Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Intermitant Google Search Redirect Problem


  • This topic is locked This topic is locked
38 replies to this topic

#1 trinsic

trinsic

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:05:21 PM

Posted 15 September 2010 - 07:24 PM

Using my firefox broswer only, when I do a google search from time to time, when I click on a link in a list of search results I get redirected to a non-related or advertisement site. It only happens on the Firefox browser, and it only happens intermittantley when I click on a random search listing.

I'm running Windows 7 x64 and GMER does not work on my computer. But here is my Attach and DDS


DDS (Ver_10-03-17.01) - NTFSX64
Run by trinsic at 17:13:33.99 on Wed 09/15/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.8191.5048 [GMT -7:00]

SP: Spybot - Search and Destroy *enabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
C:\ASUS.SYS\config\DVMExportService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\MozyHome\mozybackup.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\SysWOW64\PnkBstrB.exe
C:\Program Files (x86)\Common Files\Protexis\License Service\PSIService.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
C:\Windows\SysWOW64\vmnat.exe
C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe
C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\Program Files\RealVNC\VNC4\winvnc4.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
C:\Program Files\MozyHome\mozybackup.exe
C:\Windows\SysWOW64\vmnetdhcp.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\taskhost.exe
C:\Program Files\MozyHome\mozybackup.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\Six Engine\SixEngine.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files (x86)\TrueCrypt\TrueCrypt.exe
C:\Windows\System32\regsvr32.exe
C:\Windows\System32\StikyNot.exe
P:\games\valve\steam\Steam.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Windows\SysWOW64\regsvr32.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\GetRight\GetRight.exe
C:\Program Files\MozyHome\mozystat.exe
C:\Program Files (x86)\PhraseExpress\phraseexpress.exe
C:\Program Files (x86)\Privoxy\privoxy.exe
C:\Program Files (x86)\FastStone Capture\FSCapture.exe
P:\Communication\UltraVNC\vncviewer.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\Razer\Lycosa\razerhid.exe
P:\Programs\betrayed\BeTrayed.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
C:\Windows\SysWOW64\CtHelper.exe
C:\Program Files\ASUS\TurboV\TurboV.exe
C:\Program Files\ASUS\Turbo Key\TurboKey.exe
C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
C:\Users\trinsic\AppData\Local\Google\Update\1.2.183.29\GoogleCrashHandler.exe
C:\Program Files (x86)\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe
C:\Program Files (x86)\Razer\DeathAdder\razertra.exe
C:\Program Files (x86)\Razer\Lycosa\razertra.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Razer\DeathAdder\razerofa.exe
C:\Windows\System32\mobsync.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files (x86)\Orbitdownloader\orbitdm.exe
C:\Program Files (x86)\Orbitdownloader\orbitnet.exe
C:\Users\trinsic\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\trinsic\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\trinsic\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\trinsic\AppData\Local\Google\Chrome\Application\chrome.exe
P:\graphics\adobe\Acrobat 9.0\Acrobat\Acrobat.exe
C:\Windows\splwow64.exe
C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files (x86)\PowerISO\PowerISO.exe
C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
P:\Communication\Mozilla\Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\trinsic\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uStart Page = about:blank
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\syswow64\blank.htm
uInternet Settings,ProxyServer = localhost:8118
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files (x86)\orbitdownloader\orbitcth.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~2\spybot~1\SDHelper.dll
BHO: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - No File
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~2\micros~1\office14\URLREDIR.DLL
BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - c:\program files (x86)\wot\WOT.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - c:\program files (x86)\wot\WOT.dll
TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\program files (x86)\orbitdownloader\GrabPro.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll
uRun: [TrueCrypt] "c:\program files (x86)\truecrypt\TrueCrypt.exe" /q preferences /a favorites
uRun: [Google Update] "c:\users\trinsic\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [SteamService] regsvr32 /s /u "c:\users\trinsic\appdata\local\steam\SteamService.dll"
uRun: [RESTART_STICKY_NOTES] c:\windows\system32\StikyNot.exe
uRun: [Steam] "p:\games\valve\steam\steam.exe" -silent
uRun: [DevconDefaultDB] c:\windows\system32\readreg /PSCONV={NO} /FAIL=1
uRun: [SandboxieControl] "c:\program files\sandboxie\SbieCtrl.exe"
uRun: [SpybotSD TeaTimer] c:\program files (x86)\spybot - search & destroy\TeaTimer.exe
mRun: [TrueImageMonitor.exe] "c:\program files (x86)\acronis\trueimagehome\TrueImageMonitor.exe"
mRun: [PWRISOVM.EXE] c:\program files (x86)\poweriso\PWRISOVM.EXE
mRun: [DeathAdder] c:\program files (x86)\razer\deathadder\razerhid.exe
mRun: [WinampAgent] "c:\program files (x86)\winamp\winampa.exe"
mRun: [<NO NAME>]
mRun: [Lycosa] "c:\program files (x86)\razer\lycosa\razerhid.exe"
mRun: [vmware-tray] "c:\program files (x86)\vmware\vmware workstation\vmware-tray.exe"
mRun: [AsioThk32Reg] REGSVR32.EXE /S CTASIO.DLL
mRun: [CTHelper] CTHELPER.EXE
mRun: [TurboV] "c:\program files\asus\turbov\TurboV.exe"
mRun: [Turbo Key] "c:\program files\asus\turbo key\TurboKey.exe"
mRun: [HDAudDeck] c:\program files (x86)\via\viaudioi\vdeck\VDeck.exe -r
mRun: [SAOB Monitor] c:\program files (x86)\acronis\onlinebackupstandalone\TrueImageMonitor.exe
mRun: [SunJavaUpdateSched] "c:\program files (x86)\common files\java\java update\jusched.exe"
dRun: [DevconDefaultDB] c:\windows\system32\READREG /SILENT /FAIL=1
StartupFolder: c:\users\trinsic\appdata\roaming\micros~1\windows\startm~1\programs\startup\creati~1.lnk - c:\program files (x86)\creative element power tools\Startup.exe
StartupFolder: c:\users\trinsic\appdata\roaming\micros~1\windows\startm~1\programs\startup\fastst~1.lnk - c:\program files (x86)\faststone capture\FSCapture.exe
StartupFolder: c:\users\trinsic\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files (x86)\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\users\trinsic\appdata\roaming\micros~1\windows\startm~1\programs\startup\slc-li~1.lnk - p:\communication\ultravnc\vncviewer.exe
StartupFolder: c:\users\trinsic\appdata\roaming\micros~1\windows\startm~1\programs\startup\start-~1.lnk - p:\programs\betrayed\start-systemtrayicons.vbs
StartupFolder: c:\users\trinsic\appdata\roaming\micros~1\windows\startm~1\programs\startup\trinsi~1.lnk - k:\keepass\database\trinsic.kdbx
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\getright.lnk - c:\program files (x86)\getright\GetRight.exe
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\mozyho~1.lnk - c:\program files\mozyhome\mozystat.exe
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\phrase~1.lnk - c:\program files (x86)\phraseexpress\phraseexpress.exe
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\privoxy.lnk - c:\program files (x86)\privoxy\privoxy.exe
uPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: &Download by Orbit - c:\program files (x86)\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files (x86)\orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files (x86)\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files (x86)\orbitdownloader\orbitmxt.dll/202
IE: Download all by NetXfer - c:\program files (x86)\xi\netxfer\NXAddList.html
IE: Download by NetXfer - c:\program files (x86)\xi\netxfer\NXAddLink.html
IE: Download with GetRight Pro - c:\program files (x86)\getright\GRdownload.htm
IE: Open with GetRight Pro Browser - c:\program files (x86)\getright\GRbrowse.htm
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files (x86)\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~2\spybot~1\SDHelper.dll
LSP: c:\program files (x86)\vmware\vmware workstation\vsocklib.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} - hxxps://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15110/CTPID.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files (x86)\wot\WOT.dll
Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - p:\communication\coreftp\pftpns.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~2\micros~1\office14\GROOVEEX.DLL
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
TB-X64: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
TB-X64: {71576546-354D-41C9-AAE8-31F2EC22BF0D} - No File
TB-X64: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
mRun-x64: [Acronis Scheduler2 Service] "c:\program files (x86)\common files\acronis\schedule2\schedhlp.exe"
mRun-x64: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath -
FF - HiddenExtension: Java Console: No Registry Reference - p:\communication\mozilla\firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
p:\communication\mozilla\firefox\greprefs\all.js - pref("ui.use_native_colors", true);
p:\communication\mozilla\firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
p:\communication\mozilla\firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
p:\communication\mozilla\firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
p:\communication\mozilla\firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
p:\communication\mozilla\firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
p:\communication\mozilla\firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
p:\communication\mozilla\firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
p:\communication\mozilla\firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
p:\communication\mozilla\firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
p:\communication\mozilla\firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
p:\communication\mozilla\firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
p:\communication\mozilla\firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
p:\communication\mozilla\firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
p:\communication\mozilla\firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
p:\communication\mozilla\firefox\greprefs\all.js - pref("network.proxy.type", 5);
p:\communication\mozilla\firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
p:\communication\mozilla\firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
p:\communication\mozilla\firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
p:\communication\mozilla\firefox\greprefs\all.js - pref("svg.smil.enabled", false);
p:\communication\mozilla\firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
p:\communication\mozilla\firefox\greprefs\all.js - pref("browser.formfill.debug", false);
p:\communication\mozilla\firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
p:\communication\mozilla\firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
p:\communication\mozilla\firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
p:\communication\mozilla\firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
p:\communication\mozilla\firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
p:\communication\mozilla\firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
p:\communication\mozilla\firefox\greprefs\all.js - pref("accelerometer.enabled", true);
p:\communication\mozilla\firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
p:\communication\mozilla\firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
p:\communication\mozilla\firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
p:\communication\mozilla\firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
p:\communication\mozilla\firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
p:\communication\mozilla\firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
p:\communication\mozilla\firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
p:\communication\mozilla\firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
p:\communication\mozilla\firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
p:\communication\mozilla\firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
p:\communication\mozilla\firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
p:\communication\mozilla\firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
p:\communication\mozilla\firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
p:\communication\mozilla\firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
p:\communication\mozilla\firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
p:\communication\mozilla\firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
p:\communication\mozilla\firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
p:\communication\mozilla\firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
p:\communication\mozilla\firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
p:\communication\mozilla\firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
p:\communication\mozilla\firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
p:\communication\mozilla\firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
p:\communication\mozilla\firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
p:\communication\mozilla\firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
p:\communication\mozilla\firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 PxHlpa64;PxHlpa64;c:\windows\system32\drivers\PxHlpa64.sys [2009-10-30 54480]
R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\drivers\tdrpm273.sys [2010-8-30 1263200]
R2 afcdpsrv;Acronis Nonstop Backup service;c:\program files (x86)\common files\acronis\cdp\afcdpsrv.exe [2010-9-15 3975088]
R2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\asus\assysctrlservice\1.00.02\AsSysCtrlService.exe [2010-8-6 90112]
R2 DvmMDES;DeviceVM Meta Data Export Service;c:\asus.sys\config\DVMExportService.exe [2009-2-18 294912]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\spybot - search & destroy\SDWinSec.exe [2010-8-12 1153368]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\nvidia corporation\3d vision\nvSCPAPISvr.exe [2010-7-9 248936]
R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\common files\vmware\usb\vmware-usbarbitrator.exe [2010-1-22 563760]
R2 vmware-converter-agent;VMware vCenter Converter Agent;c:\program files (x86)\vmware\vmware vcenter converter standalone\vmware-converter-a.exe [2009-4-17 428592]
R2 vmware-converter-server;VMware vCenter Converter Server;c:\program files (x86)\vmware\vmware vcenter converter standalone\vmware-converter.exe [2009-4-17 428592]
R2 vstor2-mntapi10;Vstor2 MntApi 1.0 Driver;c:\program files (x86)\vmware\vmware vcenter converter standalone\vstor2-mntapi10.sys [2009-4-17 32816]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [2010-9-15 279136]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [2009-9-23 158808]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [2009-9-23 706648]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [2009-9-23 681048]
R3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [2007-8-2 12672]
R3 Lycosa;Lycosa Keyboard;c:\windows\system32\drivers\Lycosa.sys [2009-11-23 20352]
R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2010-8-9 143464]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2010-8-7 1290752]
S2 gupdate;Google Update Service (gupdate);c:\program files (x86)\google\update\GoogleUpdate.exe [2010-4-22 136176]
S3 androidusb;ADB Interface Driver;c:\windows\system32\drivers\androidusb.sys [2010-4-29 32768]
S3 bmdrvr;Modified Clusters Tracking Driver;c:\windows\syswow64\drivers\bmdrvr.sys [2009-4-17 34864]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [2009-9-23 158808]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [2009-9-23 706648]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [2009-9-23 141912]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [2009-9-23 141912]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [2009-9-23 681048]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;p:\games\dragon age\bin_ship\daupdatersvc.service.exe [2010-6-6 25832]
S3 DUBE100B;D-Link DUB-E100 USB 2.0 Fast Ethernet Adapter;c:\windows\system32\drivers\DUBE100B.sys [2007-4-4 49152]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\common files\macrovision shared\flexnet publisher\FNPLicensingService64.exe [2009-10-30 1038088]
S3 GoogleDesktopManager-093009-130223;Google Desktop Manager 5.9.909.30391;c:\program files (x86)\google\google desktop search\GoogleDesktop.exe [2009-11-16 30192]
S3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\BBBA.tmp [2010-9-13 6144]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\microsoft office\office14\GROOVE.EXE [2010-3-25 30969208]
S3 TeamViewer5;TeamViewer 5;c:\program files (x86)\teamviewer\version5\TeamViewer_Service.exe [2010-5-21 173352]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-2-25 1255736]
S4 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\common files\adobe\adobe version cue cs4\server\bin\VersionCueCS4.exe [2008-8-15 288112]
S4 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\common files\creative labs shared\service\AL6Licensing.exe [2010-2-22 79360]
S4 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\common files\creative labs shared\service\CTAELicensing.exe [2010-8-6 79360]

============== File Associations ===============

.txt=UltraEdit.txt

=============== Created Last 30 ================

2010-09-15 20:38:23 153376 ----a-w- c:\windows\syswow64\javaws.exe
2010-09-15 20:38:23 145184 ----a-w- c:\windows\syswow64\javaw.exe
2010-09-15 20:38:23 145184 ----a-w- c:\windows\syswow64\java.exe
2010-09-15 20:27:56 3162278 ----a-w- c:\windows\{00000005-00000000-00000001-00001102-00000004-00531102}.BAK
2010-09-15 20:19:33 279136 ----a-w- c:\windows\system32\drivers\afcdp.sys
2010-09-15 20:19:33 0 d-----w- c:\users\trinsic\appdata\roaming\1BFC5A63-E618-49CC-83F0-D33C640B8655
2010-09-15 20:19:30 970336 ----a-w- c:\windows\system32\drivers\timntr.sys
2010-09-15 10:00:41 0 d-sh--w- c:\windows\syswow64\%APPDATA%
2010-09-15 10:00:28 2058752 ----a-w- c:\windows\syswow64\iertutil.dll
2010-09-15 08:20:10 558592 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-14 09:45:43 0 d-----w- C:\gsutil
2010-09-13 21:03:37 6144 ------w- c:\windows\system32\BBBA.tmp
2010-09-13 21:00:28 6144 ------w- c:\windows\system32\DA21.tmp
2010-09-13 21:00:07 0 d-----w- c:\program files (x86)\Sophos
2010-09-09 21:46:49 0 d-----w- c:\program files (x86)\RAMMap
2010-09-09 21:37:19 0 d-----w- c:\program files (x86)\Process Explorer
2010-09-09 21:34:29 0 d-----w- c:\program files (x86)\Process Monitor
2010-09-09 21:25:39 0 d-----w- c:\program files\PAL
2010-09-09 21:24:03 0 d-----w- c:\program files (x86)\Microsoft Chart Controls
2010-09-06 08:32:41 162816 ----a-w- c:\windows\syswow64\fmod.dll
2010-09-06 03:42:10 0 d-----w- c:\users\trinsic\appdata\roaming\MovieManager
2010-09-06 03:42:02 0 d-----w- c:\program files (x86)\MeDs-Movie-Manager
2010-09-06 03:27:39 0 d-----w- c:\program files (x86)\eXtreme Movie Manager 7
2010-09-06 03:22:22 0 d-----w- c:\program files (x86)\DDB
2010-09-06 03:22:17 249856 ------w- c:\windows\Setup1.exe
2010-09-06 03:22:15 73216 ----a-w- c:\windows\ST6UNST.EXE
2010-09-06 03:10:54 0 d-----w- c:\program files (x86)\MyFilms
2010-09-06 02:49:22 0 d-----w- c:\program files (x86)\DVD Profiler
2010-09-06 02:41:28 0 d-----w- c:\program files (x86)\Ant Movie Catalog
2010-09-02 20:39:38 0 d-----w- c:\windows\C5C1C0F0D62F4DBF81D4D7EF397C228B.TMP
2010-09-02 20:34:59 0 d-----w- c:\program files (x86)\ESET
2010-08-30 18:23:01 0 d-----w- c:\users\trinsic\appdata\roaming\B6248549-761E-4A43-80CB-08753447FBCF
2010-08-30 18:22:57 1263200 ----a-w- c:\windows\system32\drivers\tdrpm273.sys
2010-08-27 08:39:18 1819 ----a-w- c:\users\trinsic\.recently-used.xbel
2010-08-27 05:33:13 0 d-----w- c:\program files (x86)\GMT
2010-08-27 05:32:57 0 d-----w- c:\users\trinsic\appdata\roaming\inkscape
2010-08-27 05:28:03 0 d-----w- c:\program files (x86)\Inkscape
2010-08-27 05:05:10 0 d-----w- c:\users\trinsic\appdata\roaming\NASA
2010-08-27 05:04:48 0 d-----w- c:\program files (x86)\NASA
2010-08-26 06:03:04 66040 ----a-w- c:\windows\system32\drivers\mozy.sys
2010-08-24 22:22:44 861184 ----a-w- c:\windows\system32\oleaut32.dll
2010-08-24 22:22:44 571904 ----a-w- c:\windows\syswow64\oleaut32.dll
2010-08-24 13:06:34 0 d-----w- c:\program files (x86)\common files\Colasoft Shared
2010-08-24 13:06:32 122880 ----a-w- c:\windows\syswow64\CSNLIB65U.dll
2010-08-24 13:06:32 0 d-----w- c:\program files (x86)\common files\Software FX Shared
2010-08-24 13:06:31 0 d-----w- c:\program files (x86)\Colasoft Ping Tool 1.1
2010-08-20 09:15:33 24416 ----a-r- c:\windows\system32\AdobePDFUI.dll
2010-08-19 19:12:04 2073998100 ----a-w- C:\300.01a.avi
2010-08-18 02:53:39 0 d-----w- c:\users\trinsic\appdata\roaming\ProgSense
2010-08-18 02:51:25 0 d-----w- c:\users\trinsic\appdata\roaming\GrabPro
2010-08-18 02:51:24 0 d-----w- c:\program files (x86)\Orbitdownloader
2010-08-17 00:40:23 0 d-----w- c:\programdata\Easy CD-DA Extractor
2010-08-17 00:40:22 0 d-----w- c:\program files\Easy CD-DA Extractor 2010
2010-08-17 00:29:53 0 d-----w- c:\users\trinsic\appdata\roaming\OneSwarm

==================== Find3M ====================

2010-08-30 18:22:46 277088 ----a-w- c:\windows\system32\drivers\snapman.sys
2010-08-29 04:59:36 1056 --sha-w- c:\programdata\KGyGaAvL.sys
2010-08-24 12:49:50 6656 ----a-w- c:\windows\system32\lpcio.dll
2010-08-24 08:46:37 3192 --sha-w- c:\windows\syswow64\KGyGaAvL.sys
2010-08-16 19:01:42 19528 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-08-07 20:11:58 98304 ----a-w- c:\windows\syswow64\CmdLineExt.dll
2010-08-07 05:57:10 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2010-08-07 05:57:10 109080 ----a-w- c:\windows\syswow64\OpenAL32.dll
2010-07-29 06:30:34 82944 ----a-w- c:\windows\syswow64\iccvid.dll
2010-07-27 14:03:24 12867584 ----a-w- c:\windows\syswow64\shell32.dll
2010-07-17 12:00:04 423656 ----a-w- c:\windows\syswow64\deployJava1.dll
2010-07-16 08:06:09 737280 ----a-w- c:\windows\iun6002.exe
2010-07-09 23:27:02 159336 ----a-w- c:\windows\system32\nvvsvc.exe
2010-07-09 23:27:02 1585256 ----a-w- c:\windows\system32\nvsvc64.dll
2010-07-09 23:27:02 15314024 ----a-w- c:\windows\system32\nvcpl.dll
2010-07-09 23:27:02 116328 ----a-w- c:\windows\system32\nvmctray.dll
2010-07-07 20:46:54 660072 ----a-w- c:\windows\system32\nvuninst.exe
2010-07-05 23:36:21 88 --sh--r- c:\programdata\E76A7B40A5.sys
2010-07-04 16:03:00 2286080 ----a-w- c:\windows\syswow64\python27.dll
2010-06-30 07:13:46 1192960 ----a-w- c:\windows\system32\wininet.dll
2010-06-30 06:25:31 978432 ----a-w- c:\windows\syswow64\wininet.dll
2010-06-30 06:25:18 1226240 ----a-w- c:\windows\syswow64\urlmon.dll
2010-06-30 06:22:45 606208 ----a-w- c:\windows\syswow64\mstime.dll
2010-06-30 06:22:34 5971456 ----a-w- c:\windows\syswow64\mshtml.dll
2010-06-30 06:22:33 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll
2010-06-30 06:21:57 48128 ----a-w- c:\windows\syswow64\jsproxy.dll
2010-06-30 06:21:47 185856 ----a-w- c:\windows\syswow64\iepeers.dll
2010-06-30 06:21:47 176640 ----a-w- c:\windows\syswow64\ieui.dll
2010-06-30 06:21:46 10985472 ----a-w- c:\windows\syswow64\ieframe.dll
2010-06-30 06:21:44 381440 ----a-w- c:\windows\syswow64\iedkcs32.dll
2010-06-30 06:19:16 12800 ----a-w- c:\windows\syswow64\msfeedssync.exe
2010-06-20 07:41:05 212564 ----a-w- c:\windows\fonts\AmazS.T.A.L.K.E.R.Italic.ttf
2010-06-20 07:41:05 196480 ----a-w- c:\windows\fonts\amazs.t.a.l.k.e.r.v.3.0.ttf
2010-06-19 07:05:01 5507968 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-06-19 06:53:18 52224 ----a-w- c:\windows\system32\rtutils.dll
2010-06-19 06:33:29 3955080 ----a-w- c:\windows\syswow64\ntkrnlpa.exe
2010-06-19 06:33:29 3899784 ----a-w- c:\windows\syswow64\ntoskrnl.exe
2010-06-19 06:23:50 37376 ----a-w- c:\windows\syswow64\rtutils.dll
2010-06-19 04:32:34 3122688 ----a-w- c:\windows\system32\win32k.sys
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini
2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2010-04-05 03:09:23 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2010-04-05 03:09:23 32768 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2010-04-05 03:09:23 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat
2010-01-22 22:24:14 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2010-04-01 19:35:11 8 --sh--r- c:\windows\syswow64\BCC68786BD.sys
2006-05-03 09:06:54 163328 --sh--r- c:\windows\syswow64\flvDX.dll
2007-02-21 10:47:16 31232 --sh--r- c:\windows\syswow64\msfDX.dll
2008-03-16 12:30:52 216064 --sh--r- c:\windows\syswow64\nbDX.dll
2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 17:14:21.21 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:21 PM

Posted 23 September 2010 - 06:27 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below I will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

Thanks and again sorry for the delay.
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
And

Please download Sophos Anti-rootkit & save it to your desktop.
alternate download link
Note: If using the vendor's download site you will be asked to register with MySophos so an email containing an activation link can be sent to your email address.

Be sure to print out and read the Sophos Anti-Rookit User Manual and Release Notes.
  • Double-click sar_15_sfx.exe to begin the installation, read the license agreement and click Accept.
  • Allow the default location of C:\Program Files\Sophos\Sophos Anti-Rootkit and click Install.
  • A message will appear "Sophos Anti-Rootkit was successfully installed. Click 'yes' to start it now".
  • Click Yes and allow the driver and its randomly named .tmp file (i.e. F.tmp) to load if asked.
  • If the scan did not start automatically, make sure the following are checked:
    • Running processes
    • Windows Registry
    • Local Hard Drives
  • Click Start scan.
  • Sophos Anti-Rootkit will scan the selected areas and display any suspicious files in the upper panel.
  • When the scan is complete, a pop-up screen will appear with "Rootkit Scan Results". Click OK to continue.
  • Click on the suspicious file to display more information about it in the lower panel which also includes whether the item is recommended for removal.
    • Files tagged as Removable: No are not marked for removal and cannot be removed.
    • Files tagged as Removable: Yes (clean up recommended) are marked for removal by default.
    • Files tagged as Removable: Yes (but clean up not recommended) are not marked for removal because Sophos did not recognize them. These files will require further investigation.
  • Select only items recommended for removal, then click "Clean up checked items". You will be asked to confirm, click Yes.
  • A pop up window will appear advising the cleanup will finish when you restart your computer. Click Restart Now.
  • After reboot, a dialog box displays the files you selected for removal and the action taken.
  • Click Empty list and then click Continue to re-scan your computer a second time to ensure everything was cleaned.
  • When done, go to Start > Run and type or copy/paste: %temp%\sarscan.log
  • This should open the log from the rootkit scan. Please post this log in your next reply. If you have a problem, you can find sarscan.log in C:\Documents and Settings\<username>\Local Settings\Temp\.
Before performing an ARK scan it is recommended to do the following to ensure more accurate results and avoid common issues that may cause false detections.
  • Disconnect from the Internet or physically unplug you Internet cable connection.
  • Clean out your temporary files.
  • Close all open programs, scheduling/updating tasks and background processes that might activate during the scan including the screensaver.
  • Temporarily disable your anti-virus and real-time anti-spyware protection.
  • After starting the scan, do not use the computer until the scan has completed.
  • When finished, re-enable your anti-virus/anti-malware (or reboot) and then you can reconnect to the Internet.

Posted Image
m0le is a proud member of UNITE

#3 trinsic

trinsic
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:05:21 PM

Posted 28 September 2010 - 02:57 PM

Hi, thanks for the reply. I have tried running a Virus scan using NOD32 Online scanner, a Malware scan using malwarebytes, and a spyware scan using spybot search and destory. Here are the log files you have reqested accept for the sarscan.log, When I tried to post it in the body of this post, or when I tried to add it as an attachment I received an error from the fourm that the "Request Entity is Too Large" The file is 162k. Please advise.


OTL logfile created on: 9/24/2010 12:08:07 PM - Run 2
OTL by OldTimer - Version 3.2.12.0 Folder = C:\Users\trinsic\Desktop\Cleanup
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 5.00 Gb Available Physical Memory | 56.00% Memory free
16.00 Gb Paging File | 12.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 100.60 Gb Total Space | 40.85 Gb Free Space | 40.61% Space Free | Partition Type: NTFS
Drive D: | 32.01 Gb Total Space | 12.66 Gb Free Space | 39.53% Space Free | Partition Type: NTFS
Drive E: | 7.82 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 1001.28 Mb Total Space | 459.20 Mb Free Space | 45.86% Space Free | Partition Type: FAT
Drive M: | 698.63 Gb Total Space | 72.33 Gb Free Space | 10.35% Space Free | Partition Type: NTFS
Drive P: | 465.76 Gb Total Space | 70.64 Gb Free Space | 15.17% Space Free | Partition Type: NTFS
Drive Q: | 870.87 Gb Total Space | 24.34 Gb Free Space | 2.79% Space Free | Partition Type: NTFS
Drive S: | 60.60 Gb Total Space | 41.06 Gb Free Space | 67.75% Space Free | Partition Type: FAT32
Drive X: | 511.75 Mb Total Space | 136.64 Mb Free Space | 26.70% Space Free | Partition Type: NTFS
Drive Z: | 100.60 Gb Total Space | 40.85 Gb Free Space | 40.61% Space Free | Partition Type: CSC-CACHE

Computer Name: MIKEY7
Current User Name: trinsic
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Messaging)
PRC - C:\Users\trinsic\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - P:\Communication\Mozilla\Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
PRC - C:\Users\trinsic\Desktop\Cleanup\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
PRC - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
PRC - C:\Program Files (x86)\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe (Acronis)
PRC - C:\Program Files (x86)\Altap Salamander 2.5\salamand.exe (ALTAP)
PRC - C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
PRC - P:\games\valve\steam\Steam.exe (Valve Corporation)
PRC - C:\Program Files (x86)\Java\jre6\bin\javaw.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Users\trinsic\AppData\Local\Google\Update\1.2.183.29\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
PRC - C:\Program Files (x86)\Privoxy\privoxy.exe (The Privoxy team - www.privoxy.org)
PRC - C:\Windows\SysWOW64\PnkBstrB.exe ()
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.)
PRC - C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.)
PRC - P:\Programs\betrayed\BeTrayed.exe (JohnnyFoster.com)
PRC - C:\Program Files (x86)\TrueCrypt\TrueCrypt.exe (TrueCrypt Foundation)
PRC - C:\Program Files (x86)\Razer\Lycosa\razertra.exe ()
PRC - C:\Program Files (x86)\Razer\Lycosa\razerhid.exe (Razer USA Ltd.)
PRC - C:\Windows\SysWOW64\CtHelper.exe (Creative Technology Ltd)
PRC - C:\Windows\SysWOW64\regsvr32.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\FastStone Capture\FSCapture.exe (FastStone Soft)
PRC - C:\Program Files\ASUS\TurboV\TurboV.exe ()
PRC - C:\Program Files\ASUS\Turbo Key\TurboKey.exe ()
PRC - C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe ()
PRC - C:\Program Files (x86)\Last.fm\LastFM.exe (Last.fm)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\ASUS.SYS\config\DVMExportService.exe (DeviceVM)
PRC - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe ()
PRC - C:\Program Files (x86)\GetRight\GetRight.exe (Headlight Software, Inc.)
PRC - P:\Communication\UltraVNC\vncviewer.exe (UltraVNC)
PRC - C:\Program Files (x86)\Razer\DeathAdder\razerofa.exe (Razer Inc.)
PRC - C:\Program Files (x86)\Razer\DeathAdder\razertra.exe ()
PRC - C:\Program Files (x86)\Common Files\Protexis\License Service\PSIService.exe ()


========== Modules (SafeList) ==========

MOD - C:\Users\trinsic\Desktop\Cleanup\OTL.exe (OldTimer Tools)
MOD - C:\Users\trinsic\AppData\Local\Steam\SteamService.dll ()
MOD - C:\Windows\SysWOW64\ctagent.dll (Creative Technology Ltd)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (VMware NAT Service) -- C:\Windows\SysNative\vmnat.exe File not found
SRV:64bit: - (VMnetDHCP) -- C:\Windows\SysNative\vmnetdhcp.exe File not found
SRV:64bit: - (PnkBstrB) -- C:\Windows\SysNative\PnkBstrB.exe File not found
SRV:64bit: - (PnkBstrA) -- C:\Windows\SysNative\PnkBstrA.exe File not found
SRV:64bit: - (SbieSvc) -- C:\Program Files\Sandboxie\SbieSvc.exe (SANDBOXIE L.T.D)
SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Acresso Software Inc.)
SRV:64bit: - (WinVNC4) -- C:\Program Files\RealVNC\VNC4\WinVNC4.exe (RealVNC Ltd.)
SRV:64bit: - (UmRdpService) -- C:\Windows\SysNative\umrdp.dll (Microsoft Corporation)
SRV:64bit: - (PeerDistSvc) -- C:\Windows\SysNative\PeerDistSvc.dll (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (CscService) -- C:\Windows\SysNative\cscsvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (afcdpsrv) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
SRV - (AcrSch2Svc) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (TeamViewer5) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs)
SRV - (PnkBstrB) -- C:\Windows\SysWOW64\PnkBstrB.exe ()
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (VMware NAT Service) -- C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)
SRV - (VMnetDHCP) -- C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)
SRV - (VMAuthdService) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc.)
SRV - (VMUSBArbService) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.)
SRV - (DeltaCopyService) -- C:\Program Files (x86)\DeltaCopy\DCServce.exe (Synametrics Technologies)
SRV - (GoogleDesktopManager-093009-130223) -- C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe (Google)
SRV - (Adobe Version Cue CS4) -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe (Adobe Systems Incorporated)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (ufad-ws60) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe (VMware, Inc.)
SRV - (DAUpdaterSvc) -- P:\games\Dragon Age\bin_ship\daupdatersvc.service.exe (BioWare)
SRV - (vmware-converter-server) -- C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe (VMware, Inc.)
SRV - (vmware-converter-agent) -- C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe (VMware, Inc.)
SRV - (AsSysCtrlService) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe ()
SRV - (DvmMDES) -- C:\ASUS.SYS\config\DVMExportService.exe (DeviceVM)
SRV - (CTAudSvcService) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (ProtexisLicensing) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PSIService.exe ()


========== Driver Services (SafeList) ==========

DRV:64bit: - (afcdp) -- C:\Windows\SysNative\drivers\afcdp.sys (Acronis)
DRV:64bit: - (tdrpman273) Acronis Try&Decide and Restore Points filter (build 273) -- C:\Windows\SysNative\drivers\tdrpm273.sys (Acronis)
DRV:64bit: - (timounter) -- C:\Windows\SysNative\drivers\timntr.sys (Acronis)
DRV:64bit: - (snapman) -- C:\Windows\SysNative\drivers\snapman.sys (Acronis)
DRV:64bit: - (mozyFilter) -- C:\Windows\SysNative\drivers\mozy.sys (Mozy, Inc.)
DRV:64bit: - (SbieDrv) -- C:\Program Files\Sandboxie\SbieDrv.sys (SANDBOXIE L.T.D)
DRV:64bit: - (MEMSWEEP2) -- C:\Windows\SysNative\7DDA.tmp (Sophos Plc)
DRV:64bit: - (androidusb) -- C:\Windows\SysNative\drivers\androidusb.sys (Google Inc)
DRV:64bit: - (SI3132) -- C:\Windows\SysNative\drivers\SI3132.sys (Silicon Image, Inc)
DRV:64bit: - (SiFilter) -- C:\Windows\SysNative\drivers\SiWinAcc.sys (Silicon Image, Inc)
DRV:64bit: - (SiRemFil) -- C:\Windows\SysNative\drivers\SiRemFil.sys (Silicon Image, Inc)
DRV:64bit: - (vmx86) -- C:\Windows\SysNative\drivers\vmx86.sys (VMware, Inc.)
DRV:64bit: - (vmkbd) -- C:\Windows\SysNative\drivers\VMkbd.sys (VMware, Inc.)
DRV:64bit: - (vmci) -- C:\Windows\SysNative\drivers\vmci.sys (VMware, Inc.)
DRV:64bit: - (VMnetuserif) -- C:\Windows\SysNative\drivers\vmnetuserif.sys (VMware, Inc.)
DRV:64bit: - (hcmon) -- C:\Windows\SysNative\drivers\hcmon.sys (VMware, Inc.)
DRV:64bit: - (VMnetBridge) -- C:\Windows\SysNative\drivers\vmnetbridge.sys (VMware, Inc.)
DRV:64bit: - (VMnetAdapter) -- C:\Windows\SysNative\drivers\vmnetadapter.sys (VMware, Inc.)
DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV:64bit: - (Lycosa) -- C:\Windows\SysNative\drivers\Lycosa.sys (Razer USA Ltd.)
DRV:64bit: - (hap17v2k) -- C:\Windows\SysNative\drivers\haP17v2k.sys (Creative Technology Ltd)
DRV:64bit: - (hap16v2k) -- C:\Windows\SysNative\drivers\haP16v2k.sys (Creative Technology Ltd)
DRV:64bit: - (ha10kx2k) -- C:\Windows\SysNative\drivers\ha10kx2k.sys (Creative Technology Ltd)
DRV:64bit: - (emupia) -- C:\Windows\SysNative\drivers\emupia2k.sys (Creative Technology Ltd)
DRV:64bit: - (ctsfm2k) -- C:\Windows\SysNative\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV:64bit: - (ctprxy2k) -- C:\Windows\SysNative\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV:64bit: - (ossrv) -- C:\Windows\SysNative\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV:64bit: - (ctaud2k) Creative Audio Driver (WDM) -- C:\Windows\SysNative\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV:64bit: - (ctac32k) -- C:\Windows\SysNative\drivers\ctac32k.sys (Creative Technology Ltd)
DRV:64bit: - (CTERFXFX.SYS) -- C:\Windows\SysNative\drivers\CTERFXFX.sys (Creative Technology Ltd)
DRV:64bit: - (CTERFXFX) -- C:\Windows\SysNative\drivers\CTERFXFX.sys (Creative Technology Ltd)
DRV:64bit: - (CTSBLFX.SYS) -- C:\Windows\SysNative\drivers\CTSBLFX.sys (Creative Technology Ltd)
DRV:64bit: - (CTSBLFX) -- C:\Windows\SysNative\drivers\CTSBLFX.sys (Creative Technology Ltd)
DRV:64bit: - (CTAUDFX.SYS) -- C:\Windows\SysNative\drivers\CTAUDFX.sys (Creative Technology Ltd)
DRV:64bit: - (CTAUDFX) -- C:\Windows\SysNative\drivers\CTAUDFX.sys (Creative Technology Ltd)
DRV:64bit: - (COMMONFX.SYS) -- C:\Windows\SysNative\drivers\COMMONFX.sys (Creative Technology Ltd)
DRV:64bit: - (COMMONFX) -- C:\Windows\SysNative\drivers\COMMONFX.sys (Creative Technology Ltd)
DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation)
DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation)
DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation)
DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation)
DRV:64bit: - (vncmirror) -- C:\Windows\SysNative\drivers\vncmirror.sys (RealVNC Ltd.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (vmbus) -- C:\Windows\SysNative\drivers\vmbus.sys (Microsoft Corporation)
DRV:64bit: - (storflt) -- C:\Windows\SysNative\drivers\vmstorfl.sys (Microsoft Corporation)
DRV:64bit: - (storvsc) -- C:\Windows\SysNative\drivers\storvsc.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (s3cap) -- C:\Windows\SysNative\drivers\vms3cap.sys (Microsoft Corporation)
DRV:64bit: - (VMBusHID) -- C:\Windows\SysNative\drivers\VMBusHID.sys (Microsoft Corporation)
DRV:64bit: - (CSC) -- C:\Windows\SysNative\drivers\csc.sys (Microsoft Corporation)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (L1E) -- C:\Windows\SysNative\drivers\L1E62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (DAdderFltr) -- C:\Windows\SysNative\drivers\dadder.sys (Razer (Asia-Pacific) Pte Ltd)
DRV:64bit: - (DUBE100B) -- C:\Windows\SysNative\drivers\DUBE100B.sys (D-Link Corporation)
DRV:64bit: - (MarvinBus) -- C:\Windows\SysNative\drivers\MarvinBus64.sys (Pinnacle Systems GmbH)
DRV - (adfs) -- C:\Windows\SysWow64\drivers\adfs.sys (Adobe Systems, Inc.)
DRV - (vstor2-ws60) -- C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys (VMware, Inc.)
DRV - (bmdrvr) -- C:\Windows\SysWOW64\drivers\bmdrvr.sys (VMware, Inc.)
DRV - (vstor2-mntapi10) -- C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vstor2-mntapi10.sys (VMware, Inc.)
DRV - (PzWDM) -- C:\Windows\system32\Drivers\PzWDM.sys (Prassi Technology)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D0 29 61 2F D0 EC CA 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:8118

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: P:\Communication\Mozilla\Firefox\components [2010/09/16 12:09:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: P:\Communication\Mozilla\Firefox\plugins [2010/09/16 12:09:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.4\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2010/09/17 02:41:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.4\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2010/09/07 17:35:04 | 000,000,000 | ---D | M] -- C:\Users\trinsic\AppData\Roaming\Mozilla\Extensions
[2009/12/09 22:01:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\trinsic\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/09/04 18:30:50 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/06/12 22:27:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/06/12 22:27:16 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/07/12 09:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll

O1 HOSTS File: ([2010/08/20 20:29:50 | 000,416,742 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14381 more lines...
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - No CLSID value found.
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll ()
O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:64bit: - HKLM..\Run: [AsioReg] File not found
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AsioThk32Reg] C:\Windows\SysWow64\ctasio.dll (Creative Technology Ltd)
O4 - HKLM..\Run: [CTHelper] C:\Windows\SysWow64\CtHelper.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DeathAdder] C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe ()
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [Lycosa] C:\Program Files (x86)\Razer\Lycosa\razerhid.exe (Razer USA Ltd.)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [SAOB Monitor] C:\Program Files (x86)\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [Turbo Key] C:\Program Files\ASUS\Turbo Key\TurboKey.exe ()
O4 - HKLM..\Run: [TurboV] C:\Program Files\ASUS\TurboV\TurboV.exe ()
O4 - HKLM..\Run: [vmware-tray] C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [DevconDefaultDB] C:\Windows\SysWow64\readreg.exe (Creative Technology Limited)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\SysWow64\StikyNot.exe File not found
O4 - HKCU..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [Steam] p:\games\valve\steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [SteamService] File not found
O4 - HKCU..\Run: [TrueCrypt] C:\Program Files (x86)\TrueCrypt\TrueCrypt.exe (TrueCrypt Foundation)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10i_Plugin.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\trinsic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Creative Element Power Tools Startup.lnk = C:\Program Files (x86)\Creative Element Power Tools\Startup.exe (Creative Element)
O4 - Startup: C:\Users\trinsic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FastStone Capture.lnk = C:\Program Files (x86)\FastStone Capture\FSCapture.exe (FastStone Soft)
O4 - Startup: C:\Users\trinsic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\slc-listen.lnk = P:\Communication\UltraVNC\vncviewer.exe (UltraVNC)
O4 - Startup: C:\Users\trinsic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\start-systemtrayicons.vbs - Shortcut.lnk = P:\Programs\betrayed\start-systemtrayicons.vbs ()
O4 - Startup: C:\Users\trinsic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\trinsic.kdbx - Shortcut.lnk = K:\keepass\database\trinsic.kdbx ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMorePrograms = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Download all by NetXfer - C:\Program Files (x86)\Xi\NetXfer\NXAddList.html ()
O8:64bit: - Extra context menu item: Download by NetXfer - C:\Program Files (x86)\Xi\NetXfer\NXAddLink.html ()
O8:64bit: - Extra context menu item: Download with GetRight Pro - C:\Program Files (x86)\GetRight\GRDownload.htm ()
O8:64bit: - Extra context menu item: Open with GetRight Pro Browser - C:\Program Files (x86)\GetRight\GRBrowse.htm ()
O8 - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Download all by NetXfer - C:\Program Files (x86)\Xi\NetXfer\NXAddList.html ()
O8 - Extra context menu item: Download by NetXfer - C:\Program Files (x86)\Xi\NetXfer\NXAddLink.html ()
O8 - Extra context menu item: Download with GetRight Pro - C:\Program Files (x86)\GetRight\GRDownload.htm ()
O8 - Extra context menu item: Open with GetRight Pro Browser - C:\Program Files (x86)\GetRight\GRBrowse.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} https://transfers.ds.microsoft.com/FTM/Tran...ransferCtrl.cab (DLC Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareup...15110/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - Reg Error: Key error. File not found
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll ()
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [1999/07/30 15:43:53 | 000,171,520 | R--- | M] (InterActual Technologies, Inc.) - E:\AUTOPLAY.EXE -- [ UDF ]
O32 - AutoRun File - [1999/06/29 16:46:24 | 000,000,085 | R--- | M] () - E:\AUTORUN.INF -- [ UDF ]
O33 - MountPoints2\{355d07f2-a168-11df-a684-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{355d07f2-a168-11df-a684-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AUTOPLAY.EXE id=10000017000015000002 ver=1.0.0.0 -- File not found
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\.\Bin\ASSETUP.exe -- File not found
O33 - MountPoints2\V\Shell - "" = AutoRun
O33 - MountPoints2\V\Shell\AutoRun\command - "" = V:\SETUP.EXE -- File not found
O33 - MountPoints2\V\Shell\configure\command - "" = V:\SETUP.EXE -- File not found
O33 - MountPoints2\V\Shell\install\command - "" = V:\SETUP.EXE -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/09/21 04:31:31 | 000,000,000 | ---D | C] -- C:\Users\trinsic\AppData\Roaming\.minecraft
[2010/09/21 03:31:31 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\sun
[2010/09/20 16:34:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DeltaCopy
[2010/09/20 16:33:52 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[2010/09/20 16:12:58 | 000,000,000 | ---D | C] -- C:\Users\trinsic\Desktop\Cleanup
[2010/09/20 16:01:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GTK
[2010/09/20 15:48:45 | 000,000,000 | ---D | C] -- C:\Users\trinsic\AppData\Roaming\.purple
[2010/09/20 15:48:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pidgin
[2010/09/20 15:33:00 | 000,000,000 | ---D | C] -- C:\Program Files\Allway Sync
[2010/09/15 17:20:25 | 000,000,000 | ---D | C] -- C:\Program Files\gmer
[2010/09/15 13:38:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010/09/15 13:38:23 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/09/15 13:38:23 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/09/15 13:38:23 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010/09/15 13:19:33 | 000,279,136 | ---- | C] (Acronis) -- C:\Windows\SysNative\drivers\afcdp.sys
[2010/09/15 13:19:33 | 000,000,000 | ---D | C] -- C:\Users\trinsic\AppData\Roaming\1BFC5A63-E618-49CC-83F0-D33C640B8655
[2010/09/15 13:19:30 | 000,970,336 | ---- | C] (Acronis) -- C:\Windows\SysNative\drivers\timntr.sys
[2010/09/15 03:00:41 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2010/09/15 03:00:28 | 002,441,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iertutil.dll
[2010/09/14 02:45:43 | 000,000,000 | ---D | C] -- C:\gsutil
[2010/09/13 14:00:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos
[2010/09/13 13:01:43 | 000,000,000 | ---D | C] -- S:\documents\Amnesia
[2010/09/09 14:46:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RAMMap
[2010/09/09 14:37:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Process Explorer
[2010/09/09 14:34:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Process Monitor
[2010/09/09 14:27:17 | 000,000,000 | ---D | C] -- S:\documents\PAL Reports
[2010/09/09 14:25:39 | 000,000,000 | ---D | C] -- C:\Program Files\PAL
[2010/09/09 14:24:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Chart Controls
[2010/09/06 12:16:06 | 000,000,000 | ---D | C] -- C:\Users\trinsic\AppData\Roaming\vlc
[2010/09/06 01:32:41 | 000,162,816 | ---- | C] (Firelight Technologies Pty, Ltd) -- C:\Windows\SysWow64\fmod.dll
[2010/09/05 20:42:10 | 000,000,000 | ---D | C] -- C:\Users\trinsic\AppData\Roaming\MovieManager
[2010/09/05 20:42:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MeDs-Movie-Manager
[2010/09/05 20:27:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\eXtreme Movie Manager 7
[2010/09/05 20:22:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DDB
[2010/09/05 20:22:17 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\Setup1.exe
[2010/09/05 20:22:15 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\ST6UNST.EXE
[2010/09/05 20:12:33 | 000,000,000 | ---D | C] -- C:\Users\trinsic\AppData\Local\Itai_Amir
[2010/09/05 20:10:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyFilms
[2010/09/05 19:49:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVD Profiler
[2010/09/05 19:32:02 | 000,000,000 | ---D | C] -- S:\documents\Personal Video Database
[2010/09/02 13:39:38 | 000,000,000 | ---D | C] -- C:\Windows\C5C1C0F0D62F4DBF81D4D7EF397C228B.TMP
[2010/09/02 13:34:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2010/08/30 11:23:01 | 000,000,000 | ---D | C] -- C:\Users\trinsic\AppData\Roaming\B6248549-761E-4A43-80CB-08753447FBCF
[2010/08/30 11:22:57 | 001,263,200 | ---- | C] (Acronis) -- C:\Windows\SysNative\drivers\tdrpm273.sys
[2010/08/26 22:33:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GMT
[2010/08/26 22:32:57 | 000,000,000 | ---D | C] -- C:\Users\trinsic\AppData\Roaming\inkscape
[2010/08/26 22:28:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Inkscape
[2010/08/26 22:05:10 | 000,000,000 | ---D | C] -- C:\Users\trinsic\AppData\Roaming\NASA
[2010/08/26 22:04:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NASA
[2010/08/25 23:03:04 | 000,066,040 | ---- | C] (Mozy, Inc.) -- C:\Windows\SysNative\drivers\mozy.sys
[2010/08/25 22:42:17 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010/02/12 17:53:20 | 000,121,344 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll
[2009/09/23 19:18:08 | 000,010,752 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll
[2008/08/14 08:21:12 | 000,086,920 | ---- | C] (Adobe Systems Incorporated) -- C:\ProgramData\adobetmp000123111
[6 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[5 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[2 C:\Users\trinsic\*.tmp files -> C:\Users\trinsic\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/09/24 12:10:01 | 013,893,632 | -HS- | M] () -- C:\Users\trinsic\NTUSER.DAT
[2010/09/24 12:02:50 | 000,000,177 | -H-- | M] () -- C:\dvmexp.idx
[2010/09/24 12:00:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/09/24 11:26:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1833628941-396891251-2531428009-1001UA.job
[2010/09/24 06:17:15 | 000,008,708 | ---- | M] () -- C:\Windows\mozy.blk
[2010/09/24 06:17:15 | 000,000,612 | ---- | M] () -- C:\Windows\mozy.flt
[2010/09/23 16:00:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/09/23 13:26:00 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1833628941-396891251-2531428009-1001Core.job
[2010/09/22 09:02:14 | 000,232,501 | ---- | M] () -- C:\Users\trinsic\Desktop\Minecraft.exe
[2010/09/21 03:38:54 | 000,152,080 | ---- | M] () -- C:\Users\trinsic\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/09/21 03:38:10 | 004,899,826 | -H-- | M] () -- C:\Users\trinsic\AppData\Local\IconCache.db
[2010/09/21 03:38:01 | 003,162,278 | ---- | M] () -- C:\Windows\{00000005-00000000-00000001-00001102-00000004-00531102}.CDF
[2010/09/21 03:38:01 | 003,162,278 | ---- | M] () -- C:\Windows\{00000005-00000000-00000001-00001102-00000004-00531102}.BAK
[2010/09/21 03:37:54 | 000,004,324 | ---- | M] () -- S:\documents\soundboard1.tnt
[2010/09/21 03:37:54 | 000,004,324 | ---- | M] () -- S:\documents\shell.sonic.net.tnt
[2010/09/21 03:36:09 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.2.lnk
[2010/09/21 01:52:19 | 140,467,400 | ---- | M] () -- C:\Users\trinsic\Desktop\OOo_3.2.1_Win_x86_install_en-US.exe
[2010/09/20 19:56:43 | 000,014,816 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/09/20 19:56:43 | 000,014,816 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/09/20 19:42:09 | 000,001,091 | ---- | M] () -- C:\Users\trinsic\Desktop\eXtreme Movie Manager.lnk
[2010/09/20 16:40:52 | 000,000,314 | ---- | M] () -- C:\Windows\tasks\Music.job
[2010/09/20 15:21:32 | 000,001,055 | ---- | M] () -- C:\Users\trinsic\Application Data\Microsoft\Internet Explorer\Quick Launch\Tag&Rename.lnk
[2010/09/19 12:43:23 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/09/19 12:43:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/09/19 12:42:01 | 000,033,208 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000005-00000000-00000001-00001102-00000004-00531102}.rfx
[2010/09/19 12:42:01 | 000,033,208 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000005-00000000-00000001-00001102-00000004-00531102}.rfx
[2010/09/19 12:42:01 | 000,027,408 | ---- | M] () -- C:\Windows\SysNative\BMXCtrlState-{00000005-00000000-00000001-00001102-00000004-00531102}.rfx
[2010/09/19 12:42:01 | 000,027,408 | ---- | M] () -- C:\Windows\SysNative\BMXBkpCtrlState-{00000005-00000000-00000001-00001102-00000004-00531102}.rfx
[2010/09/19 12:42:01 | 000,011,564 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000005-00000000-00000001-00001102-00000004-00531102}.rfx
[2010/09/18 17:31:21 | 000,001,524 | ---- | M] () -- C:\Windows\Sandboxie.ini
[2010/09/15 13:19:33 | 000,279,136 | ---- | M] (Acronis) -- C:\Windows\SysNative\drivers\afcdp.sys
[2010/09/15 13:19:31 | 001,263,200 | ---- | M] (Acronis) -- C:\Windows\SysNative\drivers\tdrpm273.sys
[2010/09/15 13:19:30 | 000,970,336 | ---- | M] (Acronis) -- C:\Windows\SysNative\drivers\timntr.sys
[2010/09/14 03:13:16 | 000,000,965 | ---- | M] () -- C:\Users\trinsic\Desktop\Cygwin.lnk
[2010/09/13 18:57:11 | 000,000,600 | ---- | M] () -- C:\Users\trinsic\AppData\Roaming\winscp.rnd
[2010/09/10 00:35:41 | 000,001,017 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Privoxy.lnk
[2010/09/09 17:06:02 | 000,145,485 | ---- | M] () -- S:\documents\stalker.timeline
[2010/09/09 17:06:00 | 000,000,303 | ---- | M] () -- C:\Users\trinsic\AppData\Roaming\.thetimelineproj.cfg
[2010/09/07 17:33:54 | 000,000,874 | ---- | M] () -- C:\Users\trinsic\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/09/06 01:39:47 | 000,162,816 | ---- | M] (Firelight Technologies Pty, Ltd) -- C:\Windows\SysWow64\fmod.dll
[2010/09/05 20:22:17 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\Setup1.exe
[2010/09/05 20:22:15 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\ST6UNST.EXE
[2010/09/02 20:51:53 | 000,000,098 | ---- | M] () -- C:\Users\trinsic\Desktop\Drink, Flamingo Lounge Santa Rosa Ca, Wine Country Entertainment.URL
[2010/09/02 20:51:36 | 000,000,073 | ---- | M] () -- C:\Users\trinsic\Desktop\Dance Halls - Dance Lessons - Sonoma County Entertainment.URL
[2010/09/02 20:51:31 | 000,000,158 | ---- | M] () -- C:\Users\trinsic\Desktop\Starlight Wine Bar and Restaurant - Sebastopol, CA.URL
[2010/08/30 22:19:12 | 002,441,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iertutil.dll
[2010/08/30 11:22:46 | 000,277,088 | ---- | M] (Acronis) -- C:\Windows\SysNative\drivers\snapman.sys
[2010/08/28 21:59:36 | 000,001,056 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2010/08/27 01:39:18 | 000,001,819 | ---- | M] () -- C:\Users\trinsic\.recently-used.xbel
[2010/08/26 22:31:57 | 000,001,039 | ---- | M] () -- C:\Users\trinsic\Application Data\Microsoft\Internet Explorer\Quick Launch\Inkscape.lnk
[2010/08/26 22:04:55 | 000,002,095 | ---- | M] () -- C:\Users\trinsic\Desktop\World Wind 1.4.lnk
[2010/08/26 21:20:41 | 000,000,975 | ---- | M] () -- C:\Users\trinsic\Application Data\Microsoft\Internet Explorer\Quick Launch\Torrent.lnk
[2010/08/26 20:00:14 | 000,722,040 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/08/26 20:00:14 | 000,622,302 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/08/26 20:00:14 | 000,106,132 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/08/25 23:41:30 | 000,001,334 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010/08/25 23:36:05 | 000,171,584 | ---- | M] () -- C:\Users\trinsic\Desktop\slc-support.zip
[2010/08/25 23:03:05 | 000,000,921 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MozyHome Status.lnk
[6 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[5 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[2 C:\Users\trinsic\*.tmp files -> C:\Users\trinsic\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/09/21 04:46:57 | 000,232,501 | ---- | C] () -- C:\Users\trinsic\Desktop\Minecraft.exe
[2010/09/21 03:36:09 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.2.lnk
[2010/09/21 01:34:42 | 140,467,400 | ---- | C] () -- C:\Users\trinsic\Desktop\OOo_3.2.1_Win_x86_install_en-US.exe
[2010/09/20 19:42:09 | 000,001,091 | ---- | C] () -- C:\Users\trinsic\Desktop\eXtreme Movie Manager.lnk
[2010/09/20 16:40:51 | 000,000,314 | ---- | C] () -- C:\Windows\tasks\Music.job
[2010/09/15 13:27:56 | 003,162,278 | ---- | C] () -- C:\Windows\{00000005-00000000-00000001-00001102-00000004-00531102}.BAK
[2010/09/14 03:04:38 | 000,000,965 | ---- | C] () -- C:\Users\trinsic\Desktop\Cygwin.lnk
[2010/09/07 17:33:54 | 000,000,874 | ---- | C] () -- C:\Users\trinsic\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/09/02 20:51:53 | 000,000,098 | ---- | C] () -- C:\Users\trinsic\Desktop\Drink, Flamingo Lounge Santa Rosa Ca, Wine Country Entertainment.URL
[2010/09/02 20:51:36 | 000,000,073 | ---- | C] () -- C:\Users\trinsic\Desktop\Dance Halls - Dance Lessons - Sonoma County Entertainment.URL
[2010/09/02 20:51:31 | 000,000,158 | ---- | C] () -- C:\Users\trinsic\Desktop\Starlight Wine Bar and Restaurant - Sebastopol, CA.URL
[2010/08/27 01:39:18 | 000,001,819 | ---- | C] () -- C:\Users\trinsic\.recently-used.xbel
[2010/08/26 22:31:57 | 000,001,039 | ---- | C] () -- C:\Users\trinsic\Application Data\Microsoft\Internet Explorer\Quick Launch\Inkscape.lnk
[2010/08/26 22:04:55 | 000,002,095 | ---- | C] () -- C:\Users\trinsic\Desktop\World Wind 1.4.lnk
[2010/08/25 23:39:01 | 000,001,334 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/08/25 23:36:05 | 000,171,584 | ---- | C] () -- C:\Users\trinsic\Desktop\slc-support.zip
[2010/08/25 23:03:05 | 000,000,921 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MozyHome Status.lnk
[2010/08/10 12:42:03 | 000,001,524 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2010/08/06 08:16:00 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2010/08/06 08:16:00 | 000,014,392 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2010/08/06 08:15:51 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2010/08/06 08:15:51 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2010/08/06 08:01:55 | 000,024,907 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2010/08/06 08:01:19 | 000,001,746 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010/08/06 08:00:54 | 000,024,907 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2010/07/05 19:31:19 | 000,000,303 | ---- | C] () -- C:\Users\trinsic\AppData\Roaming\.thetimelineproj.cfg
[2010/07/05 16:36:03 | 000,001,056 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010/07/05 16:36:03 | 000,000,088 | RHS- | C] () -- C:\ProgramData\E76A7B40A5.sys
[2010/06/22 03:16:22 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2010/06/22 02:00:02 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2010/04/02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010/04/01 12:35:11 | 000,003,192 | -HS- | C] () -- C:\Windows\SysWow64\KGyGaAvL.sys
[2010/04/01 12:35:11 | 000,000,008 | RHS- | C] () -- C:\Windows\SysWow64\BCC68786BD.sys
[2010/03/10 03:37:59 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2010/03/10 03:37:59 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2010/03/10 03:37:59 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2010/03/03 19:01:55 | 000,000,017 | ---- | C] () -- C:\Users\trinsic\AppData\Local\resmon.resmoncfg
[2010/02/14 12:17:52 | 000,007,680 | ---- | C] () -- C:\Users\trinsic\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/14 12:09:41 | 000,237,568 | R--- | C] () -- C:\Windows\SysWow64\qtmlClient.dll
[2010/02/14 12:09:41 | 000,000,000 | ---- | C] () -- C:\Windows\Graffiti5.2Pin.ini
[2009/12/24 05:08:40 | 000,000,075 | ---- | C] () -- C:\ProgramData\nvUnsupRes.dat
[2009/12/08 23:56:18 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2009/12/08 23:56:18 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2009/11/30 12:42:01 | 000,039,424 | ---- | C] () -- C:\Windows\SysWow64\rpiAccessProcess.dll
[2009/11/18 14:50:35 | 000,001,626 | ---- | C] () -- C:\ProgramData\afl.log
[2009/10/28 20:42:05 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2009/10/27 23:54:35 | 000,737,000 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/10/27 19:23:25 | 000,000,600 | ---- | C] () -- C:\Users\trinsic\AppData\Roaming\winscp.rnd
[2009/09/23 20:00:02 | 000,049,726 | ---- | C] () -- C:\Windows\SysWow64\instwdm.ini
[2009/09/23 19:19:34 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CTBurst.dll
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/23 12:29:48 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini
[2008/11/07 18:08:20 | 000,362,029 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll
[2008/02/08 18:13:44 | 000,319,488 | ---- | C] () -- C:\Windows\SysWow64\LS3Renderer.dll
[2007/12/28 00:22:02 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2007/08/13 21:45:02 | 000,077,824 | ---- | C] () -- C:\Windows\SysWow64\ctmmactl.dll
[2007/01/26 03:04:12 | 000,138,752 | ---- | C] () -- C:\Windows\SysWow64\mase32.dll
[2007/01/26 03:04:12 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\ma32.dll
[2006/10/02 18:25:18 | 000,000,307 | ---- | C] () -- C:\Windows\SysWow64\kill.ini
[2004/02/11 13:22:58 | 000,077,824 | ---- | C] () -- C:\Windows\SysWow64\CDVPreviewEx.dll

========== LOP Check ==========

[2010/09/21 04:32:32 | 000,000,000 | ---D | M] -- C:\Users\trinsic\AppData\Roaming\.minecraft
[2010/09/20 23:12:39 | 000,000,000 | ---D | M] -- C:\Users\trinsic\AppData\Roaming\.purple
[2010/09/15 13:19:33 | 000,000,000 | ---D | M] -- C:\Users\trinsic\AppData\Roaming\1BFC5A63-E618-49CC-83F0-D33C640B8655
[2010/09/21 00:48:22 | 000,000,000 | ---D | M] -- C:\Users\trinsic\AppData\Roaming\AbsoluteTelnet
[2009/11/03 13:45:12 | 000,000,000 | ---D | M] -- C:\Users\trinsic\AppData\Roaming\Acronis
[2010/07/06 20:32:11 | 000,000,000 | ---D | M] -- C:\Users\trinsic\AppData\Roaming\Amazon
[2010/08/30 11:23:01 | 000,000,000 | ---D | M] -- C:\Users\trinsic\AppData\Roaming\B6248549-761E-4A43-80CB-08753447FBCF
[2010/08/04 13:36:15 | 000,000,000 | ---D | M] -- C:\Users\trinsic\AppData\Roaming\Basilisk Games
[2010/04/01 13:24:06 | 000,000,000 | ---D | M] -- C:\Users\trinsic\AppData\Roaming\BeTrayed
[2010/01/04 22:16:40 | 000,000,000 | ---D | M] -- C:\Users\trinsic\AppData\Roaming\Bioshock
[2010/07/29 06:58:08 | 000,000,000 | ---D | M] -- C:\Users\trinsic\AppData\Roaming\Blender Foundation
[2010/01/12 23:53:15 | 000,000,000 | ---D | M] -- C:\Users\trinsic\AppData\Roaming\BOXEE
[2010/01/29 02:13:08 | 000,000,000 | ---D | M] -- C:\Users\trinsic\AppData\Roaming\Braid
[2009/10/30 14:08:49 | 000,000,000 | ---D | M] -- C:\Users\trinsic\AppData\Roaming\Broad Intelligence
[2010/07/07 11:18:05 | 000,000,000 | ---D | M] -- C:\Users\trinsic\AppData\Roaming\ConceptDraw MINDMAP
[2010/07/07 11:10:28 | 000,000,000 | ---D | M] -- C:\Users\trinsic\AppData\Roaming\ConceptDraw MindMap 6
[2010/07/05 18:44:40 | 000,000,000 | ---D | M] -- C:\Users\trinsic\AppData\Roaming\ConceptDraw Project 5
[2010/09/04 11:56:50 | 000,000,000 | ---D | M] -- C:\Users\trinsic\AppData\Roaming\CoreFTP
[2010/07/07 11:18:06 | 000,000,000 | ---D | M] -- C:\Users\trinsic\AppData\Roaming\CS Odessa
[2010/07/07 11:33:22 | 000,000,000 | ---D | M] -- C:\Users\trinsic\AppData\Roaming\CSOdessa
[2009/11/04 11:54:13 | 000,000,000 | ---D | M] -- C:\Users\trinsic\AppData\Roaming\EurekaLog
[2010/09/22 09:04:46 | 000,000,000 | ---D | M] -- C:\Users\trinsic\AppData\Roaming\GetRight Pro
[2010/03/04 07:38:00 | 000,000,000 | ---D | M] -- C:\Users\trinsic\AppData\Roaming\GetRightToGo
[2010/08/23 17:54:43 | 000,000,000 | ---D | M] -- C:\Users\trinsic\AppData\Roaming\GrabPro
[2010/04/06 01:54:40 | 000,000,000 | ---D | M] -- C:\Users\trinsic\AppData\Roaming\Hide IP NG
[2009/11/17 15:57:51 | 000,000,000 | ---D | M] -- C:\Users\trinsic\AppData\Roaming\HotzAdam
[2010/08/26 22:32:58 | 000,000,000 | ---D | M] -- C:\Users\trinsic\AppData\Roaming\inkscape
[2009/10/28 00:54:54 | 000,000,000 | ---D | M] -- C:\Users\trinsic\AppData\Roaming\JAM Software
[2010/09/21 03:37:59 | 000,000,000 | ---D | M] -- C:\Users\trinsic\AppData\Roaming\KeePass
[2010/07/16 02:26:06 | 000,000,000 | ---D | M] -- C:\Users\trinsic\AppData\Roaming\King Stairs
[2010/06/26 16:20:09 | 000,000,000 | ---D | M] -- C:\Users\trinsic\AppData\Roaming\Mount&Blade Warband
[2010/09/05 20:42:37 | 000,000,000 | ---D | M] -- C:\Users\trinsic\AppData\Roaming\MovieManager
[2010/08/26 22:05:10 | 000,000,000 | ---D | M] -- C:\Users\trinsic\AppData\Roaming\NASA
[2010/08/04 01:21:38 | 000,000,000 | ---D | M] -- C:\Users\trinsic\AppData\Roaming\NetMedia Providers
[2010/08/16 21:58:24 | 000,000,000 | ---D | M] -- C:\Users\trinsic\AppData\Roaming\OneSwarm
[2009/10/28 14:13:40 | 000,000,000 | ---D | M] -- C:\Users\trinsic\AppData\Roaming\OpenOffice.org
[2010/09/15 13:51:56 | 000,000,000 | ---D | M] -- C:\Users\trinsic\AppData\Roaming\Orbit
[2010/07/15 23:26:54 | 000,000,000 | ---D | M] -- C:\Users\trinsic\AppData\Roaming\PhatWare
[2009/11/16 22:22:59 | 000,000,000 | ---D | M] -- C:\Users\trinsic\AppData\Roaming\PhraseExpress
[2010/02/14 12:10:10 | 000,000,000 | ---D | M] -- C:\Users\trinsic\AppData\Roaming\proDAD
[2010/07/05 16:36:11 | 000,000,000 | ---D | M] -- C:\Users\trinsic\AppData\Roaming\Progeny
[2010/08/17 19:53:39 | 000,000,000 | ---D | M] -- C:\Users\trinsic\AppData\Roaming\ProgSense
[2010/08/04 01:21:38 | 000,000,000 | ---D | M] -- C:\Users\trinsic\AppData\Roaming\Publish Providers
[2009/11/23 12:57:10 | 000,000,000 | ---D | M] -- C:\Users\trinsic\AppData\Roaming\Razer
[2010/07/16 13:03:49 | 000,000,000 | ---D | M] -- C:\Users\trinsic\AppData\Roaming\RightNote
[2010/03/25 23:04:31 | 000,000,000 | ---D | M] -- C:\Users\trinsic\AppData\Roaming\runic games
[2010/05/17 23:54:11 | 000,000,000 | ---D | M] -- C:\Users\trinsic\AppData\Roaming\Smart Mod Manager
[2010/02/23 19:55:28 | 000,000,000 | ---D | M] -- C:\Users\trinsic\AppData\Roaming\Snippage.B28FB424FD6880E47B18D7D649F6CC93BDE9B29B.1
[2010/08/10 12:46:10 | 000,000,000 | ---D | M] -- C:\Users\trinsic\AppData\Roaming\Sony
[2009/11/04 03:25:13 | 000,000,000 | ---D | M] -- C:\Users\trinsic\AppData\Roaming\Sync App Settings
[2010/02/17 14:56:16 | 000,000,000 | ---D | M] -- C:\Users\trinsic\AppData\Roaming\TeamViewer
[2009/12/09 22:01:00 | 000,000,000 | ---D | M] -- C:\Users\trinsic\AppData\Roaming\Thunderbird
[2009/10/28 13:08:08 | 000,000,000 | ---D | M] -- C:\Users\trinsic\AppData\Roaming\Trillian
[2010/06/29 01:24:52 | 000,000,000 | ---D | M] -- C:\Users\trinsic\AppData\Roaming\Tropico 3
[2009/10/28 00:29:47 | 000,000,000 | ---D | M] -- C:\Users\trinsic\AppData\Roaming\TrueCrypt
[2010/07/19 21:44:35 | 000,000,000 | ---D | M] -- C:\Users\trinsic\AppData\Roaming\Unity
[2009/11/19 13:06:09 | 000,000,000 | ---D | M] -- C:\Users\trinsic\AppData\Roaming\URSoft
[2010/09/24 12:10:24 | 000,000,000 | ---D | M] -- C:\Users\trinsic\AppData\Roaming\uTorrent
[2010/07/30 21:30:23 | 000,000,000 | ---D | M] -- C:\Users\trinsic\AppData\Roaming\X-Chat 2
[2010/02/28 14:44:46 | 000,000,000 | ---D | M] -- C:\Users\trinsic\AppData\Roaming\Xi
[2010/09/11 02:59:36 | 000,000,000 | ---D | M] -- C:\Users\trinsic\AppData\Roaming\XnViewMP
[2010/06/13 16:25:51 | 000,000,000 | ---D | M] -- C:\Users\trinsic\AppData\Roaming\XRay Engine
[2010/01/22 01:49:38 | 000,000,000 | ---D | M] -- C:\Users\trinsic\AppData\Roaming\ZombieDriver
[2010/09/20 16:40:52 | 000,000,314 | ---- | M] () -- C:\Windows\Tasks\Music.job
[2009/07/13 22:08:49 | 000,032,176 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 172 bytes -> C:\ProgramData\TEMP:1493A0EF
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:DE406C3E
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:0A26B6B7
< End of report >



Attached Files



#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:21 PM

Posted 28 September 2010 - 05:58 PM

Just Firefox, then we should first check for the browser's usual hijacker

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

Posted Image
m0le is a proud member of UNITE

#5 trinsic

trinsic
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:05:21 PM

Posted 30 September 2010 - 06:59 PM

GooredFix by jpshortstuff (03.07.10.1)
Log created at 16:58 on 30/09/2010 (trinsic)
Firefox version 3.6.10 (en-US)

========== GooredScan ==========


========== GooredLog ==========

C:\Program Files (x86)\Mozilla Firefox\extensions\
{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} [21:18 28/10/2009]
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [05:27 13/06/2010]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
(none)

---------- Old Logs ----------
GooredFix[23.57.25_30-09-2010].txt

-=E.O.F=-

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:21 PM

Posted 30 September 2010 - 07:07 PM

Please run the two following programs to check for current rootkit threats

Please download MBRCheck to your desktop.

1. Double click MBRCheck.exe to run it (Right click and run as Administrator for Vista).
2. It will open a black window, please do not fix anything (if it gives you an option).
3. Exit that window and it will produce a log (MBRCheck_date_time).
4. Please post that log when you reply.


And
  • Download TDSSKiller and save it to your Desktop.

  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.

  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l report.txt

  • Now click Start Scan.
  • If Malicious objects are found, ensure Cure is selected then click Continue > Reboot now.
  • Click Close
  • Finally press Report and copy and paste the contents into your next reply. If you've rebooted then the log will be found at C:\


Finally, please rerun GooredFix and post the log
Posted Image
m0le is a proud member of UNITE

#7 trinsic

trinsic
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:05:21 PM

Posted 30 September 2010 - 07:55 PM

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows 7 Ultimate Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: ASUSTeK Computer INC.
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: System manufacturer
System Product Name: System Product Name
Logical Drives Mask: 0x0295941c

Kernel Drivers (total 196):
0x03405000 \SystemRoot\system32\ntoskrnl.exe
0x039E1000 \SystemRoot\system32\hal.dll
0x00BD4000 \SystemRoot\system32\kdcom.dll
0x00C9B000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00CDF000 \SystemRoot\system32\PSHED.dll
0x00CF3000 \SystemRoot\system32\CLFS.SYS
0x00EB6000 \SystemRoot\system32\CI.dll
0x00E00000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00EA4000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00F76000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00FCD000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00FD6000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00D51000 \SystemRoot\system32\DRIVERS\pci.sys
0x00FE0000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00D84000 \SystemRoot\System32\drivers\partmgr.sys
0x00D99000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00C00000 \SystemRoot\System32\drivers\volmgrx.sys
0x00FED000 \SystemRoot\system32\DRIVERS\pciide.sys
0x00C5C000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x00C6C000 \SystemRoot\System32\drivers\mountmgr.sys
0x00FF4000 \SystemRoot\system32\DRIVERS\atapi.sys
0x00DAE000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x010EF000 \SystemRoot\system32\DRIVERS\nvstor.sys
0x0111A000 \SystemRoot\system32\DRIVERS\storport.sys
0x0117C000 \SystemRoot\system32\DRIVERS\SI3132.sys
0x01196000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
0x011C5000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x01000000 \SystemRoot\system32\drivers\fltmgr.sys
0x0104C000 \SystemRoot\system32\drivers\fileinfo.sys
0x01060000 \SystemRoot\system32\DRIVERS\SiWinAcc.sys
0x01069000 \SystemRoot\System32\Drivers\PxHlpa64.sys
0x01223000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01075000 \SystemRoot\System32\Drivers\msrpc.sys
0x013C6000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01437000 \SystemRoot\System32\Drivers\cng.sys
0x014AA000 \SystemRoot\System32\drivers\pcw.sys
0x014BB000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x014C5000 \SystemRoot\system32\drivers\ndis.sys
0x016C6000 \SystemRoot\system32\drivers\NETIO.SYS
0x01726000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01800000 \SystemRoot\System32\drivers\tcpip.sys
0x01751000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01A76000 \SystemRoot\system32\DRIVERS\timntr.sys
0x01B66000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x01B76000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x01CA2000 \SystemRoot\system32\DRIVERS\tdrpm273.sys
0x01DD9000 \SystemRoot\System32\Drivers\spldr.sys
0x01C00000 \SystemRoot\system32\DRIVERS\snapman.sys
0x01C46000 \SystemRoot\system32\DRIVERS\SiRemFil.sys
0x01C4E000 \SystemRoot\system32\DRIVERS\sbp2port.sys
0x01BC2000 \SystemRoot\System32\drivers\rdyboost.sys
0x01C6B000 \SystemRoot\System32\Drivers\mup.sys
0x01C7D000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01A00000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01C86000 \SystemRoot\system32\DRIVERS\disk.sys
0x01A3A000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x017AE000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x017D8000 \SystemRoot\system32\DRIVERS\mozy.sys
0x017EE000 \SystemRoot\System32\Drivers\Null.SYS
0x017F7000 \SystemRoot\System32\Drivers\Beep.SYS
0x01600000 \SystemRoot\System32\drivers\vga.sys
0x0160E000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x01633000 \SystemRoot\System32\drivers\watchdog.sys
0x01643000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x0164C000 \SystemRoot\system32\drivers\rdpencdd.sys
0x01655000 \SystemRoot\system32\drivers\rdprefmp.sys
0x0165E000 \SystemRoot\System32\Drivers\Msfs.SYS
0x01669000 \SystemRoot\System32\Drivers\Npfs.SYS
0x0167A000 \SystemRoot\system32\DRIVERS\tdx.sys
0x01698000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x03095000 \SystemRoot\system32\drivers\afd.sys
0x0311F000 \SystemRoot\System32\DRIVERS\netbt.sys
0x03164000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x0316F000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x03178000 \SystemRoot\system32\DRIVERS\pacer.sys
0x0319E000 \SystemRoot\system32\DRIVERS\vpcnfltr.sys
0x031B2000 \SystemRoot\system32\DRIVERS\netbios.sys
0x031C1000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x03000000 \SystemRoot\system32\drivers\vpcvmm.sys
0x015B7000 \SystemRoot\SysWOW64\drivers\truecrypt.sys
0x03057000 \SystemRoot\system32\DRIVERS\termdd.sys
0x0306B000 \SystemRoot\System32\Drivers\SCDEmu.SYS
0x040A4000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x040F5000 \SystemRoot\system32\drivers\nsiproxy.sys
0x04101000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x0410C000 \SystemRoot\System32\drivers\discache.sys
0x0411B000 \SystemRoot\system32\drivers\csc.sys
0x0419E000 \SystemRoot\System32\Drivers\dfsc.sys
0x041BC000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x041CD000 \SystemRoot\SysWow64\drivers\AsIO.sys
0x041D4000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x04000000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x10204000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x10E96000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x10E98000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x10F8C000 \SystemRoot\System32\drivers\dxgmms1.sys
0x10FD2000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x04016000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x10FDF000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x0406C000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x046C1000 \SystemRoot\system32\DRIVERS\1394ohci.sys
0x04711000 \SystemRoot\system32\drivers\ctaud2k.sys
0x04600000 \SystemRoot\system32\drivers\portcls.sys
0x0463D000 \SystemRoot\system32\drivers\drmk.sys
0x0465F000 \SystemRoot\system32\drivers\ks.sys
0x04CE0000 \SystemRoot\system32\drivers\ctoss2k.sys
0x04D1B000 \SystemRoot\system32\drivers\ctprxy2k.sys
0x04D23000 \SystemRoot\system32\drivers\ksthunk.sys
0x04D29000 \SystemRoot\system32\DRIVERS\ASACPI.sys
0x04D31000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x04D41000 \SystemRoot\system32\DRIVERS\vncmirror.sys
0x04D48000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x04D5E000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x04D82000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x04D8E000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x04DBD000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x04DD8000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x04C00000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x04C1A000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x04C25000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x04C34000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x04C43000 \SystemRoot\system32\DRIVERS\swenum.sys
0x04C45000 \SystemRoot\system32\DRIVERS\MarvinBus64.sys
0x04C89000 \SystemRoot\system32\DRIVERS\umbus.sys
0x04C9B000 \SystemRoot\system32\DRIVERS\vpcusb.sys
0x04CB8000 \SystemRoot\system32\DRIVERS\usbrpm.sys
0x04CC7000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x04CC9000 \SystemRoot\system32\DRIVERS\vmnetadapter.sys
0x04CD1000 \SystemRoot\system32\DRIVERS\VMNET.SYS
0x0502C000 \SystemRoot\system32\DRIVERS\vpchbus.sys
0x05068000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x0640F000 \SystemRoot\system32\drivers\ha10kx2k.sys
0x050C2000 \SystemRoot\system32\drivers\emupia2k.sys
0x065C8000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x05114000 \SystemRoot\system32\drivers\ctsfm2k.sys
0x06820000 \SystemRoot\system32\drivers\ctac32k.sys
0x068CE000 \SystemRoot\System32\drivers\COMMONFX.SYS
0x068F9000 \SystemRoot\System32\drivers\CTAUDFX.SYS
0x06ABF000 \SystemRoot\System32\drivers\CTSBLFX.SYS
0x06E19000 \SystemRoot\system32\drivers\viahduaa.sys
0x06FC7000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x06FE4000 \SystemRoot\system32\drivers\Lycosa.sys
0x06B6A000 \SystemRoot\system32\DRIVERS\udfs.sys
0x06FE9000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x06E00000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x06FF7000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x06BBE000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x06BCC000 \??\C:\Windows\system32\drivers\VMkbd.sys
0x06BD7000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x06BF2000 \SystemRoot\system32\drivers\dadder.sys
0x06A00000 \SystemRoot\system32\DRIVERS\usbprint.sys
0x06A0C000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x00060000 \SystemRoot\System32\win32k.sys
0x06A19000 \SystemRoot\System32\drivers\Dxapi.sys
0x06A25000 \SystemRoot\System32\Drivers\crashdmp.sys
0x06A33000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x06A3F000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x06A48000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x00560000 \SystemRoot\System32\TSDDD.dll
0x006C0000 \SystemRoot\System32\cdd.dll
0x00810000 \SystemRoot\System32\ATMFD.DLL
0x06A69000 \SystemRoot\system32\drivers\luafv.sys
0x06A8C000 \SystemRoot\system32\drivers\WudfPf.sys
0x069A9000 \??\C:\Program Files\Sandboxie\SbieDrv.sys
0x06AAD000 \SystemRoot\system32\DRIVERS\vmnetbridge.sys
0x069D0000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x069E5000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x09AB1000 \SystemRoot\system32\drivers\HTTP.sys
0x09B79000 \SystemRoot\system32\DRIVERS\bowser.sys
0x09B97000 \SystemRoot\System32\Drivers\fastfat.SYS
0x09BCD000 \SystemRoot\System32\drivers\mpsdrv.sys
0x09A00000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x09A2D000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x09A7B000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x09A9E000 \??\C:\Windows\system32\drivers\hcmon.sys
0x09BE5000 \??\C:\Windows\system32\drivers\vmci.sys
0x0A01F000 \??\C:\Windows\system32\drivers\vmx86.sys
0x0A0F5000 \SystemRoot\System32\Drivers\adfs.SYS
0x0A10D000 \SystemRoot\system32\drivers\peauth.sys
0x0A1B3000 \SystemRoot\System32\Drivers\secdrv.SYS
0x0A1BE000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x0A1EB000 \SystemRoot\System32\drivers\tcpipreg.sys
0x0A000000 \??\C:\Windows\system32\drivers\vmnetuserif.sys
0x0515E000 \SystemRoot\system32\DRIVERS\afcdp.sys
0x0A00A000 \??\C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vstor2-mntapi10.sys
0x06800000 \??\C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys
0x0CAFF000 \SystemRoot\System32\DRIVERS\srv2.sys
0x0CB67000 \SystemRoot\System32\DRIVERS\srv.sys
0x0CA93000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x0CA71000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x0CA7C000 \SystemRoot\system32\DRIVERS\monitor.sys
0x0CAC4000 \SystemRoot\system32\DRIVERS\L1E62x64.sys
0x76ED0000 \Windows\System32\ntdll.dll
0x47930000 \Windows\System32\smss.exe
0xFF1F0000 \Windows\System32\apisetschema.dll
0xFF310000 \Windows\System32\autochk.exe

Processes (total 113):
0 System Idle Process
4 System
696 C:\Windows\System32\smss.exe
872 csrss.exe
1232 C:\Windows\System32\wininit.exe
1252 csrss.exe
1296 C:\Windows\System32\winlogon.exe
1340 C:\Windows\System32\services.exe
1368 C:\Windows\System32\lsass.exe
1376 C:\Windows\System32\lsm.exe
1500 C:\Windows\System32\svchost.exe
1564 C:\Windows\System32\nvvsvc.exe
1608 C:\Windows\System32\svchost.exe
1700 C:\Windows\System32\svchost.exe
1732 C:\Windows\System32\svchost.exe
1768 C:\Windows\System32\svchost.exe
1864 C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
1916 C:\Windows\System32\svchost.exe
1992 C:\Program Files\Sandboxie\SbieSvc.exe
1188 C:\Windows\System32\svchost.exe
1172 C:\Windows\System32\nvvsvc.exe
2064 C:\Windows\System32\spoolsv.exe
2092 C:\Windows\System32\svchost.exe
2364 C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
2404 C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
2468 C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
2520 C:\Program Files (x86)\DeltaCopy\DCServce.exe
2688 C:\ASUS.SYS\config\DVMExportService.exe
2716 C:\Windows\System32\svchost.exe
2760 C:\Program Files (x86)\DeltaCopy\rsync.exe
2956 C:\Windows\System32\conhost.exe
3008 C:\Program Files\MozyHome\mozybackup.exe
2184 C:\Windows\SysWOW64\PnkBstrA.exe
2260 C:\Windows\SysWOW64\PnkBstrB.exe
2448 C:\Program Files (x86)\Common Files\Protexis\License Service\PSIService.exe
2544 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
2812 C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
2732 C:\Program Files\MozyHome\mozybackup.exe
2228 C:\Windows\System32\taskhost.exe
3036 C:\Program Files\MozyHome\mozybackup.exe
3200 C:\Windows\SysWOW64\vmnat.exe
3312 C:\Windows\System32\dwm.exe
3336 C:\Windows\explorer.exe
3484 C:\Program Files (x86)\TrueCrypt\TrueCrypt.exe
3504 C:\Windows\System32\regsvr32.exe
3512 C:\Windows\SysWOW64\regsvr32.exe
3588 C:\Users\trinsic\AppData\Local\Google\Update\1.2.183.29\GoogleCrashHandler.exe
3652 C:\Windows\System32\StikyNot.exe
3664 P:\games\valve\steam\Steam.exe
3672 C:\Program Files\Sandboxie\SbieCtrl.exe
3792 C:\Program Files\MozyHome\mozystat.exe
3824 C:\Program Files (x86)\Privoxy\privoxy.exe
3848 C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
3860 C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
3868 C:\Program Files (x86)\Winamp\winampa.exe
3880 C:\Program Files (x86)\Razer\Lycosa\razerhid.exe
3904 C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
3960 C:\Program Files\ASUS\TurboV\TurboV.exe
3976 C:\Program Files\ASUS\Turbo Key\TurboKey.exe
4004 C:\Program Files (x86)\Razer\DeathAdder\razertra.exe
4024 C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
4068 C:\Program Files (x86)\FastStone Capture\FSCapture.exe
3184 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
2312 C:\Program Files (x86)\Razer\Lycosa\razertra.exe
3400 P:\Communication\UltraVNC\vncviewer.exe
3540 C:\Program Files (x86)\Razer\DeathAdder\razerofa.exe
1132 C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe
4400 P:\Programs\betrayed\BeTrayed.exe
4592 C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe
4344 C:\Program Files\RealVNC\VNC4\winvnc4.exe
3348 C:\Program Files\RealVNC\VNC4\winvnc4.exe
4472 C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
4760 C:\Windows\SysWOW64\vmnetdhcp.exe
5104 C:\Windows\System32\SearchIndexer.exe
5508 C:\Windows\System32\svchost.exe
5540 C:\Windows\System32\svchost.exe
6100 C:\Windows\System32\mobsync.exe
5076 WUDFHost.exe
1492 C:\Windows\System32\svchost.exe
2660 C:\Program Files (x86)\AbsoluteTelnet\Program\AbsoluteTelnet.exe
6032 C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
4944 P:\graphics\adobe\Acrobat 9.0\Acrobat\acrotray.exe
6092 C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
5896 C:\Windows\System32\audiodg.exe
2980 C:\Windows\splwow64.exe
1116 C:\Windows\System32\taskhost.exe
5604 C:\Program Files (x86)\Altap Salamander 2.5\salamand.exe
9528 C:\Windows\explorer.exe
9984 C:\Program Files (x86)\Last.fm\LastFM.exe
2608 C:\Program Files (x86)\OpenOffice.org 3\program\swriter.exe
4516 C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
9524 C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
10032 C:\Program Files\Ventrilo\Ventrilo.exe
8420 C:\Windows\servicing\TrustedInstaller.exe
8800 C:\Program Files (x86)\TeamViewer\Version5\TeamViewer.exe
9520 C:\Windows\explorer.exe
7344 C:\Program Files (x86)\eXtreme Movie Manager 7\eXtreme Movie Manager.exe
5160 C:\Windows\System32\VSSVC.exe
9764 C:\Windows\System32\svchost.exe
2216 TrueImageHomeNotify.exe
9472 TrueImageHomeService.exe
8064 C:\Windows\System32\wuauclt.exe
8760 C:\Users\trinsic\AppData\Local\Google\Chrome\Application\chrome.exe
1760 C:\Users\trinsic\AppData\Local\Google\Chrome\Application\chrome.exe
7404 C:\Users\trinsic\AppData\Local\Google\Chrome\Application\chrome.exe
8096 C:\Users\trinsic\AppData\Local\Google\Chrome\Application\chrome.exe
6036 C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
6480 C:\Users\trinsic\AppData\Local\Google\Chrome\Application\chrome.exe
10836 C:\Windows\System32\SearchProtocolHost.exe
8708 C:\Windows\System32\SearchFilterHost.exe
7048 C:\Users\trinsic\Desktop\MBRCheck.exe
3952 C:\Windows\System32\conhost.exe
10420 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive2 at offset 0x00000008`45f24800 (NTFS)
\\.\D: --> \\.\PhysicalDrive2 at offset 0x00000000`45211800 (NTFS)
\\.\M: --> \\.\PhysicalDrive3 at offset 0x00000000`007e0e00 (NTFS)
\\.\P: --> \\.\PhysicalDrive1 at offset 0x00000000`00200000 (NTFS)
\\.\Q: --> \\.\PhysicalDrive0 at offset 0x00000000`007e0000 (NTFS)
\\.\S: --> error 1
\\.\X: --> error 1

PhysicalDrive2 Model Number: WDCWD2500YD-01NVB1, Rev: 10.02E01
PhysicalDrive3 Model Number: MaxtorOneTouch, Rev: 0121
PhysicalDrive1 Model Number: WDCWD5000AAKS-00V1A0, Rev: 05.01D05
PhysicalDrive0 Model Number: WDCWD1001FALS-00J7B0, Rev: 05.00K05

Size Device Name MBR Status
--------------------------------------------
233 GB \\.\PhysicalDrive2 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
698 GB \\.\PhysicalDrive3 Unknown MBR code
SHA1: CEECB0630DEB98A912C967BD5561D0F2BFE7D8C6
465 GB \\.\PhysicalDrive1 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
931 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: A2807BA7FD4C206EFECA81EE5D8474BD4DCD1035


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

2010/09/30 17:53:31.0124 TDSS rootkit removing tool 2.4.3.0 Sep 27 2010 15:28:54
2010/09/30 17:53:31.0124 ================================================================================
2010/09/30 17:53:31.0124 SystemInfo:
2010/09/30 17:53:31.0124
2010/09/30 17:53:31.0124 OS Version: 6.1.7600 ServicePack: 0.0
2010/09/30 17:53:31.0124 Product type: Workstation
2010/09/30 17:53:31.0124 ComputerName: MIKEY7
2010/09/30 17:53:31.0125 UserName: trinsic
2010/09/30 17:53:31.0125 Windows directory: C:\Windows
2010/09/30 17:53:31.0125 System windows directory: C:\Windows
2010/09/30 17:53:31.0125 Running under WOW64
2010/09/30 17:53:31.0125 Processor architecture: Intel x64
2010/09/30 17:53:31.0125 Number of processors: 4
2010/09/30 17:53:31.0125 Page size: 0x1000
2010/09/30 17:53:31.0125 Boot type: Normal boot
2010/09/30 17:53:31.0125 ================================================================================
2010/09/30 17:53:31.0125 Utility is running under WOW64
2010/09/30 17:53:31.0445 Initialize success
2010/09/30 17:53:49.0635 ================================================================================
2010/09/30 17:53:49.0635 Scan started
2010/09/30 17:53:49.0635 Mode: Manual;
2010/09/30 17:53:49.0635 ================================================================================
2010/09/30 17:53:50.0286 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
2010/09/30 17:53:50.0327 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
2010/09/30 17:53:50.0364 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2010/09/30 17:53:50.0429 adfs (d44bcaf639e4e45307c2bc80715273d5) C:\Windows\system32\drivers\adfs.sys
2010/09/30 17:53:50.0500 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2010/09/30 17:53:50.0544 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2010/09/30 17:53:50.0572 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2010/09/30 17:53:50.0622 afcdp (3cb8a6bb25eb8b8d5e56123b52df9412) C:\Windows\system32\DRIVERS\afcdp.sys
2010/09/30 17:53:50.0671 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
2010/09/30 17:53:50.0709 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2010/09/30 17:53:50.0739 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2010/09/30 17:53:50.0764 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2010/09/30 17:53:50.0784 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2010/09/30 17:53:50.0809 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2010/09/30 17:53:50.0829 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
2010/09/30 17:53:50.0868 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2010/09/30 17:53:50.0896 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
2010/09/30 17:53:50.0944 androidusb (363571bc0c79e394e69300d1f2e3ddae) C:\Windows\system32\Drivers\androidusb.sys
2010/09/30 17:53:50.0970 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2010/09/30 17:53:51.0014 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2010/09/30 17:53:51.0035 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2010/09/30 17:53:51.0086 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/09/30 17:53:51.0109 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2010/09/30 17:53:51.0162 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2010/09/30 17:53:51.0220 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2010/09/30 17:53:51.0355 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2010/09/30 17:53:51.0406 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2010/09/30 17:53:51.0506 bmdrvr (4d6eee6f8dde33ac7818308335175385) C:\Windows\SysWOW64\drivers\bmdrvr.sys
2010/09/30 17:53:51.0526 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
2010/09/30 17:53:51.0563 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2010/09/30 17:53:51.0586 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2010/09/30 17:53:51.0622 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2010/09/30 17:53:51.0652 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2010/09/30 17:53:51.0670 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2010/09/30 17:53:51.0694 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2010/09/30 17:53:51.0715 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2010/09/30 17:53:51.0751 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2010/09/30 17:53:51.0785 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2010/09/30 17:53:51.0810 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2010/09/30 17:53:51.0856 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2010/09/30 17:53:51.0915 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/09/30 17:53:51.0938 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2010/09/30 17:53:51.0971 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2010/09/30 17:53:52.0026 COMMONFX (e4f52789e108954a0530f87a2bd06dfc) C:\Windows\system32\drivers\COMMONFX.SYS
2010/09/30 17:53:52.0056 COMMONFX.SYS (e4f52789e108954a0530f87a2bd06dfc) C:\Windows\System32\drivers\COMMONFX.SYS
2010/09/30 17:53:52.0110 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2010/09/30 17:53:52.0155 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2010/09/30 17:53:52.0215 cpuz132 (c9c25778efe890baa4087e32937016a0) C:\Windows\system32\drivers\cpuz132_x64.sys
2010/09/30 17:53:52.0243 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2010/09/30 17:53:52.0510 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
2010/09/30 17:53:52.0591 ctac32k (73c9714d14eb8f64cdf856def2c7305c) C:\Windows\system32\drivers\ctac32k.sys
2010/09/30 17:53:52.0638 ctaud2k (dac47c68ef9c05ecd71216d2b1e5fedd) C:\Windows\system32\drivers\ctaud2k.sys
2010/09/30 17:53:52.0687 CTAUDFX (379f7c9e6292a8313cea1d6f4b92c73e) C:\Windows\system32\drivers\CTAUDFX.SYS
2010/09/30 17:53:52.0741 CTAUDFX.SYS (379f7c9e6292a8313cea1d6f4b92c73e) C:\Windows\System32\drivers\CTAUDFX.SYS
2010/09/30 17:53:52.0788 CTERFXFX (d2131bb5259ef68d54177bfaf99db9e4) C:\Windows\system32\drivers\CTERFXFX.SYS
2010/09/30 17:53:52.0804 CTERFXFX.SYS (d2131bb5259ef68d54177bfaf99db9e4) C:\Windows\System32\drivers\CTERFXFX.SYS
2010/09/30 17:53:52.0824 ctprxy2k (fd6c1384aa85e4d18bfe65a85fbaaaf2) C:\Windows\system32\drivers\ctprxy2k.sys
2010/09/30 17:53:52.0862 CTSBLFX (067f2c5ce2adc013f172830300ba9058) C:\Windows\system32\drivers\CTSBLFX.SYS
2010/09/30 17:53:52.0893 CTSBLFX.SYS (067f2c5ce2adc013f172830300ba9058) C:\Windows\System32\drivers\CTSBLFX.SYS
2010/09/30 17:53:52.0917 ctsfm2k (80f40ef65fdd9470f58e6fe659b602c3) C:\Windows\system32\drivers\ctsfm2k.sys
2010/09/30 17:53:52.0978 DAdderFltr (5bc67f1efb6b1d039b151cf7353ec742) C:\Windows\system32\drivers\dadder.sys
2010/09/30 17:53:53.0050 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
2010/09/30 17:53:53.0082 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2010/09/30 17:53:53.0118 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2010/09/30 17:53:53.0170 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2010/09/30 17:53:53.0219 DUBE100B (e311c648c5cea12a51682684eedd350d) C:\Windows\system32\DRIVERS\DUBE100B.sys
2010/09/30 17:53:53.0283 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys
2010/09/30 17:53:53.0426 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2010/09/30 17:53:53.0630 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2010/09/30 17:53:53.0690 emupia (787ba047191cbf2723bcf98a57fd4304) C:\Windows\system32\drivers\emupia2k.sys
2010/09/30 17:53:53.0709 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2010/09/30 17:53:53.0755 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2010/09/30 17:53:53.0790 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2010/09/30 17:53:53.0824 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2010/09/30 17:53:53.0851 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2010/09/30 17:53:53.0880 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2010/09/30 17:53:53.0918 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/09/30 17:53:53.0942 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2010/09/30 17:53:53.0981 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2010/09/30 17:53:54.0005 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2010/09/30 17:53:54.0048 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
2010/09/30 17:53:54.0069 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2010/09/30 17:53:54.0175 ha10kx2k (2a29f16459de7eff9a681164fdcdfb75) C:\Windows\system32\drivers\ha10kx2k.sys
2010/09/30 17:53:54.0239 hap16v2k (85021a4e610f43d828fe0534d2a2cb9c) C:\Windows\system32\drivers\hap16v2k.sys
2010/09/30 17:53:54.0269 hap17v2k (e0c7a3bcaf25fa3b024fe082ebc311c7) C:\Windows\system32\drivers\hap17v2k.sys
2010/09/30 17:53:54.0340 hcmon (b93b24f258441820e575c7983ba47313) C:\Windows\system32\drivers\hcmon.sys
2010/09/30 17:53:54.0374 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2010/09/30 17:53:54.0423 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
2010/09/30 17:53:54.0469 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/09/30 17:53:54.0495 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2010/09/30 17:53:54.0515 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2010/09/30 17:53:54.0542 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2010/09/30 17:53:54.0588 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2010/09/30 17:53:54.0642 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2010/09/30 17:53:54.0764 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2010/09/30 17:53:54.0819 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2010/09/30 17:53:54.0857 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/09/30 17:53:54.0905 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
2010/09/30 17:53:54.0975 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2010/09/30 17:53:55.0091 IntcAzAudAddService (52d9171838bb92319f23656f502916e9) C:\Windows\system32\drivers\RTKVHD64.sys
2010/09/30 17:53:55.0157 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2010/09/30 17:53:55.0184 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2010/09/30 17:53:55.0215 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/09/30 17:53:55.0243 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2010/09/30 17:53:55.0264 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2010/09/30 17:53:55.0298 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2010/09/30 17:53:55.0322 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2010/09/30 17:53:55.0356 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/09/30 17:53:55.0393 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/09/30 17:53:55.0418 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/09/30 17:53:55.0449 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2010/09/30 17:53:55.0487 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
2010/09/30 17:53:55.0518 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2010/09/30 17:53:55.0586 L1E (1541d77d3eb41177bd7026d49948aa95) C:\Windows\system32\DRIVERS\L1E62x64.sys
2010/09/30 17:53:55.0637 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2010/09/30 17:53:55.0686 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2010/09/30 17:53:55.0712 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2010/09/30 17:53:55.0733 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2010/09/30 17:53:55.0753 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2010/09/30 17:53:55.0801 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2010/09/30 17:53:55.0927 Lycosa (aecc49af0ac3368027573a5d2f9de351) C:\Windows\system32\drivers\Lycosa.sys
2010/09/30 17:53:55.0984 MarvinBus (024da28053d57e9e32bee52600576bbb) C:\Windows\system32\DRIVERS\MarvinBus64.sys
2010/09/30 17:53:56.0037 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2010/09/30 17:53:56.0063 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2010/09/30 17:53:56.0126 MEMSWEEP2 (d70476ad02d6fd75282b196d3b58831d) C:\Windows\system32\C118.tmp
2010/09/30 17:53:56.0174 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2010/09/30 17:53:56.0208 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2010/09/30 17:53:56.0234 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2010/09/30 17:53:56.0273 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2010/09/30 17:53:56.0296 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2010/09/30 17:53:56.0362 mozyFilter (76be76bf03dbb93278e5ae3f13d5d2c7) C:\Windows\system32\DRIVERS\mozy.sys
2010/09/30 17:53:56.0396 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2010/09/30 17:53:56.0422 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2010/09/30 17:53:56.0449 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2010/09/30 17:53:56.0479 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/09/30 17:53:56.0508 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/09/30 17:53:56.0551 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/09/30 17:53:56.0575 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
2010/09/30 17:53:56.0598 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2010/09/30 17:53:56.0632 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2010/09/30 17:53:56.0652 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2010/09/30 17:53:56.0682 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2010/09/30 17:53:56.0719 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2010/09/30 17:53:56.0739 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/09/30 17:53:56.0759 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2010/09/30 17:53:56.0792 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2010/09/30 17:53:56.0820 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/09/30 17:53:56.0850 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2010/09/30 17:53:56.0870 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2010/09/30 17:53:56.0900 MTsensor (2219a3d695405e7ba2186ba6b9ede14a) C:\Windows\system32\DRIVERS\ASACPI.sys
2010/09/30 17:53:56.0933 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2010/09/30 17:53:57.0055 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2010/09/30 17:53:57.0132 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2010/09/30 17:53:57.0184 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2010/09/30 17:53:57.0215 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/09/30 17:53:57.0240 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/09/30 17:53:57.0278 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/09/30 17:53:57.0303 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2010/09/30 17:53:57.0336 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2010/09/30 17:53:57.0372 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2010/09/30 17:53:57.0431 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2010/09/30 17:53:57.0458 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2010/09/30 17:53:57.0485 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2010/09/30 17:53:57.0549 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
2010/09/30 17:53:57.0600 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2010/09/30 17:53:57.0657 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
2010/09/30 17:53:58.0010 nvlddmkm (e55cab397f77d5208db18a78b1b7c0d5) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2010/09/30 17:53:58.0330 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
2010/09/30 17:53:58.0357 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
2010/09/30 17:53:58.0402 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
2010/09/30 17:53:58.0427 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
2010/09/30 17:53:58.0486 ossrv (abd817123ccdcfe11577eef3d20bd570) C:\Windows\system32\drivers\ctoss2k.sys
2010/09/30 17:53:58.0525 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2010/09/30 17:53:58.0550 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2010/09/30 17:53:58.0600 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2010/09/30 17:53:58.0629 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
2010/09/30 17:53:58.0652 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2010/09/30 17:53:58.0679 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2010/09/30 17:53:58.0785 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2010/09/30 17:53:58.0953 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2010/09/30 17:53:58.0973 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2010/09/30 17:53:59.0041 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2010/09/30 17:53:59.0077 PxHlpa64 (901dba98359966a62a6548596988e931) C:\Windows\system32\Drivers\PxHlpa64.sys
2010/09/30 17:53:59.0145 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2010/09/30 17:53:59.0207 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2010/09/30 17:53:59.0238 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2010/09/30 17:53:59.0268 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2010/09/30 17:53:59.0313 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2010/09/30 17:53:59.0344 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/09/30 17:53:59.0369 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/09/30 17:53:59.0394 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2010/09/30 17:53:59.0425 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2010/09/30 17:53:59.0449 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2010/09/30 17:53:59.0475 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/09/30 17:53:59.0506 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
2010/09/30 17:53:59.0543 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2010/09/30 17:53:59.0564 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2010/09/30 17:53:59.0591 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2010/09/30 17:53:59.0626 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
2010/09/30 17:53:59.0691 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2010/09/30 17:53:59.0720 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
2010/09/30 17:53:59.0821 SbieDrv (b7e1ff02c6a9bcde9a34de801e379844) C:\Program Files\Sandboxie\SbieDrv.sys
2010/09/30 17:53:59.0928 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
2010/09/30 17:53:59.0984 SCDEmu (6ce6f98ea3d07a9c2ce3cd0a5a86352d) C:\Windows\system32\drivers\SCDEmu.sys
2010/09/30 17:54:00.0010 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2010/09/30 17:54:00.0050 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2010/09/30 17:54:00.0088 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2010/09/30 17:54:00.0113 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2010/09/30 17:54:00.0134 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2010/09/30 17:54:00.0188 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2010/09/30 17:54:00.0208 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2010/09/30 17:54:00.0229 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
2010/09/30 17:54:00.0250 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2010/09/30 17:54:00.0312 SI3132 (0f498dee92fd73dd999bae4d506367f5) C:\Windows\system32\DRIVERS\SI3132.sys
2010/09/30 17:54:00.0356 SiFilter (127ce10e01f53f2edaca7fe42e5631ea) C:\Windows\system32\DRIVERS\SiWinAcc.sys
2010/09/30 17:54:00.0376 SiRemFil (b742c37002b8ebef6e230df9b4b28546) C:\Windows\system32\DRIVERS\SiRemFil.sys
2010/09/30 17:54:00.0403 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2010/09/30 17:54:00.0430 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2010/09/30 17:54:00.0467 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2010/09/30 17:54:00.0516 snapman (b2c19ae46c5a109679b4fb38058df05a) C:\Windows\system32\DRIVERS\snapman.sys
2010/09/30 17:54:00.0536 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2010/09/30 17:54:00.0602 srv (43067a65522eaec33d31a12d6fa8e3f4) C:\Windows\system32\DRIVERS\srv.sys
2010/09/30 17:54:00.0642 srv2 (03715cf9c30b563da35fc5f2b8f7b8e0) C:\Windows\system32\DRIVERS\srv2.sys
2010/09/30 17:54:00.0699 srvnet (fbd09635227a8026c0f7790f604343c6) C:\Windows\system32\DRIVERS\srvnet.sys
2010/09/30 17:54:00.0774 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2010/09/30 17:54:00.0825 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
2010/09/30 17:54:00.0845 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
2010/09/30 17:54:00.0867 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2010/09/30 17:54:00.0963 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
2010/09/30 17:54:01.0150 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
2010/09/30 17:54:01.0190 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2010/09/30 17:54:01.0240 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2010/09/30 17:54:01.0320 tdrpman273 (99527d49ee0a96fc25537c61b270a372) C:\Windows\system32\DRIVERS\tdrpm273.sys
2010/09/30 17:54:01.0380 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2010/09/30 17:54:01.0404 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2010/09/30 17:54:01.0446 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2010/09/30 17:54:01.0511 timounter (ebbaea02f0095a798000c7e06b16d41b) C:\Windows\system32\DRIVERS\timntr.sys
2010/09/30 17:54:01.0581 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/09/30 17:54:01.0613 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2010/09/30 17:54:01.0636 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2010/09/30 17:54:01.0671 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
2010/09/30 17:54:01.0728 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
2010/09/30 17:54:01.0762 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2010/09/30 17:54:01.0783 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2010/09/30 17:54:01.0830 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/09/30 17:54:01.0868 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2010/09/30 17:54:01.0897 usbehci (df9f9afc9aaabd8ed47975d44e38169a) C:\Windows\system32\DRIVERS\usbehci.sys
2010/09/30 17:54:01.0927 usbhub (372a91bc3c6603080a793880b0873785) C:\Windows\system32\DRIVERS\usbhub.sys
2010/09/30 17:54:01.0967 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2010/09/30 17:54:01.0991 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2010/09/30 17:54:02.0017 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/09/30 17:54:02.0046 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/09/30 17:54:02.0097 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
2010/09/30 17:54:02.0133 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/09/30 17:54:02.0163 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2010/09/30 17:54:02.0195 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2010/09/30 17:54:02.0267 VIAHdAudAddService (712bfd5dac2668fba4a2435fb06c3d00) C:\Windows\system32\drivers\viahduaa.sys
2010/09/30 17:54:02.0392 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2010/09/30 17:54:02.0459 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
2010/09/30 17:54:02.0487 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
2010/09/30 17:54:02.0528 vmci (9bc38986a8f0e85f27cc18a196808f52) C:\Windows\system32\drivers\vmci.sys
2010/09/30 17:54:02.0577 vmkbd (ac9dc0f511c56125483a5fb385d0bc80) C:\Windows\system32\drivers\VMkbd.sys
2010/09/30 17:54:02.0616 VMnetAdapter (9d54f1339e78c95bf3d9939ebcb66378) C:\Windows\system32\DRIVERS\vmnetadapter.sys
2010/09/30 17:54:02.0670 VMnetBridge (fb54ef3aa613d2832fd3812e7cb2fc75) C:\Windows\system32\DRIVERS\vmnetbridge.sys
2010/09/30 17:54:02.0698 VMnetuserif (b4686ed49494a4264e867a7938fad24b) C:\Windows\system32\drivers\vmnetuserif.sys
2010/09/30 17:54:02.0778 vmx86 (4b4987b8850de542f23621b881b10342) C:\Windows\system32\drivers\vmx86.sys
2010/09/30 17:54:02.0825 vncmirror (93f279a2c172562050700a18fa84be2e) C:\Windows\system32\DRIVERS\vncmirror.sys
2010/09/30 17:54:02.0863 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2010/09/30 17:54:02.0889 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2010/09/30 17:54:02.0926 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2010/09/30 17:54:02.0972 vpcbus (abd9b4a7e2d0ae51a3b8df1af3152d61) C:\Windows\system32\DRIVERS\vpchbus.sys
2010/09/30 17:54:03.0006 vpcnfltr (8acda395841538ce9713a67fe8b2a3eb) C:\Windows\system32\DRIVERS\vpcnfltr.sys
2010/09/30 17:54:03.0029 vpcusb (31924e31bc315773e6d149b157db46d5) C:\Windows\system32\DRIVERS\vpcusb.sys
2010/09/30 17:54:03.0067 vpcvmm (c5b651e52540e6f46da66574c74b4898) C:\Windows\system32\drivers\vpcvmm.sys
2010/09/30 17:54:03.0094 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2010/09/30 17:54:03.0200 vstor2-mntapi10 (e755434912834b96b77a58867acaf279) C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vstor2-mntapi10.sys
2010/09/30 17:54:03.0250 vstor2-ws60 (69f57e89e6ebc5012d210527af005a70) C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys
2010/09/30 17:54:03.0280 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
2010/09/30 17:54:03.0313 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2010/09/30 17:54:03.0344 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2010/09/30 17:54:03.0366 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2010/09/30 17:54:03.0413 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2010/09/30 17:54:03.0451 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2010/09/30 17:54:03.0596 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2010/09/30 17:54:03.0631 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2010/09/30 17:54:03.0712 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2010/09/30 17:54:03.0775 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2010/09/30 17:54:03.0823 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2010/09/30 17:54:03.0849 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/09/30 17:54:03.0954 ================================================================================
2010/09/30 17:54:03.0954 Scan finished
2010/09/30 17:54:03.0954 ================================================================================


GooredFix by jpshortstuff (03.07.10.1)
Log created at 17:55 on 30/09/2010 (trinsic)
Firefox version 3.6.10 (en-US)

========== GooredScan ==========


========== GooredLog ==========

C:\Program Files (x86)\Mozilla Firefox\extensions\
{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} [21:18 28/10/2009]
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [05:27 13/06/2010]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
(none)

---------- Old Logs ----------
GooredFix[23.57.25_30-09-2010].txt
GooredFix[23.58.45_30-09-2010].txt

-=E.O.F=-


#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:21 PM

Posted 01 October 2010 - 03:42 PM

Everything checks out there. Can you tell me what browser(s) you are having the redirect with.

Now please download OTL, another scanner
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Posted Image
m0le is a proud member of UNITE

#9 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:21 PM

Posted 03 October 2010 - 08:09 PM

Hi,

I have not had a reply from you for 3 days. Can you please tell me if you still need help with your computer as I am unable to help other members with their problems while I have your topic still open. The time taken between posts can also change the situation with your PC making it more difficult to help you.

If you like you can PM me.

Thanks,


m0le
Posted Image
m0le is a proud member of UNITE

#10 trinsic

trinsic
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:05:21 PM

Posted 03 October 2010 - 10:07 PM

Hi sorry for the delay, I have been busy and had not had a change to run the scan. The issue as I said is only comming up in firefox, no other browser is having the same problem. I will run this test tommrow.

#11 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:21 PM

Posted 04 October 2010 - 03:35 PM

thumbup2.gif
Posted Image
m0le is a proud member of UNITE

#12 trinsic

trinsic
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:05:21 PM

Posted 04 October 2010 - 05:01 PM

OTL logfile created on: 10/4/2010 2:43:51 PM - Run 3
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\trinsic\Desktop\Cleanup
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 5.00 Gb Available Physical Memory | 65.00% Memory free
16.00 Gb Paging File | 13.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 100.60 Gb Total Space | 38.71 Gb Free Space | 38.48% Space Free | Partition Type: NTFS
Drive D: | 32.01 Gb Total Space | 12.66 Gb Free Space | 39.53% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 1001.28 Mb Total Space | 459.20 Mb Free Space | 45.86% Space Free | Partition Type: FAT
Drive M: | 698.63 Gb Total Space | 73.26 Gb Free Space | 10.49% Space Free | Partition Type: NTFS
Drive P: | 465.76 Gb Total Space | 70.51 Gb Free Space | 15.14% Space Free | Partition Type: NTFS
Drive Q: | 870.87 Gb Total Space | 10.21 Gb Free Space | 1.17% Space Free | Partition Type: NTFS
Drive S: | 60.60 Gb Total Space | 41.05 Gb Free Space | 67.74% Space Free | Partition Type: FAT32
Drive X: | 511.75 Mb Total Space | 136.30 Mb Free Space | 26.64% Space Free | Partition Type: NTFS
Drive Z: | 100.60 Gb Total Space | 38.71 Gb Free Space | 38.48% Space Free | Partition Type: CSC-CACHE

Computer Name: MIKEY7
Current User Name: trinsic
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\trinsic\Desktop\Cleanup\OTL1.exe (OldTimer Tools)
PRC - P:\Communication\Mozilla\Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
PRC - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImage.exe (Acronis)
PRC - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
PRC - C:\Program Files (x86)\Common Files\Acronis\TrueImageHome\TrueImageHomeNotify.exe (Acronis)
PRC - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
PRC - C:\Program Files (x86)\Common Files\Acronis\TrueImageHome\TrueImageHomeService.exe (Acronis)
PRC - C:\Program Files (x86)\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe (Acronis)
PRC - C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Users\trinsic\AppData\Local\Google\Update\1.2.183.29\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
PRC - C:\Program Files (x86)\Privoxy\privoxy.exe (The Privoxy team - www.privoxy.org)
PRC - C:\Windows\SysWOW64\PnkBstrB.exe ()
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.)
PRC - C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\DeltaCopy\DCServce.exe (Synametrics Technologies)
PRC - P:\Programs\betrayed\BeTrayed.exe (JohnnyFoster.com)
PRC - C:\Program Files (x86)\TrueCrypt\TrueCrypt.exe (TrueCrypt Foundation)
PRC - C:\Program Files (x86)\Razer\Lycosa\razertra.exe ()
PRC - C:\Program Files (x86)\Razer\Lycosa\razerhid.exe (Razer USA Ltd.)
PRC - C:\Windows\SysWOW64\CtHelper.exe (Creative Technology Ltd)
PRC - C:\Windows\SysWOW64\regsvr32.exe (Microsoft Corporation)
PRC - C:\Program Files\ASUS\TurboV\TurboV.exe ()
PRC - C:\Program Files\ASUS\Turbo Key\TurboKey.exe ()
PRC - C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe ()
PRC - C:\Program Files (x86)\Last.fm\LastFM.exe (Last.fm)
PRC - C:\ASUS.SYS\config\DVMExportService.exe (DeviceVM)
PRC - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\DeltaCopy\rsync.exe ()
PRC - C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe ()
PRC - C:\Program Files (x86)\GetRight\GetRight.exe (Headlight Software, Inc.)
PRC - P:\Communication\UltraVNC\vncviewer.exe (UltraVNC)
PRC - C:\Program Files (x86)\Razer\DeathAdder\razerofa.exe (Razer Inc.)
PRC - C:\Program Files (x86)\Razer\DeathAdder\razertra.exe ()
PRC - C:\Program Files (x86)\Common Files\Protexis\License Service\PSIService.exe ()


========== Modules (SafeList) ==========

MOD - C:\Users\trinsic\Desktop\Cleanup\OTL1.exe (OldTimer Tools)
MOD - C:\Users\trinsic\AppData\Local\Steam\SteamService.dll ()
MOD - C:\Windows\SysWOW64\ctagent.dll (Creative Technology Ltd)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (VMware NAT Service) -- C:\Windows\SysNative\vmnat.exe File not found
SRV:64bit: - (VMnetDHCP) -- C:\Windows\SysNative\vmnetdhcp.exe File not found
SRV:64bit: - (PnkBstrB) -- C:\Windows\SysNative\PnkBstrB.exe File not found
SRV:64bit: - (PnkBstrA) -- C:\Windows\SysNative\PnkBstrA.exe File not found
SRV:64bit: - (SbieSvc) -- C:\Program Files\Sandboxie\SbieSvc.exe (SANDBOXIE L.T.D)
SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Acresso Software Inc.)
SRV:64bit: - (WinVNC4) -- C:\Program Files\RealVNC\VNC4\WinVNC4.exe (RealVNC Ltd.)
SRV:64bit: - (UmRdpService) -- C:\Windows\SysNative\umrdp.dll (Microsoft Corporation)
SRV:64bit: - (PeerDistSvc) -- C:\Windows\SysNative\PeerDistSvc.dll (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (CscService) -- C:\Windows\SysNative\cscsvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (afcdpsrv) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
SRV - (AcrSch2Svc) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (TeamViewer5) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_64) -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs)
SRV - (PnkBstrB) -- C:\Windows\SysWOW64\PnkBstrB.exe ()
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (VMware NAT Service) -- C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)
SRV - (VMnetDHCP) -- C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)
SRV - (VMAuthdService) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc.)
SRV - (VMUSBArbService) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.)
SRV - (DeltaCopyService) -- C:\Program Files (x86)\DeltaCopy\DCServce.exe (Synametrics Technologies)
SRV - (GoogleDesktopManager-093009-130223) -- C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe (Google)
SRV - (Adobe Version Cue CS4) -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe (Adobe Systems Incorporated)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (ufad-ws60) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe (VMware, Inc.)
SRV - (DAUpdaterSvc) -- P:\games\Dragon Age\bin_ship\daupdatersvc.service.exe (BioWare)
SRV - (vmware-converter-server) -- C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe (VMware, Inc.)
SRV - (vmware-converter-agent) -- C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe (VMware, Inc.)
SRV - (AsSysCtrlService) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe ()
SRV - (DvmMDES) -- C:\ASUS.SYS\config\DVMExportService.exe (DeviceVM)
SRV - (CTAudSvcService) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (ProtexisLicensing) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PSIService.exe ()


========== Driver Services (SafeList) ==========

DRV:64bit: - (afcdp) -- C:\Windows\SysNative\drivers\afcdp.sys (Acronis)
DRV:64bit: - (tdrpman273) Acronis Try&Decide and Restore Points filter (build 273) -- C:\Windows\SysNative\drivers\tdrpm273.sys (Acronis)
DRV:64bit: - (timounter) -- C:\Windows\SysNative\drivers\timntr.sys (Acronis)
DRV:64bit: - (snapman) -- C:\Windows\SysNative\drivers\snapman.sys (Acronis)
DRV:64bit: - (mozyFilter) -- C:\Windows\SysNative\drivers\mozy.sys (Mozy, Inc.)
DRV:64bit: - (SbieDrv) -- C:\Program Files\Sandboxie\SbieDrv.sys (SANDBOXIE L.T.D)
DRV:64bit: - (MEMSWEEP2) -- C:\Windows\SysNative\C118.tmp (Sophos Plc)
DRV:64bit: - (androidusb) -- C:\Windows\SysNative\drivers\androidusb.sys (Google Inc)
DRV:64bit: - (SI3132) -- C:\Windows\SysNative\drivers\SI3132.sys (Silicon Image, Inc)
DRV:64bit: - (SiFilter) -- C:\Windows\SysNative\drivers\SiWinAcc.sys (Silicon Image, Inc)
DRV:64bit: - (SiRemFil) -- C:\Windows\SysNative\drivers\SiRemFil.sys (Silicon Image, Inc)
DRV:64bit: - (vmx86) -- C:\Windows\SysNative\drivers\vmx86.sys (VMware, Inc.)
DRV:64bit: - (vmkbd) -- C:\Windows\SysNative\drivers\VMkbd.sys (VMware, Inc.)
DRV:64bit: - (vmci) -- C:\Windows\SysNative\drivers\vmci.sys (VMware, Inc.)
DRV:64bit: - (VMnetuserif) -- C:\Windows\SysNative\drivers\vmnetuserif.sys (VMware, Inc.)
DRV:64bit: - (hcmon) -- C:\Windows\SysNative\drivers\hcmon.sys (VMware, Inc.)
DRV:64bit: - (VMnetBridge) -- C:\Windows\SysNative\drivers\vmnetbridge.sys (VMware, Inc.)
DRV:64bit: - (VMnetAdapter) -- C:\Windows\SysNative\drivers\vmnetadapter.sys (VMware, Inc.)
DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV:64bit: - (Lycosa) -- C:\Windows\SysNative\drivers\Lycosa.sys (Razer USA Ltd.)
DRV:64bit: - (hap17v2k) -- C:\Windows\SysNative\drivers\haP17v2k.sys (Creative Technology Ltd)
DRV:64bit: - (hap16v2k) -- C:\Windows\SysNative\drivers\haP16v2k.sys (Creative Technology Ltd)
DRV:64bit: - (ha10kx2k) -- C:\Windows\SysNative\drivers\ha10kx2k.sys (Creative Technology Ltd)
DRV:64bit: - (emupia) -- C:\Windows\SysNative\drivers\emupia2k.sys (Creative Technology Ltd)
DRV:64bit: - (ctsfm2k) -- C:\Windows\SysNative\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV:64bit: - (ctprxy2k) -- C:\Windows\SysNative\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV:64bit: - (ossrv) -- C:\Windows\SysNative\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV:64bit: - (ctaud2k) Creative Audio Driver (WDM) -- C:\Windows\SysNative\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV:64bit: - (ctac32k) -- C:\Windows\SysNative\drivers\ctac32k.sys (Creative Technology Ltd)
DRV:64bit: - (CTERFXFX.SYS) -- C:\Windows\SysNative\drivers\CTERFXFX.sys (Creative Technology Ltd)
DRV:64bit: - (CTERFXFX) -- C:\Windows\SysNative\drivers\CTERFXFX.sys (Creative Technology Ltd)
DRV:64bit: - (CTSBLFX.SYS) -- C:\Windows\SysNative\drivers\CTSBLFX.sys (Creative Technology Ltd)
DRV:64bit: - (CTSBLFX) -- C:\Windows\SysNative\drivers\CTSBLFX.sys (Creative Technology Ltd)
DRV:64bit: - (CTAUDFX.SYS) -- C:\Windows\SysNative\drivers\CTAUDFX.sys (Creative Technology Ltd)
DRV:64bit: - (CTAUDFX) -- C:\Windows\SysNative\drivers\CTAUDFX.sys (Creative Technology Ltd)
DRV:64bit: - (COMMONFX.SYS) -- C:\Windows\SysNative\drivers\COMMONFX.sys (Creative Technology Ltd)
DRV:64bit: - (COMMONFX) -- C:\Windows\SysNative\drivers\COMMONFX.sys (Creative Technology Ltd)
DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation)
DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation)
DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation)
DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation)
DRV:64bit: - (vncmirror) -- C:\Windows\SysNative\drivers\vncmirror.sys (RealVNC Ltd.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (vmbus) -- C:\Windows\SysNative\drivers\vmbus.sys (Microsoft Corporation)
DRV:64bit: - (storflt) -- C:\Windows\SysNative\drivers\vmstorfl.sys (Microsoft Corporation)
DRV:64bit: - (storvsc) -- C:\Windows\SysNative\drivers\storvsc.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (s3cap) -- C:\Windows\SysNative\drivers\vms3cap.sys (Microsoft Corporation)
DRV:64bit: - (VMBusHID) -- C:\Windows\SysNative\drivers\VMBusHID.sys (Microsoft Corporation)
DRV:64bit: - (CSC) -- C:\Windows\SysNative\drivers\csc.sys (Microsoft Corporation)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (L1E) -- C:\Windows\SysNative\drivers\L1E62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV:64bit: - (cpuz132) -- C:\Windows\SysNative\drivers\cpuz132_x64.sys (Windows ® Codename Longhorn DDK provider)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (DAdderFltr) -- C:\Windows\SysNative\drivers\dadder.sys (Razer (Asia-Pacific) Pte Ltd)
DRV:64bit: - (DUBE100B) -- C:\Windows\SysNative\drivers\DUBE100B.sys (D-Link Corporation)
DRV:64bit: - (MarvinBus) -- C:\Windows\SysNative\drivers\MarvinBus64.sys (Pinnacle Systems GmbH)
DRV - (adfs) -- C:\Windows\SysWow64\drivers\adfs.sys (Adobe Systems, Inc.)
DRV - (vstor2-ws60) -- C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys (VMware, Inc.)
DRV - (bmdrvr) -- C:\Windows\SysWOW64\drivers\bmdrvr.sys (VMware, Inc.)
DRV - (vstor2-mntapi10) -- C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vstor2-mntapi10.sys (VMware, Inc.)
DRV - (PzWDM) -- C:\Windows\system32\Drivers\PzWDM.sys (Prassi Technology)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D0 29 61 2F D0 EC CA 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:8118

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: P:\Communication\Mozilla\Firefox\components [2010/09/26 12:49:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: P:\Communication\Mozilla\Firefox\plugins [2010/09/16 12:09:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.4\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2010/09/17 02:41:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.4\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2010/09/07 17:35:04 | 000,000,000 | ---D | M] -- C:\Users\trinsic\AppData\Roaming\Mozilla\Extensions
[2009/12/09 22:01:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\trinsic\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/09/07 17:35:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\trinsic\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010/09/04 18:30:50 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2009/10/28 14:18:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
[2010/06/12 22:27:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2009/11/16 22:51:48 | 000,119,808 | ---- | M] (Google) -- C:\Program Files (x86)\Mozilla Firefox\components\GoogleDesktopMozilla.dll
[2010/06/12 22:27:16 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/08/13 07:03:40 | 000,103,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
[2009/06/02 16:34:10 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
[2009/06/02 16:34:10 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
[2009/06/02 16:34:10 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
[2009/06/02 16:34:10 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
[2009/06/02 16:34:10 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
[2010/07/12 09:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
[2009/11/16 22:51:48 | 000,002,020 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\googledesktop.xml

O1 HOSTS File: ([2010/08/20 20:29:50 | 000,416,742 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14381 more lines...
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - No CLSID value found.
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll ()
O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:64bit: - HKLM..\Run: [AsioReg] File not found
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AsioThk32Reg] C:\Windows\SysWow64\ctasio.dll (Creative Technology Ltd)
O4 - HKLM..\Run: [CTHelper] C:\Windows\SysWow64\CtHelper.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DeathAdder] C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe ()
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [Lycosa] C:\Program Files (x86)\Razer\Lycosa\razerhid.exe (Razer USA Ltd.)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [SAOB Monitor] C:\Program Files (x86)\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [Turbo Key] C:\Program Files\ASUS\Turbo Key\TurboKey.exe ()
O4 - HKLM..\Run: [TurboV] C:\Program Files\ASUS\TurboV\TurboV.exe ()
O4 - HKLM..\Run: [vmware-tray] C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [DevconDefaultDB] C:\Windows\SysWow64\readreg.exe (Creative Technology Limited)
O4 - HKCU..\Run: [Google Update] C:\Users\trinsic\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O4 - HKCU..\Run: [Skype] C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [Steam] p:\games\valve\steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [SteamService] File not found
O4 - HKCU..\Run: [TrueCrypt] C:\Program Files (x86)\TrueCrypt\TrueCrypt.exe (TrueCrypt Foundation)
O4 - Startup: C:\Users\trinsic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Creative Element Power Tools Startup.lnk = C:\Program Files (x86)\Creative Element Power Tools\Startup.exe (Creative Element)
O4 - Startup: C:\Users\trinsic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FastStone Capture.lnk = C:\Program Files (x86)\FastStone Capture\FSCapture.exe (FastStone Soft)
O4 - Startup: C:\Users\trinsic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\slc-listen.lnk = P:\Communication\UltraVNC\vncviewer.exe (UltraVNC)
O4 - Startup: C:\Users\trinsic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\start-systemtrayicons.vbs - Shortcut.lnk = P:\Programs\betrayed\start-systemtrayicons.vbs ()
O4 - Startup: C:\Users\trinsic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\trinsic.kdbx - Shortcut.lnk = K:\keepass\database\trinsic.kdbx ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMorePrograms = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceClassicControlPanel = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8:64bit: - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Download all by NetXfer - C:\Program Files (x86)\Xi\NetXfer\NXAddList.html ()
O8:64bit: - Extra context menu item: Download by NetXfer - C:\Program Files (x86)\Xi\NetXfer\NXAddLink.html ()
O8:64bit: - Extra context menu item: Download with GetRight Pro - C:\Program Files (x86)\GetRight\GRDownload.htm ()
O8:64bit: - Extra context menu item: Open with GetRight Pro Browser - C:\Program Files (x86)\GetRight\GRBrowse.htm ()
O8 - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Download all by NetXfer - C:\Program Files (x86)\Xi\NetXfer\NXAddList.html ()
O8 - Extra context menu item: Download by NetXfer - C:\Program Files (x86)\Xi\NetXfer\NXAddLink.html ()
O8 - Extra context menu item: Download with GetRight Pro - C:\Program Files (x86)\GetRight\GRDownload.htm ()
O8 - Extra context menu item: Open with GetRight Pro Browser - C:\Program Files (x86)\GetRight\GRBrowse.htm ()
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} https://transfers.ds.microsoft.com/FTM/Tran...ransferCtrl.cab (DLC Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareup...15110/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - Reg Error: Key error. File not found
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll ()
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\SYSTEM32\Userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\.\Bin\ASSETUP.exe -- File not found
O33 - MountPoints2\V\Shell - "" = AutoRun
O33 - MountPoints2\V\Shell\AutoRun\command - "" = V:\SETUP.EXE -- File not found
O33 - MountPoints2\V\Shell\configure\command - "" = V:\SETUP.EXE -- File not found
O33 - MountPoints2\V\Shell\install\command - "" = V:\SETUP.EXE -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...com [@ = comfile] -- Reg Error: Key error. File not found
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/10/04 07:59:14 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/10/01 13:47:51 | 000,000,000 | ---D | C] -- C:\Users\trinsic\AppData\Roaming\skypePM
[2010/10/01 13:47:39 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2010/10/01 13:47:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2010/09/30 17:51:49 | 000,000,000 | ---D | C] -- C:\Users\trinsic\Desktop\tdsskiller
[2010/09/30 16:57:25 | 000,000,000 | ---D | C] -- C:\Users\trinsic\Desktop\GooredFix Backups
[2010/09/30 16:56:35 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\trinsic\Desktop\GooredFix.exe
[2010/09/29 14:12:12 | 000,019,432 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\SysNative\drivers\cpuz132_x64.sys
[2010/09/29 14:12:12 | 000,000,000 | ---D | C] -- C:\Program Files\CPUID
[2010/09/29 03:27:06 | 000,000,000 | ---D | C] -- C:\Users\trinsic\Desktop\Cart5-nosource
[2010/09/29 03:00:36 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ks.sys
[2010/09/28 14:01:47 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
[2010/09/21 04:31:31 | 000,000,000 | ---D | C] -- C:\Users\trinsic\AppData\Roaming\.minecraft
[2010/09/21 03:31:31 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\sun
[2010/09/20 16:34:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DeltaCopy
[2010/09/20 16:33:52 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[2010/09/20 16:12:58 | 000,000,000 | ---D | C] -- C:\Users\trinsic\Desktop\Cleanup
[2010/09/20 16:01:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GTK
[2010/09/20 15:48:45 | 000,000,000 | ---D | C] -- C:\Users\trinsic\AppData\Roaming\.purple
[2010/09/20 15:48:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pidgin
[2010/09/20 15:33:00 | 000,000,000 | ---D | C] -- C:\Program Files\Allway Sync
[2010/09/15 17:20:25 | 000,000,000 | ---D | C] -- C:\Program Files\gmer
[2010/09/15 13:38:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010/09/15 13:38:23 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/09/15 13:38:23 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/09/15 13:38:23 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010/09/15 13:19:33 | 000,279,136 | ---- | C] (Acronis) -- C:\Windows\SysNative\drivers\afcdp.sys
[2010/09/15 13:19:33 | 000,000,000 | ---D | C] -- C:\Users\trinsic\AppData\Roaming\1BFC5A63-E618-49CC-83F0-D33C640B8655
[2010/09/15 13:19:30 | 000,970,336 | ---- | C] (Acronis) -- C:\Windows\SysNative\drivers\timntr.sys
[2010/09/15 03:00:41 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2010/09/15 03:00:28 | 002,441,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iertutil.dll
[2010/09/14 02:45:43 | 000,000,000 | ---D | C] -- C:\gsutil
[2010/09/13 14:00:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos
[2010/09/13 13:01:43 | 000,000,000 | ---D | C] -- S:\documents\Amnesia
[2010/09/09 14:46:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RAMMap
[2010/09/09 14:37:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Process Explorer
[2010/09/09 14:34:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Process Monitor
[2010/09/09 14:27:17 | 000,000,000 | ---D | C] -- S:\documents\PAL Reports
[2010/09/09 14:25:39 | 000,000,000 | ---D | C] -- C:\Program Files\PAL
[2010/09/09 14:24:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Chart Controls
[2010/09/06 12:16:06 | 000,000,000 | ---D | C] -- C:\Users\trinsic\AppData\Roaming\vlc
[2010/09/06 01:32:41 | 000,162,816 | ---- | C] (Firelight Technologies Pty, Ltd) -- C:\Windows\SysWow64\fmod.dll
[2010/09/05 20:42:10 | 000,000,000 | ---D | C] -- C:\Users\trinsic\AppData\Roaming\MovieManager
[2010/09/05 20:42:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MeDs-Movie-Manager
[2010/09/05 20:27:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\eXtreme Movie Manager 7
[2010/09/05 20:22:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DDB
[2010/09/05 20:22:17 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\Setup1.exe
[2010/09/05 20:22:15 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\ST6UNST.EXE
[2010/09/05 20:12:33 | 000,000,000 | ---D | C] -- C:\Users\trinsic\AppData\Local\Itai_Amir
[2010/09/05 20:10:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyFilms
[2010/09/05 19:49:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVD Profiler
[2010/09/05 19:32:02 | 000,000,000 | ---D | C] -- S:\documents\Personal Video Database
[2010/02/12 17:53:20 | 000,121,344 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll
[2009/09/23 19:18:08 | 000,010,752 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll
[2008/08/14 08:21:12 | 000,086,920 | ---- | C] (Adobe Systems Incorporated) -- C:\ProgramData\adobetmp000123111
[7 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[6 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Users\trinsic\*.tmp files -> C:\Users\trinsic\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/10/04 14:45:10 | 013,893,632 | -HS- | M] () -- C:\Users\trinsic\NTUSER.DAT
[2010/10/04 14:31:24 | 000,000,177 | -H-- | M] () -- C:\dvmexp.idx
[2010/10/04 14:26:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1833628941-396891251-2531428009-1001UA.job
[2010/10/04 14:00:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/04 13:26:00 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1833628941-396891251-2531428009-1001Core.job
[2010/10/04 07:59:18 | 000,000,921 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MozyHome Status.lnk
[2010/10/04 07:52:47 | 000,008,708 | ---- | M] () -- C:\Windows\mozy.blk
[2010/10/04 07:52:47 | 000,000,612 | ---- | M] () -- C:\Windows\mozy.flt
[2010/10/03 22:32:50 | 000,014,816 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/03 22:32:50 | 000,014,816 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/03 18:50:21 | 000,000,744 | ---- | M] () -- C:\Users\trinsic\Desktop\business
[2010/10/03 18:43:59 | 000,000,664 | ---- | M] () -- C:\Users\trinsic\Desktop\business.bak
[2010/10/03 16:14:33 | 000,000,034 | ---- | M] () -- C:\Users\trinsic\Desktop\Call List
[2010/10/03 16:00:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/03 14:55:34 | 000,000,015 | ---- | M] () -- C:\Users\trinsic\Desktop\Call List.bak
[2010/10/01 15:57:40 | 000,747,604 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/10/01 15:57:40 | 000,631,120 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/10/01 15:57:40 | 000,108,952 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/10/01 13:47:52 | 000,000,056 | -H-- | M] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/10/01 13:47:40 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2010/10/01 03:20:56 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/10/01 03:20:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/01 03:18:53 | 000,033,208 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000005-00000000-00000001-00001102-00000004-00531102}.rfx
[2010/10/01 03:18:53 | 000,033,208 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000005-00000000-00000001-00001102-00000004-00531102}.rfx
[2010/10/01 03:18:53 | 000,027,408 | ---- | M] () -- C:\Windows\SysNative\BMXCtrlState-{00000005-00000000-00000001-00001102-00000004-00531102}.rfx
[2010/10/01 03:18:53 | 000,027,408 | ---- | M] () -- C:\Windows\SysNative\BMXBkpCtrlState-{00000005-00000000-00000001-00001102-00000004-00531102}.rfx
[2010/10/01 03:18:53 | 000,011,564 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000005-00000000-00000001-00001102-00000004-00531102}.rfx
[2010/10/01 03:15:21 | 004,947,940 | -H-- | M] () -- C:\Users\trinsic\AppData\Local\IconCache.db
[2010/09/30 17:51:33 | 001,206,412 | ---- | M] () -- C:\Users\trinsic\Desktop\tdsskiller.zip
[2010/09/30 17:48:20 | 000,080,384 | ---- | M] () -- C:\Users\trinsic\Desktop\MBRCheck.exe
[2010/09/30 16:56:35 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\trinsic\Desktop\GooredFix.exe
[2010/09/30 15:30:36 | 000,029,801 | ---- | M] () -- C:\Users\trinsic\Desktop\The.Escapist.2008.DvDRip-FxM.srt
[2010/09/30 11:44:54 | 000,012,022 | ---- | M] () -- C:\Users\trinsic\Desktop\the.escapist.(2008).eng.1cd.(3430008).zip
[2010/09/30 10:29:55 | 000,001,334 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010/09/29 14:12:12 | 000,000,938 | ---- | M] () -- C:\Users\Public\Desktop\CPUID HWMonitor.lnk
[2010/09/29 12:08:43 | 002,008,659 | ---- | M] () -- C:\Users\trinsic\Desktop\scheduler_385.zip
[2010/09/29 03:21:32 | 000,417,046 | ---- | M] () -- C:\Users\trinsic\Desktop\Cart5-nosource.zip
[2010/09/28 14:02:04 | 003,162,278 | ---- | M] () -- C:\Windows\{00000005-00000000-00000001-00001102-00000004-00531102}.CDF
[2010/09/28 14:02:04 | 003,162,278 | ---- | M] () -- C:\Windows\{00000005-00000000-00000001-00001102-00000004-00531102}.BAK
[2010/09/26 12:58:50 | 000,001,522 | ---- | M] () -- C:\Windows\Sandboxie.ini
[2010/09/26 12:47:58 | 003,133,120 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/09/22 09:02:14 | 000,232,501 | ---- | M] () -- C:\Users\trinsic\Desktop\Minecraft.exe
[2010/09/21 03:38:54 | 000,152,080 | ---- | M] () -- C:\Users\trinsic\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/09/21 03:37:54 | 000,004,324 | ---- | M] () -- S:\documents\soundboard1.tnt
[2010/09/21 03:37:54 | 000,004,324 | ---- | M] () -- S:\documents\shell.sonic.net.tnt
[2010/09/21 03:36:09 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.2.lnk
[2010/09/21 01:52:19 | 140,467,400 | ---- | M] () -- C:\Users\trinsic\Desktop\OOo_3.2.1_Win_x86_install_en-US.exe
[2010/09/20 19:42:09 | 000,001,091 | ---- | M] () -- C:\Users\trinsic\Desktop\eXtreme Movie Manager.lnk
[2010/09/20 16:40:52 | 000,000,314 | ---- | M] () -- C:\Windows\tasks\Music.job
[2010/09/20 15:21:32 | 000,001,055 | ---- | M] () -- C:\Users\trinsic\Application Data\Microsoft\Internet Explorer\Quick Launch\Tag&Rename.lnk
[2010/09/15 13:19:33 | 000,279,136 | ---- | M] (Acronis) -- C:\Windows\SysNative\drivers\afcdp.sys
[2010/09/15 13:19:31 | 001,263,200 | ---- | M] (Acronis) -- C:\Windows\SysNative\drivers\tdrpm273.sys
[2010/09/15 13:19:30 | 000,970,336 | ---- | M] (Acronis) -- C:\Windows\SysNative\drivers\timntr.sys
[2010/09/14 03:13:16 | 000,000,965 | ---- | M] () -- C:\Users\trinsic\Desktop\Cygwin.lnk
[2010/09/13 18:57:11 | 000,000,600 | ---- | M] () -- C:\Users\trinsic\AppData\Roaming\winscp.rnd
[2010/09/10 00:35:41 | 000,001,017 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Privoxy.lnk
[2010/09/09 17:06:02 | 000,145,485 | ---- | M] () -- S:\documents\stalker.timeline
[2010/09/09 17:06:00 | 000,000,303 | ---- | M] () -- C:\Users\trinsic\AppData\Roaming\.thetimelineproj.cfg
[2010/09/07 17:33:54 | 000,000,874 | ---- | M] () -- C:\Users\trinsic\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/09/06 01:39:47 | 000,162,816 | ---- | M] (Firelight Technologies Pty, Ltd) -- C:\Windows\SysWow64\fmod.dll
[2010/09/05 20:22:17 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\Setup1.exe
[2010/09/05 20:22:15 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\ST6UNST.EXE
[7 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[6 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Users\trinsic\*.tmp files -> C:\Users\trinsic\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/03 18:43:59 | 000,000,744 | ---- | C] () -- C:\Users\trinsic\Desktop\business
[2010/10/03 18:43:59 | 000,000,664 | ---- | C] () -- C:\Users\trinsic\Desktop\business.bak
[2010/10/01 13:47:52 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/10/01 13:47:40 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2010/09/30 17:51:22 | 001,206,412 | ---- | C] () -- C:\Users\trinsic\Desktop\tdsskiller.zip
[2010/09/30 17:26:18 | 000,080,384 | ---- | C] () -- C:\Users\trinsic\Desktop\MBRCheck.exe
[2010/09/30 15:30:36 | 000,029,801 | ---- | C] () -- C:\Users\trinsic\Desktop\The.Escapist.2008.DvDRip-FxM.srt
[2010/09/30 11:44:53 | 000,012,022 | ---- | C] () -- C:\Users\trinsic\Desktop\the.escapist.(2008).eng.1cd.(3430008).zip
[2010/09/29 14:12:12 | 000,000,938 | ---- | C] () -- C:\Users\Public\Desktop\CPUID HWMonitor.lnk
[2010/09/29 12:07:51 | 002,008,659 | ---- | C] () -- C:\Users\trinsic\Desktop\scheduler_385.zip
[2010/09/29 03:21:31 | 000,417,046 | ---- | C] () -- C:\Users\trinsic\Desktop\Cart5-nosource.zip
[2010/09/26 13:34:07 | 000,000,034 | ---- | C] () -- C:\Users\trinsic\Desktop\Call List
[2010/09/26 13:34:07 | 000,000,015 | ---- | C] () -- C:\Users\trinsic\Desktop\Call List.bak
[2010/09/21 04:46:57 | 000,232,501 | ---- | C] () -- C:\Users\trinsic\Desktop\Minecraft.exe
[2010/09/21 03:36:09 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.2.lnk
[2010/09/21 01:34:42 | 140,467,400 | ---- | C] () -- C:\Users\trinsic\Desktop\OOo_3.2.1_Win_x86_install_en-US.exe
[2010/09/20 19:42:09 | 000,001,091 | ---- | C] () -- C:\Users\trinsic\Desktop\eXtreme Movie Manager.lnk
[2010/09/20 16:40:51 | 000,000,314 | ---- | C] () -- C:\Windows\tasks\Music.job
[2010/09/15 13:27:56 | 003,162,278 | ---- | C] () -- C:\Windows\{00000005-00000000-00000001-00001102-00000004-00531102}.BAK
[2010/09/14 03:04:38 | 000,000,965 | ---- | C] () -- C:\Users\trinsic\Desktop\Cygwin.lnk
[2010/09/07 17:33:54 | 000,000,874 | ---- | C] () -- C:\Users\trinsic\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/08/25 23:39:01 | 000,001,334 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/08/10 12:42:03 | 000,001,522 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2010/08/06 08:16:00 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2010/08/06 08:16:00 | 000,014,392 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2010/08/06 08:15:51 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2010/08/06 08:15:51 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2010/08/06 08:01:55 | 000,024,907 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2010/08/06 08:01:19 | 000,001,746 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010/08/06 08:00:54 | 000,024,907 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2010/07/05 19:31:19 | 000,000,303 | ---- | C] () -- C:\Users\trinsic\AppData\Roaming\.thetimelineproj.cfg
[2010/07/05 16:36:03 | 000,001,056 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010/07/05 16:36:03 | 000,000,088 | RHS- | C] () -- C:\ProgramData\E76A7B40A5.sys
[2010/06/22 03:16:22 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2010/06/22 02:00:02 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2010/04/02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010/04/01 12:35:11 | 000,003,192 | -HS- | C] () -- C:\Windows\SysWow64\KGyGaAvL.sys
[2010/04/01 12:35:11 | 000,000,008 | RHS- | C] () -- C:\Windows\SysWow64\BCC68786BD.sys
[2010/03/10 03:37:59 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2010/03/10 03:37:59 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2010/03/10 03:37:59 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2010/03/03 19:01:55 | 000,000,017 | ---- | C] () -- C:\Users\trinsic\AppData\Local\resmon.resmoncfg
[2010/02/14 12:17:52 | 000,007,680 | ---- | C] () -- C:\Users\trinsic\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/14 12:09:41 | 000,237,568 | R--- | C] () -- C:\Windows\SysWow64\qtmlClient.dll
[2010/02/14 12:09:41 | 000,000,000 | ---- | C] () -- C:\Windows\Graffiti5.2Pin.ini
[2009/12/24 05:08:40 | 000,000,075 | ---- | C] () -- C:\ProgramData\nvUnsupRes.dat
[2009/12/08 23:56:18 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2009/12/08 23:56:18 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2009/11/30 12:42:01 | 000,039,424 | ---- | C] () -- C:\Windows\SysWow64\rpiAccessProcess.dll
[2009/11/18 14:50:35 | 000,001,626 | ---- | C] () -- C:\ProgramData\afl.log
[2009/10/28 20:42:05 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2009/10/27 23:54:35 | 000,737,000 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/10/27 19:23:25 | 000,000,600 | ---- | C] () -- C:\Users\trinsic\AppData\Roaming\winscp.rnd
[2009/09/23 20:00:02 | 000,049,726 | ---- | C] () -- C:\Windows\SysWow64\instwdm.ini
[2009/09/23 19:19:34 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CTBurst.dll
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/23 12:29:48 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini
[2008/11/07 18:08:20 | 000,362,029 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll
[2008/02/08 18:13:44 | 000,319,488 | ---- | C] () -- C:\Windows\SysWow64\LS3Renderer.dll
[2007/12/28 00:22:02 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2007/08/13 21:45:02 | 000,077,824 | ---- | C] () -- C:\Windows\SysWow64\ctmmactl.dll
[2007/01/26 03:04:12 | 000,138,752 | ---- | C] () -- C:\Windows\SysWow64\mase32.dll
[2007/01/26 03:04:12 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\ma32.dll
[2006/10/02 18:25:18 | 000,000,307 | ---- | C] () -- C:\Windows\SysWow64\kill.ini
[2004/02/11 13:22:58 | 000,077,824 | ---- | C] () -- C:\Windows\SysWow64\CDVPreviewEx.dll

========== LOP Check ==========

[2010/09/21 04:32:32 | 000,000,000 | ---D | M] -- C:\Users\trinsic\AppData\Roaming\.minecraft
[2010/09/20 23:12:39 | 000,000,000 | ---D | M] -- C:\Users\trinsic\AppData\Roaming\.purple
[2010/09/15 13:19:33 | 000,000,000 | ---D | M] -- C:\Users\trinsic\AppData\Roaming\1BFC5A63-E618-49CC-83F0-D33C640B8655
[2010/09/26 12:58:36 | 000,000,000 | ---D | M] -- C:\Users\trinsic\AppData\Roaming\AbsoluteTelnet
[2009/11/03 13:45:12 | 000,000,000 | ---D | M] -- C:\Users\trinsic\AppData\Roaming\Acronis
[2010/07/06 20:32:11 | 000,000,000 | ---D | M] -- C:\Users\trinsic\AppData\Roaming\Amazon
[2010/08/30 11:23:01 | 000,000,000 | ---D | M] -- C:\Users\trinsic\AppData\Roaming\B6248549-761E-4A43-80CB-08753447FBCF
[2010/08/04 13:36:15 | 000,000,000 | ---D | M] -- C:\Users\trinsic\AppData\Roaming\Basilisk Games
[2010/04/01 13:24:06 | 000,000,000 | ---D | M] -- C:\Users\trinsic\AppData\Roaming\BeTrayed
[2010/01/04 22:16:40 | 000,000,000 | ---D | M] -- C:\Users\trinsic\AppData\Roaming\Bioshock
[2010/07/29 06:58:08 | 000,000,000 | ---D | M] -- C:\Users\trinsic\AppData\Roaming\Blender Foundation
[2010/01/12 23:53:15 | 000,000,000 | ---D | M] -- C:\Users\trinsic\AppData\Roaming\BOXEE
[2010/01/29 02:13:08 | 000,000,000 | ---D | M] -- C:\Users\trinsic\AppData\Roaming\Braid
[2009/10/30 14:08:49 | 000,000,000 | ---D | M] -- C:\Users\trinsic\AppData\Roaming\Broad Intelligence
[2010/07/07 11:18:05 | 000,000,000 | ---D | M] -- C:\Users\trinsic\AppData\Roaming\ConceptDraw MINDMAP
[2010/07/07 11:10:28 | 000,000,000 | ---D | M] -- C:\Users\trinsic\AppData\Roaming\ConceptDraw MindMap 6
[2010/07/05 18:44:40 | 000,000,000 | ---D | M] -- C:\Users\trinsic\AppData\Roaming\ConceptDraw Project 5
[2010/09/04 11:56:50 | 000,000,000 | ---D | M] -- C:\Users\trinsic\AppData\Roaming\CoreFTP
[2010/07/07 11:18:06 | 000,000,000 | ---D | M] -- C:\Users\trinsic\AppData\Roaming\CS Odessa
[2010/07/07 11:33:22 | 000,000,000 | ---D | M] -- C:\Users\trinsic\AppData\Roaming\CSOdessa
[2009/11/04 11:54:13 | 000,000,000 | ---D | M] -- C:\Users\trinsic\AppData\Roaming\EurekaLog
[2010/10/04 14:39:56 | 000,000,000 | ---D | M] -- C:\Users\trinsic\AppData\Roaming\GetRight Pro
[2010/03/04 07:38:00 | 000,000,000 | ---D | M] -- C:\Users\trinsic\AppData\Roaming\GetRightToGo
[2010/08/23 17:54:43 | 000,000,000 | ---D | M] -- C:\Users\trinsic\AppData\Roaming\GrabPro
[2010/04/06 01:54:40 | 000,000,000 | ---D | M] -- C:\Users\trinsic\AppData\Roaming\Hide IP NG
[2009/11/17 15:57:51 | 000,000,000 | ---D | M] -- C:\Users\trinsic\AppData\Roaming\HotzAdam
[2010/08/26 22:32:58 | 000,000,000 | ---D | M] -- C:\Users\trinsic\AppData\Roaming\inkscape
[2009/10/28 00:54:54 | 000,000,000 | ---D | M] -- C:\Users\trinsic\AppData\Roaming\JAM Software
[2010/10/01 03:15:15 | 000,000,000 | ---D | M] -- C:\Users\trinsic\AppData\Roaming\KeePass
[2010/07/16 02:26:06 | 000,000,000 | ---D | M] -- C:\Users\trinsic\AppData\Roaming\King Stairs
[2010/06/26 16:20:09 | 000,000,000 | ---D | M] -- C:\Users\trinsic\AppData\Roaming\Mount&Blade Warband
[2010/09/05 20:42:37 | 000,000,000 | ---D | M] -- C:\Users\trinsic\AppData\Roaming\MovieManager
[2010/08/26 22:05:10 | 000,000,000 | ---D | M] -- C:\Users\trinsic\AppData\Roaming\NASA
[2010/08/04 01:21:38 | 000,000,000 | ---D | M] -- C:\Users\trinsic\AppData\Roaming\NetMedia Providers
[2010/08/16 21:58:24 | 000,000,000 | ---D | M] -- C:\Users\trinsic\AppData\Roaming\OneSwarm
[2009/10/28 14:13:40 | 000,000,000 | ---D | M] -- C:\Users\trinsic\AppData\Roaming\OpenOffice.org
[2010/09/15 13:51:56 | 000,000,000 | ---D | M] -- C:\Users\trinsic\AppData\Roaming\Orbit
[2010/07/15 23:26:54 | 000,000,000 | ---D | M] -- C:\Users\trinsic\AppData\Roaming\PhatWare
[2009/11/16 22:22:59 | 000,000,000 | ---D | M] -- C:\Users\trinsic\AppData\Roaming\PhraseExpress
[2010/02/14 12:10:10 | 000,000,000 | ---D | M] -- C:\Users\trinsic\AppData\Roaming\proDAD
[2010/07/05 16:36:11 | 000,000,000 | ---D | M] -- C:\Users\trinsic\AppData\Roaming\Progeny
[2010/08/17 19:53:39 | 000,000,000 | ---D | M] -- C:\Users\trinsic\AppData\Roaming\ProgSense
[2010/08/04 01:21:38 | 000,000,000 | ---D | M] -- C:\Users\trinsic\AppData\Roaming\Publish Providers
[2009/11/23 12:57:10 | 000,000,000 | ---D | M] -- C:\Users\trinsic\AppData\Roaming\Razer
[2010/07/16 13:03:49 | 000,000,000 | ---D | M] -- C:\Users\trinsic\AppData\Roaming\RightNote
[2010/03/25 23:04:31 | 000,000,000 | ---D | M] -- C:\Users\trinsic\AppData\Roaming\runic games
[2010/05/17 23:54:11 | 000,000,000 | ---D | M] -- C:\Users\trinsic\AppData\Roaming\Smart Mod Manager
[2010/02/23 19:55:28 | 000,000,000 | ---D | M] -- C:\Users\trinsic\AppData\Roaming\Snippage.B28FB424FD6880E47B18D7D649F6CC93BDE9B29B.1
[2010/08/10 12:46:10 | 000,000,000 | ---D | M] -- C:\Users\trinsic\AppData\Roaming\Sony
[2009/11/04 03:25:13 | 000,000,000 | ---D | M] -- C:\Users\trinsic\AppData\Roaming\Sync App Settings
[2010/09/29 12:00:36 | 000,000,000 | ---D | M] -- C:\Users\trinsic\AppData\Roaming\TeamViewer
[2009/12/09 22:01:00 | 000,000,000 | ---D | M] -- C:\Users\trinsic\AppData\Roaming\Thunderbird
[2009/10/28 13:08:08 | 000,000,000 | ---D | M] -- C:\Users\trinsic\AppData\Roaming\Trillian
[2010/06/29 01:24:52 | 000,000,000 | ---D | M] -- C:\Users\trinsic\AppData\Roaming\Tropico 3
[2009/10/28 00:29:47 | 000,000,000 | ---D | M] -- C:\Users\trinsic\AppData\Roaming\TrueCrypt
[2010/07/19 21:44:35 | 000,000,000 | ---D | M] -- C:\Users\trinsic\AppData\Roaming\Unity
[2009/11/19 13:06:09 | 000,000,000 | ---D | M] -- C:\Users\trinsic\AppData\Roaming\URSoft
[2010/10/04 14:40:16 | 000,000,000 | ---D | M] -- C:\Users\trinsic\AppData\Roaming\uTorrent
[2010/07/30 21:30:23 | 000,000,000 | ---D | M] -- C:\Users\trinsic\AppData\Roaming\X-Chat 2
[2010/02/28 14:44:46 | 000,000,000 | ---D | M] -- C:\Users\trinsic\AppData\Roaming\Xi
[2010/10/02 01:32:42 | 000,000,000 | ---D | M] -- C:\Users\trinsic\AppData\Roaming\XnViewMP
[2010/06/13 16:25:51 | 000,000,000 | ---D | M] -- C:\Users\trinsic\AppData\Roaming\XRay Engine
[2010/01/22 01:49:38 | 000,000,000 | ---D | M] -- C:\Users\trinsic\AppData\Roaming\ZombieDriver
[2010/09/20 16:40:52 | 000,000,314 | ---- | M] () -- C:\Windows\Tasks\Music.job
[2009/07/13 22:08:49 | 000,032,678 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

The scan is complete but it only opened the OPT log file, it didnt make an extras log file.

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 172 bytes -> C:\ProgramData\TEMP:1493A0EF
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:DE406C3E
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:0A26B6B7
< End of report >


#13 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:21 PM

Posted 04 October 2010 - 07:53 PM

Okay, let's pick off the stuff you don't need. One question, do you use a proxy?

Answer that and then open OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

CODE
:OTL
O2 - BHO: (no name) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
@Alternate Data Stream - 172 bytes -> C:\ProgramData\TEMP:1493A0EF
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:DE406C3E
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:0A26B6B7
:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]
""=""%1" %*"


Then click the Run Fix button at the top

Let the program run unhindered.

When done it will say "Fix Complete press ok to open the log"
Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Let me know if the redirections are still happening too.
Posted Image
m0le is a proud member of UNITE

#14 trinsic

trinsic
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:05:21 PM

Posted 05 October 2010 - 06:34 PM

HI Thank you here is the log file for the OTL Fix: Also I do use privoxy (not tor)

========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
ADS C:\ProgramData\TEMP:1493A0EF deleted successfully.
ADS C:\ProgramData\TEMP:DE406C3E deleted successfully.
ADS C:\ProgramData\TEMP:0A26B6B7 deleted successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\\""|""%1" %*" /E : value set successfully!

OTL by OldTimer - Version 3.2.14.1 log created on 10052010_163301


#15 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:21 PM

Posted 05 October 2010 - 07:18 PM

How are the redirections?

Please run ESET's online scanner
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Leave the top box checked and then check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push
NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users