Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Rootkit Detection Scan Results by Root Repeal


  • Please log in to reply

#1
GMantel

GMantel

    New Member

  • Member
  • Pip
  • 4 posts
Below is my RootRepeal scan. Please advise on what steps to take (if any) to remove any rootkit. Thank you!

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2012/09/07 10:29
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xAC239000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xBA5D6000 Size: 8192 File Visible: No Signed: -
Status: -

Name: PCI_PNP7926
Image Path: \Driver\PCI_PNP7926
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA8DC3000 Size: 49152 File Visible: No Signed: -
Status: -

Name: spsv.sys
Image Path: spsv.sys
Address: 0xB9EB4000 Size: 995328 File Visible: No Signed: -
Status: -

Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: C:\WINDOWS\$NtUninstallKB15872$
Status: Locked to the Windows API!

Path: C:\WINDOWS\$NtUninstallKB2079403$:SummaryInformation
Status: Invisible to the Windows API!

Path: c:\documents and settings\all users\application data\pure networks\log\logfile.nmsrvc_exe.txt
Status: Size mismatch (API: 21110, Raw: 20648)

Path: C:\Documents and Settings\All Users\Application Data\Pure Networks\Platform\sessionstore.js
Status: Locked to the Windows API!

SSDT
-------------------
#: 009 Function Name: NtAddBootEntry
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xac394708

#: 017 Function Name: NtAllocateVirtualMemory
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xac4677c8

#: 019 Function Name: NtAssignProcessToJobObject
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xac39511c

#: 025 Function Name: NtClose
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xac3d6401

#: 035 Function Name: NtCreateEvent
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xac39ff28

#: 036 Function Name: NtCreateEventPair
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xac39ff74

#: 038 Function Name: NtCreateIoCompletion
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xac3a00f6

#: 041 Function Name: NtCreateKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xac3d5db5

#: 043 Function Name: NtCreateMutant
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xac39fe96

#: 050 Function Name: NtCreateSection
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xac39ffb8

#: 051 Function Name: NtCreateSemaphore
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xac39fede

#: 053 Function Name: NtCreateThread
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xac395310

#: 054 Function Name: NtCreateTimer
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xac3a00b0

#: 057 Function Name: NtDebugActiveProcess
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xac395a9c

#: 061 Function Name: NtDeleteBootEntry
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xac394756

#: 063 Function Name: NtDeleteKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xac3d6ac7

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xac3d6d7d

#: 068 Function Name: NtDuplicateObject
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xac3990e4

#: 071 Function Name: NtEnumerateKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xac3d6932

#: 073 Function Name: NtEnumerateValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xac3d679d

#: 083 Function Name: NtFreeVirtualMemory
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xac4678ac

#: 097 Function Name: NtLoadDriver
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xac3943be

#: 109 Function Name: NtModifyBootEntry
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xac3947a4

#: 111 Function Name: NtNotifyChangeKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xac399456

#: 112 Function Name: NtNotifyChangeMultipleKeys
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xac396464

#: 114 Function Name: NtOpenEvent
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xac39ff52

#: 115 Function Name: NtOpenEventPair
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xac39ff96

#: 117 Function Name: NtOpenIoCompletion
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xac3a011a

#: 119 Function Name: NtOpenKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xac3d6111

#: 120 Function Name: NtOpenMutant
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xac39febc

#: 122 Function Name: NtOpenProcess
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xac398c5a

#: 125 Function Name: NtOpenSection
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xac3a003a

#: 126 Function Name: NtOpenSemaphore
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xac39ff06

#: 128 Function Name: NtOpenThread
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xac398e8c

#: 131 Function Name: NtOpenTimer
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xac3a00d4

#: 137 Function Name: NtProtectVirtualMemory
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xac467a2c

#: 160 Function Name: NtQueryKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xac3d6618

#: 163 Function Name: NtQueryObject
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xac396330

#: 177 Function Name: NtQueryValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xac3d646a

#: 180 Function Name: NtQueueApcThread
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xac395eda

#: 192 Function Name: NtRenameKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xac47330e

#: 204 Function Name: NtRestoreKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xac3d5428

#: 211 Function Name: NtSetBootEntryOrder
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xac3947f2

#: 212 Function Name: NtSetBootOptions
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xac394840

#: 213 Function Name: NtSetContextThread
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xac39591c

#: 240 Function Name: NtSetSystemInformation
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xac394448

#: 241 Function Name: NtSetSystemPowerState
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xac3945f8

#: 247 Function Name: NtSetValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xac3d6bce

#: 249 Function Name: NtShutdownSystem
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xac39459e

#: 253 Function Name: NtSuspendProcess
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xac395bfe

#: 254 Function Name: NtSuspendThread
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xac395d5a

#: 255 Function Name: NtSystemDebugControl
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xac394668

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xac395632

#: 258 Function Name: NtTerminateThread
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xac395794

#: 268 Function Name: NtVdmControl
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xac39488e

#: 277 Function Name: NtWriteVirtualMemory
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xac395160

Stealth Objects
-------------------
Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System Address: 0x899151f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x899151f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]
Process: System Address: 0x899151f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]
Process: System Address: 0x899151f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x899151f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x899151f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x899151f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x899151f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x899151f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x899151f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]
Process: System Address: 0x899151f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x899151f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x899151f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]
Process: System Address: 0x899151f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x899151f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]
Process: System Address: 0x899151f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]
Process: System Address: 0x899151f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE]
Process: System Address: 0x89650500 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE]
Process: System Address: 0x89650500 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ]
Process: System Address: 0x89650500 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE]
Process: System Address: 0x89650500 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x89650500 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x89650500 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x89650500 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN]
Process: System Address: 0x89650500 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER]
Process: System Address: 0x89650500 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x89650500 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP]
Process: System Address: 0x89650500 Size: 121

Object: Hidden Code [Driver: aglswoliЅ䵃慖Ёఅ瑎䱆ᚰp, IRP_MJ_CREATE]
Process: System Address: 0x896471f8 Size: 121

Object: Hidden Code [Driver: aglswoliЅ䵃慖Ёఅ瑎䱆ᚰp, IRP_MJ_CLOSE]
Process: System Address: 0x896471f8 Size: 121

Object: Hidden Code [Driver: aglswoliЅ䵃慖Ёఅ瑎䱆ᚰp, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x896471f8 Size: 121

Object: Hidden Code [Driver: aglswoliЅ䵃慖Ёఅ瑎䱆ᚰp, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x896471f8 Size: 121

Object: Hidden Code [Driver: aglswoliЅ䵃慖Ёఅ瑎䱆ᚰp, IRP_MJ_POWER]
Process: System Address: 0x896471f8 Size: 121

Object: Hidden Code [Driver: aglswoliЅ䵃慖Ёఅ瑎䱆ᚰp, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x896471f8 Size: 121

Object: Hidden Code [Driver: aglswoliЅ䵃慖Ёఅ瑎䱆ᚰp, IRP_MJ_PNP]
Process: System Address: 0x896471f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_CREATE]
Process: System Address: 0x898a11f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_CLOSE]
Process: System Address: 0x898a11f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_READ]
Process: System Address: 0x898a11f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_WRITE]
Process: System Address: 0x898a11f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x898a11f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x898a11f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x898a11f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_SHUTDOWN]
Process: System Address: 0x898a11f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_POWER]
Process: System Address: 0x898a11f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x898a11f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_PNP]
Process: System Address: 0x898a11f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CREATE]
Process: System Address: 0x895281f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CLOSE]
Process: System Address: 0x895281f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x895281f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x895281f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_POWER]
Process: System Address: 0x895281f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x895281f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_PNP]
Process: System Address: 0x895281f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE]
Process: System Address: 0x899171f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ]
Process: System Address: 0x899171f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE]
Process: System Address: 0x899171f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x899171f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x899171f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x899171f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN]
Process: System Address: 0x899171f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP]
Process: System Address: 0x899171f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER]
Process: System Address: 0x899171f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x899171f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP]
Process: System Address: 0x899171f8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE]
Process: System Address: 0x88ef4500 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE]
Process: System Address: 0x88ef4500 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x88ef4500 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x88ef4500 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP]
Process: System Address: 0x88ef4500 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP]
Process: System Address: 0x88ef4500 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE]
Process: System Address: 0x896791f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE]
Process: System Address: 0x896791f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x896791f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x896791f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER]
Process: System Address: 0x896791f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x896791f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP]
Process: System Address: 0x896791f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE]
Process: System Address: 0x88e8d1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x88e8d1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLOSE]
Process: System Address: 0x88e8d1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ]
Process: System Address: 0x88e8d1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_WRITE]
Process: System Address: 0x88e8d1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x88e8d1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x88e8d1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_EA]
Process: System Address: 0x88e8d1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_EA]
Process: System Address: 0x88e8d1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x88e8d1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x88e8d1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x88e8d1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x88e8d1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x88e8d1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x88e8d1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x88e8d1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SHUTDOWN]
Process: System Address: 0x88e8d1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x88e8d1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLEANUP]
Process: System Address: 0x88e8d1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x88e8d1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x88e8d1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_SECURITY]
Process: System Address: 0x88e8d1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_POWER]
Process: System Address: 0x88e8d1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x88e8d1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x88e8d1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x88e8d1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_QUOTA]
Process: System Address: 0x88e8d1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_PNP]
Process: System Address: 0x88e8d1f8 Size: 121

Object: Hidden Code [Driver: CdfsЅఅ瑎䱆ﻰ௴, IRP_MJ_CREATE]
Process: System Address: 0x89685500 Size: 121

Object: Hidden Code [Driver: CdfsЅఅ瑎䱆ﻰ௴, IRP_MJ_CLOSE]
Process: System Address: 0x89685500 Size: 121

Object: Hidden Code [Driver: CdfsЅఅ瑎䱆ﻰ௴, IRP_MJ_READ]
Process: System Address: 0x89685500 Size: 121

Object: Hidden Code [Driver: CdfsЅఅ瑎䱆ﻰ௴, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x89685500 Size: 121

Object: Hidden Code [Driver: CdfsЅఅ瑎䱆ﻰ௴, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x89685500 Size: 121

Object: Hidden Code [Driver: CdfsЅఅ瑎䱆ﻰ௴, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x89685500 Size: 121

Object: Hidden Code [Driver: CdfsЅఅ瑎䱆ﻰ௴, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x89685500 Size: 121

Object: Hidden Code [Driver: CdfsЅఅ瑎䱆ﻰ௴, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x89685500 Size: 121

Object: Hidden Code [Driver: CdfsЅఅ瑎䱆ﻰ௴, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x89685500 Size: 121

Object: Hidden Code [Driver: CdfsЅఅ瑎䱆ﻰ௴, IRP_MJ_SHUTDOWN]
Process: System Address: 0x89685500 Size: 121

Object: Hidden Code [Driver: CdfsЅఅ瑎䱆ﻰ௴, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x89685500 Size: 121

Object: Hidden Code [Driver: CdfsЅఅ瑎䱆ﻰ௴, IRP_MJ_CLEANUP]
Process: System Address: 0x89685500 Size: 121

Object: Hidden Code [Driver: CdfsЅఅ瑎䱆ﻰ௴, IRP_MJ_PNP]
Process: System Address: 0x89685500 Size: 121

==EOF==

Attached Files


  • 0

Advertisements


#2
GMantel

GMantel

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
...and the Rootkit Revealer log:

HKLM\SECURITY\Policy\Secrets\SAC* 1/18/2012 8:48 PM 0 bytes Key name contains embedded nulls (*)
HKLM\SECURITY\Policy\Secrets\SAI* 1/18/2012 8:48 PM 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN 1/28/2012 3:33 PM 0 bytes Security mismatch.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\CertMapping 1/28/2012 3:33 PM 0 bytes Security mismatch.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Client 1/28/2012 3:33 PM 0 bytes Security mismatch.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Listener 1/28/2012 3:33 PM 0 bytes Security mismatch.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Plugin 1/28/2012 3:33 PM 0 bytes Security mismatch.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Service 1/28/2012 3:33 PM 0 bytes Security mismatch.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\WinRS 1/28/2012 3:33 PM 0 bytes Security mismatch.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\WinRS\CustomRemoteShell 1/28/2012 3:33 PM 0 bytes Security mismatch.
HKLM\SOFTWARE\Pure Networks\Platform\PlatformLastOnline 9/7/2012 11:20 AM 8 bytes Data mismatch between Windows API and raw hive data.
HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg 7/15/2012 2:08 PM 0 bytes Access is denied.
C:\$AttrDef 1/18/2012 12:17 PM 2.50 KB Hidden from Windows API.
C:\$BadClus 1/18/2012 12:17 PM 0 bytes Hidden from Windows API.
C:\$BadClus:$Bad 1/18/2012 12:17 PM 74.50 GB Hidden from Windows API.
C:\$Bitmap 1/18/2012 12:17 PM 2.33 MB Hidden from Windows API.
C:\$Boot 1/18/2012 12:17 PM 8.00 KB Hidden from Windows API.
C:\$Extend 1/18/2012 12:17 PM 0 bytes Hidden from Windows API.
C:\$Extend\$ObjId 1/18/2012 12:17 PM 0 bytes Hidden from Windows API.
C:\$Extend\$Quota 1/18/2012 12:17 PM 0 bytes Hidden from Windows API.
C:\$Extend\$Reparse 1/18/2012 12:17 PM 0 bytes Hidden from Windows API.
C:\$Extend\$RmMetadata 6/25/2012 10:54 AM 0 bytes Hidden from Windows API.
C:\$Extend\$RmMetadata\$Repair 6/25/2012 10:54 AM 0 bytes Hidden from Windows API.
C:\$Extend\$RmMetadata\$Repair:$Config 6/25/2012 10:54 AM 8 bytes Hidden from Windows API.
C:\$Extend\$RmMetadata\$Txf 6/25/2012 10:54 AM 0 bytes Hidden from Windows API.
C:\$Extend\$RmMetadata\$TxfLog 6/25/2012 10:54 AM 0 bytes Hidden from Windows API.
C:\$Extend\$RmMetadata\$TxfLog\$Tops 6/25/2012 10:54 AM 100 bytes Hidden from Windows API.
C:\$Extend\$RmMetadata\$TxfLog\$Tops:$T 6/25/2012 10:54 AM 1.00 MB Hidden from Windows API.
C:\$Extend\$RmMetadata\$TxfLog\$TxfLog.blf 6/25/2012 10:54 AM 64.00 KB Hidden from Windows API.
C:\$Extend\$RmMetadata\$TxfLog\$TxfLogContainer00000000000000000001 6/25/2012 10:54 AM 10.00 MB Hidden from Windows API.
C:\$Extend\$RmMetadata\$TxfLog\$TxfLogContainer00000000000000000002 6/25/2012 10:54 AM 10.00 MB Hidden from Windows API.
C:\$Extend\$UsnJrnl 1/20/2012 3:45 PM 0 bytes Hidden from Windows API.
C:\$Extend\$UsnJrnl:$Max 1/20/2012 3:45 PM 32 bytes Hidden from Windows API.
C:\$LogFile 1/18/2012 12:17 PM 64.00 MB Hidden from Windows API.
C:\$MFT 1/18/2012 12:17 PM 132.17 MB Hidden from Windows API.
C:\$MFTMirr 1/18/2012 12:17 PM 4.00 KB Hidden from Windows API.
C:\$Secure 1/18/2012 12:17 PM 0 bytes Hidden from Windows API.
C:\$UpCase 1/18/2012 12:17 PM 128.00 KB Hidden from Windows API.
C:\$Volume 1/18/2012 12:17 PM 0 bytes Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Pure Networks\Platform\networklib.xml 9/7/2012 11:25 AM 736.51 KB Visible in Windows API, directory index, but not in MFT.
C:\Documents and Settings\El Jeffe\Application Data\Mozilla\Firefox\Profiles\vdaxwjtt.default\addons.sqlite-journal 9/7/2012 10:20 AM 192.55 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\El Jeffe\Application Data\Mozilla\Firefox\Profiles\vdaxwjtt.default\bookmarkbackups\bookmarks-2012-09-07.json 9/7/2012 11:25 AM 397.62 KB Hidden from Windows API.
C:\Documents and Settings\El Jeffe\Application Data\Mozilla\Firefox\Profiles\vdaxwjtt.default\cookies.sqlite-shm 9/7/2012 10:18 AM 32.00 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\El Jeffe\Application Data\Mozilla\Firefox\Profiles\vdaxwjtt.default\cookies.sqlite-wal 9/7/2012 7:16 AM 608.48 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\El Jeffe\Application Data\Mozilla\Firefox\Profiles\vdaxwjtt.default\places.sqlite-shm 9/7/2012 10:17 AM 32.00 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\El Jeffe\Application Data\Mozilla\Firefox\Profiles\vdaxwjtt.default\places.sqlite-wal 9/7/2012 10:07 AM 288.24 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\El Jeffe\Application Data\Mozilla\Firefox\Profiles\vdaxwjtt.default\sessionstore.bak 9/7/2012 10:05 AM 30.65 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\El Jeffe\Application Data\Mozilla\Firefox\Profiles\vdaxwjtt.default\sessionstore.js 9/7/2012 11:20 AM 19.34 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\El Jeffe\Local Settings\Temp\etilqs_f9a6Y5nXhS5ybh8 9/7/2012 10:17 AM 32.51 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\El Jeffe\Local Settings\Temp\etilqs_iPfwj93u2hz5I6i 9/7/2012 10:17 AM 32.00 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\El Jeffe\Local Settings\Temp\plugtmp-1 9/7/2012 10:31 AM 0 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\El Jeffe\Local Settings\Temp\rootkits_draft.pdf 9/7/2012 10:22 AM 427.84 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\$NtUninstallKB15872$:SummaryInformation 1/28/2012 5:16 PM 0 bytes Hidden from Windows API.
C:\WINDOWS\$NtUninstallKB15872$\3437294304 3/7/2012 8:23 AM 0 bytes Hidden from Windows API.
C:\WINDOWS\$NtUninstallKB15872$\3437294304\@ 3/7/2012 8:12 AM 2.00 KB Hidden from Windows API.
C:\WINDOWS\$NtUninstallKB15872$\3437294304\cfg.ini 3/7/2012 10:10 AM 170 bytes Hidden from Windows API.
C:\WINDOWS\$NtUninstallKB15872$\3437294304\Desktop.ini 3/7/2012 10:10 AM 4.50 KB Hidden from Windows API.
C:\WINDOWS\$NtUninstallKB15872$\3437294304\L 3/7/2012 8:12 AM 0 bytes Hidden from Windows API.
C:\WINDOWS\$NtUninstallKB15872$\3437294304\L\immubzpp 3/7/2012 8:12 AM 445.63 KB Hidden from Windows API.
C:\WINDOWS\$NtUninstallKB15872$\3437294304\U 3/7/2012 8:13 AM 0 bytes Hidden from Windows API.
C:\WINDOWS\$NtUninstallKB15872$\3437294304\U\[email protected] 3/7/2012 8:13 AM 2.00 KB Hidden from Windows API.
C:\WINDOWS\$NtUninstallKB15872$\3437294304\U\[email protected] 3/7/2012 8:13 AM 219.50 KB Hidden from Windows API.
C:\WINDOWS\$NtUninstallKB15872$\3437294304\U\[email protected] 3/7/2012 8:13 AM 1.00 KB Hidden from Windows API.
C:\WINDOWS\$NtUninstallKB15872$\3437294304\U\8000[email protected] 3/7/2012 8:13 AM 65.00 KB Hidden from Windows API.
C:\WINDOWS\$NtUninstallKB15872$\3437294304\U\[email protected] 3/7/2012 8:13 AM 12.50 KB Hidden from Windows API.
C:\WINDOWS\$NtUninstallKB15872$\3437294304\U\[email protected] 3/7/2012 8:13 AM 71.50 KB Hidden from Windows API.
C:\WINDOWS\$NtUninstallKB15872$\3437294304\version 3/7/2012 10:10 AM 858 bytes Hidden from Windows API.
C:\WINDOWS\$NtUninstallKB15872$\3608810465 3/7/2012 8:12 AM 0 bytes Hidden from Windows API.
D:\$AttrDef 12/25/2011 9:43 PM 2.50 KB Hidden from Windows API.
D:\$BadClus 12/25/2011 9:43 PM 0 bytes Hidden from Windows API.
D:\$BadClus:$Bad 12/25/2011 9:43 PM 465.76 GB Hidden from Windows API.
D:\$Bitmap 12/25/2011 9:43 PM 14.56 MB Hidden from Windows API.
D:\$Boot 12/25/2011 9:43 PM 8.00 KB Hidden from Windows API.
D:\$Extend 12/25/2011 9:43 PM 0 bytes Hidden from Windows API.
D:\$Extend\$ObjId 12/25/2011 9:44 PM 0 bytes Hidden from Windows API.
D:\$Extend\$Quota 12/25/2011 9:44 PM 0 bytes Hidden from Windows API.
D:\$Extend\$Reparse 12/25/2011 9:44 PM 0 bytes Hidden from Windows API.
D:\$Extend\$RmMetadata 6/25/2012 4:36 PM 0 bytes Hidden from Windows API.
D:\$Extend\$RmMetadata\$Repair 6/25/2012 4:36 PM 0 bytes Hidden from Windows API.
D:\$Extend\$RmMetadata\$Repair:$Config 6/25/2012 4:36 PM 8 bytes Hidden fr

Attached Files


  • 0

#3
Gammo

Gammo

    Trusted Helper

  • Malware Removal
  • 2,299 posts
Hello and welcome to Geekstogo!

We apologize for the delay in responding to your request for help.
If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

If you haven't done so yet, please go to Malware and Spyware Cleaning Guide and follow the steps instructed there. If you have already done this, we still need a new log to see what has changed since you originally posted your problem.

We need to create an OTL Report
Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Check the box that says Scan All Users.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.
  • Note: the Extras.txt file only gets created on OTL's first run.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.
  • 0

#4
GMantel

GMantel

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Here are the OTL results you requested. Thank you for your assistance!

OTL logfile created on: 9/11/2012 8:29:20 AM - Run 1
OTL by OldTimer - Version 3.2.61.3 Folder = C:\Documents and Settings\El Jeffe\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.25 Gb Total Physical Memory | 0.56 Gb Available Physical Memory | 45.03% Memory free
2.98 Gb Paging File | 2.40 Gb Available in Paging File | 80.64% Paging File free
Paging file location(s): C:\pagefile.sys 1920 3840 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 30.28 Gb Free Space | 40.64% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 428.00 Gb Free Space | 91.89% Space Free | Partition Type: NTFS

Computer Name: GLENNWORKPC | User Name: El Jeffe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/11 08:27:36 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\El Jeffe\Desktop\OTL.exe
PRC - [2012/09/10 10:19:33 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/05/26 12:04:52 | 000,913,792 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
PRC - [2012/05/03 17:52:18 | 000,024,712 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Program Files\EASEUS\Todo Backup\bin\GuardAgent.exe
PRC - [2012/05/03 17:52:10 | 000,070,280 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Program Files\EASEUS\Todo Backup\bin\Agent.exe
PRC - [2012/04/30 19:56:52 | 000,213,888 | ---- | M] (FileOpen Systems Inc.) -- C:\Program Files\FileOpen\Services\FileOpenManagerSvc32.exe
PRC - [2012/04/30 19:56:50 | 000,836,480 | ---- | M] (FileOpen Systems Inc.) -- C:\Program Files\FileOpen\Services\FileOpenBroker32.exe
PRC - [2012/04/04 18:47:32 | 000,161,664 | ---- | M] (Oracle Corporation) -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
PRC - [2011/09/23 15:36:50 | 000,729,088 | ---- | M] (Rhapsody International Inc.) -- C:\Program Files\Rhapsody\rhaphlpr.exe
PRC - [2011/04/08 05:50:02 | 000,542,264 | ---- | M] (Google) -- C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
PRC - [2009/07/07 15:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012/09/10 10:19:32 | 002,244,064 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/07/26 07:54:30 | 009,465,032 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_268.dll
MOD - [2012/05/03 17:51:16 | 000,066,184 | ---- | M] () -- C:\Program Files\EASEUS\Todo Backup\bin\TbTapeBrowse.dll
MOD - [2012/05/03 17:51:14 | 000,095,880 | ---- | M] () -- C:\Program Files\EASEUS\Todo Backup\bin\TBFireWall.dll
MOD - [2012/05/03 17:51:14 | 000,051,336 | ---- | M] () -- C:\Program Files\EASEUS\Todo Backup\bin\TBGetRemoteNetInfo.dll
MOD - [2012/05/03 17:51:12 | 000,106,120 | ---- | M] () -- C:\Program Files\EASEUS\Todo Backup\bin\NASOperator.dll
MOD - [2012/05/03 17:51:10 | 000,254,088 | ---- | M] () -- C:\Program Files\EASEUS\Todo Backup\bin\ExImage.dll
MOD - [2012/05/03 17:51:08 | 000,382,600 | ---- | M] () -- C:\Program Files\EASEUS\Todo Backup\bin\ExchBackupSizeEx.dll
MOD - [2012/05/03 17:51:08 | 000,194,696 | ---- | M] () -- C:\Program Files\EASEUS\Todo Backup\bin\ExchBackupSize.dll
MOD - [2012/05/03 17:51:08 | 000,070,280 | ---- | M] () -- C:\Program Files\EASEUS\Todo Backup\bin\EnumTapeDevice.dll
MOD - [2012/05/03 17:51:06 | 000,051,848 | ---- | M] () -- C:\Program Files\EASEUS\Todo Backup\bin\CodeLog.dll
MOD - [2012/05/03 17:51:06 | 000,037,000 | ---- | M] () -- C:\Program Files\EASEUS\Todo Backup\bin\CompressFile.dll
MOD - [2012/05/03 17:51:06 | 000,023,176 | ---- | M] () -- C:\Program Files\EASEUS\Todo Backup\bin\AccountManager.dll
MOD - [2011/04/21 16:54:40 | 000,347,024 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 5\madexcept_.bpl
MOD - [2011/04/21 16:54:40 | 000,179,088 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 5\madbasic_.bpl
MOD - [2011/04/21 16:54:40 | 000,046,480 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 5\maddisAsm_.bpl
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2008/11/25 17:18:00 | 001,291,264 | ---- | M] () -- C:\Program Files\EASEUS\Todo Backup\bin\libxml2.dll
MOD - [2004/10/05 03:08:00 | 000,055,808 | ---- | M] () -- C:\Program Files\EASEUS\Todo Backup\bin\zlib1.dll


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\DOCUME~1\ELJEFF~1\LOCALS~1\Temp\Y.exe -- (Y)
SRV - [2012/09/10 10:19:33 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/09/07 11:19:05 | 000,404,352 | ---- | M] (Sysinternals - www.sysinternals.com) [On_Demand | Stopped] -- C:\Documents and Settings\El Jeffe\Local Settings\Temp\HU.exe -- (HU)
SRV - [2012/09/07 10:43:12 | 000,461,696 | ---- | M] (Sysinternals - www.sysinternals.com) [On_Demand | Stopped] -- C:\Documents and Settings\El Jeffe\Local Settings\Temp\FJENXFC.exe -- (FJENXFC)
SRV - [2012/07/13 14:14:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/05/26 12:04:52 | 000,913,792 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe -- (AdvancedSystemCareService5)
SRV - [2012/05/03 17:52:18 | 000,024,712 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Auto | Running] -- C:\Program Files\EASEUS\Todo Backup\bin\GuardAgent.exe -- (Guard Agent)
SRV - [2012/05/03 17:52:10 | 000,070,280 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Auto | Running] -- C:\Program Files\EASEUS\Todo Backup\bin\Agent.exe -- (EaseUS Agent)
SRV - [2012/04/30 19:56:52 | 000,213,888 | ---- | M] (FileOpen Systems Inc.) [Auto | Running] -- C:\Program Files\FileOpen\Services\FileOpenManagerSvc32.exe -- (FileOpenManagerSvc)
SRV - [2012/04/04 18:47:32 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/03/06 14:19:35 | 000,732,160 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\AutoKMS\AutoKMS.exe -- (AutoKMS)
SRV - [2012/02/14 02:19:58 | 000,014,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\VPN4ALL\Connect\openvpnserv.exe -- (OpenVPNService)
SRV - [2012/01/23 18:58:50 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/06/12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2009/12/15 00:43:20 | 000,515,560 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/07/07 15:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\screamingbdriver.sys -- (SCREAMINGBDRIVER)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rootrepeal.sys -- (rootrepeal)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | Auto | Stopped] -- -- (MCSTRM)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EUFDDISK0.sys -- (EUFDDISK0)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EUBKMON0.sys -- (EUBKMON0)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EUBAKUP0.sys -- (EUBAKUP0)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (a5dy52c1)
DRV - [2012/07/15 14:00:47 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2012/05/03 17:52:00 | 000,185,864 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\EuFdDisk.sys -- (EUFDDISK)
DRV - [2012/05/03 17:51:58 | 000,041,352 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\EUBKMON.sys -- (EUBKMON)
DRV - [2012/05/03 17:51:52 | 000,016,008 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eudskacs.sys -- (EUDSKACS)
DRV - [2012/05/03 17:51:50 | 000,050,312 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\eubakup.sys -- (EUBAKUP)
DRV - [2012/04/24 13:59:24 | 000,021,808 | ---- | M] (An Chen Computer Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Aldebaran.sys -- (Aldebaran)
DRV - [2012/04/24 13:59:24 | 000,016,855 | ---- | M] (An Chen Computer Co., Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\Achernar.sys -- (Achernar)
DRV - [2012/02/14 02:20:16 | 000,026,624 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tap0901.sys -- (tap0901)
DRV - [2011/08/26 16:11:40 | 000,027,552 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Program Files\IObit\IObit Unlocker\IObitUnlocker.sys -- (IObitUnlocker)
DRV - [2011/08/09 15:24:52 | 000,154,136 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2011/08/09 10:37:28 | 000,039,824 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\epfwndis.sys -- (Epfwndis)
DRV - [2011/08/04 10:20:38 | 000,147,480 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epfw.sys -- (epfw)
DRV - [2011/08/04 10:20:38 | 000,061,936 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdi.sys -- (epfwtdi)
DRV - [2011/08/04 10:20:36 | 000,118,104 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2011/07/29 13:54:56 | 000,013,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\epmntdrv.sys -- (epmntdrv)
DRV - [2011/07/29 13:54:56 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2011/04/29 16:47:24 | 000,033,560 | ---- | M] (SUNPLUS TECHNOLOGY Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SPCP825K.sys -- (SPCP825K)
DRV - [2010/09/17 06:00:28 | 000,599,936 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8192su.sys -- (RTL8192su)
DRV - [2010/02/11 00:38:10 | 003,565,056 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009/07/07 15:48:44 | 000,026,672 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis)
DRV - [2009/07/07 15:48:44 | 000,025,392 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)
DRV - [2009/03/02 11:24:26 | 000,030,136 | ---- | M] (Resplendence Software Projects Sp.) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rspSanity32.sys -- (rspSanity)
DRV - [2007/02/03 11:32:36 | 000,041,504 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007/02/03 11:25:56 | 001,075,360 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Camdrl.sys -- (CamDrL)
DRV - [2006/04/26 02:03:56 | 000,009,600 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\ISODisk.sys -- (ISODisk)
DRV - [2005/11/16 16:36:00 | 001,047,816 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2003/07/23 02:44:18 | 000,018,848 | ---- | M] (KONICA MINOLTA BUSINESS TECHNOLOGIES, INC.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\MLPTDR_Q.SYS -- (MLPTDR_Q)
DRV - [2003/04/14 16:00:40 | 000,032,512 | ---- | M] (Cypress Semiconductor) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MXOFX.SYS -- (MXOFX)
DRV - [2002/05/30 00:11:14 | 000,108,548 | ---- | M] (Network Associates Technology, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\PGPdisk.sys -- (PGPdisk)
DRV - [2002/05/29 23:20:48 | 000,006,656 | ---- | M] (Network Associates, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PGPmemlock.sys -- (PGPmemlock)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2000478354-1592454029-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/
IE - HKU\S-1-5-21-2000478354-1592454029-839522115-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2000478354-1592454029-839522115-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKU\S-1-5-21-2000478354-1592454029-839522115-1003\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2786678
IE - HKU\S-1-5-21-2000478354-1592454029-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "my.yahoo.com"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: File not found
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012/08/16 16:29:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/10 10:19:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/09/10 10:19:16 | 000,000,000 | ---D | M]

[2012/01/18 21:10:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\El Jeffe\Application Data\Mozilla\Extensions
[2012/08/30 09:11:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\El Jeffe\Application Data\Mozilla\Firefox\Profiles\vdaxwjtt.default\extensions
[2012/05/30 10:01:21 | 000,000,000 | ---D | M] (BitComet Video Downloader) -- C:\Documents and Settings\El Jeffe\Application Data\Mozilla\Firefox\Profiles\vdaxwjtt.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
[2012/08/30 09:11:24 | 000,000,000 | ---D | M] (DoNotTrackPlus) -- C:\Documents and Settings\El Jeffe\Application Data\Mozilla\Firefox\Profiles\vdaxwjtt.default\extensions\[email protected]
[2012/08/30 09:11:02 | 000,199,396 | ---- | M] () (No name found) -- C:\Documents and Settings\El Jeffe\Application Data\Mozilla\Firefox\Profiles\vdaxwjtt.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
[2012/08/29 13:56:22 | 000,007,915 | ---- | M] () (No name found) -- C:\Documents and Settings\El Jeffe\Application Data\Mozilla\Firefox\Profiles\vdaxwjtt.default\extensions\[email protected]\chrome\content\ff\view_expiry.js
[2012/09/10 13:54:40 | 000,005,472 | ---- | M] () -- C:\Documents and Settings\El Jeffe\Application Data\Mozilla\Firefox\Profiles\vdaxwjtt.default\searchplugins\startpage-https.xml
[2012/09/10 10:19:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/09/10 10:19:34 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/01/12 01:58:30 | 000,917,816 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll
[2012/08/29 09:51:36 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/08/29 09:51:36 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/09/10 07:22:02 | 000,000,843 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-2000478354-1592454029-839522115-1003\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-2000478354-1592454029-839522115-1003\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [FileOpenBroker] C:\Program Files\FileOpen\Services\FileOpenBroker32.exe (FileOpen Systems Inc.)
O4 - HKU\.DEFAULT..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08b2 -f video -m logitech -d 10.5.1.2023 File not found
O4 - HKU\S-1-5-18..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08b2 -f video -m logitech -d 10.5.1.2023 File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Calendar Sync.lnk = C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe (Google)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2000478354-1592454029-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2000478354-1592454029-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0
O7 - HKU\S-1-5-21-2000478354-1592454029-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
O7 - HKU\S-1-5-21-2000478354-1592454029-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoManageMyComputerVerb = 0
O7 - HKU\S-1-5-21-2000478354-1592454029-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0
O7 - HKU\S-1-5-21-2000478354-1592454029-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\S-1-5-21-2000478354-1592454029-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuPinnedList = 0
O7 - HKU\S-1-5-21-2000478354-1592454029-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 0
O7 - HKU\S-1-5-21-2000478354-1592454029-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartmenuLogoff = 0
O7 - HKU\S-1-5-21-2000478354-1592454029-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0
O7 - HKU\S-1-5-21-2000478354-1592454029-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 0
O7 - HKU\S-1-5-21-2000478354-1592454029-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPrinterTabs = 0
O7 - HKU\S-1-5-21-2000478354-1592454029-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
O7 - HKU\S-1-5-21-2000478354-1592454029-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAddPrinter = 0
O7 - HKU\S-1-5-21-2000478354-1592454029-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPrinters = 0
O7 - HKU\S-1-5-21-2000478354-1592454029-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetworkConnections = 0
O7 - HKU\S-1-5-21-2000478354-1592454029-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 0
O7 - HKU\S-1-5-21-2000478354-1592454029-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\S-1-5-21-2000478354-1592454029-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKU\S-1-5-21-2000478354-1592454029-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O7 - HKU\S-1-5-21-2000478354-1592454029-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKU\S-1-5-21-2000478354-1592454029-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
O7 - HKU\S-1-5-21-2000478354-1592454029-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\S-1-5-21-2000478354-1592454029-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoShellSearchButton = 0
O7 - HKU\S-1-5-21-2000478354-1592454029-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarCustomize = 0
O7 - HKU\S-1-5-21-2000478354-1592454029-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 0
O7 - HKU\S-1-5-21-2000478354-1592454029-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeAnimation = 0
O7 - HKU\S-1-5-21-2000478354-1592454029-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeKeyboardNavigationIndicators = 0
O7 - HKU\S-1-5-21-2000478354-1592454029-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThemesTab = 0
O7 - HKU\S-1-5-21-2000478354-1592454029-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKU\S-1-5-21-2000478354-1592454029-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 0
O7 - HKU\S-1-5-21-2000478354-1592454029-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O7 - HKU\S-1-5-21-2000478354-1592454029-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2000478354-1592454029-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKU\S-1-5-21-2000478354-1592454029-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoSecCpl = 0
O7 - HKU\S-1-5-21-2000478354-1592454029-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O7 - HKU\S-1-5-21-2000478354-1592454029-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKU\S-1-5-21-2000478354-1592454029-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKU\S-1-5-21-2000478354-1592454029-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKU\S-1-5-21-2000478354-1592454029-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O7 - HKU\S-1-5-21-2000478354-1592454029-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O7 - HKU\S-1-5-21-2000478354-1592454029-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoVisualStyleChoice = 0
O7 - HKU\S-1-5-21-2000478354-1592454029-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCpl = 0
O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.238.64.12 68.238.96.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8071B03F-8382-4EDD-8098-A000584A3D92}: DhcpNameServer = 68.238.64.12 68.238.96.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C9E9BD90-381A-4B25-A152-DF6DFDA97484}: DhcpNameServer = 192.168.1.1 4.2.2.2
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\El Jeffe\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\El Jeffe\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/01/18 20:35:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/11 08:27:35 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\El Jeffe\Desktop\OTL.exe
[2012/09/10 10:19:01 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/09/07 12:18:43 | 000,030,136 | ---- | C] (Resplendence Software Projects Sp.) -- C:\WINDOWS\System32\drivers\rspSanity32.sys
[2012/09/05 07:21:27 | 002,322,184 | ---- | C] (ESET) -- C:\Documents and Settings\El Jeffe\Desktop\esetsmartinstaller_enu.exe
[2012/09/04 11:30:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\El Jeffe\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/08/29 15:29:57 | 000,000,000 | ---D | C] -- C:\Program Files\FileOpen
[2012/08/27 10:34:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\El Jeffe\My Documents\Skype Voice Records
[2012/08/27 10:34:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\El Jeffe\My Documents\Clownfish Avatars
[2012/08/16 16:37:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2012/08/16 16:29:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe LiveCycle ES2
[2012/08/16 16:01:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ALM
[2012/08/16 15:54:59 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Media Player
[2012/08/16 15:54:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe
[2012/08/16 15:53:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Master Collection CS5
[2012/08/16 15:53:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2012/08/16 15:53:05 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012/08/16 15:51:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2012/08/16 15:48:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\El Jeffe\Local Settings\Application Data\Adobe
[2012/08/16 12:45:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\El Jeffe\Application Data\Adobe
[2012/08/14 13:53:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\El Jeffe\Application Data\PGP
[2012/08/14 12:28:54 | 000,000,000 | R--D | C] -- C:\Documents and Settings\El Jeffe\Application Data\Brother

========== Files - Modified Within 30 Days ==========

[2012/09/11 08:27:36 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\El Jeffe\Desktop\OTL.exe
[2012/09/11 08:00:06 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2012/09/11 07:50:00 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/11 07:03:43 | 000,870,128 | ---- | M] () -- C:\Documents and Settings\El Jeffe\Application Data\mcs.rma
[2012/09/11 07:03:43 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\El Jeffe\Application Data\C02984
[2012/09/11 06:57:38 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/09/11 06:56:59 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/11 06:56:40 | 000,000,270 | ---- | M] () -- C:\WINDOWS\tasks\AutoKMS.job
[2012/09/11 06:56:35 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/09/11 06:56:28 | 1340,231,680 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/10 13:36:22 | 000,000,426 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI
[2012/09/10 13:04:26 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/09/06 13:39:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/09/05 14:48:09 | 000,000,512 | ---- | M] () -- C:\WINDOWS\randseed.rnd
[2012/09/05 09:06:47 | 000,001,564 | ---- | M] () -- C:\Documents and Settings\El Jeffe\Desktop\Clownfish.lnk
[2012/09/05 07:21:36 | 002,322,184 | ---- | M] (ESET) -- C:\Documents and Settings\El Jeffe\Desktop\esetsmartinstaller_enu.exe
[2012/09/04 11:30:45 | 000,059,548 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2012/09/04 10:59:02 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-GLENNWORKPC-El Jeffe.job
[2012/08/29 07:45:38 | 000,000,099 | ---- | M] () -- C:\WINDOWS\Brownie.ini
[2012/08/17 07:15:18 | 003,586,704 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/08/16 16:29:59 | 000,001,741 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Acrobat X Pro.lnk
[2012/08/14 10:59:01 | 000,303,081 | ---- | M] () -- C:\Documents and Settings\El Jeffe\Desktop\VZGL1 Claim-1.pdf

========== Files Created - No Company Name ==========

[2012/09/04 10:59:01 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-GLENNWORKPC-El Jeffe.job
[2012/08/16 16:29:59 | 000,001,741 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Acrobat X Pro.lnk
[2012/08/16 16:29:58 | 000,001,812 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Acrobat Distiller X.lnk
[2012/08/16 16:29:58 | 000,001,808 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Acrobat X Pro.lnk
[2012/08/16 15:53:14 | 000,000,728 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Help.lnk
[2012/08/14 10:59:01 | 000,303,081 | ---- | C] () -- C:\Documents and Settings\El Jeffe\Desktop\VZGL1 Claim-1.pdf
[2012/08/08 14:02:22 | 000,019,840 | ---- | C] () -- C:\WINDOWS\System32\EuEpmGdi.dll
[2012/08/08 14:02:21 | 002,468,520 | ---- | C] () -- C:\WINDOWS\System32\BootMan.exe
[2012/08/08 14:02:21 | 000,086,408 | ---- | C] () -- C:\WINDOWS\System32\setupempdrv03.exe
[2012/08/08 14:02:21 | 000,013,192 | ---- | C] () -- C:\WINDOWS\System32\epmntdrv.sys
[2012/08/08 14:02:21 | 000,008,456 | ---- | C] () -- C:\WINDOWS\System32\EuGdiDrv.sys
[2012/08/08 08:58:43 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2012/07/18 20:45:46 | 000,059,548 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2012/07/16 16:13:11 | 000,001,534 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ss.ini
[2012/07/16 09:43:31 | 000,000,426 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2012/07/16 09:43:06 | 000,000,146 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI
[2012/07/16 09:43:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2012/07/16 09:43:04 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\brlmw03a.ini
[2012/07/16 09:43:03 | 000,009,868 | ---- | C] () -- C:\WINDOWS\HL-2170W.INI
[2012/07/16 09:41:19 | 000,000,052 | ---- | C] () -- C:\WINDOWS\System32\bd2170w.dat
[2012/07/16 09:40:57 | 000,000,099 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2012/04/21 13:18:26 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\El Jeffe\Local Settings\Application Data\fusioncache.dat
[2012/04/06 22:04:15 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2012/04/02 16:14:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2012/03/06 14:19:55 | 000,151,552 | ---- | C] () -- C:\WINDOWS\KMSEmulator.exe
[2012/02/24 13:26:57 | 000,016,896 | ---- | C] () -- C:\Documents and Settings\El Jeffe\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/13 19:24:42 | 000,038,476 | ---- | C] () -- C:\Documents and Settings\El Jeffe\Application Data\Comma Separated Values (DOS).ADR
[2012/02/01 09:41:01 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/01/31 17:31:16 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\El Jeffe\Application Data\C02984
[2012/01/31 17:31:15 | 000,870,128 | ---- | C] () -- C:\Documents and Settings\El Jeffe\Application Data\mcs.rma
[2012/01/27 19:10:34 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2012/01/27 19:10:33 | 000,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2012/01/27 19:10:33 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2012/01/27 19:10:33 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2012/01/27 19:10:33 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2012/01/27 19:10:33 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2012/01/27 19:10:33 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2012/01/27 19:10:33 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2012/01/27 19:10:33 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2012/01/27 19:10:33 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2012/01/27 19:10:33 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2012/01/27 19:10:33 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2012/01/27 19:10:33 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2012/01/27 19:10:33 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2012/01/27 19:10:33 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2012/01/27 19:10:33 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2012/01/20 14:55:55 | 000,041,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\EUBKMON.sys
[2012/01/20 12:43:44 | 000,009,600 | ---- | C] () -- C:\WINDOWS\System32\drivers\ISODisk.sys
[2012/01/19 17:41:16 | 008,892,928 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\atscie.msi
[2012/01/19 13:14:09 | 000,002,179 | ---- | C] () -- C:\Documents and Settings\El Jeffe\Application Data\mainhst.zgh
[2012/01/19 11:40:12 | 000,050,127 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2012/01/19 11:31:55 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\InstMed.exe
[2012/01/18 21:02:25 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2012/01/18 21:02:18 | 000,189,051 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2012/01/18 20:37:20 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012/01/18 20:32:36 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012/01/18 12:26:10 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012/01/18 12:24:37 | 003,586,704 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== LOP Check ==========

[2012/01/28 18:09:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\IObit
[2012/09/10 13:11:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/07/25 16:02:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2012/07/15 14:00:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2012/03/13 22:16:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2012/02/14 18:58:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FileOpen
[2012/07/16 16:12:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreeRIP
[2012/05/07 21:58:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GNU
[2012/03/14 12:34:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GPS Master
[2012/02/29 12:22:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2012/09/10 13:19:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\magicJack
[2012/03/14 12:34:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MAPTAQ GPS Watch software
[2012/05/07 11:51:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PGP
[2012/07/26 14:27:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2012/08/15 10:25:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\El Jeffe\Application Data\BitComet
[2012/09/04 11:30:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\El Jeffe\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/08/16 15:47:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\El Jeffe\Application Data\DAEMON Tools Lite
[2012/01/24 20:12:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\El Jeffe\Application Data\Dextronet
[2012/07/19 11:52:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\El Jeffe\Application Data\Dropbox
[2012/05/15 11:29:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\El Jeffe\Application Data\ElevatedDiagnostics
[2012/01/27 19:37:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\El Jeffe\Application Data\EPSON
[2012/02/14 18:58:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\El Jeffe\Application Data\FileOpen
[2012/03/09 09:36:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\El Jeffe\Application Data\FileZilla
[2012/03/06 21:29:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\El Jeffe\Application Data\Godlike
[2012/01/27 16:25:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\El Jeffe\Application Data\IObit
[2012/01/19 20:32:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\El Jeffe\Application Data\Itsth
[2012/06/04 09:07:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\El Jeffe\Application Data\Oracle
[2012/08/14 13:53:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\El Jeffe\Application Data\PGP
[2012/02/28 16:30:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\El Jeffe\Application Data\Windows Desktop Search
[2012/01/20 15:47:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\El Jeffe\Application Data\Windows Search
[2012/05/07 21:58:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\gnupg
[2012/09/11 06:56:40 | 000,000,270 | ---- | M] () -- C:\WINDOWS\Tasks\AutoKMS.job
[2012/05/31 18:03:02 | 000,000,268 | ---- | M] () -- C:\WINDOWS\Tasks\LaunchApp.job

========== Purity Check ==========



========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\WINDOWS\$NtUninstallKB15872$] -> Error: Cannot create file handle -> Unknown point type

< End of report >

OTL Extras logfile created on: 9/11/2012 8:29:20 AM - Run 1
OTL by OldTimer - Version 3.2.61.3 Folder = C:\Documents and Settings\El Jeffe\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.25 Gb Total Physical Memory | 0.56 Gb Available Physical Memory | 45.03% Memory free
2.98 Gb Paging File | 2.40 Gb Available in Paging File | 80.64% Paging File free
Paging file location(s): C:\pagefile.sys 1920 3840 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 30.28 Gb Free Space | 40.64% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 428.00 Gb Free Space | 91.89% Space Free | Partition Type: NTFS

Computer Name: GLENNWORKPC | User Name: El Jeffe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-2000478354-1592454029-839522115-1003\SOFTWARE\Classes\<extension>]
.html [@ = FireFoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
"80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)
"20280:TCP" = 20280:TCP:*:Enabled:BitComet 20280 TCP
"20280:UDP" = 20280:UDP:*:Enabled:BitComet 20280 UDP

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Rhapsody\rhapsody.exe" = C:\Program Files\Rhapsody\rhapsody.exe:*:Enabled:RealNetworks Rhapsody -- (Rhapsody International Inc.)
"C:\Program Files\Microsoft Office\Office14\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office14\GROOVE.EXE:*:Enabled:Microsoft SharePoint Workspace -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Documents and Settings\El Jeffe\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\El Jeffe\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
"C:\Program Files\VPN4ALL\VPN4ALL.exe" = C:\Program Files\VPN4ALL\VPN4ALL.exe:*:Enabled:vpn4all -- (Web Broadcast Ltd.)
"C:\Program Files\VPN4ALL\Connect\openvpn.exe" = C:\Program Files\VPN4ALL\Connect\openvpn.exe:*:Enabled:OpenVPN -- ()
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\BitComet\BitComet.exe" = C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet.exe -- (www.BitComet.com)
"C:\Program Files\EASEUS\Todo Backup\bin\Agent.exe" = C:\Program Files\EASEUS\Todo Backup\bin\Agent.exe:*:Enabled:Agent.exe -- (CHENGDU YIWO Tech Development Co., Ltd)
"C:\Program Files\EASEUS\Todo Backup\bin\TbService.exe" = C:\Program Files\EASEUS\Todo Backup\bin\TbService.exe:*:Enabled:TbService.exe -- (CHENGDU YIWO Tech Development Co., Ltd)
"C:\Program Files\EASEUS\Todo Backup\bin\TBConsoleUI.exe" = C:\Program Files\EASEUS\Todo Backup\bin\TBConsoleUI.exe:*:Enabled:Local TBConsoleUI.exe -- (CHENGDU YIWO Tech Development Co., Ltd)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{03ADC8AB-C130-0C3D-1FF9-2C385DF25689}" = CCC Help Czech
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = CCC
"{07021185-008D-ABF9-7716-475AC035F8B3}" = CCC Help Spanish
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F8D0406-7755-AC37-6529-73AD649DBE32}" = Catalyst Control Center Graphics Previews Common
"{10A5ECCC-D008-406F-B90C-07830235F244}" = Brother HL-2170W
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22072CC8-7230-96F8-52F4-05EAF3F906B6}" = CCC Help Polish
"{22B63674-C542-4CE0-8016-A1FE3C919B82}" = DVD Power Burner
"{2368ADBD-6FDF-4B9F-FE41-E20B4D78E79E}" = CCC Help Chinese Standard
"{25EF0DC4-B072-2E04-4581-A13C91423CE6}" = CCC Help Portuguese
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java™ 7 Update 4
"{26F7855C-443B-00A6-F7B8-A97A5403F617}" = CCC Help Danish
"{2CB4A925-48A7-DA65-DCEE-D4DE224B7D84}" = CCC Help English
"{306D75B9-7FFF-FF65-0C76-57F2FE4FE1D6}" = Catalyst Control Center Core Implementation
"{32B12FE4-5A51-751A-1FB6-A14E97EBDD5C}" = CCC Help German
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{351512E5-01BD-E878-6F57-AA3E517D9ECE}" = Skins
"{354A387E-0374-21A3-6832-335674A6D7D1}" = CCC Help French
"{3C00BEE9-26D0-D9E0-A2D1-62F70D412A12}" = CCC Help Turkish
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}" = ATI HYDRAVISION
"{3EC91FDF-FE9A-43D5-96C4-8A9C24372500}" = Maxtor OneTouch
"{41A01180-D9FD-3428-9FD6-749F4C637CBF}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"{4346F7AA-3D56-0941-424C-4454E04D37F6}" = CCC Help Italian
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CAE2F2C-75CD-A0DE-7520-449BCBBCC833}" = CCC Help Korean
"{501451DE-5808-4599-B544-8BD0915B6B24}_is1" = FreeRIP 3.80
"{57F7F0A5-8F22-8E63-E819-803B5C9CA3A5}" = CCC Help Dutch
"{5EA437D2-7A57-B60E-E8F2-76BFAC0895A5}" = CCC Help Chinese Traditional
"{61AF4E75-050E-0304-3417-8BC16417FEB1}" = CCC Help Greek
"{632005DA-C291-5275-284C-5EE96B05C714}" = Catalyst Control Center HydraVision Full
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{67C5EC16-0DC1-4045-A7FF-D7D0FFA4B54D}" = Microsoft .NET Framework 2.0 Language Pack - CHT
"{6C72BE0C-3E25-CACD-0070-2FD9C02ABA14}" = ccc-core-preinstall
"{76A64A33-D197-4525-85EE-255D6E5F3604}" = FileOpen Client
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A25D130-4EC8-11E1-BEA4-B8AC6F97B88E}" = Google Earth
"{7AC0886A-CE48-4EB6-9CC3-4C56D427F2E1}" = Cisco Network Magic
"{7FF0ACFE-4346-4D9D-B822-C69B99AAE1FC}" = Microsoft_VC80_MFCLOC_x86
"{880BB617-914E-17E8-D877-A96BAC5794D2}" = Catalyst Control Center Graphics Full New
"{8897CF22-DB6C-8248-895C-12BFA2677F51}" = CCC Help Hungarian
"{8AE28FB8-B8AE-4B58-A5FE-77F45E462BAE}" = Microsoft_VC80_MFC_x86
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{90140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{952D88D2-3E6F-4E40-8553-8070FEFCE5CD}" = Adobe Creative Suite 5 Master Collection
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A127C3C0-055E-38CF-B38F-1E85F8BBBFFE}" = Adobe Community Help
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-1048-8780-7760-000000000005}" = Adobe Acrobat X Pro - Romanian, Ukrainian, Russian, Turkish
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{AF710FDE-2815-8C8D-5281-8004C2654AA6}" = CCC Help Russian
"{AFF2D965-C6F2-A210-FBF7-532612AA1D23}" = CCC Help Swedish
"{B21336EE-4AEF-9940-4AC7-EDB89854B8D3}" = CCC Help Thai
"{B44C71CC-2076-43A9-9CEC-F57DE096C35A}" = BVR Player
"{BBA69346-61A1-BD34-E75A-4D81232DB1FE}" = Catalyst Control Center Localization All
"{BFD5ED08-F066-92D5-BE67-3B9AE5DCFF0C}" = CCC Help Japanese
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C43048A9-742C-4DAD-90D2-E3B53C9DB825}" = Logitech QuickCam Software
"{C4609F15-FB3C-D97E-BAA1-4F10815039C2}" = Catalyst Control Center Graphics Full Existing
"{CB07E706-5DD7-4093-83A1-1430D5B6FA75}" = Microsoft_VC80_ATL_x86
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D01FAC3D-86B4-3A19-9D10-9156A0EB3EBE}" = CCC Help Finnish
"{D73722C8-3F65-C75B-A631-5D36894DAB92}" = ccc-core-static
"{D7BF3B76-EEF9-4868-9B2B-42ABF60B279A}" = Microsoft_VC80_CRT_x86
"{DDAD33B6-8C00-428D-087B-A7088355B9BE}" = Catalyst Control Center Graphics Light
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E333F074-FC7F-596D-3D61-44F0EC28E8C0}" = ccc-utility
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF702442-B623-4B6A-B41D-412584301725}_is1" = Easy2Sync for Outlook 5.00
"{EFB786FD-D916-416B-A23A-1EBEAF4A9DDC}" = Adobe Flash Player 10 ActiveX
"{FA38F9E4-BED7-E021-B660-8FDFF7EC6E1A}" = CCC Help Norwegian
"{FC467B61-F890-4E29-8585-365DAB66F13E}" = Pure Networks Platform
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced SystemCare 5_is1" = Advanced SystemCare 5
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"BitComet" = BitComet 1.32
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Clownfish" = Clownfish for Skype
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"E02E80B07FB36B7507ECA402411F31D93D60CFDB" = Windows Driver Package - Sunplus (SPCP825K) Ports (07/01/2010 1.0.9.0)
"EASEUS Data Recovery Wizard Free Edition 5.5.1_is1" = EASEUS Data Recovery Wizard Free Edition 5.5.1
"EaseUS Partition Master Home Edition_is1" = EaseUS Partition Master 9.1.1 Home Edition
"EaseUS Todo Backup Free 4.5_is1" = EaseUS Todo Backup Free 4.5
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"Exl-Plan Free" = Exl-Plan Free
"ffdshow_is1" = ffdshow v1.1.3611 [2010-10-06]
"Google Calendar Sync" = Google Calendar Sync
"ie8" = Windows Internet Explorer 8
"InstallShield_{22B63674-C542-4CE0-8016-A1FE3C919B82}" = DVD Power Burner
"IObit Unlocker_is1" = IObit Unlocker
"KONICA MINOLTA PagePro 1350W" = KONICA MINOLTA PagePro 1350W
"MAPTAQ GPS Watch software_is1" = MAPTAQ GPS Watch software 1.2.194
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0 Language Pack - CHT" = Microsoft .NET Framework 2.0 語言套件 - 繁體中文
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"Mozilla Firefox 15.0.1 (x86 en-US)" = Mozilla Firefox 15.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MXOFX" = USB Storage Adapter FX (MXO)
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"PROSet" = Intel® PRO Network Connections Drivers
"QcDrv" = Logitech® Camera Driver
"Rhapsody" = Rhapsody
"SHARM_is1" = SHARM
"Swift To-Do List_is1" = Swift To-Do List Lite 2.66
"VPN4ALL" = VPN4ALL
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2000478354-1592454029-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 8/29/2012 6:22:55 PM | Computer Name = GLENNWORKPC | Source = Windows Search Service | ID = 3013
Description = The entry <MAPI://{S-1-5-21-2000478354-1592454029-839522115-1003}/OUTLOOK($842E1FD6)/0/DELETED
ITEMS/????????????????????????> in the hash map cannot be updated. Context: Application,
SystemIndex Catalog Details: A device attached to the system is not functioning.
(0x8007001f)

Error - 9/4/2012 10:32:09 AM | Computer Name = GLENNWORKPC | Source = Windows Search Service | ID = 3024
Description = The update cannot be started because the content sources cannot be
accessed. Fix the errors and try the update again. Context: Application, SystemIndex
Catalog

Error - 9/10/2012 1:35:50 PM | Computer Name = GLENNWORKPC | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\EL JEFFE\MY DOCUMENTS\OUTLOOK
FILES\E2S4O_TESTFILE.DUMMY> in the hash map cannot be updated. Context: Application,
SystemIndex Catalog Details: A device attached to the system is not functioning.
(0x8007001f)

[ System Events ]
Error - 9/10/2012 5:04:06 PM | Computer Name = GLENNWORKPC | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Google Update Service
(gupdate) service to connect.

Error - 9/10/2012 5:04:06 PM | Computer Name = GLENNWORKPC | Source = Service Control Manager | ID = 7000
Description = The Google Update Service (gupdate) service failed to start due to
the following error: %%1053

Error - 9/10/2012 5:04:06 PM | Computer Name = GLENNWORKPC | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2

Error - 9/11/2012 9:57:57 AM | Computer Name = GLENNWORKPC | Source = Service Control Manager | ID = 7002
Description = The MLPTDR_Q service depends on the Parallel arbitrator group and
no member of this group started.

Error - 9/11/2012 9:57:57 AM | Computer Name = GLENNWORKPC | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the AutoKMS service to connect.

Error - 9/11/2012 9:57:57 AM | Computer Name = GLENNWORKPC | Source = Service Control Manager | ID = 7000
Description = The AutoKMS service failed to start due to the following error: %%1053

Error - 9/11/2012 9:57:57 AM | Computer Name = GLENNWORKPC | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Google Update Service
(gupdate) service to connect.

Error - 9/11/2012 9:57:57 AM | Computer Name = GLENNWORKPC | Source = Service Control Manager | ID = 7000
Description = The Google Update Service (gupdate) service failed to start due to
the following error: %%1053

Error - 9/11/2012 9:57:57 AM | Computer Name = GLENNWORKPC | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2

Error - 9/11/2012 10:01:54 AM | Computer Name = GLENNWORKPC | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2


< End of report >
Attached File  OTL.Txt   92.67KB   60 downloads

Attached Files


  • 0

#5
Gammo

Gammo

    Trusted Helper

  • Malware Removal
  • 2,299 posts
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    SRV - File not found [On_Demand | Stopped] -- C:\DOCUME~1\ELJEFF~1\LOCALS~1\Temp\Y.exe -- (Y)
    SRV - [2012/09/07 11:19:05 | 000,404,352 | ---- | M] (Sysinternals - www.sysinternals.com) [On_Demand | Stopped] -- C:\Documents and Settings\El Jeffe\Local Settings\Temp\HU.exe -- (HU)
    SRV - [2012/09/07 10:43:12 | 000,461,696 | ---- | M] (Sysinternals - www.sysinternals.com) [On_Demand | Stopped] -- C:\Documents and Settings\El Jeffe\Local Settings\Temp\FJENXFC.exe -- (FJENXFC)
    DRV - File not found [Kernel | On_Demand | Unknown] -- -- (a5dy52c1)
    IE - HKU\S-1-5-21-2000478354-1592454029-839522115-1003\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2786678
    [2012/09/10 13:54:40 | 000,005,472 | ---- | M] () -- C:\Documents and Settings\El Jeffe\Application Data\Mozilla\Firefox\Profiles\vdaxwjtt.default\searchplugins\startpage-https.xml
    [2012/09/11 07:03:43 | 000,870,128 | ---- | M] () -- C:\Documents and Settings\El Jeffe\Application Data\mcs.rma
    [2012/09/11 07:03:43 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\El Jeffe\Application Data\C02984
    :Services
    
    :Reg
    
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [emptyflash]
    [createrestorepoint]
    [reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done



Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.



Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP