/16 10:55:13 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/01/16 10:55:13 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2009/06/11 07:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Apple_KbdMgr] C:\Program Files\Boot Camp\Bootcamp.exe (Apple Inc.)
O4 - HKLM..\Run: [Lachesis] C:\Program Files\Razer\Lachesis\razerhid.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKCU..\Run: [AdobeBridge] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra 'Tools' menuitem : Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/2.9 ... ontrol.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\System32\DreamScene.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\System32\livessp.dll (Microsoft Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 07:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{119f71e7-2c0e-11df-a042-002608bc071e}\Shell - "" = AutoRun
O33 - MountPoints2\{119f71e7-2c0e-11df-a042-002608bc071e}\Shell\AutoRun\command - "" = H:\LearningCS4.exe
O33 - MountPoints2\{60eb3d01-5dab-11df-a179-002608bc071e}\Shell - "" = AutoRun
O33 - MountPoints2\{60eb3d01-5dab-11df-a179-002608bc071e}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{60eb3d05-5dab-11df-a179-002608bc071e}\Shell - "" = AutoRun
O33 - MountPoints2\{60eb3d05-5dab-11df-a179-002608bc071e}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{60eb3d0f-5dab-11df-a179-002608bc071e}\Shell - "" = AutoRun
O33 - MountPoints2\{60eb3d0f-5dab-11df-a179-002608bc071e}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{60eb3d12-5dab-11df-a179-002608bc071e}\Shell - "" = AutoRun
O33 - MountPoints2\{60eb3d12-5dab-11df-a179-002608bc071e}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{6b69dbc7-20fb-11df-946e-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{6b69dbc7-20fb-11df-946e-806e6f6e6963}\Shell\AutoRun\command - "" = D:\elevation2010.exe
O33 - MountPoints2\{6c4fa66c-25af-11df-9deb-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{6c4fa66c-25af-11df-9deb-806e6f6e6963}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{6c4fa694-25af-11df-9deb-002608bc071e}\Shell - "" = AutoRun
O33 - MountPoints2\{6c4fa694-25af-11df-9deb-002608bc071e}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{6c4fa696-25af-11df-9deb-002608bc071e}\Shell - "" = AutoRun
O33 - MountPoints2\{6c4fa696-25af-11df-9deb-002608bc071e}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{6c4fa698-25af-11df-9deb-002608bc071e}\Shell - "" = AutoRun
O33 - MountPoints2\{6c4fa698-25af-11df-9deb-002608bc071e}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{d4b4a65a-2119-11df-ba64-002608bc071e}\Shell - "" = AutoRun
O33 - MountPoints2\{d4b4a65a-2119-11df-ba64-002608bc071e}\Shell\AutoRun\command - "" = F:\windows.exe dusit.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/02/23 22:43:35 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/02/23 18:05:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011/02/23 18:04:59 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2011/02/23 10:36:11 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011/02/23 10:36:11 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011/02/19 12:55:55 | 000,000,000 | ---D | C] -- C:\Users\Jayden\AppData\Roaming\JAM Software
[2011/02/19 12:55:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TreeSize Free
[2011/02/19 12:55:50 | 000,000,000 | ---D | C] -- C:\Program Files\JAM Software
[2011/02/18 08:56:06 | 000,000,000 | ---D | C] -- C:\Users\Jayden\Desktop\Malware removal
[2011/02/17 09:26:48 | 000,000,000 | ---D | C] -- C:\Users\Jayden\AppData\Roaming\com.adobe.ExMan
[2011/02/16 12:27:43 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/02/16 09:14:15 | 000,000,000 | ---D | C] -- C:\Program Files\Emsisoft Anti-Malware
[2011/02/16 09:14:15 | 000,000,000 | ---D | C] -- C:\Users\Jayden\Documents\Anti-Malware
[2011/02/13 17:20:35 | 000,000,000 | ---D | C] -- C:\Users\Jayden\AppData\Roaming\GARMIN
[2011/02/11 10:35:24 | 000,022,872 | R--- | C] (Adobe Systems Inc.) -- C:\Windows\System32\AdobePDFUI.dll
[2011/02/09 23:17:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2011/02/09 22:58:20 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/02/09 16:06:25 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/02/09 16:06:25 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/02/09 16:06:25 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/02/09 16:06:13 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/02/09 14:33:08 | 002,329,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/02/09 14:33:04 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011/02/09 14:33:04 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011/02/09 14:33:00 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011/02/09 14:33:00 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/02/09 14:33:00 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/02/09 14:33:00 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/02/09 14:32:59 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/02/09 14:32:59 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/02/09 14:32:59 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/02/09 14:32:59 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/02/09 14:32:58 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/02/09 14:32:55 | 000,294,400 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011/02/09 14:32:55 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011/02/09 14:32:53 | 003,957,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/02/09 14:32:53 | 003,901,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/02/09 14:32:44 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\upnp.dll
[2011/02/09 14:32:43 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\davclnt.dll
[2011/02/09 14:32:43 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscapi.dll
[2011/02/09 14:32:43 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwga.dll
[2011/02/09 14:32:42 | 000,219,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2011/02/07 15:07:54 | 000,000,000 | ---D | C] -- C:\Users\Jayden\AppData\Roaming\Thunderbird
[2011/02/07 15:07:54 | 000,000,000 | ---D | C] -- C:\Users\Jayden\AppData\Local\Thunderbird
[2011/02/07 15:07:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird
[2011/02/07 15:07:39 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2011/02/03 08:38:27 | 000,000,000 | ---D | C] -- C:\Users\Jayden\AppData\Local\Deployment
[2011/02/03 08:38:27 | 000,000,000 | ---D | C] -- C:\Users\Jayden\AppData\Local\Apps
[2011/01/29 14:11:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/01/29 14:10:08 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/01/28 11:13:46 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/01/28 11:13:46 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/01/28 11:13:46 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe

========== Files - Modified Within 30 Days ==========

[2011/02/26 10:40:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/02/26 10:11:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1335592811-217135681-78208730-1001UA.job
[2011/02/26 08:11:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1335592811-217135681-78208730-1001Core.job
[2011/02/25 22:48:28 | 000,654,694 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2011/02/25 22:48:28 | 000,631,364 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/02/25 22:48:28 | 000,449,842 | ---- | M] () -- C:\Windows\System32\perfh001.dat
[2011/02/25 22:48:28 | 000,115,860 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2011/02/25 22:48:28 | 000,111,456 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/02/25 22:48:28 | 000,084,052 | ---- | M] () -- C:\Windows\System32\perfc001.dat
[2011/02/25 17:40:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/02/25 10:54:37 | 002,073,654 | ---- | M] () -- C:\Windows\ACD Wallpaper.bmp
[2011/02/25 04:36:23 | 000,014,656 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/02/25 04:36:23 | 000,014,656 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/02/24 08:37:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/02/24 08:37:01 | 2194,698,240 | -HS- | M] () -- C:\hiberfil.sys
[2011/02/20 10:16:30 | 001,349,772 | ---- | M] () -- C:\Users\Jayden\Desktop\Must.psd
[2011/02/20 10:16:28 | 000,697,521 | ---- | M] () -- C:\Users\Jayden\Desktop\Must.jpg
[2011/02/16 08:33:21 | 000,000,017 | ---- | M] () -- C:\Users\Jayden\AppData\Local\resmon.resmoncfg
[2011/02/09 23:49:04 | 000,016,968 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011/02/09 23:46:20 | 000,000,570 | ---- | M] () -- C:\Windows\System32\.crusader
[2011/02/09 16:03:08 | 002,950,040 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/02/08 22:11:24 | 000,000,219 | ---- | M] () -- C:\Windows\System32\lsprst7.tgz
[2011/02/08 22:11:24 | 000,000,205 | ---- | M] () -- C:\Windows\System32\lsprst7.dll
[2011/02/08 22:11:24 | 000,000,087 | ---- | M] () -- C:\Windows\System32\ssprs.tgz
[2011/02/08 22:11:24 | 000,000,073 | ---- | M] () -- C:\Windows\System32\ssprs.dll
[2011/02/08 22:11:24 | 000,000,021 | ---- | M] () -- C:\Windows\SurCode.INI
[2011/02/07 15:07:55 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2011/02/03 15:45:07 | 000,219,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2011/02/02 17:11:20 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2011/01/31 08:57:51 | 000,238,372 | -H-- | M] () -- C:\Windows\System32\mlfcache.dat
[2011/01/27 14:12:27 | 000,010,593 | ---- | M] () -- C:\Windows\CSTBox.INI

========== Files Created - No Company Name ==========

[2011/02/20 10:16:27 | 000,697,521 | ---- | C] () -- C:\Users\Jayden\Desktop\Must.jpg
[2011/02/19 17:15:20 | 001,349,772 | ---- | C] () -- C:\Users\Jayden\Desktop\Must.psd
[2011/02/16 08:33:21 | 000,000,017 | ---- | C] () -- C:\Users\Jayden\AppData\Local\resmon.resmoncfg
[2011/02/09 23:46:20 | 000,000,570 | ---- | C] () -- C:\Windows\System32\.crusader
[2011/02/09 23:18:18 | 000,016,968 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011/02/09 16:06:25 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/02/09 16:06:25 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/02/09 16:06:25 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/02/09 16:06:25 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/02/09 16:06:25 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/02/07 15:07:55 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/10/07 10:17:03 | 000,000,023 | ---- | C] () -- C:\Windows\SWFDecompiler.INI
[2010/09/03 23:16:13 | 000,000,038 | ---- | C] () -- C:\Windows\camcodec100.ini
[2010/07/25 18:15:02 | 000,038,431 | ---- | C] () -- C:\Users\Jayden\AppData\Roaming\Comma Separated Values (Windows).ADR
[2010/06/22 17:42:37 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010/06/22 17:42:37 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010/05/25 11:58:25 | 000,000,120 | ---- | C] () -- C:\Users\Jayden\AppData\Local\Uhaquwokuqisal.dat
[2010/05/25 11:58:25 | 000,000,000 | ---- | C] () -- C:\Users\Jayden\AppData\Local\Efuvis.bin
[2010/05/25 11:56:40 | 000,000,016 | ---- | C] () -- C:\Users\Jayden\AppData\Roaming\khiteb.dat
[2010/05/19 10:48:25 | 000,010,593 | ---- | C] () -- C:\Windows\CSTBox.INI
[2010/03/03 22:59:34 | 000,000,600 | ---- | C] () -- C:\Users\Jayden\AppData\Local\PUTTY.RND
[2010/03/02 10:55:05 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll
[2010/03/02 10:55:05 | 000,001,025 | ---- | C] () -- C:\Windows\System32\clauth2.dll
[2010/03/02 10:55:05 | 000,001,025 | ---- | C] () -- C:\Windows\System32\clauth1.dll
[2010/03/02 10:55:05 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll
[2010/03/02 10:55:05 | 000,000,073 | ---- | C] () -- C:\Windows\System32\ssprs.dll
[2010/03/02 10:55:04 | 000,000,021 | ---- | C] () -- C:\Windows\SurCode.INI
[2009/07/14 09:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 09:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 198 bytes -> C:\ProgramData\TEMP:0C1EFF69
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:C23D5E4F

< End of report >
jayden
Active Member
 
Posts: 11
Joined: February 17th, 2011, 6:52 pm

Re: trojan.js.tracur!ik - Google redirect virus?

Unread postby jayden » February 25th, 2011, 8:52 pm

Extras.Txt:

OTL Extras logfile created on: 26/02/2011 10:42:28 AM - Run 1
OTL by OldTimer - Version 3.2.21.0 Folder = C:\Users\Jayden\Desktop\Malware removal\OTL
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 70.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 414.57 Gb Total Space | 207.28 Gb Free Space | 50.00% Space Free | Partition Type: NTFS
Drive E: | 50.88 Gb Total Space | 7.79 Gb Free Space | 15.32% Space Free | Partition Type: HFS
Drive T: | 1853.45 Gb Total Space | 1244.51 Gb Free Space | 67.15% Space Free | Partition Type: NTFS

Computer Name: STEALTH | User Name: Jayden | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\PROGRA~1\COFFEE~1\COFFEE~1\coffee.exe" "%1"
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4802" = CanoScan LiDE 600F
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{14F70205-1940-4000-88C7-BE799A6B2CAD}" = Adobe Soundbooth CS4
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{171E6C1E-B5FC-11DF-B115-005056C00008}" = Google Earth Plug-in
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A414CE4-CE57-4718-A4E0-B2C33DC4D620}_is1" = True Time Tracker
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 23
"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
"{2AD738DC-FC24-4342-A2DA-BB6DCCF6B048}" = Jing
"{2B97CDFE-E5C7-486D-A92E-DA148F888C44}" = X-Lite Beta
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33F9F10F-3239-4F1A-ADD7-0E613967569A}_is1" = Aunsoft MTS Converter version 1.0.2.2185
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3BEF9769-BA52-18F7-1D02-2362F6A27E38}" = Adobe Media Player
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{4B6FC943-504B-46DB-A53A-132EDFF4899D}" = Foxtel Download Manager 4.1.500.11
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4F213D2A-B942-4611-AEE5-49F9D42D0A2F}" = Adobe CS4 International English Speech Analysis Models
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5BF5F9C5-E95B-4AFA-94BE-F2A9CA73B61D}" = Apple Mobile Device Support
"{5EAD5443-7194-46CC-A055-428E6ABB1BAF}" = Adobe Encore CS4
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}" = Safari
"{6E9EF98E-259E-416D-B5F8-0ABDB99942CE}" = Adobe Flash Player 10 ActiveX
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C8224B7-AA9B-4807-97CD-55899BAC83FE}" = YouSendIt Express
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E07D32B-162C-4AF3-BCF1-6A8E7FC5772D}" = MysticThumbs
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00B4-0409-0000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile Device Center
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2010
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9966A5DB-8BB0-4D89-A701-386ED84E79B8}" = Adobe Creative Suite 4 Master Collection
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C538746-C2DC-40FC-B1FB-D4EA7966ABEB}" = Skype™ 5.1
"{9ECE13D2-C028-44CB-8A96-A65196E7BBE7}_is1" = Convert AVI to MP4 1.3
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAD47011-8518-4608-9656-951DA35B587B}" = iTunes
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-1033-F400-7760-000000000004}_942" = Adobe Acrobat 9.4.2 - CPSID_83708
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B095B0A4-50A5-46D7-9988-D038FEB040C0}" = Adobe Encore CS4 Library
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B56ACF7B-D7B5-442B-8E1D-6B41347D88B2}" = Boot Camp Services
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BCDB856C-D247-4DEE-9132-89C02F4D6B8C}_is1" = Sothink SWF Decompiler
"{BCEEDC10-441F-4E4E-8590-0955C4C6B3F6}" = Adobe Setup
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{CB4532F7-A1BD-46D2-9938-3E7D4656FB18}" = Razer Lachesis
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE93C501-8C33-4F0F-9590-0C006F03C823}" = Screencast.com Desktop Uploader
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D218183B-5DA8-4C4A-A6BA-3CCC772A683A}" = FlippingBook PDF Publisher
"{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}" = Windows Resource Kit Tools - SubInAcl.exe
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile Device Center Driver Update
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F13005B5-ABF5-AE15-6C58-252D2D83CCF1}" = PWF Time Tracker
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F600CCF3-9C88-4A22-B0B4-DDA82E997118}" = Adobe After Effects CS4 Template Projects & Footage
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F8073E07-2739-4F11-A1CF-B821B9BB49E1}" = Mindjet MindManager Lite 7
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"065B919FD23D12E588F6E2BFB21F7836E2F0E704" = Windows Driver Package - Intel (e1yexpress) Net (07/16/2008 9.52.10.0)
"07170A155D5587C8782EABA10E94E4127A86F6E4" = Windows Driver Package - Apple Inc. (AppleUSBEthernet) Net (02/01/2008 3.8.3.10)
"0A86889A63334895E2898E1C618451C13E8BEC74" = Windows Driver Package - Atheros Communications Inc. (athr) Net (09/18/2008 7.6.1.122)
"111E266FDD1556398EFC13BE47678F96E8497682" = Windows Driver Package - Apple Inc. Apple Trackpad Enabler (07/13/2009 3.0.0.1)
"1D68F7A8B8397256B162B831457A6775BD17F3F4" = Windows Driver Package - Marvell (yukonwlh) Net (03/23/2007 10.12.7.3)
"1E934494E1FDB938ED1D9B958D5D5D465A07F06A" = Windows Driver Package - Intel (e1qexpress) Net (08/05/2008 10.3.49.0)
"2A220AD1D71245D60F803E0D8C463ABFFE7C6244" = Windows Driver Package - Apple Inc. Apple Trackpad Enabler (02/19/2009 3.0.0.0)
"2AC97D2605162B73D046D68013D1030CB7CFB87E" = Windows Driver Package - Intel (E1G60) Net (01/08/2008 8.3.9.0)
"2E2B6DCC02509BB8D2629A009DE8B5C3055B6779" = Windows Driver Package - Apple Inc. Apple ODD (05/17/2010 3.1.0.0)
"3A712FAD839A90C4CD37CE06FA695DCC4E91A52F" = Windows Driver Package - Apple Inc. Apple Trackpad (03/05/2009 3.0.0.0)
"4D00971668041EDAD7097C5827D1739F03B9E5D7" = Windows Driver Package - Apple Inc. Apple IR Receiver (02/21/2008 2.0.4.0)
"5405F83664E016638462F8F8C1DAE59D04942778" = Windows Driver Package - Apple Inc. Bluetooth (11/23/2009 3.0.0.4)
"5A42EC04483B9307C1A29CDA2199268A7A8FA52D" = Windows Driver Package - Atheros Communications Inc. Net (09/18/2008 7.6.1.122)
"5F8BE32FAE3D6BC77B512F7B0624D7B6C8A26EFB" = Windows Driver Package - Apple Inc. Apple Bluetooth Enabler (06/27/2007 2.0.0.1)
"627745F8E8BB901B043047C3E308B4A76C1194FE" = Windows Driver Package - Intel Net (11/07/2007 8.10.1.0)
"675AAC36E980D647C94EAFFB2F929F247E711708" = Windows Driver Package - Intel Net (07/22/2008 10.3.45.0)
"680D5EED614F3F01A9AD4547E9D81CFE9B0E4902" = Windows Driver Package - Cirrus Logic, Inc. (CirrusFilter) MEDIA (08/16/2010 6.6001.1.26)
"68446A4387EFABF44AE4C69CC9B6F9EDF8F10D7A" = Windows Driver Package - Apple Inc. Apple Broadcom Bluetooth (11/23/2009 3.1.0.1)
"695F4B9353FEE9320C20D297713F8828693D8AF3" = Windows Driver Package - Apple Inc. Apple Multitouch Mouse (03/25/2009 2.1.2.112)
"6B401A4481C0B1B07B5D7425378A5C00FF7D75DE" = Windows Driver Package - Apple Inc. Apple Multitouch Mouse (09/10/2009 3.0.0.0)
"75B57AFB407D191B0DAEF05EE9665A5A86701A9A" = Windows Driver Package - Broadcom (BCM43XX) Net (10/22/2008 5.10.38.26)
"78C67451B87511098A9A0EC86E75B99B12298F5C" = Windows Driver Package - Intel Net (02/06/2008 9.12.18.0)
"7BD968405DE73C7E0F8E489DB5A5853A6CCB8D1D" = Windows Driver Package - Intel Net (08/05/2008 10.3.49.0)
"7C4C70065E755397913A9698B9D9DF16D7345D18" = Windows Driver Package - Cirrus Logic, Inc. (CirrusFilter) MEDIA (01/02/2010 6.6001.1.21)
"82BE89CA9B7493FA05D2D4D32B415CF07EA08B47" = Windows Driver Package - Intel System (07/20/2007 1.2.76.0)
"8D5DC06C9163DD58555F626F30703DA7B27EB8EB" = Windows Driver Package - Apple Inc. Apple Multitouch (03/25/2009 2.1.2.112)
"9324ED54E32F5399037F87E076CA01C6CEB92830" = Windows Driver Package - Apple Inc. Apple Built-in iSight (10/25/2007 2.0.1.0)
"950F5FEDF7BEABD19AAE5CEA69570873BE2A99DA" = Windows Driver Package - Atheros Communications Inc. (athr) Net (11/18/2009 8.0.0.258)
"9747248FCA6A074E791AABC17F527823A8225756" = Windows Driver Package - Intel (e1kexpress) Net (07/22/2008 10.3.45.0)
"9AA5295F27284963423D072C7FC59D57CDE15ACA" = Windows Driver Package - Broadcom (b57nd60x) Net (05/28/2009 12.2.0.3)
"A06888013552B918232820F81FDBA706F5CAAD39" = Windows Driver Package - Intel Net (06/13/2008 9.52.9.0)
"A0DAD483951AB3046050D68A2A1D8CEB4A7C61EE" = Windows Driver Package - Apple Inc. Apple Trackpad (07/13/2009 3.0.0.1)
"A7A7D84907D2DCB34930D77C6BA911E3834C1E34" = Windows Driver Package - Apple Inc. Apple Multitouch Mouse (10/05/2010 3.2.0.1)
"ACDSee Classic" = ACDSee Classic
"AD3493E108434977125BBF78F47699626F8AF64B" = Windows Driver Package - Apple Inc. (AppleUSBEthernet) Net (01/11/2008 3.4.3.18)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_7e74552a59eaf9fafd13f90894ac9bd" = Adobe Creative Suite 4 Master Collection
"AEB482706002E9220FBFB86D4A1D24257F71A3D4" = Windows Driver Package - Apple Inc. Apple Multitouch (10/05/2010 3.2.0.1)
"Any Video Converter_is1" = Any Video Converter 3.0.7
"AnyDVD" = AnyDVD
"A-PDF Page Cut_is1" = A-PDF Page Cut 1.8
"AviSynth" = AviSynth 2.5
"B345101E6CC8B2FD9765620B9C7BCD3D7002BE6D" = Windows Driver Package - Intel (e1express) Net (02/06/2008 9.12.17.0)
"B4AC4F962DDC0DD6B71FCF20B8F2F694214FAE69" = Windows Driver Package - Apple Inc. Apple ODD (01/17/2008 2.0.2.2)
"C5CE3BA75A23622D2140C5D5D0998C07DDC4CF1C" = Windows Driver Package - Apple Inc. Apple Display (01/23/2009 3.0.0.0)
"CamStudio" = CamStudio
"CamStudio Lossless Codec_is1" = CamStudio Lossless Codec v1.4
"CanoScan Toolbox 5.0" = Canon CanoScan Toolbox 5.0
"CCleaner" = CCleaner
"CD6212024668E03491C257CA53617893F2E8E924" = Windows Driver Package - Apple Inc. Apple Multitouch (09/10/2009 3.0.0.0)
"CFC3D985EA69596C8BE0A30313010FCC8CE2C70F" = Windows Driver Package - Apple Inc. Apple Wireless Trackpad (08/24/2010 3.1.0.7)
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Date With Destiny_is1" = Date With Destiny
"DCEFA559AE3275AB4F80389685E1BD3D978A5707" = Windows Driver Package - Cirrus Logic, Inc. (CirrusFilter) MEDIA (04/29/2009 6.6001.1.8)
"DD660B87FBFA46A1E99C15466EA26AA41E678250" = Windows Driver Package - Apple Inc. Apple Keyboard (03/05/2009 3.0.0.0)
"DE32692B1421420518B0CA8EEDD6DF2A494F279F" = Windows Driver Package - Apple Inc. Apple Wireless Mouse (11/30/2009 3.0.0.6)
"Defraggler" = Defraggler
"E9575EA5D430B59D0CFF29323C74D0FBA1898F3B" = Windows Driver Package - Broadcom (BCM43XX) Net (08/21/2009 5.60.18.8)
"F24CB85E5983448F6319803791DEACED91E6565B" = Windows Driver Package - Apple Inc. System (08/22/2008 2.1.1.1)
"F2AE684ADF164A03D9FFABF28F04DDE05ED67BC5" = Windows Driver Package - Apple Inc. Apple Keyboard (04/06/2009 3.0.0.0)
"FileZilla Client" = FileZilla Client 3.3.5.1
"FOXTEL Download Player" = FOXTEL Download Player
"Free HD Converter_is1" = Free HD Converter V 1.7
"Glo Bible Software" = Glo Bible Software
"Google Calendar Sync" = Google Calendar Sync
"Hugin_release_is1" = Hugin 2009.4.0
"IETester" = IETester v0.4.7 (remove only)
"InstallShield_{8C8224B7-AA9B-4807-97CD-55899BAC83FE}" = YouSendIt Express
"Magic ISO Maker v5.5 (build 0276)" = Magic ISO Maker v5.5 (build 0276)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MDM Zinc 3.0_is1" = Zinc 3
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Mozilla Thunderbird (3.1.7)" = Mozilla Thunderbird (3.1.7)
"NoIPDUC" = No-IP DUC
"Notepad++" = Notepad++
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.PRJPROR" = Microsoft Project Professional 2010
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Optus Wireless Broadband" = Optus Wireless Broadband
"PDF-XChange 3_is1" = PDF-XChange 3
"Pen Tablet Driver" = Bamboo
"PQ_DVD_to_iPhone_Video_Suite" = PQ DVD to iPhone Video Suite (remove only)
"PTGui" = PTGui 9.0.1
"PWFWidget.51524EE84185FF3C864B8F77361ECB853EAAC70F.1" = PWF Time Tracker
"Space Screensaver.SCR" = Space Screensaver
"SyncBack_is1" = SyncBack
"TeamViewer 6" = TeamViewer 6
"The KMPlayer" = The KMPlayer (remove only)
"TreeSize Free_is1" = TreeSize Free V2.5
"Videora iPad Converter" = Videora iPad Converter 5.04
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Xvid_is1" = Xvid 1.2.2 final uninstall

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Adobe Acrobat Connect Add-in" = Adobe Acrobat Connect Add-in
"Facebook Plug-In" = Facebook Plug-In
"Google Chrome" = Google Chrome
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 17/02/2011 1:52:27 AM | Computer Name = Stealth | Source = Application Error | ID = 1000
Description = Faulting application name: firefox.exe, version: 1.9.2.3989, time
stamp: 0x4cf9293f Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x00380038 Faulting process id: 0xb5c Faulting application
start time: 0x01cbce2dbf7a42b0 Faulting application path: C:\Program Files\Mozilla
Firefox\firefox.exe Faulting module path: unknown Report Id: 195ec600-3a5a-11e0-97a4-002608bc071e

Error - 18/02/2011 1:19:49 AM | Computer Name = Stealth | Source = a2AntiMalware | ID = 0
Description =

Error - 18/02/2011 10:27:00 PM | Computer Name = Stealth | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image
of binary C.O.M.O.D.O. Disk Raw Access Filter. System Error: The system cannot find
the file specified. .

Error - 18/02/2011 10:27:00 PM | Computer Name = Stealth | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image
of binary CBUfs. System Error: The system cannot find the file specified. .

Error - 18/02/2011 10:30:27 PM | Computer Name = Stealth | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image
of binary C.O.M.O.D.O. Disk Raw Access Filter. System Error: The system cannot find
the file specified. .

Error - 18/02/2011 10:30:27 PM | Computer Name = Stealth | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image
of binary CBUfs. System Error: The system cannot find the file specified. .

Error - 21/02/2011 7:37:28 AM | Computer Name = Stealth | Source = Application Error | ID = 1000
Description = Faulting application name: firefox.exe, version: 1.9.2.3989, time
stamp: 0x4cf9293f Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x00610050 Faulting process id: 0xa20 Faulting application
start time: 0x01cbd1b550c72dac Faulting application path: C:\Program Files\Mozilla
Firefox\firefox.exe Faulting module path: unknown Report Id: f58e128c-3dae-11e0-9ca9-002608bc071e

Error - 21/02/2011 7:37:33 AM | Computer Name = Stealth | Source = Application Error | ID = 1000
Description = Faulting application name: firefox.exe, version: 1.9.2.3989, time
stamp: 0x4cf9293f Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x0038002e Faulting process id: 0xa20 Faulting application
start time: 0x01cbd1b550c72dac Faulting application path: C:\Program Files\Mozilla
Firefox\firefox.exe Faulting module path: unknown Report Id: f861a4ec-3dae-11e0-9ca9-002608bc071e

Error - 24/02/2011 6:49:54 AM | Computer Name = Stealth | Source = Application Error | ID = 1000
Description = Faulting application name: msnmsgr.exe, version: 15.4.3502.922, time
stamp: 0x4c9b0282 Faulting module name: wlupdate.15.4.105.0.dll_unloaded, version:
0.0.0.0, time stamp: 0x4c9afde5 Exception code: 0xc0000005 Fault offset: 0x5bf9c0c4
Faulting
process id: 0x990 Faulting application start time: 0x01cbd3ab7a0b0510 Faulting application
path: C:\Program Files\Windows Live\Messenger\msnmsgr.exe Faulting module path:
wlupdate.15.4.105.0.dll Report Id: cfbdb9c0-4003-11e0-9784-002608bc071e

Error - 24/02/2011 7:16:45 AM | Computer Name = Stealth | Source = Application Error | ID = 1000
Description = Faulting application name: msnmsgr.exe, version: 15.4.3502.922, time
stamp: 0x4c9b0282 Faulting module name: wlupdate.15.4.105.0.dll_unloaded, version:
0.0.0.0, time stamp: 0x4c9afde5 Exception code: 0xc0000005 Fault offset: 0x5bf3daf2
Faulting
process id: 0x990 Faulting application start time: 0x01cbd3ab7a0b0510 Faulting application
path: C:\Program Files\Windows Live\Messenger\msnmsgr.exe Faulting module path:
wlupdate.15.4.105.0.dll Report Id: 901c37c0-4007-11e0-9784-002608bc071e

[ Media Center Events ]
Error - 6/09/2010 6:03:52 PM | Computer Name = Stealth | Source = MCUpdate | ID = 0
Description = 8:03:46 AM - Error connecting to the internet. 8:03:46 AM - Unable
to contact server..

Error - 6/09/2010 7:03:58 PM | Computer Name = Stealth | Source = MCUpdate | ID = 0
Description = 9:03:56 AM - Error connecting to the internet. 9:03:56 AM - Unable
to contact server..

Error - 6/09/2010 8:59:21 PM | Computer Name = Stealth | Source = MCUpdate | ID = 0
Description = 10:59:21 AM - Error connecting to the internet. 10:59:21 AM - Unable
to contact server..

Error - 6/09/2010 8:59:27 PM | Computer Name = Stealth | Source = MCUpdate | ID = 0
Description = 10:59:26 AM - Error connecting to the internet. 10:59:26 AM - Unable
to contact server..

Error - 6/09/2010 9:59:32 PM | Computer Name = Stealth | Source = MCUpdate | ID = 0
Description = 11:59:32 AM - Error connecting to the internet. 11:59:32 AM - Unable
to contact server..

Error - 6/09/2010 9:59:39 PM | Computer Name = Stealth | Source = MCUpdate | ID = 0
Description = 11:59:37 AM - Error connecting to the internet. 11:59:37 AM - Unable
to contact server..

Error - 6/09/2010 10:59:43 PM | Computer Name = Stealth | Source = MCUpdate | ID = 0
Description = 12:59:43 PM - Error connecting to the internet. 12:59:43 PM - Unable
to contact server..

Error - 6/09/2010 10:59:50 PM | Computer Name = Stealth | Source = MCUpdate | ID = 0
Description = 12:59:48 PM - Error connecting to the internet. 12:59:48 PM - Unable
to contact server..

Error - 7/09/2010 4:18:00 AM | Computer Name = Stealth | Source = MCUpdate | ID = 0
Description = 6:18:00 PM - Error connecting to the internet. 6:18:00 PM - Unable
to contact server..

Error - 7/09/2010 4:18:07 AM | Computer Name = Stealth | Source = MCUpdate | ID = 0
Description = 6:18:05 PM - Error connecting to the internet. 6:18:05 PM - Unable
to contact server..

[ System Events ]
Error - 24/11/2010 4:08:49 AM | Computer Name = Stealth | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 24/11/2010 4:08:59 AM | Computer Name = Stealth | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 24/11/2010 4:09:09 AM | Computer Name = Stealth | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 24/11/2010 4:09:19 AM | Computer Name = Stealth | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 24/11/2010 4:09:29 AM | Computer Name = Stealth | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 24/11/2010 4:09:39 AM | Computer Name = Stealth | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 24/11/2010 4:29:16 AM | Computer Name = Stealth | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.

Error - 24/11/2010 8:46:19 AM | Computer Name = Stealth | Source = DCOM | ID = 10010
Description =

Error - 24/11/2010 6:35:24 PM | Computer Name = Stealth | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.

Error - 24/11/2010 9:11:47 PM | Computer Name = Stealth | Source = ACPI | ID = 327693
Description = : The embedded controller (EC) did not respond within the specified
timeout period. This may indicate that there is an error in the EC hardware or
firmware or that the BIOS is accessing the EC incorrectly. You should check with
your computer manufacturer for an upgraded BIOS. In some situations, this error
may cause the computer to function incorrectly.


< End of report >
jayden
Active Member
 
Posts: 11
Joined: February 17th, 2011, 6:52 pm

Re: trojan.js.tracur!ik - Google redirect virus?

Unread postby Blade81 » February 26th, 2011, 7:07 am

Hi again,

Let's run OTL.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: Select all
    :OTL
    FF - HKLM\software\mozilla\Firefox\Extensions\\{83198F9A-4343-4828-9184-DB03D9F210DD}: C:\Users\Jayden\AppData\Local\{83198F9A-4343-4828-9184-DB03D9F210DD} [2010/05/25 11:58:24 | 000,000,000 | ---D | M]
    [2010/05/25 11:58:24 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\JAYDEN\APPDATA\LOCAL\{83198F9A-4343-4828-9184-DB03D9F210DD}
    O33 - MountPoints2\{d4b4a65a-2119-11df-ba64-002608bc071e}\Shell\AutoRun\command - "" = F:\windows.exe dusit.exe
    :Commands
    [emptytemp]
    

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post a new OTL log


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 24.
  • Click the
    Download
    button to the right.
  • Select Windows on platform combobox and check the box that says:
    Accept License Agreement. Click continue.
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u24-windows-i586-p.exe to install the newest version. Uncheck Carbonite online backup trial if it's offered there.


* Go here to run an online scanner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is UNchecked.
  • Click Scan
  • Wait for the scan to finish.


Post back its report & fresh OTL.txt log. How's the system running?
User avatar
Blade81
Admin/Teacher
Admin/Teacher
 
Posts: 5245
Joined: July 17th, 2006, 3:36 am
Location: Finland

Re: trojan.js.tracur!ik - Google redirect virus?

Unread postby jayden » February 26th, 2011, 7:37 am

This is the log that was open on restart:


All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{83198F9A-4343-4828-9184-DB03D9F210DD} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{83198F9A-4343-4828-9184-DB03D9F210DD}\ not found.
C:\Users\Jayden\AppData\Local\{83198F9A-4343-4828-9184-DB03D9F210DD}\chrome\content folder moved successfully.
C:\Users\Jayden\AppData\Local\{83198F9A-4343-4828-9184-DB03D9F210DD}\chrome folder moved successfully.
C:\Users\Jayden\AppData\Local\{83198F9A-4343-4828-9184-DB03D9F210DD} folder moved successfully.
Folder C:\USERS\JAYDEN\APPDATA\LOCAL\{83198F9A-4343-4828-9184-DB03D9F210DD}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d4b4a65a-2119-11df-ba64-002608bc071e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d4b4a65a-2119-11df-ba64-002608bc071e}\ not found.
File F:\windows.exe dusit.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56502 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Jayden
->Temp folder emptied: 24067560 bytes
->Temporary Internet Files folder emptied: 10600576 bytes
->Java cache emptied: 28500744 bytes
->FireFox cache emptied: 119650269 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 5333988 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 78294 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 102825853 bytes

Total Files Cleaned = 278.00 mb


OTL by OldTimer - Version 3.2.21.0 log created on 02262011_212610

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
jayden
Active Member
 
Posts: 11
Joined: February 17th, 2011, 6:52 pm

Re: trojan.js.tracur!ik - Google redirect virus?

Unread postby Blade81 » February 27th, 2011, 7:42 am

Good. Please follow those other steps too.
User avatar
Blade81
Admin/Teacher
Admin/Teacher
 
Posts: 5245
Joined: July 17th, 2006, 3:36 am
Location: Finland

Re: trojan.js.tracur!ik - Google redirect virus?

Unread postby jayden » February 28th, 2011, 5:46 pm

New OTL.Txt log:

OTL logfile created on: 1/03/2011 7:34:05 AM - Run 2
OTL by OldTimer - Version 3.2.21.0 Folder = C:\Users\Jayden\Desktop\Malware removal\OTL
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 65.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 414.57 Gb Total Space | 206.03 Gb Free Space | 49.70% Space Free | Partition Type: NTFS
Drive D: | 3.63 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive E: | 50.88 Gb Total Space | 7.92 Gb Free Space | 15.57% Space Free | Partition Type: HFS
Drive T: | 1853.45 Gb Total Space | 1244.51 Gb Free Space | 67.15% Space Free | Partition Type: NTFS

Computer Name: STEALTH | User Name: Jayden | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Jayden\Desktop\Malware removal\OTL\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Boot Camp\Bootcamp.exe (Apple Inc.)
PRC - C:\Windows\System32\AppleOSSMgr.exe ()
PRC - C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\Connectify\Connectifyd.exe (Connectify)
PRC - C:\Windows\System32\AppleTimeSrv.exe (Apple Inc.)
PRC - C:\Program Files\Razer\Lachesis\razerhid.exe ()
PRC - C:\Program Files\Razer\Lachesis\razertra.exe ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Razer\Lachesis\OSD.exe (razercfg MFC Application)
PRC - C:\Program Files\Razer\Lachesis\razerofa.exe (Razer Inc.)


========== Modules (SafeList) ==========

MOD - C:\Users\Jayden\Desktop\Malware removal\OTL\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (PEVSystemStart) -- File not found
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (TeamViewer6) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (AppleOSSMgr) -- C:\Windows\System32\AppleOSSMgr.exe ()
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (TouchServicePen) -- C:\Program Files\Tablet\Pen\Pen_TouchService.exe (Wacom Technology, Corp.)
SRV - (TabletServicePen) -- C:\Program Files\Tablet\Pen\Pen_Tablet.exe (Wacom Technology, Corp.)
SRV - (Connectify) -- C:\Program Files\Connectify\Connectifyd.exe (Connectify)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (AppleTimeSrv) -- C:\Windows\System32\AppleTimeSrv.exe (Apple Inc.)
SRV - (Foxtel) -- C:\Program Files\FOXTEL\Download Player\Download Control\DCBin\DCService.exe (Entriq, Inc.)
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (AppleHFS) -- C:\Windows\System32\drivers\AppleHFS.sys (Apple Inc.)
DRV - (MacHALDriver) -- C:\Windows\System32\drivers\MacHALDriver.sys (Apple Inc.)
DRV - (AppleMNT) -- C:\Windows\System32\drivers\AppleMNT.sys (Apple Inc.)
DRV - (KeyAgent) -- C:\Windows\System32\drivers\KeyAgent.sys (Apple Inc.)
DRV - (CirrusFilter) -- C:\Windows\System32\drivers\CS420x86.sys (Cirrus Logic)
DRV - (applemtp) -- C:\Windows\System32\drivers\applemtp.sys (Apple Inc.)
DRV - (applemtm) -- C:\Windows\System32\drivers\applemtm.sys (Apple Inc.)
DRV - (NVNET) -- C:\Windows\System32\drivers\nvmf6232.sys (NVIDIA Corporation)
DRV - (connctfyMP) -- C:\Windows\System32\drivers\connctfy.sys (Connectify)
DRV - (connctfy) -- C:\Windows\System32\drivers\connctfy.sys (Connectify)
DRV - (Netaapl) -- C:\Windows\System32\drivers\netaapl.sys (Apple Inc.)
DRV - (btusbflt) -- C:\Windows\System32\drivers\btusbflt.sys (Broadcom Corporation.)
DRV - (AnyDVD) -- C:\Windows\System32\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (1394ohci) -- C:\Windows\system32\DRIVERS\1394ohci.sys (Microsoft Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (BCM43XX) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corporation)
DRV - (ElbyCDIO) -- C:\Windows\System32\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (LachesisFltr) -- C:\Windows\System32\drivers\Lachesis.sys (Razer (Asia-Pacific) Pte Ltd)
DRV - (wacomvhid) -- C:\Windows\System32\drivers\wacomvhid.sys (Wacom Technology)
DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (IRRemoteFlt) -- C:\Windows\System32\drivers\IRFilter.sys (Apple Inc.)
DRV - (KeyMagic) -- C:\Windows\System32\drivers\KeyMagic.sys (Apple Inc.)
DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)
DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)
DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (vwififlt) -- C:\Windows\System32\drivers\vwififlt.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (AF15BDA) -- C:\Windows\System32\drivers\AF15BDA.sys (ITETech )
DRV - (USBPNPA) -- C:\Windows\System32\drivers\CM108.sys (C-Media Inc)
DRV - (wacommousefilter) -- C:\Windows\System32\drivers\wacommousefilter.sys (Wacom Technology)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://co107w.col107.mail.live.com/defa ... wsignin1.0
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B0 91 3D 20 66 B5 CA 01 [binary data]
IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://mail.google.com/a/thermosis.com/#inbox|https://www.google.com/calendar/hosted/thermosis.com/renderOnline|https://thermosis.freshbooks.com/menu.php?CB431CBbG9naW49L0ZCMjAxOTE=|https://www.kazeli.com/weboffice/indexs.cfm"
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.1
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.3
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.6.2
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: fox@replace.fx:0.12.2
FF - prefs.js..extensions.enabledItems: afom@idevfh:2.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {4D144BC3-23FB-47de-90C5-63CCB0139CCF}:1.0
FF - prefs.js..extensions.enabledItems: VacuumPlacesImproved@lultimouomo-gmail.com:1.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/07/26 02:36:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/15 17:18:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/02/11 10:33:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/02/07 15:07:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2011/02/07 15:07:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jayden\AppData\Roaming\Mozilla\Extensions
[2011/02/07 15:07:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jayden\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/02/28 14:00:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jayden\AppData\Roaming\Mozilla\Firefox\Profiles\h7grwyx9.default\extensions
[2011/02/03 08:35:09 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Jayden\AppData\Roaming\Mozilla\Firefox\Profiles\h7grwyx9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/11/13 12:14:31 | 000,000,000 | ---D | M] (TradeManager-Plugin) -- C:\Users\Jayden\AppData\Roaming\Mozilla\Firefox\Profiles\h7grwyx9.default\extensions\{4D144BC3-23FB-47de-90C5-63CCB0139CCF}
[2011/02/16 09:16:43 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Jayden\AppData\Roaming\Mozilla\Firefox\Profiles\h7grwyx9.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/01/08 18:05:37 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\Jayden\AppData\Roaming\Mozilla\Firefox\Profiles\h7grwyx9.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2011/02/09 14:20:42 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Jayden\AppData\Roaming\Mozilla\Firefox\Profiles\h7grwyx9.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010/09/29 16:43:17 | 000,000,000 | ---D | M] (AFOM Addon) -- C:\Users\Jayden\AppData\Roaming\Mozilla\Firefox\Profiles\h7grwyx9.default\extensions\afom@idevfh
[2011/02/07 14:52:16 | 000,000,000 | ---D | M] (Firebug) -- C:\Users\Jayden\AppData\Roaming\Mozilla\Firefox\Profiles\h7grwyx9.default\extensions\firebug@software.joehewitt.com
[2010/08/28 09:42:51 | 000,000,000 | ---D | M] ("FoxReplace") -- C:\Users\Jayden\AppData\Roaming\Mozilla\Firefox\Profiles\h7grwyx9.default\extensions\fox@replace.fx
[2010/05/11 08:56:48 | 000,000,000 | ---D | M] (reQall on Firefox) -- C:\Users\Jayden\AppData\Roaming\Mozilla\Firefox\Profiles\h7grwyx9.default\extensions\giridhar@reqall.com
[2010/09/19 10:33:36 | 000,000,000 | ---D | M] (Personas) -- C:\Users\Jayden\AppData\Roaming\Mozilla\Firefox\Profiles\h7grwyx9.default\extensions\personas@christopher.beard
[2011/01/14 13:59:01 | 000,000,000 | ---D | M] (Vacuum Places Improved) -- C:\Users\Jayden\AppData\Roaming\Mozilla\Firefox\Profiles\h7grwyx9.default\extensions\VacuumPlacesImproved@lultimouomo-gmail.com
[2010/03/04 10:06:05 | 000,002,255 | ---- | M] () -- C:\Users\Jayden\AppData\Roaming\Mozilla\Firefox\Profiles\h7grwyx9.default\searchplugins\askcom.xml
[2011/03/01 07:32:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/10/07 11:13:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/10/08 08:58:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/01/27 12:11:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/03/01 07:32:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2010/07/26 02:36:51 | 000,000,000 | ---D | M] (Google Gears) -- C:\PROGRAM FILES\GOOGLE\GOOGLE GEARS\FIREFOX
[2011/03/01 07:31:59 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/01/16 10:55:13 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/01/16 10:55:13 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/01/16 10:55:13 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/01/16 10:55:13 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2009/06/11 07:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Apple_KbdMgr] C:\Program Files\Boot Camp\Bootcamp.exe (Apple Inc.)
O4 - HKLM..\Run: [Lachesis] C:\Program Files\Razer\Lachesis\razerhid.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKCU..\Run: [AdobeBridge] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra 'Tools' menuitem : Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/2.9 ... ontrol.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\System32\DreamScene.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\System32\livessp.dll (Microsoft Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 07:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{119f71e7-2c0e-11df-a042-002608bc071e}\Shell - "" = AutoRun
O33 - MountPoints2\{119f71e7-2c0e-11df-a042-002608bc071e}\Shell\AutoRun\command - "" = H:\LearningCS4.exe
O33 - MountPoints2\{60eb3d01-5dab-11df-a179-002608bc071e}\Shell - "" = AutoRun
O33 - MountPoints2\{60eb3d01-5dab-11df-a179-002608bc071e}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{60eb3d05-5dab-11df-a179-002608bc071e}\Shell - "" = AutoRun
O33 - MountPoints2\{60eb3d05-5dab-11df-a179-002608bc071e}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{60eb3d0f-5dab-11df-a179-002608bc071e}\Shell - "" = AutoRun
O33 - MountPoints2\{60eb3d0f-5dab-11df-a179-002608bc071e}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{60eb3d12-5dab-11df-a179-002608bc071e}\Shell - "" = AutoRun
O33 - MountPoints2\{60eb3d12-5dab-11df-a179-002608bc071e}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{6b69dbc7-20fb-11df-946e-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{6b69dbc7-20fb-11df-946e-806e6f6e6963}\Shell\AutoRun\command - "" = D:\elevation2010.exe
O33 - MountPoints2\{6c4fa66c-25af-11df-9deb-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{6c4fa66c-25af-11df-9deb-806e6f6e6963}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{6c4fa694-25af-11df-9deb-002608bc071e}\Shell - "" = AutoRun
O33 - MountPoints2\{6c4fa694-25af-11df-9deb-002608bc071e}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{6c4fa696-25af-11df-9deb-002608bc071e}\Shell - "" = AutoRun
O33 - MountPoints2\{6c4fa696-25af-11df-9deb-002608bc071e}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{6c4fa698-25af-11df-9deb-002608bc071e}\Shell - "" = AutoRun
O33 - MountPoints2\{6c4fa698-25af-11df-9deb-002608bc071e}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/01 07:32:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/03/01 07:32:14 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/03/01 07:32:14 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/03/01 07:32:14 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/02/27 09:24:47 | 000,000,000 | ---D | C] -- C:\Users\Jayden\AppData\Local\Connectify
[2011/02/27 09:24:38 | 000,000,000 | ---D | C] -- C:\Users\Jayden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Connectify
[2011/02/27 09:24:09 | 000,000,000 | ---D | C] -- C:\Program Files\Connectify
[2011/02/26 21:40:29 | 016,525,088 | ---- | C] (Sun Microsystems, Inc.) -- C:\Users\Jayden\Desktop\jre-6u24-windows-i586.exe
[2011/02/26 21:26:10 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/02/23 18:05:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011/02/23 18:04:59 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2011/02/23 10:36:11 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011/02/23 10:36:11 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011/02/19 12:55:55 | 000,000,000 | ---D | C] -- C:\Users\Jayden\AppData\Roaming\JAM Software
[2011/02/19 12:55:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TreeSize Free
[2011/02/19 12:55:50 | 000,000,000 | ---D | C] -- C:\Program Files\JAM Software
[2011/02/18 08:56:06 | 000,000,000 | ---D | C] -- C:\Users\Jayden\Desktop\Malware removal
[2011/02/17 09:26:48 | 000,000,000 | ---D | C] -- C:\Users\Jayden\AppData\Roaming\com.adobe.ExMan
[2011/02/16 12:27:43 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/02/16 09:14:15 | 000,000,000 | ---D | C] -- C:\Program Files\Emsisoft Anti-Malware
[2011/02/16 09:14:15 | 000,000,000 | ---D | C] -- C:\Users\Jayden\Documents\Anti-Malware
[2011/02/13 17:20:35 | 000,000,000 | ---D | C] -- C:\Users\Jayden\AppData\Roaming\GARMIN
[2011/02/11 10:35:24 | 000,022,872 | R--- | C] (Adobe Systems Inc.) -- C:\Windows\System32\AdobePDFUI.dll
[2011/02/09 23:17:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2011/02/09 22:58:20 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/02/09 16:06:25 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/02/09 16:06:25 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/02/09 16:06:25 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/02/09 16:06:13 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/02/09 14:33:08 | 002,329,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/02/09 14:33:04 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011/02/09 14:33:04 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011/02/09 14:33:00 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011/02/09 14:33:00 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/02/09 14:33:00 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/02/09 14:33:00 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/02/09 14:32:59 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/02/09 14:32:59 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/02/09 14:32:59 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/02/09 14:32:59 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/02/09 14:32:58 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/02/09 14:32:55 | 000,294,400 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011/02/09 14:32:55 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011/02/09 14:32:53 | 003,957,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/02/09 14:32:53 | 003,901,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/02/09 14:32:44 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\upnp.dll
[2011/02/09 14:32:43 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\davclnt.dll
[2011/02/09 14:32:43 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscapi.dll
[2011/02/09 14:32:43 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwga.dll
[2011/02/09 14:32:42 | 000,219,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2011/02/07 15:07:54 | 000,000,000 | ---D | C] -- C:\Users\Jayden\AppData\Roaming\Thunderbird
[2011/02/07 15:07:54 | 000,000,000 | ---D | C] -- C:\Users\Jayden\AppData\Local\Thunderbird
[2011/02/07 15:07:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird
[2011/02/07 15:07:39 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2011/02/03 08:38:27 | 000,000,000 | ---D | C] -- C:\Users\Jayden\AppData\Local\Deployment
[2011/02/03 08:38:27 | 000,000,000 | ---D | C] -- C:\Users\Jayden\AppData\Local\Apps

========== Files - Modified Within 30 Days ==========

[2011/03/01 07:31:58 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011/03/01 07:31:58 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/03/01 07:31:58 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/03/01 07:31:58 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/03/01 07:14:54 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1335592811-217135681-78208730-1001UA.job
[2011/03/01 07:14:54 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/03/01 07:14:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/02/28 20:48:02 | 000,014,656 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/02/28 20:48:02 | 000,014,656 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/02/28 20:42:31 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/02/28 20:42:16 | 2194,698,240 | -HS- | M] () -- C:\hiberfil.sys
[2011/02/28 14:18:37 | 050,555,709 | ---- | M] () -- C:\Users\Jayden\Desktop\Dale Dougherty_ We are makers.flv
[2011/02/28 08:11:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1335592811-217135681-78208730-1001Core.job
[2011/02/26 21:40:40 | 016,525,088 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\Jayden\Desktop\jre-6u24-windows-i586.exe
[2011/02/25 22:48:28 | 000,654,694 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2011/02/25 22:48:28 | 000,631,364 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/02/25 22:48:28 | 000,449,842 | ---- | M] () -- C:\Windows\System32\perfh001.dat
[2011/02/25 22:48:28 | 000,115,860 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2011/02/25 22:48:28 | 000,111,456 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/02/25 22:48:28 | 000,084,052 | ---- | M] () -- C:\Windows\System32\perfc001.dat
[2011/02/25 10:54:37 | 002,073,654 | ---- | M] () -- C:\Windows\ACD Wallpaper.bmp
[2011/02/20 10:16:30 | 001,349,772 | ---- | M] () -- C:\Users\Jayden\Desktop\Must.psd
[2011/02/20 10:16:28 | 000,697,521 | ---- | M] () -- C:\Users\Jayden\Desktop\Must.jpg
[2011/02/16 08:33:21 | 000,000,017 | ---- | M] () -- C:\Users\Jayden\AppData\Local\resmon.resmoncfg
[2011/02/09 23:49:04 | 000,016,968 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011/02/09 23:46:20 | 000,000,570 | ---- | M] () -- C:\Windows\System32\.crusader
[2011/02/09 16:03:08 | 002,950,040 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/02/08 22:11:24 | 000,000,219 | ---- | M] () -- C:\Windows\System32\lsprst7.tgz
[2011/02/08 22:11:24 | 000,000,205 | ---- | M] () -- C:\Windows\System32\lsprst7.dll
[2011/02/08 22:11:24 | 000,000,087 | ---- | M] () -- C:\Windows\System32\ssprs.tgz
[2011/02/08 22:11:24 | 000,000,073 | ---- | M] () -- C:\Windows\System32\ssprs.dll
[2011/02/08 22:11:24 | 000,000,021 | ---- | M] () -- C:\Windows\SurCode.INI
[2011/02/07 15:07:55 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2011/02/03 15:45:07 | 000,219,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2011/02/02 17:11:20 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2011/01/31 08:57:51 | 000,238,372 | -H-- | M] () -- C:\Windows\System32\mlfcache.dat

========== Files Created - No Company Name ==========

[2011/02/28 14:09:27 | 050,555,709 | ---- | C] () -- C:\Users\Jayden\Desktop\Dale Dougherty_ We are makers.flv
[2011/02/20 10:16:27 | 000,697,521 | ---- | C] () -- C:\Users\Jayden\Desktop\Must.jpg
[2011/02/19 17:15:20 | 001,349,772 | ---- | C] () -- C:\Users\Jayden\Desktop\Must.psd
[2011/02/16 08:33:21 | 000,000,017 | ---- | C] () -- C:\Users\Jayden\AppData\Local\resmon.resmoncfg
[2011/02/09 23:46:20 | 000,000,570 | ---- | C] () -- C:\Windows\System32\.crusader
[2011/02/09 23:18:18 | 000,016,968 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011/02/09 16:06:25 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/02/09 16:06:25 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/02/09 16:06:25 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/02/09 16:06:25 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/02/09 16:06:25 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/02/07 15:07:55 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/10/07 10:17:03 | 000,000,023 | ---- | C] () -- C:\Windows\SWFDecompiler.INI
[2010/09/03 23:16:13 | 000,000,038 | ---- | C] () -- C:\Windows\camcodec100.ini
[2010/07/25 18:15:02 | 000,038,431 | ---- | C] () -- C:\Users\Jayden\AppData\Roaming\Comma Separated Values (Windows).ADR
[2010/06/22 17:42:37 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010/06/22 17:42:37 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010/05/25 11:58:25 | 000,000,120 | ---- | C] () -- C:\Users\Jayden\AppData\Local\Uhaquwokuqisal.dat
[2010/05/25 11:58:25 | 000,000,000 | ---- | C] () -- C:\Users\Jayden\AppData\Local\Efuvis.bin
[2010/05/25 11:56:40 | 000,000,016 | ---- | C] () -- C:\Users\Jayden\AppData\Roaming\khiteb.dat
[2010/05/19 10:48:25 | 000,010,593 | ---- | C] () -- C:\Windows\CSTBox.INI
[2010/03/03 22:59:34 | 000,000,600 | ---- | C] () -- C:\Users\Jayden\AppData\Local\PUTTY.RND
[2010/03/02 10:55:05 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll
[2010/03/02 10:55:05 | 000,001,025 | ---- | C] () -- C:\Windows\System32\clauth2.dll
[2010/03/02 10:55:05 | 000,001,025 | ---- | C] () -- C:\Windows\System32\clauth1.dll
[2010/03/02 10:55:05 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll
[2010/03/02 10:55:05 | 000,000,073 | ---- | C] () -- C:\Windows\System32\ssprs.dll
[2010/03/02 10:55:04 | 000,000,021 | ---- | C] () -- C:\Windows\SurCode.INI
[2009/07/14 09:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 09:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 198 bytes -> C:\ProgramData\TEMP:0C1EFF69
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:C23D5E4F

< End of report >
jayden
Active Member
 
Posts: 11
Joined: February 17th, 2011, 6:52 pm

Re: trojan.js.tracur!ik - Google redirect virus?

Unread postby jayden » February 28th, 2011, 9:00 pm

Will be running the ESET online test again tonight. It was taking too long today while I've been trying to work. It got to 40% with no threats found which was good. However - I didn't check the scan archives option - should I do that?

My system seems to be running good. I haven't experienced Google redirecting which is excellent. It was most noticable on Google images, which seem to be fine now.
jayden
Active Member
 
Posts: 11
Joined: February 17th, 2011, 6:52 pm

Re: trojan.js.tracur!ik - Google redirect virus?

Unread postby jayden » March 1st, 2011, 6:28 pm

ESET's report said No Threats Found :D that's awesome! When you think we are done, could you please recommend what antivirus, or other security software you would recommend I have? I used to have AVG Free, but open to your suggestions.
jayden
Active Member
 
Posts: 11
Joined: February 17th, 2011, 6:52 pm

Re: trojan.js.tracur!ik - Google redirect virus?

Unread postby Blade81 » March 2nd, 2011, 1:24 pm

Good. Please find some final steps (with antivirus suggestion included) below :)


THESE STEPS ARE VERY IMPORTANT

Let's reset system restore
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.

A To disable the System Restore feature:

1. Click on the Start button.
2. Hover over the Computer option, right click on it and then click Properties.
3. On the left hand side, click Advanced Settings.
4. If asked to permit the action, click on Allow.
5. Click on the System Protection tab.
6. Select c: drive and click Configure...
7. Select Turn off protection
8. Press OK.
Repeat steps 6-8 for each hard drive.

B. Reboot.

C Turn ON System Restore.
Follow the steps like you did when disabling system restore but on step 7. select Restore system settings and previous versions of files -option.


  • Double-click OTL.exe.
  • Click the CleanUp! button.
  • Select Yes when the
    Begin cleanup Process?
    prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.

Note: If you receive a warning from your firewall or other security programs regarding OTL attempting to contact the internet, please allow it to do so.


UPDATING WINDOWS AND INTERNET EXPLORER

IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site to get the critical updates.

If you are running Microsoft Office, or any portion thereof, go to the Microsoft's Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.

Make your Internet Explorer more secure

This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.



The following are recommended third party programs that are designed to keep your computer clean. A link as well as a brief description is included with each item.

  • hosts file:
    • Every version of windows has a hosts file as part of them.
    • In a very basic sense, they are used to locate webpages.
    • We can customize a hosts file so that it blocks certain webpages.
    • However, it can slow down certain computers.
    • This is why using a hosts file is optional!!
    Download it here. Make sure you read the instructions on how to install the hosts file. There is a good tutorial here
    If you decide to download the hosts file, the slowdown problems can usually be avoided by following these steps:
    1. Click the start button (at the lower left hand corner of your screen)
    2. Click run
    3. In the dialog box, type services.msc
    4. hit enter, then locate dns client
    5. Highlight it, then double-click it.
    6. On the dropdown box, change the setting from automatic to manual.
    7. Click ok
    and fix its findings.
  • Download and run Secunia Personal Software Inspector (PSI) and fix its findings.
  • Get Anti Virus Software and keep it updated - Most AVs will update automatically, but if not I would recommend making updating the AV the first job every time the PC is connected to the internet. An AV that is using defs that are seven days old is not going to be much protection. If you do not update your anti virus software then it will not be able to catch any of the new variants that may come out. Good free antivirus programs are:
    Antivir
    Avast!
    Good commercial ones are from:
    Kaspersky and
    ESET


Just a final reminder for you. I am trying to stress these two points.
UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks.
Make sure all of your security programs are up to date.
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.


Once again, please post and tell me how things are going with your system... problems etc.

Have a great day,
Blade 8)
User avatar
Blade81
Admin/Teacher
Admin/Teacher
 
Posts: 5245
Joined: July 17th, 2006, 3:36 am
Location: Finland
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 29 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware