Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Win32:Rootkit-gen [Rtk] Infection [Solved]

Started by Jackpine , Mar 04 2012 03:34 PM

  • This topic is locked This topic is locked

#1
Jackpine
Posted 04 March 2012 - 03:34 PM

Jackpine

    Member

  • Member
  • PipPipPip
  • 490 posts
I seem to have a recurring problem. I posted a new topic on Jan 30, 2012 about high memory usage. The topic was here: http://www.geekstogo..._1#entry2115184

After running aswMBR, the scan showed 12:43:57.031 File: C:\WINDOWS\system32\drivers\pxrd.sys **INFECTED** Win32:Rootkit-gen [Rtk] as being the problem. (As identified by Essexboy.) I followed the instructions to run ComboFix, and apparently the infection was removed.

Today, just out of curiosity, I ran aswMBR to see if the infection still showed up in the scan. I was surprised to see that it did show up.

I would appreciate it if someone could verify whether I still have a rootkit, or other malware, and to remove it if possible. Thank you very much.

My OTL log is found below:

OTL logfile created on: 3/4/2012 4:25:37 PM - Run 1
OTL by OldTimer - Version 3.2.35.1 Folder = C:\Documents and Settings\Robert\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.32 Gb Available Physical Memory | 66.12% Memory free
3.85 Gb Paging File | 3.37 Gb Available in Paging File | 87.45% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 212.57 Gb Free Space | 71.31% Space Free | Partition Type: NTFS
Drive F: | 465.76 Gb Total Space | 136.58 Gb Free Space | 29.32% Space Free | Partition Type: NTFS
Drive Z: | 465.76 Gb Total Space | 402.89 Gb Free Space | 86.50% Space Free | Partition Type: NTFS

Computer Name: FIRSTBUILD | User Name: Robert | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/04 16:17:24 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Robert\Desktop\OTL.exe
PRC - [2010/08/20 08:38:44 | 001,348,944 | ---- | M] (Sunbelt Software) -- C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe
PRC - [2010/08/20 08:16:34 | 002,763,080 | ---- | M] (Sunbelt Software) -- C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe
PRC - [2010/08/20 08:15:54 | 000,181,584 | ---- | M] (Sunbelt Software) -- C:\Program Files\Sunbelt Software\CounterSpy\SBPIMSvc.exe
PRC - [2009/04/23 19:46:24 | 000,181,312 | ---- | M] () -- C:\Program Files\Photodex\ProShowProducer\scsiaccess.exe
PRC - [2009/02/06 13:23:36 | 000,727,720 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2009/02/06 13:23:12 | 002,021,400 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
PRC - [2009/01/21 01:05:18 | 000,960,560 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
PRC - [2009/01/21 01:04:00 | 000,618,944 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2009/01/21 00:59:56 | 004,359,600 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2008/06/11 22:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/03/02 13:17:10 | 000,734,736 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
PRC - [2007/03/02 13:16:58 | 000,407,056 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\Raxco\PerfectDisk\PDAgent.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/05 12:41:50 | 000,181,616 | ---- | M] () -- C:\Program Files\Sunbelt Software\CounterSpy\Definitions\libMachoUniv.dll
MOD - [2012/02/05 12:41:48 | 000,210,288 | ---- | M] () -- C:\Program Files\Sunbelt Software\CounterSpy\Definitions\libBase64.dll
MOD - [2010/07/15 15:46:26 | 000,300,368 | ---- | M] () -- C:\Program Files\Sunbelt Software\CounterSpy\vipre.dll
MOD - [2010/03/08 21:55:56 | 000,010,752 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerCOM.dll
MOD - [2009/04/23 19:46:24 | 000,181,312 | ---- | M] () -- C:\Program Files\Photodex\ProShowProducer\scsiaccess.exe
MOD - [2008/01/26 15:26:42 | 001,515,520 | ---- | M] () -- C:\Program Files\ImageConverter Plus\fcnv.dll
MOD - [2008/01/26 15:23:20 | 006,656,000 | ---- | M] () -- C:\Program Files\ImageConverter Plus\fpdf.dll
MOD - [2008/01/26 15:22:14 | 000,028,672 | ---- | M] () -- C:\Program Files\ImageConverter Plus\MemHandler.dll
MOD - [2008/01/26 15:22:02 | 001,310,720 | ---- | M] () -- C:\Program Files\ImageConverter Plus\fcrtl.dll
MOD - [2007/03/02 13:17:30 | 000,366,096 | ---- | M] () -- C:\Program Files\Raxco\PerfectDisk\sqlite3.dll
MOD - [2007/03/02 13:17:06 | 000,075,280 | ---- | M] () -- C:\Program Files\Raxco\PerfectDisk\PDDb.dll
MOD - [2005/12/22 16:28:40 | 000,160,768 | ---- | M] () -- C:\Program Files\Sunbelt Software\CounterSpy\unrar.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (RoxLiveShare9)
SRV - File not found [Disabled | Stopped] -- -- (Roxio UPnP Renderer 9)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2010/09/01 14:51:28 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus®
SRV - [2010/08/20 08:16:34 | 002,763,080 | ---- | M] (Sunbelt Software) [Auto | Running] -- C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe -- (SBAMSvc)
SRV - [2010/08/20 08:15:54 | 000,181,584 | ---- | M] (Sunbelt Software) [Auto | Running] -- C:\Program Files\Sunbelt Software\CounterSpy\SBPIMSvc.exe -- (SBPIMSvc)
SRV - [2009/08/28 16:15:30 | 000,582,424 | ---- | M] (ParetoLogic Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\XoftSpySE\6\xoftspyservice.exe -- (XoftSpyService)
SRV - [2009/04/23 19:46:24 | 000,181,312 | ---- | M] () [Auto | Running] -- C:\Program Files\Photodex\ProShowProducer\scsiaccess.exe -- (ScsiAccess)
SRV - [2009/02/06 13:27:06 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009/02/06 13:23:36 | 000,727,720 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2009/01/21 01:04:00 | 000,618,944 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2008/12/23 23:02:29 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/07/10 20:19:52 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2008/04/20 19:46:20 | 000,085,096 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2007/11/26 14:47:40 | 000,598,856 | ---- | M] (Webroot Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Webroot\Washer\WasherSvc.exe -- (wwEngineSvc)
SRV - [2007/03/02 13:17:10 | 000,734,736 | ---- | M] (Raxco Software, Inc.) [On_Demand | Running] -- C:\Program Files\Raxco\PerfectDisk\PDEngine.exe -- (PDEngine)
SRV - [2007/03/02 13:16:58 | 000,407,056 | ---- | M] (Raxco Software, Inc.) [Auto | Running] -- C:\Program Files\Raxco\PerfectDisk\PDAgent.exe -- (PDAgent)
SRV - [2006/11/03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006/11/02 20:40:12 | 000,174,656 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)
SRV - [2004/08/04 07:00:00 | 000,003,584 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\System32\regedt32.exe -- (NOD32FiXTemDono)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (utk0mtqx)
DRV - File not found [Kernel | System | Stopped] -- -- (SpyEmrg)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NTACCESS)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (GMSIPCI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (FLASHSYS)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (EagleNT)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (Ad-Watch Connect Filter)
DRV - [2010/12/01 14:06:29 | 000,108,104 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2010/06/14 13:54:30 | 000,069,976 | ---- | M] (Sunbelt Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\sbapifs.sys -- (sbapifs)
DRV - [2010/06/14 13:54:30 | 000,021,464 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sbaphd.sys -- (sbaphd)
DRV - [2010/05/13 06:56:22 | 000,098,392 | ---- | M] (Sunbelt Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2009/10/24 22:17:05 | 000,971,552 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tdrpm174.sys -- (tdrpman174) Acronis Try&Decide and Restore Points filter (build 174)
DRV - [2009/10/24 22:16:58 | 000,540,000 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2009/10/24 22:16:58 | 000,044,704 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2009/10/24 22:16:55 | 000,134,272 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snman380.sys -- (snapman380) Acronis Snapshots Manager (Build 380)
DRV - [2009/09/15 11:42:48 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/09/15 11:42:46 | 000,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/09/15 11:42:44 | 000,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/02/06 13:24:22 | 000,056,280 | ---- | M] (ESET) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\epfwtdi.sys -- (epfwtdi)
DRV - [2009/02/06 13:24:18 | 000,130,952 | ---- | M] (ESET) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\epfw.sys -- (epfw)
DRV - [2009/02/06 13:23:18 | 000,106,208 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009/02/06 13:19:52 | 000,113,448 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2007/12/06 08:51:00 | 000,285,952 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2007/10/03 21:55:36 | 000,019,240 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys -- (SiFilter)
DRV - [2007/10/03 21:55:28 | 000,015,400 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SiRemFil.sys -- (SiRemFil)
DRV - [2007/10/03 21:55:08 | 000,080,424 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SI3132.sys -- (SI3132)
DRV - [2007/03/02 09:26:18 | 000,067,352 | ---- | M] (Raxco Software, Inc.) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\DefragFs.sys -- (DefragFS)
DRV - [2007/01/14 14:15:03 | 000,062,592 | ---- | M] (Chic Tech.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\moufiltr.sys -- (moufiltr)
DRV - [2006/12/21 15:26:00 | 004,405,248 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/07/27 10:00:00 | 000,004,096 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\cvintdrv.sys -- (cvintdrv)
DRV - [2006/06/05 18:53:15 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2004/11/05 11:08:06 | 000,670,208 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock)
DRV - [2004/10/14 04:52:28 | 000,004,962 | R--- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO)
DRV - [2004/08/12 21:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\..\SearchScopes\{EF8CA572-5715-47F4-9829-1C110E04F599}: "URL" = http://gb.iamwired.n...ch={SearchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+®,version=1.6.2.91: C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)



========== Chrome ==========


O1 HOSTS File: ([2012/01/29 13:51:55 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SBAMTray] C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe (Sunbelt Software)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMovingBands = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCloseDragDropBands = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarsOnTaskbar = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (Reg Error: Key error.)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus....ek_sys_ctrl.cab (asusTek_sysctrl Class)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Twisted%20Lands%20-%20Shadow%20Town/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {588031A3-94BF-4CDD-86D0-939F6F93910F} https://fixit.suppor...FixItClient.CAB (FixItClient Class)
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.updat...b?1292380760937 (MUCatalogWebControl Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1220411993917 (WUWebControl Class)
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} http://www.nvidia.co.../sysreqlab2.cab (Reg Error: Key error.)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} http://h20270.www2.h...ctDetection.cab (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1240369789812 (MUWebControl Class)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.co...iaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Twisted%20Lands%20-%20Shadow%20Town/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} http://eserv.sympati...adaPortalAX.cab (WebBrowserType Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (get_atlcom Class)
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} http://driveragent.c...driveragent.cab (Driver Agent ActiveX Control)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6B4B5C21-DA99-4096-8820-43DC9BA3E4E3}: NameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.dll) - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\Robert\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Robert\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/06/03 17:07:23 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (PDBoot.exe)
O34 - HKLM BootExecute: (autocheck autochk *SBBD.exe /d \Device\HarddiskVolume1\Program Files\Sunbelt Software\CounterSpy\Definitions)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...com [@ = comfile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/03/04 16:17:08 | 000,584,704 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Robert\Desktop\OTL.exe
[2012/03/04 15:33:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert\Application Data\Top Evidence
[2012/03/04 15:33:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Top Evidence
[2012/03/04 15:33:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/03/04 15:21:53 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/03/04 14:08:54 | 004,730,880 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Robert\Desktop\aswMBR.exe
[2012/03/04 13:22:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert\Start Menu\Programs\Haunted Manor 2- Queen of Death CE
[2012/02/22 17:16:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\K-Lite Codec Pack
[2012/02/22 17:16:31 | 000,839,680 | ---- | C] (http://www.mp3dev.org/) -- C:\WINDOWS\System32\lameACM.acm
[2012/02/22 17:16:27 | 000,151,552 | ---- | C] (fccHandler) -- C:\WINDOWS\System32\ac3acm.acm
[2012/02/20 20:07:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java

========== Files - Modified Within 30 Days ==========

[2012/03/04 16:17:24 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Robert\Desktop\OTL.exe
[2012/03/04 16:02:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/04 15:24:33 | 000,013,710 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/03/04 15:23:35 | 000,273,231 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2012/03/04 15:23:29 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/04 15:23:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/03/04 15:10:51 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\Robert\Desktop\Outlook 2007.lnk
[2012/03/04 14:57:29 | 001,718,472 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/03/04 14:09:10 | 004,730,880 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Robert\Desktop\aswMBR.exe
[2012/03/04 13:26:39 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\Robert\Desktop\Excel 2007.lnk
[2012/03/04 13:22:16 | 000,002,166 | ---- | M] () -- C:\Documents and Settings\Robert\Desktop\Haunted Manor.lnk
[2012/03/01 13:52:59 | 000,596,358 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/03/01 13:52:59 | 000,112,418 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/03/01 00:18:44 | 000,000,095 | ---- | M] () -- C:\WINDOWS\True
[2012/03/01 00:18:44 | 000,000,088 | ---- | M] () -- C:\WINDOWS\0
[2012/03/01 00:18:44 | 000,000,083 | ---- | M] () -- C:\WINDOWS\Times New Roman
[2012/02/22 17:16:33 | 000,000,926 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Media Player Classic.lnk
[2012/02/20 20:47:52 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Robert\Desktop\Word 2007.lnk
[2012/02/20 18:07:10 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/02/15 13:00:00 | 000,079,360 | ---- | M] () -- C:\WINDOWS\System32\ff_vfw.dll
[2012/02/12 16:52:34 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

========== Files Created - No Company Name ==========

[2012/03/04 13:22:16 | 000,002,166 | ---- | C] () -- C:\Documents and Settings\Robert\Desktop\Haunted Manor.lnk
[2012/02/22 17:16:33 | 000,000,926 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Media Player Classic.lnk
[2012/02/22 17:16:32 | 000,000,414 | ---- | C] () -- C:\WINDOWS\System32\lame_acm.xml
[2012/02/22 17:16:31 | 000,650,752 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2012/02/22 17:16:31 | 000,243,200 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2012/02/22 17:16:25 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2012/02/20 18:02:03 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2012/02/20 15:52:33 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/20 15:52:33 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2012/01/03 20:43:14 | 000,923,401 | ---- | C] () -- C:\Program Files\WinDlg_124.zip
[2011/03/04 18:36:56 | 000,000,090 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2010/11/29 19:27:00 | 000,000,164 | ---- | C] () -- C:\WINDOWS\install.dat
[2010/11/02 20:41:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Game.INI
[2010/10/24 16:36:21 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Robert\Local Settings\Application Data\housecall.guid.cache
[2010/09/01 18:32:38 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2010/06/12 18:01:25 | 000,000,025 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2010/06/12 18:01:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\popcreg.dat
[2010/06/12 16:46:00 | 000,000,015 | ---- | C] () -- C:\WINDOWS\popcinfo.dat

========== LOP Check ==========

[2009/10/25 18:57:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2011/04/05 15:06:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alawar Stargaze
[2010/11/23 16:47:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AlawarWrapper
[2008/05/22 23:02:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2011/04/05 18:55:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/01/06 21:00:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cateia Games
[2011/03/04 18:36:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2008/07/22 20:00:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COSMOS Applications
[2010/08/14 21:39:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Curious Sense
[2008/07/10 20:36:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DassaultSystemes
[2007/11/25 22:46:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Elaborate Bytes
[2011/04/30 18:57:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Elephant Games
[2009/04/12 22:46:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2010/12/28 22:57:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fugazo
[2010/12/13 00:05:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gamers Digital
[2011/03/05 22:56:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GestaltGames
[2010/11/22 22:37:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gogii
[2008/12/20 12:05:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GoldWaveCDDB
[2011/01/17 16:43:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Green Clover Games
[2008/02/14 16:59:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2010/01/18 17:02:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2007/07/19 18:01:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Innovative Solutions
[2010/06/12 18:04:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JollyBear
[2011/02/24 17:13:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LittleGamesCompany
[2011/01/23 16:55:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\logs
[2011/12/26 15:34:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MediaArt
[2010/12/18 00:07:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Merscom
[2012/01/06 20:48:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Namco
[2009/10/04 20:59:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2007/04/30 15:27:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic Anti-Spyware
[2011/03/08 17:22:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2007/02/20 19:41:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Prevx
[2009/09/20 22:32:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PrevxCSI
[2008/04/29 20:39:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\River Past G4
[2008/04/29 20:47:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\River Past G5
[2008/03/01 18:47:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2009/02/28 19:49:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SITEguard
[2011/01/20 16:29:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2010/12/18 08:05:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SOS
[2011/03/04 18:36:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 11
[2012/01/06 21:15:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SulusGames
[2012/03/04 15:33:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/01/28 17:15:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TheFallTrilogyEp3-BF
[2012/03/04 15:33:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Top Evidence
[2007/07/24 21:08:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2010/12/24 01:27:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/10/25 20:47:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Acronis
[2012/01/28 17:23:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Amaranth Games
[2008/05/22 23:02:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Autodesk
[2012/01/01 22:48:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Big Fish Games
[2012/01/28 20:02:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Boomzap
[2010/08/14 21:39:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Curious Sense
[2008/07/10 20:36:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\DassaultSystemes
[2007/01/07 00:48:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Design Science
[2007/02/04 22:39:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Downloaded Installations
[2007/01/16 17:35:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\DWGeditor
[2011/03/26 10:33:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\ElevatedDiagnostics
[2011/04/22 21:13:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Enki Games
[2012/02/12 20:48:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\ERS Game Studios
[2009/04/12 22:47:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\ESET
[2012/01/06 22:46:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Freeze Tag
[2012/01/02 10:01:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\GameInvest
[2012/01/21 15:07:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Gogii
[2011/03/25 16:00:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\IBAGroup
[2010/11/15 00:06:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\IM
[2008/09/06 23:26:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\ImgBurn
[2012/01/15 11:51:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\IObit
[2007/03/28 18:17:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Leadertech
[2011/02/20 22:07:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\MA2
[2008/05/15 23:08:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Maple
[2011/12/26 15:34:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\MediaArt
[2008/08/28 22:28:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\MenuShrink
[2011/04/18 18:01:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\My Games
[2012/01/06 20:49:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Namco
[2006/11/08 18:34:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Netscape
[2012/01/11 15:19:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Orneon
[2011/02/23 17:33:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\PFStaticIP
[2010/12/26 18:23:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Photodex
[2007/01/25 20:41:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\River Past G4
[2008/04/29 20:45:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\River Past G5
[2007/06/21 22:20:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Scooter Software
[2010/01/17 19:52:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Simply Super Software
[2008/05/08 18:04:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\sldIM
[2011/01/08 17:00:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Spider Player
[2011/04/09 12:09:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\SpinTop
[2012/01/06 21:15:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\SulusGames
[2006/07/25 16:31:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Systweak
[2012/03/04 15:33:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Top Evidence
[2010/07/25 16:21:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\URSoft
[2012/03/04 16:25:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\uTorrent
[2012/01/07 15:54:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\VampireSagaHL
[2010/10/16 17:06:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\VirtualStore
[2011/04/10 14:48:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Vso
[2012/01/02 12:05:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\WhiteBirdsProductions
[2006/07/14 17:00:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\WinPatrol

========== Purity Check ==========

< End of report >


Here is the OTL Extras log.

OTL Extras logfile created on: 3/4/2012 4:25:37 PM - Run 1
OTL by OldTimer - Version 3.2.35.1 Folder = C:\Documents and Settings\Robert\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.32 Gb Available Physical Memory | 66.12% Memory free
3.85 Gb Paging File | 3.37 Gb Available in Paging File | 87.45% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 212.57 Gb Free Space | 71.31% Space Free | Partition Type: NTFS
Drive F: | 465.76 Gb Total Space | 136.58 Gb Free Space | 29.32% Space Free | Partition Type: NTFS
Drive Z: | 465.76 Gb Total Space | 402.89 Gb Free Space | 86.50% Space Free | Partition Type: NTFS

Computer Name: FIRSTBUILD | User Name: Robert | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.cmd [@ = cmdfile] -- Reg Error: Key error. File not found
.com [@ = comfile] -- Reg Error: Key error. File not found
.hta [@ = htafile] -- Reg Error: Key error. File not found
.html [@ = htmlfile] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\PFPortChecker\PFPortChecker.exe" = C:\Program Files\PFPortChecker\PFPortChecker.exe:*:Enabled:PFPortchecker by portforward.com helps check if your ports are properly forwarded. -- (portforward.com)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{05D60953-9012-44DF-A1A6-9DD97AD6580A}" = Corel Painter X
"{07043840-959A-4B0D-8825-2C533F0DDB19}" = Microsoft Math
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0C631AC5-3AA0-418F-B132-29F8432F1C19}" = COSMOSWorks 2008 SP03
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{212F5777-1190-4DEF-8E4D-6B2F313B45E7}" = PerfectDisk
"{266EB766-9ABB-40D0-AB9F-41EE46D23876}" = SolidWorks 2008 SP03
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{32611C62-474D-47B1-B347-06453D430A28}" = DVDInfoPro
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{37C8899D-FD70-481F-94AA-1F1B08765E22}" = Acronis True Image Home
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}" = Adobe Photoshop CS3
"{40345A8F-3B72-44DE-814F-72E8A52B1161}" = eDrawings 2008
"{43224D30-5941-47A4-9AD7-9250EE794396}" = SigmaPlot 10.0
"{43FFE159-3199-4188-A1CD-629166AD1033}" = Nero 7 Ultra Edition
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BB05099-1963-4268-A3BB-9153964750ED}" = XoftSpySE
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1" = Data Lifeguard Diagnostic for Windows 1.24
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{584A1ECC-00AB-4FCC-B6AE-172741F32ABC}_is1" = DVD Rebuilder
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5B10C186-C6CF-45D8-9E2D-4F18247A5C63}" = Sudoku Works
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77D2A9D3-5800-43E3-B274-87841BC87DB2}" = Adobe ExtendScript Toolkit 2
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8876F541-F374-4375-BF2A-8FD9FA8141C4}" = COSMOSMotion 2008 SP0
"{8AE03988-8C8C-40EE-BDC7-76781BEF1B1D}" = Adobe Setup
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_PRJPRO_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_VISPRO_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_PRJPRO_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_VISPRO_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}_PRJPRO_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}_VISPRO_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2007
"{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{8446EB22-A746-46DC-B1BD-E0DFA1F3CDDA}" = Microsoft Office Project 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{CE144BF4-4950-4CDB-A5F7-CCE1888F49CB}" = Microsoft Office Visio 2007 Service Pack 3 (SP3)
"{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007
"{90120000-0054-0409-0000-0000000FF1CE}_VISPRO_{7DA87C7E-E8A7-473E-ADFF-1B6BECCCADA7}" = Microsoft Office Visio 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}_PRJPRO_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}_VISPRO_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A4-0409-0000-0000000FF1CE}" = Microsoft Office 2003 Web Components
"{90120000-00B4-0409-0000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2007
"{90120000-00B4-0409-0000-0000000FF1CE}_PRJPRO_{F3CD3F3F-726C-4414-A1FE-5CD0968313EA}" = Microsoft Office Project 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}_PRJPRO_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}_VISPRO_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{95E0E6DC-C308-4C96-BEDB-68C75A32FAF8}_is1" = Tetris
"{9A1DEA53-94B4-4780-8F95-F422949A5A35}" = CounterSpy
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{A8567E18-9E80-4EA3-A5C1-A6186C86F2CC}" = SolidWorks Explorer 2008 sp0
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-1033-F400-7760-000000000004}{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-A70900000002}" = Adobe Reader 7.0.9
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C8DE0FC9-5BD0-4D26-B5AD-D38146F2083C}" = DWGeditor
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Professional
"{CE2121C6-C94D-4A73-8EA4-6943F33EE335}" = Picture Package Music Transfer
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{ECE12161-B445-48FA-9056-FD54D8A72459}" = OriginPro 7.5
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F3E2505F-AA57-476B-9F67-F8C5E3938080}" = ESET Smart Security
"{F7338FA3-DAB5-49B2-900D-0AFB5760C166}" = PC Probe II
"{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}" = Adobe Setup
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Adobe_719d6f144d0c086a0dfa7ff76bb9ac1" = Adobe Photoshop CS3
"AnyDVD" = AnyDVD
"Audio Converter Pro" = River Past Audio Converter Pro
"AVIcodec" = AVIcodec (remove only)
"BC2_is1" = Beyond Compare Version 2.4.3
"CCE SP Trial Version" = CCE SP Trial Version
"CCleaner" = CCleaner
"CloneDVD2" = CloneDVD2
"Collectorz.com Movie Collector" = Collectorz.com Movie Collector
"CoreFLAC Audio Decoder+Source Filter" = CoreFLAC Audio Decoder+Source Filter (remove only)
"DSMT5" = MathType 5
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDFab 8_is1" = DVDFab 8.0.6.1 (18/12/2010)
"Easy CD-DA Extractor 11" = Easy CD-DA Extractor 11
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Eset NOD32 v3.0.642 FiX1.2 by TemDono_is1" = NOD32 v3.0.642 FiX1.2 by TemDono (31 days remaining forever up
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v4.50
"Exact Audio Copy" = Exact Audio Copy 0.99pb5
"GoldWave v5.13" = GoldWave v5.13
"Haunted Manor 2- Queen of Death CE1.0" = Haunted Manor 2- Queen of Death CE
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ImageConverter Plus_is1" = ImageConverter Plus 7.1
"ImgBurn" = ImgBurn
"IsoBuster_is1" = IsoBuster 2.3
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 8.4.0
"Kyodai Mahjongg 2006_is1" = Kyodai Mahjongg 2006 v1.42
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Maple 12" = Maple 12
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Microsoft Visual Studio 2005 Tools for Office Runtime
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSConfig CleanUp_is1" = MSConfig CleanUp 1.2
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NOD32 v3.x FiX 1.1 by TemDono_is1" = NOD32 v3.x FiX 1.1 by TemDono (Free Updates - Expire in 2050)
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"PFPortChecker" = PFPortChecker 1.0.39
"Photodex Presenter" = Photodex Presenter
"Portforward Static IP Address" = Portforward Static IP Address 1.0.45
"PRJPRO" = Microsoft Office Project Professional 2007
"ProShow Producer" = ProShow Producer
"Registry Mechanic_is1" = Registry Mechanic 8.0
"Spy Sweeper Updater 2.0.0 Alpha 4000" = Spy Sweeper Updater 2.0.0 Alpha 4000
"SystemRequirementsLab" = System Requirements Lab
"Unlocker" = Unlocker 1.8.9
"uTorrent" = µTorrent
"VISPRO" = Microsoft Office Visio Professional 2007
"Window Washer" = Window Washer
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"YU2010_is1" = Your Uninstaller! 2010

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/8/2011 5:53:51 PM | Computer Name = FIRSTBUILD | Source = Application Error | ID = 1000
Description = Faulting application pareto_as.exe, version 5.8.0.3841, faulting module
comctl32.dll, version 6.0.2900.6028, fault address 0x00067458.

Error - 3/26/2011 11:47:33 AM | Computer Name = FIRSTBUILD | Source = MsiInstaller | ID = 10005
Description = Product: Microsoft Fix it 50202 -- The installer has encountered an
unexpected error installing this package. This may indicate a problem with this
package. The error code is 2755. The arguments are: 1601, C:\Documents and Settings\Robert\Local
Settings\Temporary Internet Files\Content.IE5\QUPLL3NI\MicrosoftFixit50202[1].msi,


Error - 3/31/2011 11:22:42 PM | Computer Name = FIRSTBUILD | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module ntdll.dll, version 5.1.2600.6055, fault address 0x000116f4.

Error - 4/5/2011 3:42:45 PM | Computer Name = FIRSTBUILD | Source = Application Error | ID = 1000
Description = Faulting application mpc-hc.exe, version 1.3.2189.0, faulting module
splitter.ax, version 1.10.175.0, fault address 0x00041ac8.

Error - 4/5/2011 7:09:00 PM | Computer Name = FIRSTBUILD | Source = MsiInstaller | ID = 11704
Description = Product: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
-- Error 1704.An installation for Microsoft Fix it 50202 is currently suspended.
You must undo the changes made by that installation to continue. Do you want
to undo those changes?

Error - 4/22/2011 2:08:59 PM | Computer Name = FIRSTBUILD | Source = ESENT | ID = 490
Description = svchost (1520) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 12/31/2011 11:38:11 AM | Computer Name = FIRSTBUILD | Source = .NET Runtime Optimization Service | ID = 1103
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Tried to start a service that wasn't the latest version of CLR Optimization service.
Will shutdown

Error - 1/8/2012 6:09:59 PM | Computer Name = FIRSTBUILD | Source = Application Error | ID = 1000
Description = Faulting application acrodist.exe, version 9.0.0.332, faulting module
acrodistdll.dll, version 9.0.0.332, fault address 0x001edce0.

Error - 1/26/2012 10:28:15 PM | Computer Name = FIRSTBUILD | Source = Application Error | ID = 1000
Description = Faulting application acrodist.exe, version 9.0.0.332, faulting module
acrodistdll.dll, version 9.0.0.332, fault address 0x00217744.

Error - 2/20/2012 7:18:15 PM | Computer Name = FIRSTBUILD | Source = .NET Runtime Optimization Service | ID = 1103
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Tried to start a service that wasn't the latest version of CLR Optimization service.
Will shutdown

[ System Events ]
Error - 3/4/2012 3:35:16 PM | Computer Name = FIRSTBUILD | Source = Service Control Manager | ID = 7034
Description = The ScsiAccess service terminated unexpectedly. It has done this
1 time(s).

Error - 3/4/2012 3:36:36 PM | Computer Name = FIRSTBUILD | Source = DCOM | ID = 10010
Description = The server {222F1C6D-F430-4B76-B3F1-1FE92E214AD3} did not register
with DCOM within the required timeout.

Error - 3/4/2012 3:57:43 PM | Computer Name = FIRSTBUILD | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Eset Nod32 Boot service
to connect.

Error - 3/4/2012 3:57:43 PM | Computer Name = FIRSTBUILD | Source = Service Control Manager | ID = 7000
Description = The Eset Nod32 Boot service failed to start due to the following error:
%%1053

Error - 3/4/2012 3:57:43 PM | Computer Name = FIRSTBUILD | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the ProtexisLicensing service
to connect.

Error - 3/4/2012 3:57:43 PM | Computer Name = FIRSTBUILD | Source = Service Control Manager | ID = 7000
Description = The ProtexisLicensing service failed to start due to the following
error: %%1053

Error - 3/4/2012 4:23:41 PM | Computer Name = FIRSTBUILD | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Eset Nod32 Boot service
to connect.

Error - 3/4/2012 4:23:41 PM | Computer Name = FIRSTBUILD | Source = Service Control Manager | ID = 7000
Description = The Eset Nod32 Boot service failed to start due to the following error:
%%1053

Error - 3/4/2012 4:23:41 PM | Computer Name = FIRSTBUILD | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the ProtexisLicensing service
to connect.

Error - 3/4/2012 4:23:41 PM | Computer Name = FIRSTBUILD | Source = Service Control Manager | ID = 7000
Description = The ProtexisLicensing service failed to start due to the following
error: %%1053


< End of report >


  • 0

Advertisements

#2
Essexboy
Posted 08 March 2012 - 04:13 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi dere :wave:

C:\WINDOWS\system32\drivers\pxrd.sys is a part of Prevxx and is only marked due to its behaviour

Are you experiencing any problems ?
  • 0

#3
Jackpine
Posted 08 March 2012 - 06:15 PM

Jackpine

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 490 posts
Hello Essexboy,

My computer has operated very well since you cleaned it in January of this year. I am not aware of any operational problems, such as high memory usage, redirecting, slowness, etc. As I mentioned in my post of this topic, I noticed that when I ran aswMBR, the scan result shows that the pxrd.sys is infected with a rootkit, and I got worried that there might be something going on without any "visible" signs.

So, is this sort of like a "false positive", and I have nothing to worry about?

Thank you.
  • 0

#4
Essexboy
Posted 09 March 2012 - 01:36 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Aye that is correct and the reason I did not remove it, although looking at the install list you do not appear to have it anymore (prevxxx that is) :lol:

If you are happy then run OTL and hit the cleanup button
  • 0

#5
Jackpine
Posted 09 March 2012 - 03:33 PM

Jackpine

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 490 posts
OK, no signs of any problems. I ran OTL and cleaned up.

Thank you for your assistance! :)
  • 0

#6
Essexboy
Posted 09 March 2012 - 03:44 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
My pleasure.. Keep safe :wave:
  • 0

#7
Essexboy
Posted 10 March 2012 - 09:38 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP