Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Unknown Rootkit infection

Started by rhutami , Nov 19 2012 04:03 PM

This topic is locked

139 replies to this topic

#1 rhutami

Member

Members
116 posts

Posted 19 November 2012 - 04:03 PM

I frequently got problem with:
1. When I open Adobe Acrobat Pro 7 or Adobe Photoshop CS2 that I don't have administrative privilege to run the program after awhile
2. "The windows installer service could not be accessed" error when I install/update a program in windows XP
both 1 & 2 problem can be corrected when I did: Run> cmd > msiexec.exe /unregister > msiexec.exe /regserver > restart.

3. Take a long time to restart computer
4. My mouse is acting weird on click (left) specially for choose, drag and drop. Seem to unclick before I did it.

I have avira virus (complete check daily) and Malwarebytes anti-malware (pro). Right now I run complete check with Dr.Web.

I don't wish to uninstall both Adobe programs because I don't have the original CD anymore ...

I run the Dr.Web complete test and didn't find any infection. But I still feel that "something" still in my computer.
So I decide to use COMBOFIX and follow closely the instruction.

Here the log file:

ComboFix 12-11-16.02 - Rachel 11/19/2012 7:41.5.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.994 [GMT -5:00]
Running from: c:\documents and settings\Rachel\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {C19476D9-52BC-4E93-8AF3-CCF59F7AE8FE}
.
.
((((((((((((((((((((((((( Files Created from 2012-10-19 to 2012-11-19 )))))))))))))))))))))))))))))))
.
.
2012-11-05 05:08 . 2012-11-05 05:08 -------- d-----w- c:\documents and settings\Roger\Application Data\Avira
2012-11-05 05:08 . 2012-11-05 05:08 -------- d-----w- c:\documents and settings\Roger\Local Settings\Application Data\Mozilla
2012-11-05 05:02 . 2012-11-05 05:02 -------- d-----w- c:\documents and settings\Roger\Application Data\Apple Computer
2012-11-03 16:01 . 2012-11-03 16:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Ask
2012-11-01 18:45 . 2012-11-01 18:45 -------- d-----w- c:\documents and settings\Rachel\Application Data\Windows Search
2012-10-29 00:11 . 2012-10-29 00:11 -------- d-----w- c:\documents and settings\Max\Application Data\Avira
2012-10-22 02:02 . 2012-10-22 02:21 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2012-10-22 01:41 . 2012-10-25 03:36 -------- d-----w- c:\documents and settings\Rachel\Tracing
2012-10-22 01:32 . 2012-10-22 01:32 -------- d-----w- c:\program files\Microsoft Office Outlook Connector
2012-10-22 01:30 . 2010-04-28 11:44 54760 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys
2012-10-22 01:29 . 2012-10-22 01:29 -------- d-----w- c:\program files\Microsoft Sync Framework
2012-10-22 01:28 . 2006-11-29 17:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2012-10-22 01:28 . 2012-10-22 01:28 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2012-10-22 01:24 . 2012-10-22 21:26 -------- d-----w- c:\program files\Microsoft
2012-10-22 01:24 . 2012-10-22 01:24 -------- d-----w- c:\program files\Windows Live SkyDrive
2012-10-22 01:24 . 2012-10-22 21:39 -------- d-----w- c:\program files\Windows Live
2012-10-22 01:16 . 2012-10-22 01:16 -------- d-----w- c:\program files\Common Files\Windows Live
2012-10-22 01:14 . 2012-10-22 01:14 -------- d-----w- c:\windows\system32\winrm
2012-10-22 01:14 . 2012-10-22 01:15 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
2012-10-22 01:06 . 2012-10-22 01:06 -------- d-----w- c:\documents and settings\Rachel\Application Data\Windows Desktop Search
2012-10-22 01:05 . 2012-10-22 01:05 -------- d-----w- c:\windows\system32\GroupPolicy
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-22 08:37 . 2004-08-11 23:00 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-10-12 09:12 . 2012-04-19 00:12 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-12 09:12 . 2011-05-20 12:12 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-02 18:04 . 2004-08-11 23:00 58368 ----a-w- c:\windows\system32\synceng.dll
2012-09-29 23:54 . 2009-08-14 12:29 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-24 19:32 . 2012-07-14 15:59 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-09-24 19:32 . 2010-07-25 17:26 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-24 17:51 . 2012-07-14 15:59 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-08-28 15:14 . 2004-08-11 23:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14 . 2004-08-11 23:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14 . 2004-08-11 23:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2004-08-11 23:00 385024 ----a-w- c:\windows\system32\html.iec
2012-08-24 13:53 . 2004-08-11 23:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-21 13:33 . 2004-08-11 23:00 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-21 12:58 . 2004-08-04 04:59 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-10 21:30 . 2011-03-22 20:36 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2011-05-09 09:49 176936 ----a-w- c:\program files\uTorrentBar\prxtbuTo0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\prxtbuTo0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\prxtbuTo0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2012-02-03 20:24 1005712 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2012-02-03 20:24 1005712 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2012-02-03 20:24 1005712 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\documents and settings\Rachel\Local Settings\Application Data\Akamai\netsession_win.exe" [2012-10-09 4441920]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-20 282624]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-02-08 344064]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
"dvd43"="c:\program files\dvd43\dvd43_tray.exe" [2009-10-23 827904]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
"Carbonite Backup"="c:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe" [2012-02-03 1059472]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"PMBVolumeWatcher"="c:\program files\Sony\PlayMemories Home\PMBVolumeWatcher.exe" [2012-04-22 724536]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
.
c:\documents and settings\Rachel\Start Menu\Programs\Startup\
hpqtra08.exe [2008-10-16 214360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2007-3-5 25214]
AutoCAD Startup Accelerator.lnk - c:\program files\Common Files\Autodesk Shared\acstart17.exe [2006-3-5 11000]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]
Shortcut to acrotray.lnk - c:\program files\Adobe\Acrobat 7.0\Distillr\acrotray.exe [2005-9-24 483328]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ SDEarlyDelete \??\c:\program files\SpywareDetector\0autocheck autochk *
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ImageMixer for HDD Camcorder.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ImageMixer for HDD Camcorder.lnk
backup=c:\windows\pss\ImageMixer for HDD Camcorder.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^LUMIX Simple Viewer.lnk]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Rachel^Start Menu^Programs^Startup^hpqtra08.exe]
path=c:\documents and settings\Rachel\Start Menu\Programs\Startup\hpqtra08.exe
backup=c:\windows\pss\hpqtra08.exeStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-04-20 16:48 58656 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-03-21 21:10 1230704 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Garmin Lifetime Updater]
2012-01-06 21:30 1446760 ----a-w- c:\program files\Garmin\Lifetime Updater\GarminLifetime.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-05-03 12:01 136176 ----atw- c:\documents and settings\Rachel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
2006-11-13 18:39 1289000 ----a-w- c:\program files\Microsoft ActiveSync\wcescomm.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2010-06-10 00:55 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-06-07 23:33 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Vid]
2009-07-16 19:35 5458704 ----a-w- c:\program files\Logitech\Logitech Vid\Vid.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2009-10-14 17:36 2793304 ----a-w- c:\program files\Logitech\Logitech WebCam Software\LWS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2012-05-25 08:25 6595928 ----a-w- c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE2]
2003-05-08 16:00 49152 ----a-w- c:\program files\ScanSoft\OmniPageSE2.0\opwareSE2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-04-19 00:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-09-17 16:41 254896 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPod Service"=3 (0x3)
"gusvc"=3 (0x3)
"gupdate1ca18a13142e7b0"=2 (0x2)
"YahooAUService"=2 (0x2)
"usnjsvc"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"gupdatem"=3 (0x3)
"BBSvc"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"=
"c:\\Documents and Settings\\Rachel\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqfxt08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [10/29/2011 9:42 PM 36000]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/11/2004 6:00 PM 14336]
R2 AntiVirMailService;Avira Mail Protection;c:\program files\Avira\AntiVir Desktop\avmailc.exe [10/29/2011 9:42 PM 375760]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [10/29/2011 9:42 PM 86224]
R2 AntiVirWebService;Avira Web Protection;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [10/29/2011 9:42 PM 465360]
R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [10/13/2011 4:21 PM 249648]
R2 DeviceFinderService;DeviceFinderService;c:\program files\Sony\PlayMemories Home\dfs.exe [4/22/2012 9:07 AM 149048]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [9/11/2012 6:30 PM 399432]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [8/14/2009 7:29 AM 676936]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [4/22/2012 9:05 AM 474168]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [8/14/2009 7:29 AM 22856]
R3 Pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [10/1/2007 3:31 PM 47360]
S0 hlyfnnky;hlyfnnky;c:\windows\system32\drivers\dwajpkyd.sys --> c:\windows\system32\drivers\dwajpkyd.sys [?]
S3 JL2005;JL2005A Toy Camera;c:\windows\system32\Drivers\toywdm.sys --> c:\windows\system32\Drivers\toywdm.sys [?]
S4 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [10/21/2011 2:23 PM 196176]
S4 gupdate1ca18a13142e7b0;Google Update Service (gupdate1ca18a13142e7b0);c:\program files\Google\Update\GoogleUpdate.exe [8/8/2009 10:26 PM 133104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
Akamai REG_MULTI_SZ Akamai
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-19 09:12]
.
2012-11-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2012-11-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-09 03:26]
.
2012-11-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-09 03:26]
.
2012-11-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3995130714-797270352-2507821915-1005Core.job
- c:\documents and settings\Rachel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-03 12:01]
.
2012-11-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3995130714-797270352-2507821915-1005UA.job
- c:\documents and settings\Rachel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-03 12:01]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com/ie
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1:9421;*.local;<local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
TCP: DhcpNameServer = 167.206.251.129 167.206.251.130
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
DPF: {89242969-422B-46BF-B0D5-6A7B7DC4D0E0} - file:///D:/naf/html/nafcom.cab
FF - ProfilePath - c:\documents and settings\Rachel\Application Data\Mozilla\Firefox\Profiles\01o56825.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.optimum.net/?referer=http://www.optimum.net%2FPZN
FF - prefs.js: keyword.URL - hxxp://www.ask.com/web?o=13701&l=dis&q=
FF - ExtSQL: 2012-11-03 12:01; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF - ExtSQL: !HIDDEN! 2009-09-02 10:16; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - ExtSQL: !HIDDEN! 2010-08-01 21:19; smartwebprinting@hp.com; c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, true
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-19 07:56
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_ce5ba24.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(844)
c:\program files\Avira\AntiVir Desktop\avsda.dll
.
- - - - - - - > 'explorer.exe'(4820)
c:\windows\system32\WININET.dll
c:\windows\system32\AcSignIcon.dll
c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\program files\Common Files\Autodesk Shared\AcSignCore16.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-11-19 08:00:23
ComboFix-quarantined-files.txt 2012-11-19 13:00
ComboFix2.txt 2012-11-15 15:22
ComboFix3.txt 2010-05-04 12:38
ComboFix4.txt 2010-01-12 23:48
ComboFix5.txt 2012-11-19 12:39
.
Pre-Run: 92,974,141,440 bytes free
Post-Run: 92,961,951,744 bytes free
.
- - End Of File - - 303D2CCCFDA8563602C80E0CD0C45709

BC Ads
BleepingComputer.com

#2 m0le

Let's get to work

Malware Response Instructor
32,536 posts

Gender:Male
Location:London, UK

Posted 21 November 2012 - 08:51 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.

Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.
Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.
Please reply to this post so I know you are there.

The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:

If I have helped you fix your PC then please donate. Thanks

m0le is a proud member of UNITE

#3 m0le

Let's get to work

Malware Response Instructor
32,536 posts

Gender:Male
Location:London, UK

Posted 26 November 2012 - 09:26 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

If I have helped you fix your PC then please donate. Thanks

m0le is a proud member of UNITE

#4 m0le

Let's get to work

Malware Response Instructor
32,536 posts

Gender:Male
Location:London, UK

Posted 29 November 2012 - 08:31 PM

This topic has been re-opened at the request of the person who originally posted.

If I have helped you fix your PC then please donate. Thanks

m0le is a proud member of UNITE

#5 m0le

Let's get to work

Malware Response Instructor
32,536 posts

Gender:Male
Location:London, UK

Posted 29 November 2012 - 08:32 PM

Please run aswMBR and OTL

Please download aswMBR ( 511KB ) to your desktop.

Double click the aswMBR.exe icon to run it
Click the Scan button to start the scan
On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

And

Please download OTL
Save it to your desktop.
Double click on the icon on your desktop.
Click the "Scan All Users" checkbox.
Push the button.

If I have helped you fix your PC then please donate. Thanks

m0le is a proud member of UNITE

#6 rhutami

Member

Members
116 posts

Posted 30 November 2012 - 09:00 AM

It scan... and then my computer froze... is it usual?
I had to force to turn of the computer from power because all the keyboard and mouse were unresponsive.

Base on instruction on : http://www.bleepingcomputer.com/download/aswmbr/ I rename to iexplore.exe and rerun the scan... I will keep update the progress

Edited by rhutami, 30 November 2012 - 09:52 AM.

#7 rhutami

Member

Members
116 posts

Posted 30 November 2012 - 10:56 AM

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-11-30 09:18:18
-----------------------------
09:18:18.453 OS Version: Windows 5.1.2600 Service Pack 3
09:18:18.453 Number of processors: 2 586 0xF06
09:18:18.453 ComputerName: DESK_2 UserName: Rachel
09:18:20.609 Initialize success
09:18:36.015 AVAST engine defs: 12113000
09:18:42.796 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
09:18:42.796 Disk 0 Vendor: ST325082 3.AD Size: 238418MB BusType: 3
09:18:42.828 Disk 0 MBR read successfully
09:18:42.828 Disk 0 MBR scan
09:18:42.875 Disk 0 Windows XP default MBR code
09:18:42.890 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 47 MB offset 63
09:18:42.906 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 238355 MB offset 96390
09:18:42.937 Disk 0 scanning sectors +488247480
09:18:43.000 Disk 0 scanning C:\WINDOWS\system32\drivers
09:19:01.968 Service scanning
09:19:28.640 Modules scanning
09:19:33.000 Module: C:\WINDOWS\System32\DLA\DLADResN.SYS **SUSPICIOUS**
09:19:33.781 Disk 0 trace - called modules:
09:19:33.796 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
09:19:33.796 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a767ab8]
09:19:33.812 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8a788030]
09:19:34.453 AVAST engine scan C:\WINDOWS
09:19:43.531 AVAST engine scan C:\WINDOWS\system32
09:25:30.453 AVAST engine scan C:\WINDOWS\system32\drivers
09:25:58.093 AVAST engine scan C:\Documents and Settings\Rachel
09:27:04.156 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Rachel\Desktop\MBR.dat"
09:27:04.156 The log file has been saved successfully to "C:\Documents and Settings\Rachel\Desktop\aswMBR.txt"

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-11-30 09:18:18
-----------------------------
09:18:18.453 OS Version: Windows 5.1.2600 Service Pack 3
09:18:18.453 Number of processors: 2 586 0xF06
09:18:18.453 ComputerName: DESK_2 UserName: Rachel
09:18:20.609 Initialize success
09:18:36.015 AVAST engine defs: 12113000
09:18:42.796 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
09:18:42.796 Disk 0 Vendor: ST325082 3.AD Size: 238418MB BusType: 3
09:18:42.828 Disk 0 MBR read successfully
09:18:42.828 Disk 0 MBR scan
09:18:42.875 Disk 0 Windows XP default MBR code
09:18:42.890 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 47 MB offset 63
09:18:42.906 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 238355 MB offset 96390
09:18:42.937 Disk 0 scanning sectors +488247480
09:18:43.000 Disk 0 scanning C:\WINDOWS\system32\drivers
09:19:01.968 Service scanning
09:19:28.640 Modules scanning
09:19:33.000 Module: C:\WINDOWS\System32\DLA\DLADResN.SYS **SUSPICIOUS**
09:19:33.781 Disk 0 trace - called modules:
09:19:33.796 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
09:19:33.796 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a767ab8]
09:19:33.812 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8a788030]
09:19:34.453 AVAST engine scan C:\WINDOWS
09:19:43.531 AVAST engine scan C:\WINDOWS\system32
09:25:30.453 AVAST engine scan C:\WINDOWS\system32\drivers
09:25:58.093 AVAST engine scan C:\Documents and Settings\Rachel
09:27:04.156 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Rachel\Desktop\MBR.dat"
09:27:04.156 The log file has been saved successfully to "C:\Documents and Settings\Rachel\Desktop\aswMBR.txt"
10:12:42.625 AVAST engine scan C:\Documents and Settings\All Users
10:49:28.734 Scan finished successfully
10:53:41.562 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Rachel\Desktop\MBR.dat"
10:53:41.593 The log file has been saved successfully to "C:\Documents and Settings\Rachel\Desktop\aswMBR.txt"

#8 rhutami

Member

Members
116 posts

Posted 30 November 2012 - 11:48 AM

OTL logfile created on: 11/30/2012 10:56:03 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Rachel\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.12 Gb Available Physical Memory | 56.03% Memory free
3.84 Gb Paging File | 3.07 Gb Available in Paging File | 79.80% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.77 Gb Total Space | 91.54 Gb Free Space | 39.33% Space Free | Partition Type: NTFS
Drive G: | 1397.26 Gb Total Space | 1020.52 Gb Free Space | 73.04% Space Free | Partition Type: NTFS
Drive L: | 919.80 Gb Total Space | 626.90 Gb Free Space | 68.16% Space Free | Partition Type: NTFS
Drive P: | 919.80 Gb Total Space | 626.90 Gb Free Space | 68.16% Space Free | Partition Type: NTFS
Drive Q: | 919.80 Gb Total Space | 626.90 Gb Free Space | 68.16% Space Free | Partition Type: NTFS
Drive R: | 232.77 Gb Total Space | 91.54 Gb Free Space | 39.33% Space Free | Partition Type: NTFS

Computer Name: DESK_2 | User Name: Rachel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/30 08:40:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rachel\Desktop\OTL.exe
PRC - [2012/10/09 09:53:36 | 004,441,920 | ---- | M] (Akamai Technologies, Inc.) -- C:\Documents and Settings\Rachel\Local Settings\Application Data\Akamai\netsession_win.exe
PRC - [2012/09/29 18:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/09/29 18:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/08/08 18:02:42 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/05/14 22:30:35 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012/05/14 22:30:32 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2012/05/14 22:30:32 | 000,375,760 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
PRC - [2012/05/14 22:30:32 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012/05/14 22:30:32 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012/04/22 09:07:28 | 000,149,048 | ---- | M] () -- C:\Program Files\Sony\PlayMemories Home\dfs.exe
PRC - [2012/04/22 09:05:38 | 000,474,168 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
PRC - [2012/04/22 08:58:48 | 000,724,536 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PlayMemories Home\PMBVolumeWatcher.exe
PRC - [2012/02/03 15:24:50 | 004,426,384 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
PRC - [2012/02/03 15:24:48 | 001,059,472 | R--- | M] (Carbonite, Inc.) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
PRC - [2011/10/13 16:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2009/11/20 14:23:40 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) -- C:\WINDOWS\system32\ASTSRV.EXE
PRC - [2009/10/23 18:34:36 | 000,827,904 | ---- | M] () -- C:\Program Files\dvd43\DVD43_Tray.exe
PRC - [2009/10/07 00:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/07/16 14:12:12 | 000,077,944 | ---- | M] (Autodesk) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
PRC - [2006/07/06 08:15:00 | 000,151,552 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2006/07/06 08:14:30 | 000,090,112 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2006/03/20 16:00:04 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2006/01/12 19:52:32 | 000,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 7.0\Distillr\AcroTray.exe

========== Modules (No Company Name) ==========

MOD - [2012/05/30 19:06:48 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/05/30 19:06:30 | 001,242,512 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/05/14 22:30:35 | 000,398,288 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2012/04/22 09:07:28 | 000,149,048 | ---- | M] () -- C:\Program Files\Sony\PlayMemories Home\dfs.exe
MOD - [2009/10/23 18:34:36 | 000,827,904 | ---- | M] () -- C:\Program Files\dvd43\DVD43_Tray.exe
MOD - [2008/04/13 19:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 19:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2002/07/04 09:38:00 | 000,053,248 | ---- | M] () -- C:\Program Files\ArcSoft\Software Suite\PhotoImpression\Share\PIHook.dll

========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (UleadBurningHelper)
SRV - [2012/11/12 13:43:04 | 004,539,712 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_ce5ba24.dll -- (Akamai)
SRV - [2012/10/12 04:12:50 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/09/29 18:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/29 18:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/05/14 22:30:35 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/05/14 22:30:32 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2012/05/14 22:30:32 | 000,375,760 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2012/05/14 22:30:32 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/05/10 16:30:33 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/04/22 09:07:28 | 000,149,048 | ---- | M] () [Auto | Running] -- C:\Program Files\Sony\PlayMemories Home\dfs.exe -- (DeviceFinderService)
SRV - [2012/04/22 09:05:38 | 000,474,168 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2012/02/03 15:24:50 | 004,426,384 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) [Auto | Running] -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe -- (CarboniteService)
SRV - [2011/10/21 14:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Disabled | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/10/13 16:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2009/11/20 14:23:40 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\WINDOWS\system32\ASTSRV.EXE -- (astcc)
SRV - [2009/10/07 00:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2009/09/16 17:01:16 | 000,020,480 | ---- | M] (Intuit) [Disabled | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2007/07/16 14:12:12 | 000,077,944 | ---- | M] (Autodesk) [Auto | Running] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2006/11/09 18:30:14 | 000,065,536 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2006/07/06 08:14:30 | 000,090,112 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\P17.sys -- (P17)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ctoss2k.sys -- (ossrv)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\toywdm.sys -- (JL2005)
DRV - File not found [Kernel | Boot | Stopped] -- system32\drivers\dwajpkyd.sys -- (hlyfnnky)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ctsfm2k.sys -- (ctsfm2k)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Rachel\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\Rachel\LOCALS~1\Temp\aswMBR.sys -- (aswMBR)
DRV - File not found [Kernel | Auto | Stopped] -- -- (Aspi32)
DRV - [2012/09/29 18:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/05/14 22:30:36 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2012/05/14 22:30:36 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/10/19 16:03:39 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010/06/17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/04/28 06:44:02 | 000,054,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/10/07 00:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/09/16 09:22:48 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/09/16 09:22:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/09/16 09:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 09:22:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/09/16 09:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/04/30 18:01:34 | 000,265,496 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2009/04/30 17:55:56 | 002,687,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI)
DRV - [2009/04/30 17:55:32 | 000,013,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lv302af.sys -- (pepifilter)
DRV - [2008/12/17 01:01:20 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2006/05/25 13:40:00 | 001,156,808 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/03/19 09:41:08 | 000,143,872 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2006/02/07 18:55:36 | 001,480,704 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/09/08 06:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/09/08 06:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/09/08 06:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/09/08 06:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/09/08 06:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/09/08 06:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/09/08 06:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/08/25 13:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 13:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2003/09/20 08:45:48 | 000,021,248 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr8/*http://www.yahoo.com/ext/search/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=2070226
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=2070226
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch
IE - HKCU\..\SearchScopes\{31E29145-8BBE-4E67-81AB-51CCCF1C874B}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=crm&q={searchTerms}&locale=&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=AAF3CEA7-41E8-4F91-A1B2-2799B68D0698&apn_sauid=24FA13E6-8B55-4B40-B1D0-F29A5101EF9F
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_en
IE - HKCU\..\SearchScopes\{814EC236-03C9-459d-A550-68771FDED90C}: "URL" = http://home.speedbit.com/search.aspx?aff=106&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;*.local;<local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaulturl: "http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.optimum.net/?referer=http://www.optimum.net%2FPZN"
FF - prefs.js..extensions.enabledAddons: personas@christopher.beard:1.6.2
FF - prefs.js..extensions.enabledAddons: {c33c5b47-69c8-45a4-a5e0-af85bbe628dd}:1.6.3
FF - prefs.js..extensions.enabledAddons: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.10
FF - prefs.js..extensions.enabledAddons: {dd3d7613-0246-469d-bc65-2a3cc1668adc}:0.7.1.1
FF - prefs.js..extensions.enabledAddons: googledictionary@toptip.ca:5.11
FF - prefs.js..extensions.enabledAddons: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.4.8.20120412011105
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
FF - prefs.js..extensions.enabledItems: {c33c5b47-69c8-45a4-a5e0-af85bbe628dd}:1.6.1.3
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: LogMeInClient@logmein.com:1.0.0.608
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: googledictionary@toptip.ca:2.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://www.ask.com/web?o=13701&l=dis&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=2.5: C:\Program Files\Virtual Earth 3D\ [2009/11/15 23:24:35 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files\Virtual Earth 3D\ [2009/11/15 23:24:35 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.732: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\PROGRA~1\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Rachel\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Rachel\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}: C:\Program Files\SpeedBit Video Downloader\SPFireFox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2012/05/10 20:27:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/05 09:00:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/11/03 14:28:19 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2012/05/10 20:27:31 | 000,000,000 | ---D | M]

[2008/08/28 10:30:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Rachel\Application Data\Mozilla\Extensions
[2012/11/15 18:33:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Rachel\Application Data\Mozilla\Firefox\Profiles\01o56825.default\extensions
[2011/08/25 11:46:08 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Documents and Settings\Rachel\Application Data\Mozilla\Firefox\Profiles\01o56825.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2010/05/03 08:40:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Rachel\Application Data\Mozilla\Firefox\Profiles\01o56825.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/05/03 08:40:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Rachel\Application Data\Mozilla\Firefox\Profiles\01o56825.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}-trash
[2012/09/06 14:35:00 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Rachel\Application Data\Mozilla\Firefox\Profiles\01o56825.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/03/23 07:32:18 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\Rachel\Application Data\Mozilla\Firefox\Profiles\01o56825.default\extensions\engine@conduit.com
[2011/03/12 15:13:28 | 000,000,000 | ---D | M] (Personas) -- C:\Documents and Settings\Rachel\Application Data\Mozilla\Firefox\Profiles\01o56825.default\extensions\personas@christopher.beard
[2012/11/15 18:33:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Rachel\Application Data\Mozilla\Firefox\Profiles\01o56825.default\extensions\staged
[2012/09/06 14:34:54 | 000,048,692 | ---- | M] () (No name found) -- C:\Documents and Settings\Rachel\Application Data\Mozilla\Firefox\Profiles\01o56825.default\extensions\googledictionary@toptip.ca.xpi
[2011/08/02 16:13:53 | 000,052,126 | ---- | M] () (No name found) -- C:\Documents and Settings\Rachel\Application Data\Mozilla\Firefox\Profiles\01o56825.default\extensions\imagedownload@Merci.chao.xpi
[2011/05/13 09:58:49 | 000,922,025 | ---- | M] () (No name found) -- C:\Documents and Settings\Rachel\Application Data\Mozilla\Firefox\Profiles\01o56825.default\extensions\{c33c5b47-69c8-45a4-a5e0-af85bbe628dd}.xpi
[2011/10/29 22:19:49 | 000,434,392 | ---- | M] () (No name found) -- C:\Documents and Settings\Rachel\Application Data\Mozilla\Firefox\Profiles\01o56825.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
[2011/05/18 09:26:50 | 000,016,192 | ---- | M] () (No name found) -- C:\Documents and Settings\Rachel\Application Data\Mozilla\Firefox\Profiles\01o56825.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}.xpi
[2012/11/15 18:33:03 | 000,049,886 | ---- | M] () (No name found) -- C:\Documents and Settings\Rachel\Application Data\Mozilla\Firefox\Profiles\01o56825.default\extensions\staged\googledictionary@toptip.ca.xpi
[2012/11/03 11:12:25 | 000,002,308 | ---- | M] () -- C:\Documents and Settings\Rachel\Application Data\Mozilla\Firefox\Profiles\01o56825.default\searchplugins\askcom.xml
[2008/06/12 07:24:13 | 000,000,932 | ---- | M] () -- C:\Documents and Settings\Rachel\Application Data\Mozilla\Firefox\Profiles\01o56825.default\searchplugins\kamusnet-en---id.xml
[2011/06/23 17:07:03 | 000,002,386 | ---- | M] () -- C:\Documents and Settings\Rachel\Application Data\Mozilla\Firefox\Profiles\01o56825.default\searchplugins\siteadvisor-1.xml
[2007/04/16 13:31:01 | 000,002,386 | ---- | M] () -- C:\Documents and Settings\Rachel\Application Data\Mozilla\Firefox\Profiles\01o56825.default\searchplugins\siteadvisor.xml
[2012/11/03 11:01:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2007/06/19 23:20:18 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2012/07/14 10:59:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012/09/09 08:30:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012/11/03 11:01:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2007/06/19 23:14:12 | 000,000,000 | ---D | M] (Talkback) -- C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla(2).org
[2012/05/10 16:30:33 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009/11/20 16:05:31 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2009/11/20 16:05:32 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2009/08/03 15:07:42 | 000,373,104 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npOGAPlugin.dll
[2008/09/15 10:52:06 | 000,376,832 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npsnapfish.dll
[2012/01/07 11:51:35 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/01/07 11:51:35 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.optonline.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.optonline.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Rachel\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.95\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Rachel\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.95\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Rachel\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.95\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Rachel\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Documents and Settings\Rachel\Local Settings\Application Data\Google\Chrome\Application\plugins\npMozCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Office Genuine Advantage (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npOGAPlugin.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Snapfish Plugin for Firefox (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npsnapfish.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Rachel\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Yahoo! activeX Plug-in Bridge (Enabled) = C:\PROGRA~1\Yahoo!\Common\npyaxmpb.dll
CHR - plugin: AmazonMP3DownloaderPlugin (Enabled) = C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll
CHR - plugin: DivX\u00AE Content Upload Plugin (Enabled) = C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files\Garmin GPS Plugin\npGarmin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: RealNetworks Rhapsody Player Engine (Enabled) = C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - Extension: Angry Birds = C:\Documents and Settings\Rachel\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
CHR - Extension: Manilla = C:\Documents and Settings\Rachel\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gfneimmafjbamgcijncgicpphapfmpgl\1.0\
CHR - Extension: Search Preview for Google\u2122 = C:\Documents and Settings\Rachel\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hhigcplkfjjcjdaeconndmlljoiciolf\0.0.0.3_0\
CHR - Extension: Drivers Parking = C:\Documents and Settings\Rachel\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jhbejhnopmdbkkodiffaopllalmialfe\4.0.0_0\

O1 HOSTS File: ([2012/11/15 10:15:51 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTo0.dll (Conduit Ltd.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTo0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files\uTorrentBar\prxtbuTo0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [dvd43] C:\Program Files\dvd43\DVD43_Tray.exe ()
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PlayMemories Home\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Documents and Settings\Rachel\Local Settings\Application Data\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe (Autodesk, Inc)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Shortcut to acrotray.lnk = C:\Program Files\Adobe\Acrobat 7.0\Distillr\AcroTray.exe (Adobe Systems Inc.)
O4 - Startup: C:\Documents and Settings\Rachel\Start Menu\Programs\Startup\hpqtra08.exe (Hewlett-Packard Co.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - Reg Error: Value error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: localhost ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1349919464437 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1350867256671 (MUWebControl Class)
O16 - DPF: {89242969-422B-46BF-B0D5-6A7B7DC4D0E0} file:///D:/naf/html/nafcom.cab (Nafi Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.251.129 167.206.251.130
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BE8D62AD-AED3-4AEE-8F5F-D062AD25BDEB}: DhcpNameServer = 167.206.251.129 167.206.251.130
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: c:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: c:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/08/17 15:20:32 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2004/08/11 18:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/01/20 21:52:15 | 000,000,000 | R--D | M] - G:\autorun -- [ NTFS ]
O32 - AutoRun File - [2011/12/13 14:09:18 | 000,000,000 | ---D | M] - L:\AUTOCAD FILES -- [ NTFS ]
O34 - HKLM BootExecute: (SDEarlyDelete \??\C:\Program Files\SpywareDetector)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/11/30 08:40:46 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Rachel\Desktop\OTL.exe
[2012/11/30 08:40:21 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Rachel\Desktop\iexplore.exe
[2012/11/20 11:02:54 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Rachel\Recent
[2012/11/19 08:28:36 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/11/15 10:02:10 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/11/15 09:56:44 | 005,002,404 | R--- | C] (Swearware) -- C:\Documents and Settings\Rachel\Desktop\ComboFix.exe
[2012/11/09 09:20:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SpywareBlaster
[2012/11/03 11:01:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Ask
[2012/11/03 11:01:24 | 000,157,680 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012/11/03 11:01:24 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012/11/03 11:01:24 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012/11/01 13:45:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rachel\Application Data\Windows Search
[2008/02/19 18:00:25 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Rachel\Application Data\pcouffin.sys
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/11/30 11:11:16 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/11/30 11:08:00 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3995130714-797270352-2507821915-1005UA.job
[2012/11/30 10:53:41 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Rachel\Desktop\MBR.dat
[2012/11/30 10:49:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/30 09:09:45 | 000,002,335 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2012/11/30 09:05:06 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/30 09:04:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/11/30 09:04:02 | 2145,017,856 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/30 08:40:54 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Rachel\Desktop\iexplore.exe
[2012/11/30 08:40:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rachel\Desktop\OTL.exe
[2012/11/30 07:12:18 | 000,002,293 | ---- | M] () -- C:\Documents and Settings\Rachel\Desktop\Google Chrome.lnk
[2012/11/30 07:12:18 | 000,002,271 | ---- | M] () -- C:\Documents and Settings\Rachel\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/11/30 07:08:07 | 000,033,287 | ---- | M] () -- C:\Documents and Settings\Rachel\My Documents\ym k4l4jengking.rtf
[2012/11/30 04:08:06 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3995130714-797270352-2507821915-1005Core.job
[2012/11/29 08:27:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/11/28 20:43:06 | 000,004,578 | -H-- | M] () -- C:\Documents and Settings\Rachel\My Documents\Default.rdp
[2012/11/24 17:26:42 | 000,002,327 | ---- | M] () -- C:\Documents and Settings\Rachel\Application Data\Microsoft\Internet Explorer\Quick Launch\Adobe Acrobat 7.0 Professional.lnk
[2012/11/21 19:29:52 | 000,001,149 | ---- | M] () -- C:\Documents and Settings\Rachel\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to projects on 'DESK_1 (Roger-hp)' (P).lnk
[2012/11/21 19:29:48 | 000,001,149 | ---- | M] () -- C:\Documents and Settings\Rachel\Desktop\Shortcut to projects on 'DESK_1 (Roger-hp)' (P).lnk
[2012/11/20 12:41:07 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\Rachel\Desktop\Microsoft Office Outlook 2007.lnk
[2012/11/20 11:05:32 | 000,000,634 | ---- | M] () -- C:\Documents and Settings\Rachel\My Documents\cc_20121120_110530.reg
[2012/11/19 07:37:52 | 005,002,404 | R--- | M] (Swearware) -- C:\Documents and Settings\Rachel\Desktop\ComboFix.exe
[2012/11/18 12:18:29 | 000,000,152 | ---- | M] () -- C:\WINDOWS\AGSCDV3.INI
[2012/11/15 19:28:23 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Rachel\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2012/11/15 11:00:30 | 000,004,826 | ---- | M] () -- C:\Documents and Settings\Rachel\My Documents\cc_20121115_110027.reg
[2012/11/15 10:15:51 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/11/15 10:02:19 | 000,000,399 | RHS- | M] () -- C:\boot.ini
[2012/11/15 09:53:11 | 000,000,353 | ---- | M] () -- C:\Boot.bak
[2012/11/15 09:29:19 | 000,612,346 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/11/15 09:29:19 | 000,118,794 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/11/15 08:56:42 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/11/15 07:38:08 | 000,922,912 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/11/11 14:32:20 | 000,080,260 | ---- | M] () -- C:\Documents and Settings\Rachel\Desktop\Boycott_Koch.png
[2012/11/11 14:27:32 | 000,141,605 | ---- | M] () -- C:\Documents and Settings\Rachel\Desktop\il_fullxfull.326520574.jpg
[2012/11/09 10:07:58 | 000,000,422 | ---- | M] () -- C:\Documents and Settings\Rachel\My Documents\cc_20121109_100756.reg
[2012/11/09 09:20:07 | 000,000,754 | ---- | M] () -- C:\Documents and Settings\Rachel\Desktop\SpywareBlaster.lnk
[2012/11/07 19:41:13 | 000,001,580 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Defraggler.lnk
[2012/11/07 19:15:48 | 000,013,960 | ---- | M] () -- C:\Documents and Settings\Rachel\My Documents\cc_20121107_191545.reg
[2012/11/07 19:15:29 | 000,052,154 | ---- | M] () -- C:\Documents and Settings\Rachel\My Documents\cc_20121107_191524.reg
[2012/11/05 20:15:25 | 000,000,686 | ---- | M] () -- C:\Documents and Settings\Rachel\My Documents\DrWeb.csv
[2012/11/05 10:56:03 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/11/03 13:57:34 | 000,000,284 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2012/11/02 18:36:45 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012/11/02 18:21:33 | 000,117,598 | ---- | M] () -- C:\Documents and Settings\Rachel\My Documents\cb2 receipt_Page_3.jpg
[2012/11/02 18:21:32 | 000,268,484 | ---- | M] () -- C:\Documents and Settings\Rachel\My Documents\cb2 receipt_Page_2.jpg
[2012/11/02 18:21:31 | 000,109,990 | ---- | M] () -- C:\Documents and Settings\Rachel\My Documents\cb2 receipt_Page_1.jpg
[2012/11/02 17:54:49 | 000,009,398 | ---- | M] () -- C:\Documents and Settings\Rachel\My Documents\cc_20121102_185446.reg
[2012/11/02 16:49:10 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\calibre - E-book management.lnk
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/11/30 09:27:04 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Rachel\Desktop\MBR.dat
[2012/11/30 07:08:04 | 000,033,287 | ---- | C] () -- C:\Documents and Settings\Rachel\My Documents\ym k4l4jengking.rtf
[2012/11/21 19:29:52 | 000,001,149 | ---- | C] () -- C:\Documents and Settings\Rachel\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to projects on 'DESK_1 (Roger-hp)' (P).lnk
[2012/11/21 19:29:36 | 000,001,149 | ---- | C] () -- C:\Documents and Settings\Rachel\Desktop\Shortcut to projects on 'DESK_1 (Roger-hp)' (P).lnk
[2012/11/20 11:05:31 | 000,000,634 | ---- | C] () -- C:\Documents and Settings\Rachel\My Documents\cc_20121120_110530.reg
[2012/11/15 11:00:28 | 000,004,826 | ---- | C] () -- C:\Documents and Settings\Rachel\My Documents\cc_20121115_110027.reg
[2012/11/11 14:32:21 | 000,080,260 | ---- | C] () -- C:\Documents and Settings\Rachel\Desktop\Boycott_Koch.png
[2012/11/11 14:27:36 | 000,141,605 | ---- | C] () -- C:\Documents and Settings\Rachel\Desktop\il_fullxfull.326520574.jpg
[2012/11/09 10:07:58 | 000,000,422 | ---- | C] () -- C:\Documents and Settings\Rachel\My Documents\cc_20121109_100756.reg
[2012/11/09 09:20:07 | 000,000,754 | ---- | C] () -- C:\Documents and Settings\Rachel\Desktop\SpywareBlaster.lnk
[2012/11/07 19:15:47 | 000,013,960 | ---- | C] () -- C:\Documents and Settings\Rachel\My Documents\cc_20121107_191545.reg
[2012/11/07 19:15:27 | 000,052,154 | ---- | C] () -- C:\Documents and Settings\Rachel\My Documents\cc_20121107_191524.reg
[2012/11/02 18:21:32 | 000,117,598 | ---- | C] () -- C:\Documents and Settings\Rachel\My Documents\cb2 receipt_Page_3.jpg
[2012/11/02 18:21:31 | 000,268,484 | ---- | C] () -- C:\Documents and Settings\Rachel\My Documents\cb2 receipt_Page_2.jpg
[2012/11/02 18:21:31 | 000,109,990 | ---- | C] () -- C:\Documents and Settings\Rachel\My Documents\cb2 receipt_Page_1.jpg
[2012/11/02 17:55:31 | 000,002,335 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2012/11/02 17:54:48 | 000,009,398 | ---- | C] () -- C:\Documents and Settings\Rachel\My Documents\cc_20121102_185446.reg
[2012/05/10 20:38:13 | 000,068,027 | ---- | C] () -- C:\WINDOWS\hpqins13.dat.temp
[2012/05/10 19:46:46 | 000,188,668 | ---- | C] () -- C:\WINDOWS\hpwins22.dat
[2012/05/10 19:46:46 | 000,002,979 | ---- | C] () -- C:\WINDOWS\hpwmdl22.dat
[2012/02/15 07:10:21 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/18 13:35:56 | 000,675,946 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/12/13 17:08:43 | 000,012,974 | ---- | C] () -- C:\Documents and Settings\Rachel\Application Data\Comma Separated Values (DOS).CAL
[2011/08/18 11:00:32 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Rachel\temp_156838387
[2011/06/10 12:38:40 | 000,611,840 | ---- | C] () -- C:\WINDOWS\System32\DVD43.dll
[2011/04/21 12:42:46 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\FileOps.exe
[2010/11/07 00:21:22 | 002,162,214 | ---- | C] () -- C:\Documents and Settings\Rachel\Local Settings\Application Data\[j0002]-[p16].bmp
[2010/11/07 00:20:40 | 002,437,830 | ---- | C] () -- C:\Documents and Settings\Rachel\Local Settings\Application Data\[j0002]-[p15].bmp
[2010/11/07 00:20:21 | 002,437,830 | ---- | C] () -- C:\Documents and Settings\Rachel\Local Settings\Application Data\[j0002]-[p14].bmp
[2010/11/07 00:20:05 | 002,437,830 | ---- | C] () -- C:\Documents and Settings\Rachel\Local Settings\Application Data\[j0002]-[p13].bmp
[2010/11/07 00:19:50 | 002,437,830 | ---- | C] () -- C:\Documents and Settings\Rachel\Local Settings\Application Data\[j0002]-[p12].bmp
[2010/11/07 00:19:30 | 002,437,830 | ---- | C] () -- C:\Documents and Settings\Rachel\Local Settings\Application Data\[j0002]-[p11].bmp
[2010/11/07 00:19:04 | 002,437,830 | ---- | C] () -- C:\Documents and Settings\Rachel\Local Settings\Application Data\[j0002]-[p10].bmp
[2010/11/07 00:18:34 | 002,437,830 | ---- | C] () -- C:\Documents and Settings\Rachel\Local Settings\Application Data\[j0002]-[p09].bmp
[2010/11/07 00:17:14 | 002,437,830 | ---- | C] () -- C:\Documents and Settings\Rachel\Local Settings\Application Data\[j0002]-[p08].bmp
[2010/11/07 00:16:43 | 002,437,830 | ---- | C] () -- C:\Documents and Settings\Rachel\Local Settings\Application Data\[j0002]-[p07].bmp
[2010/11/07 00:16:18 | 002,437,830 | ---- | C] () -- C:\Documents and Settings\Rachel\Local Settings\Application Data\[j0002]-[p06].bmp
[2010/11/07 00:14:51 | 002,437,830 | ---- | C] () -- C:\Documents and Settings\Rachel\Local Settings\Application Data\[j0002]-[p05].bmp
[2010/11/07 00:14:21 | 002,437,830 | ---- | C] () -- C:\Documents and Settings\Rachel\Local Settings\Application Data\[j0002]-[p04].bmp
[2010/11/07 00:13:46 | 002,437,830 | ---- | C] () -- C:\Documents and Settings\Rachel\Local Settings\Application Data\[j0002]-[p03].bmp
[2010/11/07 00:13:18 | 002,437,830 | ---- | C] () -- C:\Documents and Settings\Rachel\Local Settings\Application Data\[j0002]-[p02].bmp
[2010/11/07 00:12:03 | 002,437,830 | ---- | C] () -- C:\Documents and Settings\Rachel\Local Settings\Application Data\[j0002]-[p01].bmp
[2010/02/28 17:46:45 | 000,036,584 | ---- | C] () -- C:\Documents and Settings\Rachel\Application Data\Comma Separated Values (Windows).ADR
[2010/02/15 12:14:07 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\Rachel\Application Data\setup_ldm.iss
[2010/01/16 18:12:56 | 000,038,448 | ---- | C] () -- C:\Documents and Settings\Rachel\Application Data\Comma Separated Values (DOS).ADR
[2009/10/23 07:21:46 | 013,484,032 | ---- | C] () -- C:\Documents and Settings\Rachel\S-1-5-21-3995130714-797270352-2507821915-1005.bk
[2009/02/14 15:36:07 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Rachel\Local Settings\Application Data\fusioncache.dat
[2008/02/19 18:00:25 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Rachel\Application Data\pcouffin.cat
[2008/02/19 18:00:25 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Rachel\Application Data\pcouffin.inf
[2007/11/22 09:26:45 | 000,000,550 | ---- | C] () -- C:\Documents and Settings\Rachel\Application Data\AutoGK.ini
[2007/10/17 17:49:34 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Rachel\test4
[2007/10/01 12:18:48 | 000,000,040 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2007/05/17 08:30:32 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Rachel\dummy.hiv
[2007/05/08 06:42:11 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\$_hpcst$.hpc
[2007/04/26 20:06:54 | 000,118,272 | ---- | C] () -- C:\Documents and Settings\Rachel\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/03/18 15:36:28 | 000,001,359 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/03/09 21:59:47 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Rachel\Application Data\$_hpcst$.hpc

========== ZeroAccess Check ==========

[2004/08/11 18:21:56 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 19:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >

#9 m0le

Let's get to work

Malware Response Instructor
32,536 posts

Gender:Male
Location:London, UK

Posted 01 December 2012 - 06:23 PM

There's no malware in these logs. A number of borderline items and orphans (where the file is no longer on the machine). I like to fix these.

We need to run an OTL Fix

Please reopen on your desktop.

Copy and Paste the following code into the Posted Image

textbox.

:OTL
SRV - File not found [Auto | Stopped] -- -- (UleadBurningHelper)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\P17.sys -- (P17)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ctoss2k.sys -- (ossrv)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\toywdm.sys -- (JL2005)
DRV - File not found [Kernel | Boot | Stopped] -- system32\drivers\dwajpkyd.sys -- (hlyfnnky)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ctsfm2k.sys -- (ctsfm2k)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Rachel\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\Rachel\LOCALS~1\Temp\aswMBR.sys -- (aswMBR)
DRV - File not found [Kernel | Auto | Stopped] -- -- (Aspi32)
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaulturl: "http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
[2011/03/23 07:32:18 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\Rachel\Application Data\Mozilla\Firefox\Profiles\01o56825.default\extensions\engine@conduit.com
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

Push
OTL may ask to reboot the machine. Please do so if asked.
Click the OK button.
A report will open. Copy and Paste that report in your next reply.

If I have helped you fix your PC then please donate. Thanks

m0le is a proud member of UNITE

#10 rhutami

Member

Members
116 posts

Posted 02 December 2012 - 12:28 PM

========== OTL ==========
Service UleadBurningHelper stopped successfully!
Service UleadBurningHelper deleted successfully!
Service WDICA stopped successfully!
Service WDICA deleted successfully!
Service PDRFRAME stopped successfully!
Service PDRFRAME deleted successfully!
Service PDRELI stopped successfully!
Service PDRELI deleted successfully!
Service PDFRAME stopped successfully!
Service PDFRAME deleted successfully!
Service PDCOMP stopped successfully!
Service PDCOMP deleted successfully!
Service PCIDump stopped successfully!
Service PCIDump deleted successfully!
Service P17 stopped successfully!
Service P17 deleted successfully!
File system32\drivers\P17.sys not found.
Service ossrv stopped successfully!
Service ossrv deleted successfully!
File system32\DRIVERS\ctoss2k.sys not found.
Service lbrtfdc stopped successfully!
Service lbrtfdc deleted successfully!
Service JL2005 stopped successfully!
Service JL2005 deleted successfully!
File System32\Drivers\toywdm.sys not found.
Service hlyfnnky stopped successfully!
Service hlyfnnky deleted successfully!
File system32\drivers\dwajpkyd.sys not found.
Service ctsfm2k stopped successfully!
Service ctsfm2k deleted successfully!
File system32\DRIVERS\ctsfm2k.sys not found.
Service Changer stopped successfully!
Service Changer deleted successfully!
Service catchme stopped successfully!
Service catchme deleted successfully!
File C:\DOCUME~1\Rachel\LOCALS~1\Temp\catchme.sys not found.
Error: No service named aswMBR was found to stop!
Service\Driver key aswMBR not found.
File C:\DOCUME~1\Rachel\LOCALS~1\Temp\aswMBR.sys not found.
Service Aspi32 stopped successfully!
Service Aspi32 deleted successfully!
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Ask.com" removed from browser.search.defaultenginename
Prefs.js: "http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch" removed from browser.search.defaulturl
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: "Ask.com" removed from browser.search.selectedEngine
C:\Documents and Settings\Rachel\Application Data\Mozilla\Firefox\Profiles\01o56825.default\extensions\engine@conduit.com\searchplugin folder moved successfully.
C:\Documents and Settings\Rachel\Application Data\Mozilla\Firefox\Profiles\01o56825.default\extensions\engine@conduit.com\META-INF folder moved successfully.
C:\Documents and Settings\Rachel\Application Data\Mozilla\Firefox\Profiles\01o56825.default\extensions\engine@conduit.com\lib folder moved successfully.
C:\Documents and Settings\Rachel\Application Data\Mozilla\Firefox\Profiles\01o56825.default\extensions\engine@conduit.com\DualPackage folder moved successfully.
C:\Documents and Settings\Rachel\Application Data\Mozilla\Firefox\Profiles\01o56825.default\extensions\engine@conduit.com\defaults folder moved successfully.
C:\Documents and Settings\Rachel\Application Data\Mozilla\Firefox\Profiles\01o56825.default\extensions\engine@conduit.com\components folder moved successfully.
C:\Documents and Settings\Rachel\Application Data\Mozilla\Firefox\Profiles\01o56825.default\extensions\engine@conduit.com\chrome folder moved successfully.
C:\Documents and Settings\Rachel\Application Data\Mozilla\Firefox\Profiles\01o56825.default\extensions\engine@conduit.com folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.

OTL by OldTimer - Version 3.2.69.0 log created on 12022012_122754

#11 m0le

Let's get to work

Malware Response Instructor
32,536 posts

Gender:Male
Location:London, UK

Posted 02 December 2012 - 05:39 PM

Please run ESET's online scan to complete the check

I'd like us to scan your machine with ESET OnlineScan

Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
Click the button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on to download the ESET Smart Installer. Save it to your desktop.
- Double click on the icon on your desktop.
Check
Click the button.
Accept any security warnings from your browser.
Under scan settings, check and check Remove found threats
Click Advanced settings and select the following:
- Scan potentially unwanted applications
- Scan for potentially unsafe applications
- Enable Anti-Stealth technology
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
Copy and paste the resulting log in your next reply

If no log is generated that means nothing was found. Please let me know if this happens.

If you think a log should have been generated then go to C:\Program Files\ESET\ESET Online Scanner\log.txt to find it.

If I have helped you fix your PC then please donate. Thanks

m0le is a proud member of UNITE

#12 rhutami

Member

Members
116 posts

Posted 03 December 2012 - 07:00 AM

G:\DOCUMENTS\ebook\INDONESIA\IWON.exe Win32/AdInstaller application cleaned by deleting - quarantined
G:\programs\CouponPrinter.exe probably a variant of Win32/Adware.Softomate.AD application cleaned by deleting - quarantined

#13 m0le

Let's get to work

Malware Response Instructor
32,536 posts

Gender:Male
Location:London, UK

Posted 03 December 2012 - 07:45 PM

It looks like you're clean, rhutami. Are you getting any symptoms at present?

If I have helped you fix your PC then please donate. Thanks

m0le is a proud member of UNITE

#14 rhutami

Member

Members
116 posts

Posted 03 December 2012 - 09:49 PM

Yes

... I still got problem with:
1. When I open Adobe Acrobat Pro 7 or Adobe Photoshop CS2 that I don't have administrative privilege to run the program after awhile
2. "The windows installer service could not be accessed" error when I install/update a program in windows XP
both 1 & 2 problem can be corrected when I did: Run> cmd > msiexec.exe /unregister > msiexec.exe /regserver > restart.