Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Almost all my software is infected by Win32/Sality.NAR virus [Closed]

Started by dundundunn , Oct 27 2012 07:48 AM

  • This topic is locked This topic is locked

#1
dundundunn
Posted 27 October 2012 - 07:48 AM

dundundunn

    New Member

  • Member
  • Pip
  • 7 posts
Hi guys,

My PC is clearly infected with malware/virus. It's been used by a couple of people, and it's been a long time since I checked it.
I have ESET Nod32 5, and Malwarebytes Anti-Malware. ESET detects that almost all my program files(.exe), i.e, Photoshop.exe, javaw.exe; they are detected as Win32/Sality.NAR virus. Around 355 files like this are detected by ESET and is now in quarantine. Regedit and Taskmanager are disabled.

I don't really know what's the problem. I wanna fix it.. and I don't have time for reformatting this PC.
I would really need your help.

Thank you in advance :)

OTL logfile created on: 10/27/2012 8:38:15 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Faith Morante\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.11 Mb Total Physical Memory | 314.57 Mb Available Physical Memory | 31.05% Memory free
2.38 Gb Paging File | 1.43 Gb Available in Paging File | 59.94% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 59.87 Gb Total Space | 7.15 Gb Free Space | 11.94% Space Free | Partition Type: NTFS
Drive F: | 14.65 Gb Total Space | 2.97 Gb Free Space | 20.28% Space Free | Partition Type: NTFS

Computer Name: FAITH | User Name: Faith Morante | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/27 20:11:04 | 072,668,672 | ---- | M] () -- C:\Program Files\Secunia\PSI\SUA\ab135562cebb5f78ce8ea5ec8bd5d2fde6d6a194\ab135562cebb5f78ce8ea5ec8bd5d2fde6d6a194.exe
PRC - [2012/10/27 19:55:40 | 014,919,168 | ---- | M] () -- C:\Program Files\Secunia\PSI\SUA\a85cd460c341ad61be403a895d4d4b07c00ee57d\JavaJRE_6u37_32-bit_SPS.exe
PRC - [2012/10/27 19:51:33 | 018,417,152 | ---- | M] () -- C:\Program Files\Secunia\PSI\SUA\b0c42552db57cf38c536877b1a9794905d184dd8\Firefox_16.0.1_en-US_SPS.exe
PRC - [2012/10/27 19:48:16 | 039,612,928 | ---- | M] () -- C:\Program Files\Secunia\PSI\SUA\f2231c88705aaaf267443a8e6ac62ca5b6806acc\QuickTime_7.7.2_SPS.exe
PRC - [2012/10/27 19:41:37 | 003,267,584 | ---- | M] () -- C:\Program Files\Secunia\PSI\SUA\0a2bb793b17eb17cb6f38b9316bb53504cb86de2\AdobeFlashPlayer_10.3.183.29_ax_SPS.exe
PRC - [2012/10/27 18:50:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Faith Morante\My Documents\Downloads\OTL.exe
PRC - [2012/10/10 17:06:17 | 001,239,064 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Faith Morante\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2012/10/02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012/09/24 19:46:16 | 001,328,736 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psia.exe
PRC - [2012/09/24 19:46:16 | 000,656,480 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exe
PRC - [2012/09/24 19:46:14 | 001,950,304 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psi.exe
PRC - [2012/09/24 19:46:14 | 000,573,536 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psi_tray.exe
PRC - [2012/09/03 18:13:49 | 001,022,352 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\UTORRENT.EXE
PRC - [2012/07/20 08:27:23 | 000,871,536 | ---- | M] (BitLeader) -- C:\Program Files\lg_fwupdate\fwupdate.exe
PRC - [2012/03/07 15:40:34 | 000,913,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2012/03/07 15:40:28 | 003,117,344 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2011/05/09 14:07:38 | 000,512,000 | ---- | M] () -- C:\Program Files\Smartfren Connex AC682 UI\bin\MonServiceUDisk.exe
PRC - [2009/02/23 19:43:12 | 000,576,000 | ---- | M] (MagicISO, Inc.) -- C:\Program Files\MagicDisc\MagicDisc.exe
PRC - [2008/12/10 01:10:14 | 000,024,636 | ---- | M] (Apache Software Foundation) -- C:\wamp\bin\apache\Apache2.2.11\bin\httpd.exe
PRC - [2008/12/10 01:10:14 | 000,024,636 | ---- | M] (Apache Software Foundation) -- c:\wamp\bin\apache\Apache2.2.11\bin\httpd.exe
PRC - [2008/11/10 03:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/14 12:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/07 09:54:00 | 000,045,056 | ---- | M] () -- C:\Program Files\RDX\Service\RDXmon.exe
PRC - [2007/04/13 23:20:22 | 000,097,432 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe


========== Modules (No Company Name) ==========

MOD - [2012/10/27 20:11:04 | 072,668,672 | ---- | M] () -- C:\Program Files\Secunia\PSI\SUA\ab135562cebb5f78ce8ea5ec8bd5d2fde6d6a194\ab135562cebb5f78ce8ea5ec8bd5d2fde6d6a194.exe
MOD - [2012/10/27 20:08:23 | 001,238,016 | ---- | M] () -- C:\Program Files\Secunia\PSI\psires.dll
MOD - [2012/10/27 19:55:40 | 014,919,168 | ---- | M] () -- C:\Program Files\Secunia\PSI\SUA\a85cd460c341ad61be403a895d4d4b07c00ee57d\JavaJRE_6u37_32-bit_SPS.exe
MOD - [2012/10/27 19:51:33 | 018,417,152 | ---- | M] () -- C:\Program Files\Secunia\PSI\SUA\b0c42552db57cf38c536877b1a9794905d184dd8\Firefox_16.0.1_en-US_SPS.exe
MOD - [2012/10/27 19:48:16 | 039,612,928 | ---- | M] () -- C:\Program Files\Secunia\PSI\SUA\f2231c88705aaaf267443a8e6ac62ca5b6806acc\QuickTime_7.7.2_SPS.exe
MOD - [2012/10/27 19:41:37 | 003,267,584 | ---- | M] () -- C:\Program Files\Secunia\PSI\SUA\0a2bb793b17eb17cb6f38b9316bb53504cb86de2\AdobeFlashPlayer_10.3.183.29_ax_SPS.exe
MOD - [2012/10/10 17:06:15 | 000,460,312 | ---- | M] () -- C:\Documents and Settings\Faith Morante\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.94\ppgooglenaclpluginchrome.dll
MOD - [2012/10/10 17:06:13 | 012,435,992 | ---- | M] () -- C:\Documents and Settings\Faith Morante\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.94\PepperFlash\pepflashplayer.dll
MOD - [2012/10/10 17:06:12 | 004,005,912 | ---- | M] () -- C:\Documents and Settings\Faith Morante\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.94\pdf.dll
MOD - [2012/10/10 17:04:44 | 000,156,712 | ---- | M] () -- C:\Documents and Settings\Faith Morante\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.94\avutil-51.dll
MOD - [2012/10/10 17:04:43 | 000,275,496 | ---- | M] () -- C:\Documents and Settings\Faith Morante\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.94\avformat-54.dll
MOD - [2012/10/10 17:04:42 | 002,168,360 | ---- | M] () -- C:\Documents and Settings\Faith Morante\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.94\avcodec-54.dll
MOD - [2011/11/03 22:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2011/05/09 14:07:38 | 000,512,000 | ---- | M] () -- C:\Program Files\Smartfren Connex AC682 UI\bin\MonServiceUDisk.exe
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/08/12 15:00:00 | 003,843,584 | ---- | M] () -- C:\Program Files\K-Lite Codec Pack\ffdshow\ffdshow.ax
MOD - [2010/01/21 01:34:10 | 008,793,952 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2008/04/14 12:42:04 | 000,562,176 | ---- | M] () -- C:\WINDOWS\system32\qedit.dll
MOD - [2008/04/14 12:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 12:41:52 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008/02/07 09:54:00 | 000,045,056 | ---- | M] () -- C:\Program Files\RDX\Service\RDXmon.exe
MOD - [2007/04/13 23:20:22 | 000,097,432 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (ABP_InstallCheckerService)
SRV - [2012/10/27 19:38:42 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/10/11 08:05:59 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/10/02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/24 19:46:16 | 001,328,736 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2012/09/24 19:46:16 | 000,656,480 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2012/07/03 13:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/03/07 15:40:34 | 000,913,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2011/05/09 14:07:38 | 000,512,000 | ---- | M] () [Auto | Running] -- C:\Program Files\Smartfren Connex AC682 UI\bin\MonServiceUDisk.exe -- (UDisk Monitor)
SRV - [2010/10/22 05:03:00 | 004,533,336 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\system32\GameMon.des -- (npggsvc)
SRV - [2010/05/03 21:44:22 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/01/21 17:51:12 | 030,963,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2009/06/17 11:18:42 | 006,582,912 | ---- | M] () [On_Demand | Stopped] -- c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe -- (wampmysqld)
SRV - [2008/12/10 01:10:14 | 000,024,636 | ---- | M] (Apache Software Foundation) [Auto | Running] -- c:\wamp\bin\apache\Apache2.2.11\bin\httpd.exe -- (wampapache)
SRV - [2008/11/10 03:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/02/07 09:54:00 | 000,045,056 | ---- | M] () [Auto | Running] -- C:\Program Files\RDX\Service\RDXmon.exe -- (RDXmon)
SRV - [2007/04/13 23:20:22 | 000,097,432 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\FAITHM~1\LOCALS~1\Temp\DinF8.tmp -- (XDva392)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva361.sys -- (XDva361)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva349.sys -- (XDva349)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva347.sys -- (XDva347)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\usbaapl.sys -- (USBAAPL)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbfake.sys -- (hwusbfake)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Garena\safedrv.sys -- (GGSAFERDriver)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EagleNT.sys -- (EagleNT)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\FAITHM~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pjoqln.sys -- (asc3360pr)
DRV - [2012/09/29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/03/14 08:40:04 | 000,104,160 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2012/03/14 08:40:02 | 000,160,816 | ---- | M] (ESET) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2012/03/14 08:40:02 | 000,120,152 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2011/12/16 21:19:54 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2011/04/05 00:47:40 | 000,021,504 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USB_MODEM_T.sys -- (UsbModemDriver)
DRV - [2011/01/03 21:15:09 | 000,109,440 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\KbdCap.sys -- (kbdcap)
DRV - [2010/07/29 00:25:42 | 000,025,112 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ivusb.sys -- (ivusb)
DRV - [2010/05/11 01:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/18 01:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/12/18 10:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2009/11/05 11:50:50 | 000,038,400 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USB_BusEnum_T.sys -- (USB_BusEnum_T)
DRV - [2009/10/27 08:45:06 | 000,030,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USB_WinMux_T.sys -- (USB_WinMux_T)
DRV - [2009/09/30 22:00:00 | 000,138,112 | ---- | M] (Roland Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rdwm1104.sys -- (RDID1104)
DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/09/24 10:40:22 | 004,122,368 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM)
DRV - [2008/05/29 07:02:08 | 000,016,128 | ---- | M] (Via Telecom, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USB_ETS_T.sys -- (USB_ETS_T)
DRV - [2008/04/14 05:05:40 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)
DRV - [2007/11/21 17:37:06 | 000,181,888 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cam1690.sys -- (CAM1690)
DRV - [2007/08/07 07:15:07 | 000,033,052 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2002/09/16 17:14:32 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\PQNTDRV.sys -- (PQNTDrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT3220468
IE - HKCU\..\URLSearchHook: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://search.yahoo....q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT3220468
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = socks=

========== FireFox ==========

FF - prefs.js..CT3220468.browser.search.defaultthis.engineName: true
FF - prefs.js..browser.search.selectedEngine: "uTorrentControl_v2 Customized Web Search"
FF - prefs.js..browser.startup.homepage: "http://search.condui...earchSource=13"
FF - prefs.js..extensions.enabledAddons: [email protected]:1.0.28
FF - prefs.js..extensions.enabledAddons: {7473b6bd-4691-4744-a82b-7854eb3d70b6}:10.10.27.6
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.13
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.5.0.8013
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..keyword.URL: "http://search.condui...rchSource=2&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Program Files\Sony Online Entertainment\npsoe.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@eximion.com/KalydoPlayer3.09.00: C:\Documents and Settings\Faith Morante\Application Data\Kalydo\KalydoPlayer\npkalydo.dll (Eximion B.V.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Documents and Settings\Faith Morante\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Faith Morante\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Faith Morante\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Faith Morante\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Faith Morante\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Faith Morante\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Documents and Settings\Faith Morante\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/05/19 22:04:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/05/19 22:04:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/10/27 19:55:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/10/27 19:52:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2012/10/19 23:24:40 | 000,000,000 | ---D | M]

[2010/05/16 23:06:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Faith Morante\Application Data\Mozilla\Extensions
[2012/10/15 16:46:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Faith Morante\Application Data\Mozilla\Firefox\Profiles\jtwrayev.default\extensions
[2010/10/04 14:00:30 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Faith Morante\Application Data\Mozilla\Firefox\Profiles\jtwrayev.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/10/15 16:46:01 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Faith Morante\Application Data\Mozilla\Firefox\Profiles\jtwrayev.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/09/03 18:26:41 | 000,000,000 | ---D | M] (uTorrentControl_v2) -- C:\Documents and Settings\Faith Morante\Application Data\Mozilla\Firefox\Profiles\jtwrayev.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}
[2011/05/05 18:25:24 | 000,000,000 | ---D | M] (cacaoweb) -- C:\Documents and Settings\Faith Morante\Application Data\Mozilla\Firefox\Profiles\jtwrayev.default\extensions\[email protected]
[2012/08/13 19:41:06 | 000,741,958 | ---- | M] () (No name found) -- C:\Documents and Settings\Faith Morante\Application Data\Mozilla\Firefox\Profiles\jtwrayev.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/09/04 16:52:44 | 000,000,929 | ---- | M] () -- C:\Documents and Settings\Faith Morante\Application Data\Mozilla\Firefox\Profiles\jtwrayev.default\searchplugins\conduit.xml
[2012/10/27 20:01:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/10/27 19:26:45 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/10/27 20:01:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2012/10/11 08:06:18 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/10/11 08:05:38 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/04/09 15:07:45 | 000,001,088 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\search.xml
[2012/10/11 08:05:38 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.co.id/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.co.id/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Faith Morante\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Faith Morante\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.94\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Faith Morante\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.94\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Faith Morante\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Documents and Settings\Faith Morante\Application Data\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Documents and Settings\Faith Morante\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: ActiveTouch General Plugin Container (Enabled) = C:\Documents and Settings\Faith Morante\Local Settings\Application Data\Google\Chrome\Application\plugins\npatgpc.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Documents and Settings\Faith Morante\Local Settings\Application Data\Google\Chrome\Application\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Documents and Settings\Faith Morante\Local Settings\Application Data\Google\Chrome\Application\plugins\nprpjplug.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Kalydo Player Plugin for Mozilla (Enabled) = C:\Documents and Settings\Faith Morante\Application Data\Kalydo\KalydoPlayer\npkalydo.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Faith Morante\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Unity Player (Enabled) = C:\Documents and Settings\Faith Morante\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Documents and Settings\Faith Morante\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: SOE Web Installer (Enabled) = C:\Program Files\Sony Online Entertainment\npsoe.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Entanglement = C:\Documents and Settings\Faith Morante\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: BeFunky Photo Editor = C:\Documents and Settings\Faith Morante\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apfkepiiddolifkgjmfdgpnipgnfejab\1.1_0\
CHR - Extension: Hotot = C:\Documents and Settings\Faith Morante\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cnfkkfleeiooolklkgkmigodkmcopnji\0.9.8.8_0\
CHR - Extension: Pixlr-o-matic = C:\Documents and Settings\Faith Morante\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ehcibdjmpjlekgjhepbfmenfppliikcj\1.2_0\
CHR - Extension: uTorrentControl_v2 = C:\Documents and Settings\Faith Morante\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\2.3.15.10_0\
CHR - Extension: DivX HiQ = C:\Documents and Settings\Faith Morante\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\
CHR - Extension: Totoro Rainy Day = C:\Documents and Settings\Faith Morante\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lmiagjknjjfockcklibjlfdojojaffff\1.15_0\
CHR - Extension: Poppit = C:\Documents and Settings\Faith Morante\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Documents and Settings\Faith Morante\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\

O1 HOSTS File: ([2010/09/25 09:14:15 | 000,418,706 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14474 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (uTorrentControl_v2 Toolbar) - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (uTorrentControl_v2 Toolbar) - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentControl_v2 Toolbar) - {7473B6BD-4691-4744-A82B-7854EB3D70B6} - C:\Program Files\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [LGODDFU] C:\Program Files\lg_fwupdate\lgfw.exe (Bitleader)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe ()
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [Facebook Update] C:\Documents and Settings\Faith Morante\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [XPRepairPro2007] C:\Program Files\XP Repair Pro 2007\XPRepairPro.exe (ddxSoftware Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk = C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
O4 - Startup: C:\Documents and Settings\Faith Morante\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1351340620312 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{83C7520B-8193-4D80-993D-12C2633CF8EF}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\livecall - No CLSID value found
O18 - Protocol\Handler\msnim - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - File not found
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - File not found
O20 - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - File not found
O20 - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - File not found
O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - File not found
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found
O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - File not found
O20 - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - File not found
O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - File not found
O20 - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - File not found
O20 - Winlogon\Notify\WgaLogon: DllName - (WgaLogon.dll) - File not found
O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Faith Morante\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Faith Morante\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - File not found
O29 - HKLM SecurityProviders - (schannel.dll) - File not found
O29 - HKLM SecurityProviders - (digest.dll) - File not found
O29 - HKLM SecurityProviders - (msnsspc.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/05/03 14:39:49 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{701db2fc-b4cc-11e0-806d-00e04c191ab1}\Shell - "" = AutoRun
O33 - MountPoints2\{701db2fc-b4cc-11e0-806d-00e04c191ab1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{701db2fc-b4cc-11e0-806d-00e04c191ab1}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{701db300-b4cc-11e0-806d-00e04c191ab1}\Shell - "" = AutoRun
O33 - MountPoints2\{701db300-b4cc-11e0-806d-00e04c191ab1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{701db300-b4cc-11e0-806d-00e04c191ab1}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{9fa7c052-bcd5-11df-8188-00e04c191ab1}\Shell\open\Command - "" = metdgv.bat
O33 - MountPoints2\{9fa7c053-bcd5-11df-8188-00e04c191ab1}\Shell\open\Command - "" = metdgv.bat
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/27 19:55:04 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/10/27 19:55:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2012/10/27 19:51:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2012/10/27 19:41:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2012/10/27 19:20:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Faith Morante\Local Settings\Application Data\Secunia PSI
[2012/10/27 19:19:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2012/10/27 19:19:12 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia
[2012/10/20 07:00:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Faith Morante\Desktop\Shortcuts
[2012/10/20 05:22:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Faith Morante\Application Data\com.adobe.DC3Module.AdobeADC
[2012/10/20 04:59:52 | 000,000,000 | ---D | C] -- C:\Program Files\IrfanView
[2012/10/19 23:24:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ESET
[2012/10/19 23:01:33 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Faith Morante\Recent
[2012/10/19 21:30:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Faith Morante\Desktop\50
[2012/10/06 13:52:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/04/26 18:44:29 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Faith Morante\Application Data\pcouffin.sys
[2010/09/30 06:17:03 | 000,129,024 | ---- | C] (Fp6t7DQi84YsPx2m1S0) -- C:\Program Files\Common Files\Uninstall.exe
[2008/07/25 11:17:10 | 001,172,472 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Faith Morante\Application Data\hey.exe
[1 C:\Documents and Settings\Faith Morante\Desktop\*.tmp files -> C:\Documents and Settings\Faith Morante\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/10/27 20:36:01 | 000,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-1085031214-682003330-1003UA.job
[2012/10/27 20:05:18 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/10/27 19:55:06 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Faith Morante\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/10/27 19:55:06 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/10/27 19:37:09 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/10/27 19:19:18 | 000,000,753 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2012/10/27 18:49:22 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Faith Morante\Desktop\HijackThis.lnk
[2012/10/27 18:44:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/10/21 20:46:00 | 000,001,030 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1844237615-1085031214-682003330-1003UA.job
[2012/10/21 20:37:39 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/10/21 15:12:26 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\Faith Morante\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/10/21 14:38:07 | 000,256,517 | ---- | M] () -- C:\Documents and Settings\Faith Morante\Desktop\yeahh me.jpg
[2012/10/21 00:20:01 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-1085031214-682003330-1003Core.job
[2012/10/20 08:02:53 | 000,000,168 | ---- | M] () -- C:\Documents and Settings\Faith Morante\Application Data\log
[2012/10/20 05:33:48 | 000,001,456 | ---- | M] () -- C:\Documents and Settings\Faith Morante\Local Settings\Application Data\Adobe Save for Web 12.0 Prefs
[2012/10/19 23:13:27 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/10/19 23:11:42 | 000,079,930 | ---- | M] () -- C:\Documents and Settings\Faith Morante\My Documents\backup oct19.reg
[2012/10/13 08:46:00 | 000,001,008 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1844237615-1085031214-682003330-1003Core.job
[2012/10/11 18:28:30 | 000,002,322 | ---- | M] () -- C:\Documents and Settings\Faith Morante\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/10/10 21:00:37 | 000,033,716 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2012/10/09 20:45:24 | 000,123,081 | ---- | M] () -- C:\Documents and Settings\Faith Morante\My Documents\Faith Morante CV.pdf
[2012/10/01 16:59:29 | 000,558,133 | ---- | M] () -- C:\WINDOWS\System32\sqlite3.dll
[2012/09/29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[1 C:\Documents and Settings\Faith Morante\Desktop\*.tmp files -> C:\Documents and Settings\Faith Morante\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/10/27 19:55:06 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/10/27 19:38:45 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/10/27 19:19:18 | 000,000,753 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2012/10/27 19:19:18 | 000,000,716 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Secunia PSI.lnk
[2012/10/27 18:49:22 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\Faith Morante\Desktop\HijackThis.lnk
[2012/10/21 14:38:06 | 000,256,517 | ---- | C] () -- C:\Documents and Settings\Faith Morante\Desktop\yeahh me.jpg
[2012/10/20 08:00:23 | 000,000,168 | ---- | C] () -- C:\Documents and Settings\Faith Morante\Application Data\log
[2012/10/19 23:11:39 | 000,079,930 | ---- | C] () -- C:\Documents and Settings\Faith Morante\My Documents\backup oct19.reg
[2012/10/09 20:45:24 | 000,123,081 | ---- | C] () -- C:\Documents and Settings\Faith Morante\My Documents\Faith Morante CV.pdf
[2012/10/01 16:59:40 | 000,558,133 | ---- | C] () -- C:\WINDOWS\System32\sqlite3.dll
[2012/05/19 12:53:33 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2012/02/02 11:14:17 | 000,000,440 | RHS- | C] () -- C:\Documents and Settings\Faith Morante\ntuser.pol
[2012/01/13 19:03:42 | 000,000,204 | ---- | C] () -- C:\WINDOWS\System32\secustat.dat
[2012/01/13 13:11:30 | 000,000,025 | ---- | C] () -- C:\WINDOWS\libem.INI
[2012/01/11 18:46:12 | 000,033,716 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2012/01/02 15:40:52 | 000,000,069 | ---- | C] () -- C:\Documents and Settings\Faith Morante\jagex_cl_runescape_LIVE.dat
[2012/01/02 15:40:52 | 000,000,024 | ---- | C] () -- C:\Documents and Settings\Faith Morante\random.dat
[2011/10/28 09:18:05 | 000,000,094 | ---- | C] () -- C:\WINDOWS\ka.ini
[2011/08/20 14:57:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Secrets.INI
[2011/07/04 12:48:39 | 000,038,400 | ---- | C] () -- C:\WINDOWS\System32\drivers\USB_BusEnum_T.sys
[2011/07/04 12:48:39 | 000,030,080 | ---- | C] () -- C:\WINDOWS\System32\drivers\USB_WinMux_T.sys
[2011/07/04 12:48:39 | 000,021,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\USB_MODEM_T.sys
[2011/05/17 12:38:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\CastleMalloy.INI
[2011/05/16 23:53:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Shadow.INI
[2011/04/30 12:18:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PhotoNow.INI
[2011/04/26 18:45:17 | 000,000,671 | ---- | C] () -- C:\Documents and Settings\Faith Morante\Application Data\vso_ts_preview.xml
[2011/04/26 18:44:29 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Faith Morante\Application Data\inst.exe
[2011/04/26 18:44:29 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Faith Morante\Application Data\pcouffin.cat
[2011/04/26 18:44:29 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Faith Morante\Application Data\pcouffin.inf
[2011/04/21 07:36:39 | 000,046,706 | ---- | C] () -- C:\Documents and Settings\Faith Morante\Application Data\room.dat
[2011/04/12 22:02:49 | 000,086,528 | ---- | C] () -- C:\WINDOWS\bnetunin.exe
[2011/04/01 05:15:25 | 000,040,411 | ---- | C] () -- C:\Documents and Settings\Faith Morante\Application Data\fb.exe
[2011/03/17 21:18:44 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Faith Morante\Application Data\Adobe GIF Format CS5 Prefs
[2011/03/07 21:24:45 | 000,001,456 | ---- | C] () -- C:\Documents and Settings\Faith Morante\Local Settings\Application Data\Adobe Save for Web 12.0 Prefs
[2011/02/15 18:18:13 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Faith Morante\Application Data\Adobe PNG Format CS5 Prefs
[2011/01/03 21:15:09 | 000,109,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\KbdCap.sys
[2010/09/19 21:27:28 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Faith Morante\.javafx_eula_accepted
[2010/05/04 09:02:28 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\Faith Morante\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/04 06:55:38 | 000,000,257 | ---- | C] () -- C:\Documents and Settings\Faith Morante\Application Data\dth.dwq
[2010/05/04 06:38:19 | 000,000,257 | ---- | C] () -- C:\Documents and Settings\Faith Morante\Application Data\njn.dwq
[2010/05/04 01:17:12 | 000,000,257 | ---- | C] () -- C:\Documents and Settings\Faith Morante\Application Data\fyy.dwq
[2010/05/04 00:59:46 | 000,000,257 | ---- | C] () -- C:\Documents and Settings\Faith Morante\Application Data\fao.dwq
[2010/05/04 00:48:51 | 000,000,257 | ---- | C] () -- C:\Documents and Settings\Faith Morante\Application Data\abj.dwq
[2010/05/04 00:36:49 | 000,000,257 | ---- | C] () -- C:\Documents and Settings\Faith Morante\Application Data\qvc.dwq
[2010/05/03 23:53:53 | 000,000,257 | ---- | C] () -- C:\Documents and Settings\Faith Morante\Application Data\ara.dwq
[2010/05/03 23:30:08 | 000,000,257 | ---- | C] () -- C:\Documents and Settings\Faith Morante\Application Data\rbd.dwq
[2010/05/03 22:09:38 | 000,000,257 | ---- | C] () -- C:\Documents and Settings\Faith Morante\Application Data\fin.dwq
[2006/05/06 15:28:09 | 000,000,015 | -H-- | C] () -- C:\Documents and Settings\Faith Morante\Application Data\Faith Morantelog.dat

========== ZeroAccess Check ==========

[2010/05/19 13:04:34 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2012/08/31 03:29:36 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 19:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 12:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2011/03/31 17:36:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AdventureChronicles1
[2010/07/28 17:49:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cakewalk
[2010/05/11 19:28:47 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2012/02/02 07:01:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJPLM
[2011/12/08 11:48:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2012/02/02 11:46:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2011/03/31 18:28:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Floodlight Games
[2011/01/28 23:06:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Growl
[2011/05/13 23:06:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Legacy Interactive
[2012/01/13 19:01:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2011/12/13 17:28:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Origin
[2011/05/12 21:29:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2011/04/08 19:14:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PoBros
[2011/02/04 14:59:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2012/05/23 21:17:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2011/06/03 21:55:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2010/05/11 19:31:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2011/04/30 11:41:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2011/04/26 17:57:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp
[2011/06/02 08:33:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2011/04/26 19:50:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2010/05/03 15:27:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2011/05/12 21:39:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2011/06/02 08:30:58 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
[2011/01/18 13:26:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/04/01 05:19:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Faith Morante\Application Data\Artogon
[2011/04/02 18:00:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Faith Morante\Application Data\Awem
[2012/01/13 20:35:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Faith Morante\Application Data\BITS
[2012/10/19 22:21:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Faith Morante\Application Data\cacaoweb
[2010/08/24 10:52:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Faith Morante\Application Data\CAD-KAS
[2010/07/28 17:57:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Faith Morante\Application Data\Cakewalk
[2011/05/17 18:18:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Faith Morante\Application Data\cald3
[2010/05/25 09:06:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Faith Morante\Application Data\Canon
[2011/02/04 16:52:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Faith Morante\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/10/20 05:22:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Faith Morante\Application Data\com.adobe.DC3Module.AdobeADC
[2011/09/23 12:04:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Faith Morante\Application Data\com.ClarityEnglish.ClarityRecorder
[2011/05/20 10:33:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Faith Morante\Application Data\DDMSettings
[2010/09/20 17:39:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Faith Morante\Application Data\DesktopReminder
[2011/02/09 05:41:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Faith Morante\Application Data\Dropbox
[2011/04/08 20:09:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Faith Morante\Application Data\Enki Games
[2012/01/13 13:08:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Faith Morante\Application Data\FlashGet
[2012/01/13 13:08:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Faith Morante\Application Data\FlashGetBHO
[2011/03/31 18:28:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Faith Morante\Application Data\Floodlight Games
[2011/04/02 20:48:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Faith Morante\Application Data\Friday's games
[2010/10/24 20:19:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Faith Morante\Application Data\FVZilla
[2010/10/04 21:27:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Faith Morante\Application Data\gtk-2.0
[2010/10/15 14:37:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Faith Morante\Application Data\Hide IP NG
[2010/09/20 17:53:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Faith Morante\Application Data\hott notes 4
[2011/05/12 17:20:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Faith Morante\Application Data\iWin
[2011/03/09 20:42:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Faith Morante\Application Data\Kalydo
[2011/04/09 15:13:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Faith Morante\Application Data\MP3Rocket
[2010/05/17 22:30:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Faith Morante\Application Data\Notepad++
[2011/08/01 07:08:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Faith Morante\Application Data\Pamela
[2011/05/12 21:29:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Faith Morante\Application Data\PlayFirst
[2011/04/08 19:14:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Faith Morante\Application Data\PoBros
[2012/05/19 12:53:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Faith Morante\Application Data\Research In Motion
[2011/03/31 17:20:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Faith Morante\Application Data\Robin Crusoe
[2010/05/11 19:31:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Faith Morante\Application Data\ScanSoft
[2011/04/07 22:27:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Faith Morante\Application Data\Silverback Productions
[2010/10/22 18:49:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Faith Morante\Application Data\Sony Online Entertainment
[2011/02/04 15:15:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Faith Morante\Application Data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011/05/09 17:08:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Faith Morante\Application Data\SystemRequirementsLab
[2010/10/04 21:14:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Faith Morante\Application Data\Thinstall
[2011/06/02 08:31:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Faith Morante\Application Data\TuneUp Software
[2012/10/27 20:42:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Faith Morante\Application Data\uTorrent
[2012/10/19 23:01:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Faith Morante\Application Data\Vso
[2010/12/01 20:01:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Faith Morante\Application Data\webex
[2012/10/21 06:44:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Faith Morante\Application Data\WinFF
[2011/02/04 16:40:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Faith Morante\Application Data\YouSendIt
[2010/12/06 20:01:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Faith Morante\Application Data\Youtube Downloader HD
[2011/07/04 12:41:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Faith Morante\Application Data\ZTEEVDO

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:5C321E34
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:689AB7E9
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:2AF322BF

< End of report >


  • 0

Advertisements

#2
Essexboy
Posted 27 October 2012 - 08:11 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there, there is no guarantee that this sytem will be properly usable or safe after any repairs I carry out. This infects all exe files and may never be trustworthy again

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image
:OTL
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\FAITHM~1\LOCALS~1\Temp\DinF8.tmp -- (XDva392)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva361.sys -- (XDva361)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva349.sys -- (XDva349)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva347.sys -- (XDva347)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
[2010/09/30 06:17:03 | 000,129,024 | ---- | C] (Fp6t7DQi84YsPx2m1S0) -- C:\Program Files\Common Files\Uninstall.exe
[2008/07/25 11:17:10 | 001,172,472 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Faith Morante\Application Data\hey.exe
[2010/05/04 06:55:38 | 000,000,257 | ---- | C] () -- C:\Documents and Settings\Faith Morante\Application Data\dth.dwq
[2010/05/04 06:38:19 | 000,000,257 | ---- | C] () -- C:\Documents and Settings\Faith Morante\Application Data\njn.dwq
[2010/05/04 01:17:12 | 000,000,257 | ---- | C] () -- C:\Documents and Settings\Faith Morante\Application Data\fyy.dwq
[2010/05/04 00:59:46 | 000,000,257 | ---- | C] () -- C:\Documents and Settings\Faith Morante\Application Data\fao.dwq
[2010/05/04 00:48:51 | 000,000,257 | ---- | C] () -- C:\Documents and Settings\Faith Morante\Application Data\abj.dwq
[2010/05/04 00:36:49 | 000,000,257 | ---- | C] () -- C:\Documents and Settings\Faith Morante\Application Data\qvc.dwq
[2010/05/03 23:53:53 | 000,000,257 | ---- | C] () -- C:\Documents and Settings\Faith Morante\Application Data\ara.dwq
[2010/05/03 23:30:08 | 000,000,257 | ---- | C] () -- C:\Documents and Settings\Faith Morante\Application Data\rbd.dwq
[2010/05/03 22:09:38 | 000,000,257 | ---- | C] () -- C:\Documents and Settings\Faith Morante\Application Data\fin.dwq

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

THEN


The following programme may need to be run several times and no guarantee can be given

Download Sality Killer zip to your desktop and extract SalityKiller.exe

Run the utility SalityKiller.exe on the infected computer
A reboot might require after disinfection.

Download the file Sality_RegKeys.zip
unpack the file Sality_RegKeys.zip
run the file Disable_autorun.reg from the archive Sality_RegKeys.zip

Once the scan is over, from the archive Sality_RegKeys.zip run the file of the registry key:

under Windows 2000 run the registry file SafeBootWin200.reg
under Windows XP run the registry file SafeBootWinXP.reg
under Windows 2003 run the registry file SafeBootWinServer2003.reg
under Windows Vista / 2008 run the registry file SafebootVista.reg
under Windows 7 / 2008 R2 run the registry file SafebootWin7.reg

FINALLY

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 1

#3
dundundunn
Posted 27 October 2012 - 06:00 PM

dundundunn

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Thank you so much for taking the time to help me :)

Ok I've done all you told me.
So far, on startup, there are windows popping up saying that these programs has encountered problems:
Adobe Reader and Acrobat Manager
MUIStartMenu.exe
GoogleInstaller
LanguageApplication
Adobe Acrobat SpeedLauncher
Microsoft Office 2010 component
igfxTray Module

Then another window will appear, which is Run As(which user account do you want to use to run this program?)
It's not a big deal but it's just a bit weird..

Here is the Combofix log:

ComboFix 12-10-26.05 - Faith Morante 10/28/2012 6:29.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1013.419 [GMT 7:00]
Running from: c:\documents and settings\Faith Morante\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 5.2 *Disabled/Outdated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\CFLog
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\PostBuild.exe
c:\documents and settings\All Users\Application Data\TEMP\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\PostBuild.exe
c:\documents and settings\All Users\Application Data\TEMP\{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41}\PostBuild.exe
c:\documents and settings\All Users\Application Data\TEMP\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\PostBuild.exe
c:\documents and settings\Faith Morante\Application Data\cacaoweb
c:\documents and settings\Faith Morante\Application Data\cacaoweb\npdfile.dat
c:\documents and settings\Faith Morante\Application Data\cacaoweb\replicating881111008604290FAEB0E49A344F32B4.cacao
c:\documents and settings\Faith Morante\Application Data\cacaoweb\storage.db
c:\documents and settings\Faith Morante\Application Data\Faith Morantelog.dat
c:\documents and settings\Faith Morante\Application Data\fb.exe
c:\program files\cacaoweb
c:\windows\system32\sqlite3.dll
c:\windows\system32\windir
.
c:\windows\system32\drivers\i8042prt.sys . . . is missing!!
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ASC3360PR
-------\Legacy_NVMINI
-------\Service_nvmini
.
.
((((((((((((((((((((((((( Files Created from 2012-09-27 to 2012-10-27 )))))))))))))))))))))))))))))))
.
.
2012-10-27 14:34 . 2012-10-27 14:34 -------- d-----w- C:\_OTL
2012-10-27 14:00 . 2012-10-27 14:00 -------- d-----w- c:\program files\MSECache
2012-10-27 13:01 . 2012-10-27 13:01 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-10-27 12:55 . 2012-10-27 12:55 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-10-27 12:55 . 2012-10-11 01:06 96224 ----a-w- c:\program files\Mozilla Firefox\webapprt-stub.exe
2012-10-27 12:54 . 2012-10-11 01:06 157272 ----a-w- c:\program files\Mozilla Firefox\webapp-uninstaller.exe
2012-10-27 12:54 . 2012-10-11 01:06 270816 ----a-w- c:\program files\Mozilla Firefox\updater.exe
2012-10-27 12:54 . 2012-10-11 01:05 192600 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-10-27 12:54 . 2012-10-11 01:05 124384 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
2012-10-27 12:54 . 2012-10-11 01:05 115168 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe
2012-10-27 12:54 . 2012-10-11 01:05 2559968 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
2012-10-27 12:54 . 2012-10-11 01:05 73696 ----a-w- c:\program files\Mozilla Firefox\breakpadinjector.dll
2012-10-27 12:54 . 2012-10-11 01:05 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll
2012-10-27 12:54 . 2012-10-11 01:05 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll
2012-10-27 12:41 . 2012-10-27 12:41 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2012-10-27 12:38 . 2012-10-27 12:38 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-27 12:20 . 2012-10-27 12:20 -------- d-----w- c:\documents and settings\Faith Morante\Local Settings\Application Data\Secunia PSI
2012-10-27 12:19 . 2012-10-27 12:19 -------- d-----w- c:\program files\Secunia
2012-10-19 22:22 . 2012-10-19 22:22 -------- d-----w- c:\documents and settings\Faith Morante\Application Data\com.adobe.DC3Module.AdobeADC
2012-10-19 21:59 . 2012-10-20 00:01 -------- d-----w- c:\program files\IrfanView
2012-10-06 06:52 . 2012-10-06 06:52 -------- d-----w- c:\program files\Common Files\Java
2012-10-06 06:47 . 2012-10-27 13:01 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-10-02 05:17 . 2012-10-02 05:17 5171904 ----a-w- c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-27 13:01 . 2010-05-07 07:51 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-10-27 12:44 . 2011-08-23 06:15 404920 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-20 01:01 . 2010-05-03 14:02 577536 ----a-w- c:\windows\SOUNDMAN.EXE
2012-10-19 16:13 . 2010-05-04 00:09 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-09-29 12:54 . 2010-05-04 00:09 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-30 20:29 . 2008-04-14 05:42 667136 ----a-w- c:\windows\system32\wininet.dll
2012-08-30 20:29 . 2008-04-14 05:41 81920 ----a-w- c:\windows\system32\ieencode.dll
2012-08-30 20:29 . 2008-04-14 05:41 61952 ----a-w- c:\windows\system32\tdc.ocx
2012-08-28 13:00 . 2008-04-14 00:07 369664 ----a-w- c:\windows\system32\html.iec
2012-08-24 13:53 . 2008-04-14 05:42 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-21 13:33 . 2008-04-14 00:54 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-21 12:58 . 2008-04-14 00:01 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-10-11 01:06 . 2011-09-13 00:03 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2012-01-05 . A29E1209F925A0E9B330E11DA5FC7BAB . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[7] 2008-04-14 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2008-04-14 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{7473b6bd-4691-4744-a82b-7854eb3d70b6}"= "c:\program files\uTorrentControl_v2\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{7473b6bd-4691-4744-a82b-7854eb3d70b6}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7473b6bd-4691-4744-a82b-7854eb3d70b6}]
2011-05-09 09:49 176936 ----a-w- c:\program files\uTorrentControl_v2\prxtbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7473b6bd-4691-4744-a82b-7854eb3d70b6}"= "c:\program files\uTorrentControl_v2\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{7473b6bd-4691-4744-a82b-7854eb3d70b6}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{7473B6BD-4691-4744-A82B-7854EB3D70B6}"= "c:\program files\uTorrentControl_v2\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{7473b6bd-4691-4744-a82b-7854eb3d70b6}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Faith Morante\Application Data\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Faith Morante\Application Data\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Faith Morante\Application Data\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"XPRepairPro2007"="c:\program files\XP Repair Pro 2007\XPRepairPro.exe" [2007-02-24 1118208]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2012-09-03 1022352]
"Facebook Update"="c:\documents and settings\Faith Morante\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" [2012-07-12 240496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2012-01-10 402728]
"UpdatePDRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2012-01-10 386344]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2012-01-10 407080]
"SoundMan"="SOUNDMAN.EXE" [2012-10-20 577536]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 71216]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2007-08-07 200704]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2012-01-17 0]
"LGODDFU"="c:\program files\lg_fwupdate\lgfw.exe" [2012-07-20 27760]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2012-01-10 220192]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-10 224768]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-01-13 166912]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 165248]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 714112]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 996832]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2012-07-30 111576]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-09-22 640440]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-11-19 623960]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2012-03-07 3117344]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
c:\documents and settings\Faith Morante\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2010-9-8 576000]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2012-9-24 573536]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" /MINIMIZED
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"WinampAgent"="c:\program files\Winamp\winampa.exe"
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Program Files\\Free Video Zilla\\FVZilla.exe"=
"c:\\Documents and Settings\\Faith Morante\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Growl for Windows\\Growl.exe"=
"c:\\Documents and Settings\\Faith Morante\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\inGAME\\ShowTime\\Bin\\Final_Release\\Launcher.exe"=
"c:\\Program Files\\CyberLink\\DVD Suite\\MUITransfer\\MUIStartMenu.exe"=
"c:\\Program Files\\Common Files\\Scansoft Shared\\SSBkgdUpdate\\SSBkgdupdate.exe"=
"c:\\WINDOWS\\system32\\igfxtray.exe"=
"c:\\Program Files\\ESET\\ESET NOD32 Antivirus\\egui.exe"=
"c:\\Program Files\\ScanSoft\\OmniPageSE4\\OpwareSE4.exe"=
"c:\\Program Files\\lg_fwupdate\\fwupdate.exe"=
"c:\\Program Files\\CyberLink\\PowerDirector\\MUITransfer\\MUIStartMenu.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\Binaries\\MSCONFIG.EXE"=
"c:\\Program Files\\Adobe\\Acrobat 9.0\\Acrobat\\AcroDist.exe"=
"c:\\Program Files\\Common Files\\Java\\Java Update\\jusched.exe"=
"c:\\WINDOWS\\system32\\dxdiag.exe"=
"c:\\WINDOWS\\system32\\wscntfy.exe"=
"c:\\Program Files\\Winamp\\winampa.exe"=
"c:\\WINDOWS\\system32\\wuauclt.exe"=
"c:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\DW20.EXE"=
"c:\\Program Files\\MagicDisc\\MagicDisc.exe"=
"c:\\Program Files\\Adobe\\Acrobat 9.0\\Acrobat\\Acrobat_sl.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe"=
"c:\\WINDOWS\\system32\\drwtsn32.exe"=
"c:\\Program Files\\PowerISO\\PWRISOVM.EXE"=
"c:\\WINDOWS\\SOUNDMAN.EXE"=
"c:\\Program Files\\Adobe\\Acrobat 9.0\\Acrobat\\Acrotray.exe"=
"c:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe"=
"c:\\Documents and Settings\\Faith Morante\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Common Files\\Macrovision Shared\\FLEXnet Publisher\\FNPLicensingService.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbamservice.exe"=
"c:\\Program Files\\Skype\\Updater\\Updater.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\Faith Morante\\Local Settings\\Application Data\\Google\\Update\\1.3.21.123\\GoogleCrashHandler.exe"=
"c:\\WINDOWS\\system32\\WgaTray.exe"=
"c:\\Program Files\\Winamp\\winamp.exe"=
"c:\\Documents and Settings\\Faith Morante\\Local Settings\\Application Data\\Google\\Update\\GoogleUpdate.exe"=
"c:\\WINDOWS\\system32\\netsh.exe"=
"c:\\WINDOWS\\system32\\dwwin.exe"=
"c:\\Program Files\\Movie Maker\\moviemk.exe"=
"c:\\Program Files\\DivX\\DivX Update\\DivXUpdate.exe"=
"c:\\Documents and Settings\\Faith Morante\\Local Settings\\Application Data\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [3/14/2012 8:40 AM 120152]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [3/14/2012 8:40 AM 104160]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/18/2010 1:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/11/2010 1:41 AM 67656]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [3/7/2012 3:40 PM 913144]
R2 RDXmon;RDXmon 1.18;c:\program files\RDX\Service\RDXmon.exe [2/7/2008 9:54 AM 45056]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [9/24/2012 7:46 PM 1328736]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [9/24/2012 7:46 PM 656480]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [10/2/2012 12:13 PM 3064000]
R2 UDisk Monitor;UDisk Monitor;c:\program files\Smartfren Connex AC682 UI\bin\MonServiceUDisk.exe [7/4/2011 12:48 PM 512000]
R3 kbdcap;kbdcap;c:\windows\system32\drivers\KbdCap.sys [1/3/2011 9:15 PM 109440]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [5/4/2010 7:09 AM 22856]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [12/16/2011 9:19 PM 15544]
S2 ABP_InstallCheckerService;ABP_InstallCheckerService; [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [5/4/2010 7:09 AM 676936]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [7/3/2012 1:19 PM 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [10/27/2012 7:38 PM 250808]
S3 CAM1690;USB PC Camera;c:\windows\system32\drivers\cam1690.sys [11/21/2007 5:37 PM 181888]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [12/18/2009 10:58 AM 11336]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\Garena\safedrv.sys --> c:\program files\Garena\safedrv.sys [?]
S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys --> c:\windows\system32\DRIVERS\ewusbfake.sys [?]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [7/29/2010 12:25 AM 25112]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [1/21/2010 5:51 PM 30963576]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [10/27/2012 7:55 PM 115168]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 9:37 PM 4640000]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [4/26/2011 6:44 PM 47360]
S3 RDID1104;ME-25;c:\windows\system32\drivers\Rdwm1104.sys [7/28/2010 5:43 PM 138112]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 1:37 PM 517096]
S3 USB_BusEnum_T;EVDO Telecom USB Bus Enumerator;c:\windows\system32\drivers\USB_BusEnum_T.sys [7/4/2011 12:48 PM 38400]
S3 USB_ETS_T;ZTE ETS Port FFDD;c:\windows\system32\drivers\USB_ETS_T.sys [7/4/2011 12:48 PM 16128]
S3 USB_WinMux_T;EVDO Telecom USB MUX Serial Port;c:\windows\system32\drivers\USB_WinMux_T.sys [7/4/2011 12:48 PM 30080]
S3 UsbModemDriver;ZTE USB Modem FFDD;c:\windows\system32\drivers\USB_MODEM_T.sys [7/4/2011 12:48 PM 21504]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-27 12:38]
.
2011-07-18 c:\windows\Tasks\expressburnSevenDays.job
- c:\program files\NCH Swift Sound\ExpressBurn\expressburn.exe [2011-07-18 02:07]
.
2011-07-18 c:\windows\Tasks\expressburnShakeIcon.job
- c:\program files\NCH Swift Sound\ExpressBurn\expressburn.exe [2011-07-18 02:07]
.
2012-01-13 c:\windows\Tasks\expressripShakeIcon.job
- c:\program files\NCH Swift Sound\ExpressRip\expressrip.exe [2011-07-18 02:08]
.
2012-10-13 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1844237615-1085031214-682003330-1003Core.job
- c:\documents and settings\Faith Morante\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2012-06-08 01:41]
.
2012-10-27 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1844237615-1085031214-682003330-1003UA.job
- c:\documents and settings\Faith Morante\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2012-06-08 01:41]
.
2012-10-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-1085031214-682003330-1003Core.job
- c:\documents and settings\Faith Morante\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-03 09:35]
.
2012-10-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-1085031214-682003330-1003UA.job
- c:\documents and settings\Faith Morante\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-03 09:35]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3220468
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = socks=
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\Faith Morante\Application Data\Mozilla\Firefox\Profiles\jtwrayev.default\
FF - prefs.js: browser.search.selectedEngine - uTorrentControl_v2 Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3220468&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3220468&SearchSource=2&q=
FF - ExtSQL: 2012-09-03 18:26; {7473b6bd-4691-4744-a82b-7854eb3d70b6}; c:\documents and settings\Faith Morante\Application Data\Mozilla\Firefox\Profiles\jtwrayev.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}
FF - ExtSQL: 2012-10-06 13:47; {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}; c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF - ExtSQL: !HIDDEN! 2010-05-21 09:16; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-28 06:43
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1844237615-1085031214-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{2B0E8119-E46F-B030-9E8B-5C851D55E49F}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"namljiniegigcioafkjbchdbjebj"=hex:69,61,68,64,6e,68,66,65,62,64,65,62,70,6d,
6f,63,6e,69,00,00
"macmdjifgddpcgdfdpogmejijf"=hex:69,61,68,64,6e,68,66,65,62,64,65,62,70,6d,6f,
63,6e,69,00,00
"namljiniegigcioafkjbjhibmfnj"=hex:69,61,6b,64,63,69,67,66,62,63,70,6c,65,6d,
66,62,6b,70,00,00
"macmdjifgddpcgdfdpdhjekajl"=hex:69,61,6b,64,63,69,67,66,62,63,70,6c,65,6d,66,
62,6b,70,00,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(596)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
- - - - - - - > 'explorer.exe'(3416)
c:\program files\ScanSoft\OmniPageSE4\OpHookSE4.dll
c:\documents and settings\Faith Morante\Application Data\Dropbox\bin\DropboxExt.13.dll
c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\MICROS~2\Office14\1033\GrooveIntlResource.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\SOUNDMAN.EXE
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\system32\dwwin.exe
c:\windows\system32\dwwin.exe
c:\windows\system32\dwwin.exe
c:\windows\system32\wdfmgr.exe
c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\dwwin.exe
c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe
c:\windows\system32\dwwin.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\dwwin.exe
.
**************************************************************************
.
Completion time: 2012-10-28 06:48:02 - machine was rebooted
ComboFix-quarantined-files.txt 2012-10-27 23:48
ComboFix2.txt 2010-05-04 02:14
.
Pre-Run: 7,836,921,856 bytes free
Post-Run: 7,648,968,704 bytes free
.
- - End Of File - - 8A7601FDE6C017B2FEB1E9EA697BCC66


Edited by dundundunn, 27 October 2012 - 06:02 PM.

  • 0

#4
Essexboy
Posted 28 October 2012 - 05:18 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
All of those programmes will need to be re-installed, I would recommend that you uninstall first
Run sality killer again
Then reinstall the programmes

Once you have done that run the two programmes below. On completion let me know what the current problems are

THEN

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

FCopy::
c:\windows\system32\dllcache\tcpip.sys|c:\windows\system32\drivers\tcpip.sys



Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt which I will require in your next reply.

NEXT

Download Windows Repair (all in one) from this site

Install the programme then run

Posted Image

Go to step 3 and allow it to run SFC
Posted Image


On the start repairs tab click start
Posted Image

Select the following items and tick restart system when finished
Posted Image
  • 1

#5
dundundunn
Posted 28 October 2012 - 07:27 AM

dundundunn

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Ok but do you know how I can uninstall these:

MUIStartMenu.exe
GoogleInstaller
LanguageApplication
igfxTray Module

Thanks
  • 0

#6
Essexboy
Posted 28 October 2012 - 07:55 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
MUIStartMenu.exe is part of Power2Go
igfxTray Module will require the re-installation of your video driver
GoogleInstaller is related to whichever Google applications you have on the system, you can delete that file
LanguageApplication should be cured by the SFC scan
  • 0

#7
Essexboy
Posted 02 November 2012 - 07:58 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

#8
Essexboy
Posted 03 November 2012 - 08:02 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
User returned
  • 0

#9
dundundunn
Posted 04 November 2012 - 05:32 AM

dundundunn

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hello, sorry I have been inactive. I only have access to the infected computer every weekends..

So last time, I couldn't run SFC in Tweaking.com because I couldn't find my Windows XP cdrom.
And so I deleted all the things in my ESET quarantine, then I installed avast antivirus. It detected viruses so the errors on startup are gone :D
Except there's still one weird thing left; on startup, the Run As window always pops up. How to remove that? :S
  • 0

#10
Essexboy
Posted 04 November 2012 - 05:40 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets have a fresh look with OTL

Download OTL to your Desktop
Secondary link
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

    Posted Image
  • Select All Users
  • Under the Custom Scan box paste this in

    netsvcs
    BASESERVICES
    %SYSTEMDRIVE%\*.exe
    /md5start
    services.*
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    winsock.*
    /md5stop
    CREATERESTOREPOINT
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

  • 1

Advertisements

#11
dundundunn
Posted 09 November 2012 - 04:30 AM

dundundunn

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts

OTL logfile created on: 11/9/2012 5:12:43 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Faith Morante\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.11 Mb Total Physical Memory | 717.16 Mb Available Physical Memory | 70.79% Memory free
2.38 Gb Paging File | 2.02 Gb Available in Paging File | 84.54% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 59.87 Gb Total Space | 25.15 Gb Free Space | 42.01% Space Free | Partition Type: NTFS
Drive F: | 14.65 Gb Total Space | 3.05 Gb Free Space | 20.78% Space Free | Partition Type: NTFS

Computer Name: FAITH | User Name: Faith Morante | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/09 17:07:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Faith Morante\My Documents\Downloads\OTL (1).exe
PRC - [2012/10/31 05:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/10/31 05:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/10/28 21:51:38 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2012/10/20 08:01:47 | 000,577,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2012/10/02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012/09/24 19:46:16 | 001,328,736 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psia.exe
PRC - [2012/09/24 19:46:16 | 000,656,480 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exe
PRC - [2012/09/24 19:46:14 | 000,573,536 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psi_tray.exe
PRC - [2012/09/03 18:13:49 | 001,022,352 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\UTORRENT.EXE
PRC - [2012/07/20 08:27:23 | 000,871,536 | ---- | M] (BitLeader) -- C:\Program Files\lg_fwupdate\fwupdate.exe
PRC - [2011/05/09 14:07:38 | 000,512,000 | ---- | M] () -- C:\Program Files\Smartfren Connex AC682 UI\bin\MonServiceUDisk.exe
PRC - [2009/11/19 22:29:16 | 000,623,960 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
PRC - [2009/02/23 19:43:12 | 000,576,000 | ---- | M] (MagicISO, Inc.) -- C:\Program Files\MagicDisc\MagicDisc.exe
PRC - [2008/12/10 01:10:14 | 000,024,636 | ---- | M] (Apache Software Foundation) -- C:\wamp\bin\apache\Apache2.2.11\bin\httpd.exe
PRC - [2008/12/10 01:10:14 | 000,024,636 | ---- | M] (Apache Software Foundation) -- c:\wamp\bin\apache\Apache2.2.11\bin\httpd.exe
PRC - [2008/11/10 03:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/14 12:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/07 09:54:00 | 000,045,056 | ---- | M] () -- C:\Program Files\RDX\Service\RDXmon.exe
PRC - [2007/08/07 07:05:46 | 000,200,704 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files\PowerISO\PWRISOVM.EXE
PRC - [2007/04/13 23:20:22 | 000,097,432 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
PRC - [2007/02/04 12:02:14 | 000,079,400 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe


========== Modules (No Company Name) ==========

MOD - [2012/11/09 05:53:20 | 001,829,888 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12110801\algo.dll
MOD - [2011/11/03 22:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2011/05/09 14:07:38 | 000,512,000 | ---- | M] () -- C:\Program Files\Smartfren Connex AC682 UI\bin\MonServiceUDisk.exe
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/08/12 15:00:00 | 003,843,584 | ---- | M] () -- C:\Program Files\K-Lite Codec Pack\ffdshow\ffdshow.ax
MOD - [2010/01/21 01:34:10 | 008,793,952 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2008/04/14 12:42:04 | 000,562,176 | ---- | M] () -- C:\WINDOWS\system32\qedit.dll
MOD - [2008/04/14 12:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 12:41:52 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008/02/07 09:54:00 | 000,045,056 | ---- | M] () -- C:\Program Files\RDX\Service\RDXmon.exe
MOD - [2007/04/13 23:20:22 | 000,097,432 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe


========== Services (SafeList) ==========

SRV - File not found [Disabled | Unknown] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV - File not found [Auto | Stopped] -- -- (ABP_InstallCheckerService)
SRV - [2012/11/03 16:37:48 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/10/31 05:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/10/28 21:51:38 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/10/27 19:38:42 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/10/02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/24 19:46:16 | 001,328,736 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2012/09/24 19:46:16 | 000,656,480 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2012/07/03 13:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/05/09 14:07:38 | 000,512,000 | ---- | M] () [Auto | Running] -- C:\Program Files\Smartfren Connex AC682 UI\bin\MonServiceUDisk.exe -- (UDisk Monitor)
SRV - [2010/10/22 05:03:00 | 004,533,336 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\system32\GameMon.des -- (npggsvc)
SRV - [2010/05/03 21:44:22 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/01/21 17:51:12 | 030,963,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2009/06/17 11:18:42 | 006,582,912 | ---- | M] () [On_Demand | Stopped] -- c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe -- (wampmysqld)
SRV - [2008/12/10 01:10:14 | 000,024,636 | ---- | M] (Apache Software Foundation) [Auto | Running] -- c:\wamp\bin\apache\Apache2.2.11\bin\httpd.exe -- (wampapache)
SRV - [2008/11/10 03:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/02/07 09:54:00 | 000,045,056 | ---- | M] () [Auto | Running] -- C:\Program Files\RDX\Service\RDXmon.exe -- (RDXmon)
SRV - [2007/04/13 23:20:22 | 000,097,432 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\usbaapl.sys -- (USBAAPL)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbfake.sys -- (hwusbfake)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Garena\safedrv.sys -- (GGSAFERDriver)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EagleNT.sys -- (EagleNT)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\FAITHM~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Auto | Stopped] -- -- (adfs)
DRV - [2012/10/31 05:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/10/31 05:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/10/31 05:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/10/31 05:51:58 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2012/10/31 05:51:57 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012/10/31 05:51:56 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2012/10/31 05:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/10/31 05:51:56 | 000,020,624 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswKbd.sys -- (aswKbd)
DRV - [2012/09/29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/12/16 21:19:54 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2011/04/05 00:47:40 | 000,021,504 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USB_MODEM_T.sys -- (UsbModemDriver)
DRV - [2011/01/03 21:15:09 | 000,109,440 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\KbdCap.sys -- (kbdcap)
DRV - [2010/07/29 00:25:42 | 000,025,112 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ivusb.sys -- (ivusb)
DRV - [2010/05/11 01:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/18 01:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/12/18 10:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2009/11/05 11:50:50 | 000,038,400 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USB_BusEnum_T.sys -- (USB_BusEnum_T)
DRV - [2009/10/27 08:45:06 | 000,030,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USB_WinMux_T.sys -- (USB_WinMux_T)
DRV - [2009/09/30 22:00:00 | 000,138,112 | ---- | M] (Roland Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rdwm1104.sys -- (RDID1104)
DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/09/24 10:40:22 | 004,122,368 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM)
DRV - [2008/05/29 07:02:08 | 000,016,128 | ---- | M] (Via Telecom, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USB_ETS_T.sys -- (USB_ETS_T)
DRV - [2008/04/14 05:05:40 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)
DRV - [2007/11/21 17:37:06 | 000,181,888 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cam1690.sys -- (CAM1690)
DRV - [2007/08/07 07:15:07 | 000,033,052 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2002/09/16 17:14:32 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\PQNTDRV.sys -- (PQNTDrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1844237615-1085031214-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT3220468
IE - HKU\S-1-5-21-1844237615-1085031214-682003330-1003\..\URLSearchHook: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1844237615-1085031214-682003330-1003\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-1844237615-1085031214-682003330-1003\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKU\S-1-5-21-1844237615-1085031214-682003330-1003\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://search.yahoo....q={searchTerms}
IE - HKU\S-1-5-21-1844237615-1085031214-682003330-1003\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT3220468
IE - HKU\S-1-5-21-1844237615-1085031214-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1844237615-1085031214-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-1844237615-1085031214-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = socks=

========== FireFox ==========

FF - prefs.js..CT3220468.browser.search.defaultthis.engineName: true
FF - prefs.js..browser.search.selectedEngine: "uTorrentControl_v2 Customized Web Search"
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledAddons: [email protected]:1.0.28
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}:6.0.37
FF - prefs.js..extensions.enabledAddons: {7473b6bd-4691-4744-a82b-7854eb3d70b6}:10.10.27.6
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.13
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.5.0.8013
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..keyword.URL: "http://search.condui...rchSource=2&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Program Files\Sony Online Entertainment\npsoe.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@eximion.com/KalydoPlayer3.09.00: C:\Documents and Settings\Faith Morante\Application Data\Kalydo\KalydoPlayer\npkalydo.dll (Eximion B.V.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Documents and Settings\Faith Morante\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Faith Morante\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Faith Morante\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Faith Morante\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Documents and Settings\Faith Morante\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/05/19 22:04:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/05/19 22:04:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/11/02 21:48:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/11/03 16:37:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/11/03 16:37:43 | 000,000,000 | ---D | M]

[2010/05/16 23:06:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Faith Morante\Application Data\Mozilla\Extensions
[2012/10/28 21:42:09 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Faith Morante\Application Data\Mozilla\Firefox\Profiles\jtwrayev.default\extensions
[2010/10/04 14:00:30 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Faith Morante\Application Data\Mozilla\Firefox\Profiles\jtwrayev.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/10/15 16:46:01 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Faith Morante\Application Data\Mozilla\Firefox\Profiles\jtwrayev.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/09/03 18:26:41 | 000,000,000 | ---D | M] (uTorrentControl_v2) -- C:\Documents and Settings\Faith Morante\Application Data\Mozilla\Firefox\Profiles\jtwrayev.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}
[2011/05/05 18:25:24 | 000,000,000 | ---D | M] (cacaoweb) -- C:\Documents and Settings\Faith Morante\Application Data\Mozilla\Firefox\Profiles\jtwrayev.default\extensions\[email protected]
[2012/08/13 19:41:06 | 000,741,958 | ---- | M] () (No name found) -- C:\Documents and Settings\Faith Morante\Application Data\Mozilla\Firefox\Profiles\jtwrayev.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/09/04 16:52:44 | 000,000,929 | ---- | M] () -- C:\Documents and Settings\Faith Morante\Application Data\Mozilla\Firefox\Profiles\jtwrayev.default\searchplugins\conduit.xml
[2012/11/03 16:37:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/11/03 16:37:40 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/11/03 16:37:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2012/11/03 16:37:48 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/10/11 08:05:38 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/10/11 08:05:38 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.64\pdf.dll
CHR - plugin: Skype Click to Call (Enabled) = C:\Documents and Settings\Faith Morante\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.10.0.9560_0\npSkypeChromePlugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Kalydo Player Plugin for Mozilla (Enabled) = C:\Documents and Settings\Faith Morante\Application Data\Kalydo\KalydoPlayer\npkalydo.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Documents and Settings\Faith Morante\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Faith Morante\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Unity Player (Enabled) = C:\Documents and Settings\Faith Morante\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Documents and Settings\Faith Morante\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Java™ Platform SE 7 U9 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.90.5 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll
CHR - plugin: SOE Web Installer (Enabled) = C:\Program Files\Sony Online Entertainment\npsoe.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Documents and Settings\Faith Morante\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: YouTube = C:\Documents and Settings\Faith Morante\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google Search = C:\Documents and Settings\Faith Morante\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Search = C:\Documents and Settings\Faith Morante\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: DivX HiQ = C:\Documents and Settings\Faith Morante\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\
CHR - Extension: avast! WebRep = C:\Documents and Settings\Faith Morante\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\
CHR - Extension: Skype Click to Call = C:\Documents and Settings\Faith Morante\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Documents and Settings\Faith Morante\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\
CHR - Extension: Gmail = C:\Documents and Settings\Faith Morante\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Gmail = C:\Documents and Settings\Faith Morante\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2012/11/02 20:38:28 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (uTorrentControl_v2 Toolbar) - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (uTorrentControl_v2 Toolbar) - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-1844237615-1085031214-682003330-1003\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKU\S-1-5-21-1844237615-1085031214-682003330-1003\..\Toolbar\WebBrowser: (uTorrentControl_v2 Toolbar) - {7473B6BD-4691-4744-A82B-7854EB3D70B6} - C:\Program Files\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1844237615-1085031214-682003330-1003\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [LGODDFU] C:\Program Files\lg_fwupdate\lgfw.exe (Bitleader)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe ()
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKU\S-1-5-21-1844237615-1085031214-682003330-1003..\Run: [Facebook Update] C:\Documents and Settings\Faith Morante\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-1844237615-1085031214-682003330-1003..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-21-1844237615-1085031214-682003330-1003..\Run: [XPRepairPro2007] C:\Program Files\XP Repair Pro 2007\XPRepairPro.exe (ddxSoftware Inc.)
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk = C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
O4 - Startup: C:\Documents and Settings\Faith Morante\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\NoDriveTypeAutoRun: NoDriveTypeAutoRun = 177
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1844237615-1085031214-682003330-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1844237615-1085031214-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1844237615-1085031214-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1844237615-1085031214-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1351340620312 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{83C7520B-8193-4D80-993D-12C2633CF8EF}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\livecall - No CLSID value found
O18 - Protocol\Handler\msnim - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\Faith Morante\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Faith Morante\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/05/03 14:39:49 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/11/09 16:46:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2012/11/09 16:46:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2012/11/03 17:08:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Faith Morante\My Documents\gayatri_files
[2012/11/03 16:37:39 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/11/03 06:40:55 | 000,020,624 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswKbd.sys
[2012/11/02 21:51:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2012/11/02 21:48:31 | 000,021,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012/11/02 21:48:30 | 000,361,032 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012/11/02 21:48:26 | 000,054,232 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012/11/02 21:48:26 | 000,035,928 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012/11/02 21:48:24 | 000,738,504 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012/11/02 21:48:23 | 000,097,608 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012/11/02 21:48:23 | 000,089,752 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012/11/02 21:48:23 | 000,025,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2012/11/02 21:48:02 | 000,227,648 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2012/11/02 21:48:02 | 000,041,224 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012/11/02 21:47:49 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/11/02 21:47:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/11/02 20:55:00 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/11/02 20:52:52 | 000,000,000 | ---D | C] -- C:\Tweaking.com_Windows_Repair_Logs
[2012/11/02 20:52:49 | 000,000,000 | ---D | C] -- C:\Program Files\Tweaking.com
[2012/11/02 20:52:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Tweaking.com
[2012/11/02 20:22:03 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/10/28 22:46:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
[2012/10/28 22:29:17 | 000,304,640 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrita.lrc
[2012/10/28 22:29:17 | 000,303,104 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrfra.lrc
[2012/10/28 22:29:17 | 000,282,624 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrsve.lrc
[2012/10/28 22:29:17 | 000,280,576 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrdan.lrc
[2012/10/28 22:29:17 | 000,279,040 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrtrk.lrc
[2012/10/28 22:29:17 | 000,249,856 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrheb.lrc
[2012/10/28 22:29:17 | 000,206,848 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrjpn.lrc
[2012/10/28 22:29:17 | 000,205,312 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrkor.lrc
[2012/10/28 22:29:17 | 000,057,344 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igxprd32.dll
[2012/10/28 22:29:17 | 000,023,552 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxexps.dll
[2012/10/28 22:29:16 | 005,702,656 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxress.dll
[2012/10/28 22:29:16 | 003,773,952 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igxpdx32.dll
[2012/10/28 22:29:16 | 002,685,280 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igxpdv32.dll
[2012/10/28 22:29:16 | 002,342,912 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\iglicd32.dll
[2012/10/28 22:29:16 | 000,645,632 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxcfg.exe
[2012/10/28 22:29:16 | 000,310,784 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrell.lrc
[2012/10/28 22:29:16 | 000,303,616 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrdeu.lrc
[2012/10/28 22:29:16 | 000,303,104 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxresp.lrc
[2012/10/28 22:29:16 | 000,299,008 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrnld.lrc
[2012/10/28 22:29:16 | 000,294,912 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igldev32.dll
[2012/10/28 22:29:16 | 000,294,912 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrptg.lrc
[2012/10/28 22:29:16 | 000,291,328 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrrus.lrc
[2012/10/28 22:29:16 | 000,289,280 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrptb.lrc
[2012/10/28 22:29:16 | 000,288,256 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrhun.lrc
[2012/10/28 22:29:16 | 000,287,744 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrplk.lrc
[2012/10/28 22:29:16 | 000,282,624 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrsky.lrc
[2012/10/28 22:29:16 | 000,282,624 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrcsy.lrc
[2012/10/28 22:29:16 | 000,281,088 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrfin.lrc
[2012/10/28 22:29:16 | 000,279,552 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrnor.lrc
[2012/10/28 22:29:16 | 000,277,504 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrslv.lrc
[2012/10/28 22:29:16 | 000,275,968 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrenu.lrc
[2012/10/28 22:29:16 | 000,262,656 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrtha.lrc
[2012/10/28 22:29:16 | 000,252,416 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrara.lrc
[2012/10/28 22:29:16 | 000,199,168 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxpph.dll
[2012/10/28 22:29:16 | 000,185,856 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igxpgd32.dll
[2012/10/28 22:29:16 | 000,179,712 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrcht.lrc
[2012/10/28 22:29:16 | 000,178,176 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrchs.lrc
[2012/10/28 22:29:16 | 000,155,648 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxCoIn_v5218.dll
[2012/10/28 22:29:16 | 000,130,048 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxdo.dll
[2012/10/28 22:29:16 | 000,119,296 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxcpl.cpl
[2012/10/28 22:29:16 | 000,093,696 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\hccutils.dll
[2012/10/28 22:29:16 | 000,051,712 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxsrvc.dll
[2012/10/28 22:29:10 | 001,002,008 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igxpun.exe
[2012/10/28 22:06:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Faith Morante\Local Settings\Application Data\Sun
[2012/10/28 21:52:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/10/28 21:52:06 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2012/10/28 21:51:57 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2012/10/28 21:51:57 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2012/10/28 21:51:57 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2012/10/28 21:47:24 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_43.dll
[2012/10/28 21:47:24 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_7.dll
[2012/10/28 21:47:24 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_7.dll
[2012/10/28 21:47:24 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_5.dll
[2012/10/28 21:47:23 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dcsx_43.dll
[2012/10/28 21:47:23 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx11_43.dll
[2012/10/28 21:47:22 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_43.dll
[2012/10/28 21:47:21 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_43.dll
[2012/10/28 20:06:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\AdobeTemp
[2012/10/28 06:28:02 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/10/28 06:28:02 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/10/28 06:28:02 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/10/28 06:28:02 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/10/28 06:25:36 | 004,994,057 | R--- | C] (Swearware) -- C:\Documents and Settings\Faith Morante\Desktop\ComboFix.exe
[2012/10/28 06:24:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Faith Morante\Desktop\sality_regkeys
[2012/10/27 21:43:15 | 000,171,344 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Faith Morante\Desktop\SalityKiller.exe
[2012/10/27 21:34:31 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/10/27 21:00:16 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2012/10/27 20:54:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
[2012/10/27 20:01:29 | 000,143,872 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2012/10/27 19:55:04 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/10/27 19:55:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2012/10/27 19:51:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2012/10/27 19:41:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2012/10/27 19:38:42 | 000,696,760 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/10/27 19:20:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Faith Morante\Local Settings\Application Data\Secunia PSI
[2012/10/27 19:19:12 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia
[2012/10/20 07:00:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Faith Morante\Desktop\Shortcuts
[2012/10/20 05:22:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Faith Morante\Application Data\com.adobe.DC3Module.AdobeADC
[2012/10/20 04:59:52 | 000,000,000 | ---D | C] -- C:\Program Files\IrfanView
[2012/10/19 23:01:33 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Faith Morante\Recent
[2012/10/19 21:30:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Faith Morante\Desktop\50
[2011/04/26 18:44:29 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Faith Morante\Application Data\pcouffin.sys
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/11/09 17:05:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/11/09 16:56:52 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/09 16:48:47 | 000,000,316 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012/11/09 16:48:45 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/11/09 16:46:27 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2012/11/09 16:44:34 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/11/09 16:43:32 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/09 16:43:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/11/06 17:51:07 | 000,001,030 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1844237615-1085031214-682003330-1003UA.job
[2012/11/03 17:08:23 | 000,061,454 | ---- | M] () -- C:\Documents and Settings\Faith Morante\My Documents\gayatri.htm
[2012/11/03 08:46:02 | 000,001,008 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1844237615-1085031214-682003330-1003Core.job
[2012/11/02 20:52:50 | 000,001,928 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2012/11/02 20:38:28 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/11/02 20:20:10 | 004,994,057 | R--- | M] (Swearware) -- C:\Documents and Settings\Faith Morante\Desktop\ComboFix.exe
[2012/10/31 05:51:58 | 000,738,504 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012/10/31 05:51:58 | 000,361,032 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012/10/31 05:51:58 | 000,054,232 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012/10/31 05:51:58 | 000,035,928 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012/10/31 05:51:57 | 000,097,608 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012/10/31 05:51:57 | 000,089,752 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012/10/31 05:51:56 | 000,025,256 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2012/10/31 05:51:56 | 000,021,256 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012/10/31 05:51:56 | 000,020,624 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswKbd.sys
[2012/10/31 05:51:07 | 000,041,224 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012/10/31 05:50:59 | 000,227,648 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2012/10/28 22:46:36 | 000,001,791 | ---- | M] () -- C:\Documents and Settings\Faith Morante\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/10/28 21:57:46 | 003,735,264 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/10/28 21:51:40 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2012/10/28 21:51:36 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2012/10/28 21:51:36 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2012/10/28 21:51:36 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2012/10/28 21:51:36 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2012/10/28 21:51:35 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npdeployJava1.dll
[2012/10/28 21:51:35 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2012/10/28 19:06:20 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012/10/27 19:55:06 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Faith Morante\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/10/27 19:55:06 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/10/27 19:44:15 | 000,404,920 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/10/27 19:38:42 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/10/27 19:19:18 | 000,000,753 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2012/10/27 18:49:22 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Faith Morante\Desktop\HijackThis.lnk
[2012/10/21 20:37:39 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/10/21 15:12:26 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\Faith Morante\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/10/21 14:38:07 | 000,256,517 | ---- | M] () -- C:\Documents and Settings\Faith Morante\Desktop\yeahh me.jpg
[2012/10/20 08:01:47 | 000,577,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
[2012/10/20 05:33:48 | 000,001,456 | ---- | M] () -- C:\Documents and Settings\Faith Morante\Local Settings\Application Data\Adobe Save for Web 12.0 Prefs
[2012/10/19 23:13:27 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/10/19 23:11:42 | 000,079,930 | ---- | M] () -- C:\Documents and Settings\Faith Morante\My Documents\backup oct19.reg
[2012/10/10 21:00:37 | 000,033,716 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/11/09 16:46:27 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2012/11/03 17:08:15 | 000,061,454 | ---- | C] () -- C:\Documents and Settings\Faith Morante\My Documents\gayatri.htm
[2012/11/02 21:48:24 | 000,000,316 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012/11/02 20:52:50 | 000,001,928 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2012/10/28 22:46:36 | 000,001,791 | ---- | C] () -- C:\Documents and Settings\Faith Morante\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/10/28 22:40:35 | 000,000,900 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/28 22:40:34 | 000,000,896 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/28 22:29:17 | 000,001,023 | ---- | C] () -- C:\WINDOWS\System32\igxpxa32.vp
[2012/10/28 22:29:16 | 001,674,683 | ---- | C] () -- C:\WINDOWS\System32\igxpxa32.cpa
[2012/10/28 22:29:16 | 000,058,558 | ---- | C] () -- C:\WINDOWS\System32\igxpxk32.vp
[2012/10/28 22:29:16 | 000,029,820 | ---- | C] () -- C:\WINDOWS\System32\igxpxs32.vp
[2012/10/28 19:06:19 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012/10/28 06:28:02 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/10/28 06:28:02 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/10/28 06:28:02 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/10/28 06:28:02 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/10/28 06:28:02 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/10/27 19:55:06 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/10/27 19:38:45 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/10/27 19:19:18 | 000,000,753 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2012/10/27 19:19:18 | 000,000,716 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Secunia PSI.lnk
[2012/10/27 18:49:22 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\Faith Morante\Desktop\HijackThis.lnk
[2012/10/21 14:38:06 | 000,256,517 | ---- | C] () -- C:\Documents and Settings\Faith Morante\Desktop\yeahh me.jpg
[2012/10/19 23:11:39 | 000,079,930 | ---- | C] () -- C:\Documents and Settings\Faith Morante\My Documents\backup oct19.reg
[2012/05/19 12:53:33 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2012/02/02 11:14:17 | 000,000,440 | RHS- | C] () -- C:\Documents and Settings\Faith Morante\ntuser.pol
[2012/01/13 19:03:42 | 000,000,204 | ---- | C] () -- C:\WINDOWS\System32\secustat.dat
[2012/01/13 13:11:30 | 000,000,025 | ---- | C] () -- C:\WINDOWS\libem.INI
[2012/01/11 18:46:12 | 000,033,716 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2012/01/02 15:40:52 | 000,000,069 | ---- | C] () -- C:\Documents and Settings\Faith Morante\jagex_cl_runescape_LIVE.dat
[2012/01/02 15:40:52 | 000,000,024 | ---- | C] () -- C:\Documents and Settings\Faith Morante\random.dat
[2011/10/28 09:18:05 | 000,000,094 | ---- | C] () -- C:\WINDOWS\ka.ini
[2011/08/20 14:57:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Secrets.INI
[2011/07/04 12:48:39 | 000,038,400 | ---- | C] () -- C:\WINDOWS\System32\drivers\USB_BusEnum_T.sys
[2011/07/04 12:48:39 | 000,030,080 | ---- | C] () -- C:\WINDOWS\System32\drivers\USB_WinMux_T.sys
[2011/07/04 12:48:39 | 000,021,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\USB_MODEM_T.sys
[2011/05/17 12:38:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\CastleMalloy.INI
[2011/05/16 23:53:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Shadow.INI
[2011/04/30 12:18:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PhotoNow.INI
[2011/04/26 18:44:29 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Faith Morante\Application Data\pcouffin.cat
[2011/04/26 18:44:29 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Faith Morante\Application Data\pcouffin.inf
[2011/04/21 07:36:39 | 000,046,706 | ---- | C] () -- C:\Documents and Settings\Faith Morante\Application Data\room.dat
[2011/04/12 22:02:49 | 000,086,528 | ---- | C] () -- C:\WINDOWS\bnetunin.exe
[2011/03/17 21:18:44 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Faith Morante\Application Data\Adobe GIF Format CS5 Prefs
[2011/03/07 21:24:45 | 000,001,456 | ---- | C] () -- C:\Documents and Settings\Faith Morante\Local Settings\Application Data\Adobe Save for Web 12.0 Prefs
[2011/02/15 18:18:13 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Faith Morante\Application Data\Adobe PNG Format CS5 Prefs
[2011/01/03 21:15:09 | 000,109,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\KbdCap.sys
[2010/09/19 21:27:28 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Faith Morante\.javafx_eula_accepted
[2010/05/04 09:02:28 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\Faith Morante\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2010/05/19 13:04:34 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2012/08/31 03:29:36 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 19:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 12:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Custom Scans ==========

========== Base Services ==========
No service found with a name of ALG
SRV - [2008/04/14 12:42:12 | 000,006,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv)
SRV - [2008/04/14 12:42:04 | 000,409,088 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\qmgr.dll -- (BITS)
SRV - [2012/07/06 20:58:51 | 000,078,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\browser.dll -- (Browser)
SRV - [2008/04/14 12:41:52 | 000,062,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\cryptsvc.dll -- (CryptSvc)
SRV - [2008/04/14 12:41:52 | 000,126,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dhcpcsvc.dll -- (Dhcp)
SRV - [2009/04/21 00:17:26 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dnsrslvr.dll -- (Dnscache)
SRV - [2009/02/06 18:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (Eventlog)
SRV - [2008/04/14 12:41:54 | 000,033,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\eapsvc.dll -- (EapHost)
SRV - [2009/07/28 06:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (FastUserSwitchingCompatibility)
SRV - [2008/04/14 12:42:10 | 000,015,872 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\w3ssl.dll -- (HTTPFilter)
SRV - [2008/04/14 12:41:56 | 000,021,504 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\hidserv.dll -- (HidServ)
SRV - [2008/04/14 12:42:24 | 000,150,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\imapi.exe -- (ImapiService)
SRV - [2008/04/14 12:42:26 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\lsass.exe -- (PolicyAgent)
SRV - [2008/04/14 12:41:54 | 000,023,552 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\WINDOWS\system32\dmserver.dll -- (dmserver)
SRV - [2008/04/14 12:42:18 | 000,224,768 | ---- | M] (Microsoft Corp., Veritas Software) [On_Demand | Stopped] -- C:\WINDOWS\System32\dmadmin.exe -- (dmadmin)
SRV - [2008/04/14 12:42:18 | 000,005,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\dllhost.exe -- (SwPrv)
SRV - [2008/04/14 12:42:26 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\lsass.exe -- (Netlogon)
SRV - [2008/04/14 12:42:02 | 000,198,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\netman.dll -- (Netman)
SRV - [2008/06/20 23:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\mswsock.dll -- (Nla)
SRV - [2009/02/06 18:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (PlugPlay)
SRV - [2010/08/17 20:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\spoolsv.exe -- (Spooler)
SRV - [2008/04/14 12:42:26 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (ProtectedStorage)
SRV - [2008/04/14 12:42:04 | 000,088,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\rasauto.dll -- (RasAuto)
SRV - [2008/04/14 12:42:04 | 000,186,368 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\rasmans.dll -- (RasMan)
SRV - [2009/02/09 19:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\rpcss.dll -- (RpcSs)
SRV - [2008/04/14 12:42:04 | 000,435,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ntmssvc.dll -- (NtmsSvc)
SRV - [2008/04/14 12:42:06 | 000,018,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\seclogon.dll -- (seclogon)
SRV - [2008/04/14 12:42:26 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (SamSs)
SRV - [2008/04/14 12:42:12 | 000,080,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wscsvc.dll -- (wscsvc)
SRV - [2010/08/27 12:57:43 | 000,099,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srvsvc.dll -- (LanmanServer)
SRV - [2009/07/28 06:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (ShellHWDetection)
SRV - [2008/04/14 12:42:08 | 000,171,008 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srsvc.dll -- (srservice)
SRV - [2008/04/14 12:42:06 | 000,192,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\schedsvc.dll -- (Schedule)
SRV - [2008/04/14 12:41:58 | 000,013,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lmhsvc.dll -- (LmHosts)
SRV - [2008/04/14 12:42:08 | 000,249,856 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\tapisrv.dll -- (TapiSrv)
SRV - [2008/04/14 12:42:08 | 000,295,424 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\termsrv.dll -- (TermService)
SRV - [2009/07/28 06:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (Themes)
SRV - [2008/04/14 12:42:40 | 000,289,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\vssvc.exe -- (VSS)
SRV - [2008/04/14 12:41:52 | 000,042,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\audiosrv.dll -- (AudioSrv)
SRV - [2008/04/14 12:41:56 | 000,331,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ipnathlp.dll -- (SharedAccess)
SRV - [2008/04/14 12:42:10 | 000,333,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wiaservc.dll -- (stisvc)
SRV - [2008/04/14 12:42:30 | 000,078,848 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\msiexec.exe -- (MSIServer)
SRV - [2008/04/14 12:42:10 | 000,144,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wbem\wmisvc.dll -- (winmgmt)
SRV - [2009/02/09 19:10:48 | 000,617,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\advapi32.dll -- (Wmi)
SRV - [2008/04/14 12:41:54 | 000,132,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\dot3svc.dll -- (Dot3svc)
SRV - [2008/04/14 12:51:44 | 000,483,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wzcsvc.dll -- (WZCSVC)
SRV - [2009/06/10 13:14:49 | 000,132,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wkssvc.dll -- (lanmanworkstation)

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2008/04/14 12:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/14 12:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 12:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: SERVICES >
[2001/08/23 21:00:00 | 000,007,116 | ---- | M] () MD5=95826940E657FE0567A8EC0F2A6AD11A -- C:\WINDOWS\system32\drivers\etc\services

< MD5 for: SERVICES.EXE >
[2009/02/06 18:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2008/04/14 12:42:36 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe
[2009/02/06 18:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\ERDNT\cache\services.exe
[2009/02/06 18:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe
[2009/02/06 18:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe

< MD5 for: SERVICES.LNK >
[2011/06/02 21:18:50 | 000,001,602 | ---- | M] () MD5=E253D913ECF747921C12719E29FCB840 -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Services.lnk

< MD5 for: SERVICES.MSC >
[2001/08/23 21:00:00 | 000,033,464 | ---- | M] () MD5=E8089AA2A6F7FEE89B38C1F2D77BA6C6 -- C:\WINDOWS\system32\services.msc

< MD5 for: SERVICES.SETTINGS >
[2010/09/25 13:29:47 | 000,001,622 | ---- | M] () MD5=C5AE0EE5F6410134623749FD2C3AEAB8 -- C:\Documents and Settings\Faith Morante\.netbeans\6.9\config\Windows2Local\Components\services.settings

< MD5 for: SERVICES.WSTCGRP >
[2010/09/25 13:29:48 | 000,000,225 | ---- | M] () MD5=E4AD31A486D75BC449F02775904D2430 -- C:\Documents and Settings\Faith Morante\.netbeans\6.9\config\Windows2Local\Groups\InitialLayout\services.wstcgrp
[2010/09/25 13:29:48 | 000,000,225 | ---- | M] () MD5=E4AD31A486D75BC449F02775904D2430 -- C:\Documents and Settings\Faith Morante\.netbeans\6.9\config\Windows2Local\Groups\OpenedProjects\services.wstcgrp

< MD5 for: SERVICES.WSTCREF >
[2010/09/25 13:29:47 | 000,000,187 | ---- | M] () MD5=5D9128CE648C36ADD78A0D8F246814C7 -- C:\Documents and Settings\Faith Morante\.netbeans\6.9\config\Windows2Local\Modes\explorer\services.wstcref

< MD5 for: SVCHOST.EXE >
[2008/04/14 12:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008/04/14 12:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008/04/14 12:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2012/09/29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/04/14 12:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/14 12:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/14 12:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012/09/29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/14 12:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/14 12:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008/04/14 12:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WINSOCK.DLL >
[2001/08/23 21:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\WINDOWS\system32\dllcache\winsock.dll
[2001/08/23 21:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\WINDOWS\system32\winsock.dll

< End of report >


Extras.txt is not created after OTL scan :/
  • 0

#12
Essexboy
Posted 09 November 2012 - 06:18 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
For the run as popup, go to msconfig and disable this from starting. What problems remain ?

[LGODDFU]

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image
:OTL
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.13
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledAddons: [email protected]:1.0.28
[2011/05/05 18:25:24 | 000,000,000 | ---D | M] (cacaoweb) -- C:\Documents and Settings\Faith Morante\Application Data\Mozilla\Firefox\Profiles\jtwrayev.default\extensions\[email protected]
[2012/08/13 19:41:06 | 000,741,958 | ---- | M] () (No name found) -- C:\Documents and Settings\Faith Morante\Application Data\Mozilla\Firefox\Profiles\jtwrayev.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/09/04 16:52:44 | 000,000,929 | ---- | M] () -- C:\Documents and Settings\Faith Morante\Application Data\Mozilla\Firefox\Profiles\jtwrayev.default\searchplugins\conduit.xml
O3 - HKU\S-1-5-21-1844237615-1085031214-682003330-1003\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
[2012/10/28 06:24:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Faith Morante\Desktop\sality_regkeys
[2012/10/27 21:43:15 | 000,171,344 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Faith Morante\Desktop\SalityKiller.exe

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 1

#13
dundundunn
Posted 09 November 2012 - 08:09 AM

dundundunn

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts

OTL logfile created on: 11/9/2012 8:05:27 PM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Faith Morante\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.11 Mb Total Physical Memory | 433.77 Mb Available Physical Memory | 42.82% Memory free
2.38 Gb Paging File | 1.98 Gb Available in Paging File | 83.12% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 59.87 Gb Total Space | 25.22 Gb Free Space | 42.12% Space Free | Partition Type: NTFS
Drive F: | 14.65 Gb Total Space | 3.05 Gb Free Space | 20.78% Space Free | Partition Type: NTFS

Computer Name: FAITH | User Name: Faith Morante | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/09 17:07:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Faith Morante\My Documents\Downloads\OTL (1).exe
PRC - [2012/10/31 05:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/10/31 05:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/10/28 21:51:38 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2012/10/20 08:01:47 | 000,577,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2012/10/02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012/09/24 19:46:16 | 001,328,736 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psia.exe
PRC - [2012/09/24 19:46:16 | 000,656,480 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exe
PRC - [2012/09/24 19:46:14 | 000,573,536 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psi_tray.exe
PRC - [2012/09/03 18:13:49 | 001,022,352 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\UTORRENT.EXE
PRC - [2012/07/03 13:19:28 | 000,160,944 | R--- | M] (Skype Technologies) -- C:\Program Files\Skype\Updater\Updater.exe
PRC - [2011/05/09 14:07:38 | 000,512,000 | ---- | M] () -- C:\Program Files\Smartfren Connex AC682 UI\bin\MonServiceUDisk.exe
PRC - [2009/11/19 22:29:16 | 000,623,960 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
PRC - [2009/02/23 19:43:12 | 000,576,000 | ---- | M] (MagicISO, Inc.) -- C:\Program Files\MagicDisc\MagicDisc.exe
PRC - [2008/12/10 01:10:14 | 000,024,636 | ---- | M] (Apache Software Foundation) -- C:\wamp\bin\apache\Apache2.2.11\bin\httpd.exe
PRC - [2008/12/10 01:10:14 | 000,024,636 | ---- | M] (Apache Software Foundation) -- c:\wamp\bin\apache\Apache2.2.11\bin\httpd.exe
PRC - [2008/11/10 03:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/14 12:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/07 09:54:00 | 000,045,056 | ---- | M] () -- C:\Program Files\RDX\Service\RDXmon.exe
PRC - [2007/08/07 07:05:46 | 000,200,704 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files\PowerISO\PWRISOVM.EXE
PRC - [2007/04/13 23:20:22 | 000,097,432 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
PRC - [2007/02/04 12:02:14 | 000,079,400 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe


========== Modules (No Company Name) ==========

MOD - [2012/11/09 05:53:20 | 001,829,888 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12110801\algo.dll
MOD - [2011/11/03 22:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2011/05/09 14:07:38 | 000,512,000 | ---- | M] () -- C:\Program Files\Smartfren Connex AC682 UI\bin\MonServiceUDisk.exe
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/08/12 15:00:00 | 003,843,584 | ---- | M] () -- C:\Program Files\K-Lite Codec Pack\ffdshow\ffdshow.ax
MOD - [2010/01/21 01:34:10 | 008,793,952 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2008/04/14 12:42:04 | 000,562,176 | ---- | M] () -- C:\WINDOWS\system32\qedit.dll
MOD - [2008/04/14 12:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 12:41:52 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008/02/07 09:54:00 | 000,045,056 | ---- | M] () -- C:\Program Files\RDX\Service\RDXmon.exe
MOD - [2007/04/13 23:20:22 | 000,097,432 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe


========== Services (SafeList) ==========

SRV - File not found [Disabled | Unknown] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV - File not found [Auto | Stopped] -- -- (ABP_InstallCheckerService)
SRV - [2012/11/03 16:37:48 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/10/31 05:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/10/28 21:51:38 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/10/27 19:38:42 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/10/02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/24 19:46:16 | 001,328,736 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2012/09/24 19:46:16 | 000,656,480 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2012/07/03 13:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/05/09 14:07:38 | 000,512,000 | ---- | M] () [Auto | Running] -- C:\Program Files\Smartfren Connex AC682 UI\bin\MonServiceUDisk.exe -- (UDisk Monitor)
SRV - [2010/10/22 05:03:00 | 004,533,336 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\system32\GameMon.des -- (npggsvc)
SRV - [2010/05/03 21:44:22 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/01/21 17:51:12 | 030,963,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2009/06/17 11:18:42 | 006,582,912 | ---- | M] () [On_Demand | Stopped] -- c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe -- (wampmysqld)
SRV - [2008/12/10 01:10:14 | 000,024,636 | ---- | M] (Apache Software Foundation) [Auto | Running] -- c:\wamp\bin\apache\Apache2.2.11\bin\httpd.exe -- (wampapache)
SRV - [2008/11/10 03:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/02/07 09:54:00 | 000,045,056 | ---- | M] () [Auto | Running] -- C:\Program Files\RDX\Service\RDXmon.exe -- (RDXmon)
SRV - [2007/04/13 23:20:22 | 000,097,432 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\usbaapl.sys -- (USBAAPL)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbfake.sys -- (hwusbfake)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Garena\safedrv.sys -- (GGSAFERDriver)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EagleNT.sys -- (EagleNT)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\FAITHM~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Auto | Stopped] -- -- (adfs)
DRV - [2012/10/31 05:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/10/31 05:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/10/31 05:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/10/31 05:51:58 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2012/10/31 05:51:57 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012/10/31 05:51:56 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2012/10/31 05:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/10/31 05:51:56 | 000,020,624 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswKbd.sys -- (aswKbd)
DRV - [2012/09/29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/12/16 21:19:54 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2011/04/05 00:47:40 | 000,021,504 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USB_MODEM_T.sys -- (UsbModemDriver)
DRV - [2011/01/03 21:15:09 | 000,109,440 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\KbdCap.sys -- (kbdcap)
DRV - [2010/07/29 00:25:42 | 000,025,112 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ivusb.sys -- (ivusb)
DRV - [2010/05/11 01:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/18 01:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/12/18 10:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2009/11/05 11:50:50 | 000,038,400 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USB_BusEnum_T.sys -- (USB_BusEnum_T)
DRV - [2009/10/27 08:45:06 | 000,030,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USB_WinMux_T.sys -- (USB_WinMux_T)
DRV - [2009/09/30 22:00:00 | 000,138,112 | ---- | M] (Roland Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rdwm1104.sys -- (RDID1104)
DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/09/24 10:40:22 | 004,122,368 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM)
DRV - [2008/05/29 07:02:08 | 000,016,128 | ---- | M] (Via Telecom, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USB_ETS_T.sys -- (USB_ETS_T)
DRV - [2008/04/14 05:05:40 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)
DRV - [2007/11/21 17:37:06 | 000,181,888 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cam1690.sys -- (CAM1690)
DRV - [2007/08/07 07:15:07 | 000,033,052 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2002/09/16 17:14:32 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\PQNTDRV.sys -- (PQNTDrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT3220468
IE - HKCU\..\URLSearchHook: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://search.yahoo....q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT3220468
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = socks=

========== FireFox ==========

FF - prefs.js..CT3220468.browser.search.defaultthis.engineName: true
FF - prefs.js..browser.search.selectedEngine: "uTorrentControl_v2 Customized Web Search"
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledAddons:
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}:6.0.37
FF - prefs.js..extensions.enabledAddons: {7473b6bd-4691-4744-a82b-7854eb3d70b6}:10.10.27.6
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.5.0.8013
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..keyword.URL: "http://search.condui...rchSource=2&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Program Files\Sony Online Entertainment\npsoe.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@eximion.com/KalydoPlayer3.09.00: C:\Documents and Settings\Faith Morante\Application Data\Kalydo\KalydoPlayer\npkalydo.dll (Eximion B.V.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Documents and Settings\Faith Morante\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Faith Morante\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Faith Morante\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Faith Morante\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Documents and Settings\Faith Morante\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/05/19 22:04:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/05/19 22:04:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/11/02 21:48:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/11/03 16:37:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/11/03 16:37:43 | 000,000,000 | ---D | M]

[2010/05/16 23:06:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Faith Morante\Application Data\Mozilla\Extensions
[2012/11/09 20:01:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Faith Morante\Application Data\Mozilla\Firefox\Profiles\jtwrayev.default\extensions
[2010/10/04 14:00:30 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Faith Morante\Application Data\Mozilla\Firefox\Profiles\jtwrayev.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/10/15 16:46:01 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Faith Morante\Application Data\Mozilla\Firefox\Profiles\jtwrayev.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/09/03 18:26:41 | 000,000,000 | ---D | M] (uTorrentControl_v2) -- C:\Documents and Settings\Faith Morante\Application Data\Mozilla\Firefox\Profiles\jtwrayev.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}
[2012/11/03 16:37:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/11/03 16:37:40 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/11/03 16:37:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\FAITH MORANTE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTWRAYEV.DEFAULT\EXTENSIONS\[email protected]
[2012/11/03 16:37:48 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/10/11 08:05:38 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/10/11 08:05:38 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.64\pdf.dll
CHR - plugin: Skype Click to Call (Enabled) = C:\Documents and Settings\Faith Morante\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.10.0.9560_0\npSkypeChromePlugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Kalydo Player Plugin for Mozilla (Enabled) = C:\Documents and Settings\Faith Morante\Application Data\Kalydo\KalydoPlayer\npkalydo.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Documents and Settings\Faith Morante\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Faith Morante\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Unity Player (Enabled) = C:\Documents and Settings\Faith Morante\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Documents and Settings\Faith Morante\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Java™ Platform SE 7 U9 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.90.5 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll
CHR - plugin: SOE Web Installer (Enabled) = C:\Program Files\Sony Online Entertainment\npsoe.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Documents and Settings\Faith Morante\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google Search = C:\Documents and Settings\Faith Morante\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: DivX HiQ = C:\Documents and Settings\Faith Morante\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\
CHR - Extension: avast! WebRep = C:\Documents and Settings\Faith Morante\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\
CHR - Extension: Skype Click to Call = C:\Documents and Settings\Faith Morante\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Documents and Settings\Faith Morante\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\
CHR - Extension: Gmail = C:\Documents and Settings\Faith Morante\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2012/11/09 20:01:46 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (uTorrentControl_v2 Toolbar) - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (uTorrentControl_v2 Toolbar) - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentControl_v2 Toolbar) - {7473B6BD-4691-4744-A82B-7854EB3D70B6} - C:\Program Files\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe ()
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk = C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
O4 - Startup: C:\Documents and Settings\Faith Morante\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\NoDriveTypeAutoRun: NoDriveTypeAutoRun = 177
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1351340620312 (MUWebControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{83C7520B-8193-4D80-993D-12C2633CF8EF}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\livecall - No CLSID value found
O18 - Protocol\Handler\msnim - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\Faith Morante\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Faith Morante\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/05/03 14:39:49 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/11/09 16:46:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2012/11/03 17:08:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Faith Morante\My Documents\gayatri_files
[2012/11/03 16:37:39 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/11/03 06:40:55 | 000,020,624 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswKbd.sys
[2012/11/02 21:51:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2012/11/02 21:48:31 | 000,021,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012/11/02 21:48:30 | 000,361,032 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012/11/02 21:48:26 | 000,054,232 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012/11/02 21:48:26 | 000,035,928 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012/11/02 21:48:24 | 000,738,504 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012/11/02 21:48:23 | 000,097,608 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012/11/02 21:48:23 | 000,089,752 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012/11/02 21:48:23 | 000,025,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2012/11/02 21:48:02 | 000,227,648 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2012/11/02 21:48:02 | 000,041,224 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012/11/02 21:47:49 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/11/02 21:47:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/11/02 20:55:00 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/11/02 20:52:52 | 000,000,000 | ---D | C] -- C:\Tweaking.com_Windows_Repair_Logs
[2012/11/02 20:52:49 | 000,000,000 | ---D | C] -- C:\Program Files\Tweaking.com
[2012/11/02 20:52:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Tweaking.com
[2012/11/02 20:22:03 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/10/28 22:46:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
[2012/10/28 22:06:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Faith Morante\Local Settings\Application Data\Sun
[2012/10/28 21:52:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/10/28 20:06:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\AdobeTemp
[2012/10/28 06:28:02 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/10/28 06:28:02 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/10/28 06:28:02 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/10/28 06:28:02 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/10/28 06:25:36 | 004,994,057 | R--- | C] (Swearware) -- C:\Documents and Settings\Faith Morante\Desktop\ComboFix.exe
[2012/10/28 06:24:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Faith Morante\Desktop\sality_regkeys
[2012/10/27 21:34:31 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/10/27 21:00:16 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2012/10/27 20:54:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
[2012/10/27 19:55:04 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/10/27 19:55:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2012/10/27 19:51:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2012/10/27 19:41:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2012/10/27 19:20:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Faith Morante\Local Settings\Application Data\Secunia PSI
[2012/10/27 19:19:12 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia
[2012/10/20 07:00:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Faith Morante\Desktop\Shortcuts
[2012/10/20 05:22:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Faith Morante\Application Data\com.adobe.DC3Module.AdobeADC
[2012/10/20 04:59:52 | 000,000,000 | ---D | C] -- C:\Program Files\IrfanView
[2012/10/19 23:01:33 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Faith Morante\Recent
[2012/10/19 21:30:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Faith Morante\Desktop\50
[2011/04/26 18:44:29 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Faith Morante\Application Data\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2012/11/09 20:05:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/11/09 20:04:13 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/11/09 20:03:52 | 000,000,316 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012/11/09 20:03:25 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/09 20:03:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/11/09 20:01:46 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012/11/09 20:00:24 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2012/11/09 19:45:00 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/09 16:48:45 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/11/09 16:46:27 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2012/11/06 17:51:07 | 000,001,030 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1844237615-1085031214-682003330-1003UA.job
[2012/11/03 17:08:23 | 000,061,454 | ---- | M] () -- C:\Documents and Settings\Faith Morante\My Documents\gayatri.htm
[2012/11/03 08:46:02 | 000,001,008 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1844237615-1085031214-682003330-1003Core.job
[2012/11/02 20:52:50 | 000,001,928 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2012/11/02 20:20:10 | 004,994,057 | R--- | M] (Swearware) -- C:\Documents and Settings\Faith Morante\Desktop\ComboFix.exe
[2012/10/31 05:51:58 | 000,738,504 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012/10/31 05:51:58 | 000,361,032 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012/10/31 05:51:58 | 000,054,232 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012/10/31 05:51:58 | 000,035,928 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012/10/31 05:51:57 | 000,097,608 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012/10/31 05:51:57 | 000,089,752 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012/10/31 05:51:56 | 000,025,256 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2012/10/31 05:51:56 | 000,021,256 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012/10/31 05:51:56 | 000,020,624 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswKbd.sys
[2012/10/31 05:51:07 | 000,041,224 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012/10/31 05:50:59 | 000,227,648 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2012/10/28 22:46:36 | 000,001,791 | ---- | M] () -- C:\Documents and Settings\Faith Morante\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/10/28 21:57:46 | 003,735,264 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/10/28 19:06:20 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012/10/27 19:55:06 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Faith Morante\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/10/27 19:55:06 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/10/27 19:19:18 | 000,000,753 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2012/10/27 18:49:22 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Faith Morante\Desktop\HijackThis.lnk
[2012/10/21 20:37:39 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/10/21 15:12:26 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\Faith Morante\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/10/21 14:38:07 | 000,256,517 | ---- | M] () -- C:\Documents and Settings\Faith Morante\Desktop\yeahh me.jpg
[2012/10/20 05:33:48 | 000,001,456 | ---- | M] () -- C:\Documents and Settings\Faith Morante\Local Settings\Application Data\Adobe Save for Web 12.0 Prefs
[2012/10/19 23:13:27 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/10/19 23:11:42 | 000,079,930 | ---- | M] () -- C:\Documents and Settings\Faith Morante\My Documents\backup oct19.reg
[2012/10/10 21:00:37 | 000,033,716 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI

========== Files Created - No Company Name ==========

[2012/11/09 16:46:27 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2012/11/03 17:08:15 | 000,061,454 | ---- | C] () -- C:\Documents and Settings\Faith Morante\My Documents\gayatri.htm
[2012/11/02 21:48:24 | 000,000,316 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012/11/02 20:52:50 | 000,001,928 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2012/10/28 22:46:36 | 000,001,791 | ---- | C] () -- C:\Documents and Settings\Faith Morante\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/10/28 22:40:35 | 000,000,900 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/28 22:40:34 | 000,000,896 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/28 22:29:17 | 000,001,023 | ---- | C] () -- C:\WINDOWS\System32\igxpxa32.vp
[2012/10/28 22:29:16 | 001,674,683 | ---- | C] () -- C:\WINDOWS\System32\igxpxa32.cpa
[2012/10/28 22:29:16 | 000,058,558 | ---- | C] () -- C:\WINDOWS\System32\igxpxk32.vp
[2012/10/28 22:29:16 | 000,029,820 | ---- | C] () -- C:\WINDOWS\System32\igxpxs32.vp
[2012/10/28 19:06:19 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012/10/28 06:28:02 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/10/28 06:28:02 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/10/28 06:28:02 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/10/28 06:28:02 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/10/28 06:28:02 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/10/27 19:55:06 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/10/27 19:38:45 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/10/27 19:19:18 | 000,000,753 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2012/10/27 19:19:18 | 000,000,716 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Secunia PSI.lnk
[2012/10/27 18:49:22 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\Faith Morante\Desktop\HijackThis.lnk
[2012/10/21 14:38:06 | 000,256,517 | ---- | C] () -- C:\Documents and Settings\Faith Morante\Desktop\yeahh me.jpg
[2012/10/19 23:11:39 | 000,079,930 | ---- | C] () -- C:\Documents and Settings\Faith Morante\My Documents\backup oct19.reg
[2012/05/19 12:53:33 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2012/02/02 11:14:17 | 000,000,440 | RHS- | C] () -- C:\Documents and Settings\Faith Morante\ntuser.pol
[2012/01/13 19:03:42 | 000,000,204 | ---- | C] () -- C:\WINDOWS\System32\secustat.dat
[2012/01/13 13:11:30 | 000,000,025 | ---- | C] () -- C:\WINDOWS\libem.INI
[2012/01/11 18:46:12 | 000,033,716 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2012/01/02 15:40:52 | 000,000,069 | ---- | C] () -- C:\Documents and Settings\Faith Morante\jagex_cl_runescape_LIVE.dat
[2012/01/02 15:40:52 | 000,000,024 | ---- | C] () -- C:\Documents and Settings\Faith Morante\random.dat
[2011/10/28 09:18:05 | 000,000,094 | ---- | C] () -- C:\WINDOWS\ka.ini
[2011/08/20 14:57:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Secrets.INI
[2011/07/04 12:48:39 | 000,038,400 | ---- | C] () -- C:\WINDOWS\System32\drivers\USB_BusEnum_T.sys
[2011/07/04 12:48:39 | 000,030,080 | ---- | C] () -- C:\WINDOWS\System32\drivers\USB_WinMux_T.sys
[2011/07/04 12:48:39 | 000,021,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\USB_MODEM_T.sys
[2011/05/17 12:38:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\CastleMalloy.INI
[2011/05/16 23:53:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Shadow.INI
[2011/04/30 12:18:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PhotoNow.INI
[2011/04/26 18:44:29 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Faith Morante\Application Data\pcouffin.cat
[2011/04/26 18:44:29 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Faith Morante\Application Data\pcouffin.inf
[2011/04/21 07:36:39 | 000,046,706 | ---- | C] () -- C:\Documents and Settings\Faith Morante\Application Data\room.dat
[2011/04/12 22:02:49 | 000,086,528 | ---- | C] () -- C:\WINDOWS\bnetunin.exe
[2011/03/17 21:18:44 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Faith Morante\Application Data\Adobe GIF Format CS5 Prefs
[2011/03/07 21:24:45 | 000,001,456 | ---- | C] () -- C:\Documents and Settings\Faith Morante\Local Settings\Application Data\Adobe Save for Web 12.0 Prefs
[2011/02/15 18:18:13 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Faith Morante\Application Data\Adobe PNG Format CS5 Prefs
[2011/01/03 21:15:09 | 000,109,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\KbdCap.sys
[2010/09/19 21:27:28 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Faith Morante\.javafx_eula_accepted
[2010/05/04 09:02:28 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\Faith Morante\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2010/05/19 13:04:34 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2012/08/31 03:29:36 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 19:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 12:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2011/03/31 17:36:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AdventureChronicles1
[2012/11/02 21:47:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2010/07/28 17:49:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cakewalk
[2010/05/11 19:28:47 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2012/02/02 07:01:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJPLM
[2011/12/08 11:48:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2011/03/31 18:28:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Floodlight Games
[2011/01/28 23:06:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Growl
[2011/05/13 23:06:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Legacy Interactive
[2012/01/13 19:01:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2011/12/13 17:28:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Origin
[2011/05/12 21:29:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2011/04/08 19:14:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PoBros
[2011/02/04 14:59:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2012/05/23 21:17:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2011/06/03 21:55:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2010/05/11 19:31:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2011/04/30 11:41:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2011/06/02 08:33:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2011/04/26 19:50:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2010/05/03 15:27:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2011/05/12 21:39:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2011/06/02 08:30:58 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
[2011/01/18 13:26:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/04/01 05:19:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Faith Morante\Application Data\Artogon
[2011/04/02 18:00:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Faith Morante\Application Data\Awem
[2012/01/13 20:35:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Faith Morante\Application Data\BITS
[2010/08/24 10:52:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Faith Morante\Application Data\CAD-KAS
[2010/07/28 17:57:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Faith Morante\Application Data\Cakewalk
[2011/05/17 18:18:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Faith Morante\Application Data\cald3
[2012/10/28 21:30:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Faith Morante\Application Data\Canon
[2011/02/04 16:52:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Faith Morante\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/10/20 05:22:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Faith Morante\Application Data\com.adobe.DC3Module.AdobeADC
[2011/09/23 12:04:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Faith Morante\Application Data\com.ClarityEnglish.ClarityRecorder
[2011/05/20 10:33:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Faith Morante\Application Data\DDMSettings
[2010/09/20 17:39:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Faith Morante\Application Data\DesktopReminder
[2011/02/09 05:41:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Faith Morante\Application Data\Dropbox
[2011/04/08 20:09:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Faith Morante\Application Data\Enki Games
[2012/01/13 13:08:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Faith Morante\Application Data\FlashGet
[2012/01/13 13:08:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Faith Morante\Application Data\FlashGetBHO
[2011/03/31 18:28:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Faith Morante\Application Data\Floodlight Games
[2011/04/02 20:48:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Faith Morante\Application Data\Friday's games
[2010/10/24 20:19:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Faith Morante\Application Data\FVZilla
[2010/10/04 21:27:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Faith Morante\Application Data\gtk-2.0
[2010/10/15 14:37:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Faith Morante\Application Data\Hide IP NG
[2010/09/20 17:53:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Faith Morante\Application Data\hott notes 4
[2011/05/12 17:20:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Faith Morante\Application Data\iWin
[2011/03/09 20:42:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Faith Morante\Application Data\Kalydo
[2011/04/09 15:13:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Faith Morante\Application Data\MP3Rocket
[2010/05/17 22:30:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Faith Morante\Application Data\Notepad++
[2011/08/01 07:08:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Faith Morante\Application Data\Pamela
[2011/05/12 21:29:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Faith Morante\Application Data\PlayFirst
[2011/04/08 19:14:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Faith Morante\Application Data\PoBros
[2012/05/19 12:53:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Faith Morante\Application Data\Research In Motion
[2011/03/31 17:20:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Faith Morante\Application Data\Robin Crusoe
[2010/05/11 19:31:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Faith Morante\Application Data\ScanSoft
[2011/04/07 22:27:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Faith Morante\Application Data\Silverback Productions
[2010/10/22 18:49:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Faith Morante\Application Data\Sony Online Entertainment
[2011/02/04 15:15:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Faith Morante\Application Data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012/10/28 22:06:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Faith Morante\Application Data\SystemRequirementsLab
[2010/10/04 21:14:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Faith Morante\Application Data\Thinstall
[2011/06/02 08:31:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Faith Morante\Application Data\TuneUp Software
[2012/11/09 20:09:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Faith Morante\Application Data\uTorrent
[2012/10/19 23:01:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Faith Morante\Application Data\Vso
[2010/12/01 20:01:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Faith Morante\Application Data\webex
[2012/10/21 06:44:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Faith Morante\Application Data\WinFF
[2011/02/04 16:40:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Faith Morante\Application Data\YouSendIt
[2010/12/06 20:01:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Faith Morante\Application Data\Youtube Downloader HD
[2011/07/04 12:41:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Faith Morante\Application Data\ZTEEVDO

========== Purity Check ==========



< End of report >0


So far I'm not getting any weird popups or whatnots :)
  • 0

#14
Essexboy
Posted 09 November 2012 - 08:11 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
How is the computer performing generally ?
  • 1

#15
dundundunn
Posted 09 November 2012 - 08:24 AM

dundundunn

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
It's performing normally, I think. It's just that I have to install some programs again :D

Thanks so much Essexboy for your help!! You saved me from wasting time reformatting this PC.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP