Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win32/Mebroot Trojan


  • This topic is locked This topic is locked
7 replies to this topic

#1 L Dub

L Dub

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:09:21 PM

Posted 27 September 2009 - 11:50 PM

Please Help!

I did have the antiviruspro_2010 virus which I managed to get rid of (at least there's no signs of it in the sytem tray).

Now ESET Smart Security 4 is saying there's a threat by the Win32/Mebroot Trojan but it's unable to clean it. I've tried running Malwarebytes but it only runs for about 5 seconds and then freezes. I've tried renaming the mbam.exe to stopzilla.exe, xxxx.exe but that didn't work.

I'm unable to connect to the internet (only in safe mode) and my CPU won't even shut down unless I power down manually. What can I do next?

I apologize in advance for not following the correct protocol.

Any help will be greatly appreciated.

Larry

BC AdBot (Login to Remove)

 


#2 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:11:21 PM

Posted 28 September 2009 - 11:16 AM

Welcome to BC


We Need to check for Rootkits with RootRepeal
  • Download RootRepeal from the following location and save it to your desktop.
  • Extract RootRepeal.exe from the archive (If you did not use the "Direct Download" mirror).
  • Open Posted Image on your desktop.
  • Click the Posted Image tab.
  • Click the Posted Image button.
  • Check all seven boxes: Posted Image
  • Push Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, push the Posted Image button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.

----------------------------------

Please note: If Rootrepeal fails to run, try this step: Click Settings - Options. Set the Disk Access slider to High

Also try: right-click on rootrepeal.exe and rename it to tatertot.scr
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#3 L Dub

L Dub
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:09:21 PM

Posted 28 September 2009 - 04:03 PM

Hi Mark!

I tried to run the RootRepeal executable and it wouldn't run. I tried renaming the file and still no luck! :thumbsup:

A prompt comes up that says Initializing, please wait....

...but nothing happens.

Larry

Edited by L Dub, 28 September 2009 - 04:04 PM.


#4 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:11:21 PM

Posted 28 September 2009 - 07:15 PM

Please download Win32kDiag.exe by AD and save it to your desktop.
alternate download 1
alternate download 2
  • This tool will create a diagnostic report for me to review.
  • Double-click on Win32kDiag.exe to run and let it finish.
  • When it states Finished! Press any key to exit..., press any key on your keyboard to close the program.
  • A file called Win32kDiag.txt should be created on your Desktop.
  • Open that file in Notepad and copy/paste the entire contents (from Starting up... to Finished! Press any key to exit...) in your next reply.

    --------------------------------------
Go to Posted Image > Run..., then copy and paste this command into the open box: cmd
Click OK.
At the command prompt C:\>, copy and paste the following command and press Enter:
DIR /a/s %windir%\scecli.dll %windir%\netlogon.dll %windir%\eventlog.dll >Log.txt & START notepad Log.txt
A file called log.txt should be created on your Desktop.
Open that file and copy/paste the contents in your next reply.

Edited by garmanma, 28 September 2009 - 07:16 PM.

Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#5 L Dub

L Dub
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:09:21 PM

Posted 28 September 2009 - 09:28 PM

Results of the Win32Diag text file:

Running from: C:\Documents and Settings\Larry\Desktop\Win32kDiag.exe

Log file at : C:\Documents and Settings\Larry\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...





Finished!

--------------------------------------


Results of the log.txt file

Volume in drive C has no label.
Volume Serial Number is A066-E2CD

Directory of C:\WINDOWS\$hf_mig$\KB968389\SP2QFE

02/06/2009 01:46 PM 408,064 netlogon.dll
1 File(s) 408,064 bytes

Directory of C:\WINDOWS\ServicePackFiles\i386

08/04/2004 02:56 AM 180,224 scecli.dll

Directory of C:\WINDOWS\ServicePackFiles\i386

08/04/2004 02:56 AM 407,040 netlogon.dll

Directory of C:\WINDOWS\ServicePackFiles\i386

08/04/2004 02:56 AM 55,808 eventlog.dll
3 File(s) 643,072 bytes

Directory of C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e

04/13/2008 07:12 PM 181,248 scecli.dll

Directory of C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e

04/13/2008 07:12 PM 407,040 netlogon.dll

Directory of C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e

04/13/2008 07:11 PM 56,320 eventlog.dll
3 File(s) 644,608 bytes

Directory of C:\WINDOWS\system32

08/04/2004 02:56 AM 180,224 scecli.dll

Directory of C:\WINDOWS\system32

08/04/2004 02:56 AM 407,040 netlogon.dll

Directory of C:\WINDOWS\system32

08/04/2004 02:56 AM 55,808 eventlog.dll
3 File(s) 643,072 bytes

Total Files Listed:
10 File(s) 2,338,816 bytes
0 Dir(s) 38,884,454,400 bytes free



The MS Dos prompt had me at C:\Documents and Setting\Larry> so I wasn't sure if I needed to navigate to the C:\> location or not.

Larry

#6 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:11:21 PM

Posted 29 September 2009 - 06:42 PM

Try one more for me please



We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#7 L Dub

L Dub
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:09:21 PM

Posted 29 September 2009 - 07:10 PM

Hello again Mark!

Here are the results of the scan:


OTL.txt

OTL logfile created on: 9/29/2009 6:54:00 PM - Run 1
OTL by OldTimer - Version 3.0.16.0 Folder = C:\Documents and Settings\Larry\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.98 Mb Total Physical Memory | 116.52 Mb Available Physical Memory | 22.80% Memory free
1.22 Gb Paging File | 0.81 Gb Available in Paging File | 66.80% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.70 Gb Total Space | 36.21 Gb Free Space | 32.42% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 1.87 Gb Total Space | 1.45 Gb Free Space | 77.76% Space Free | Partition Type: FAT
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BART
Current User Name: Larry
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2007/12/20 21:57:27 | 00,512,000 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe
PRC - [2007/12/20 21:57:27 | 00,512,000 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe
PRC - [2007/06/13 05:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2005/02/05 18:44:39 | 00,026,112 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\RealPlay.exe
PRC - [2007/10/08 16:50:56 | 00,041,824 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\1107754144\ee\AOLSoftware.exe
PRC - [2006/10/23 07:50:37 | 00,071,216 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
PRC - [2006/09/14 08:55:52 | 00,061,440 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
PRC - [2007/08/24 07:00:48 | 00,033,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2006/10/23 00:24:02 | 00,620,152 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
PRC - [2008/10/31 13:23:06 | 00,045,056 | ---- | M] (The Nielsen Company) -- C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe
PRC - [2009/05/13 22:05:36 | 00,623,888 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
PRC - [2007/07/17 12:13:56 | 00,049,152 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
PRC - [2008/10/31 13:23:06 | 00,045,056 | ---- | M] (The Nielsen Company) -- C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe
PRC - [2009/04/11 14:17:36 | 00,236,016 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
PRC - [2009/05/14 15:47:08 | 02,029,640 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
PRC - [2006/11/03 02:17:27 | 00,010,800 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\Loader\aolload.exe
PRC - [2006/10/05 11:51:04 | 02,242,120 | ---- | M] (Kontiki Inc.) -- C:\WINDOWS\kdx\KHost.exe
PRC - [2006/07/20 20:22:01 | 00,144,448 | ---- | M] (Siber Systems) -- C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
PRC - [2006/10/23 07:50:35 | 00,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
PRC - [2004/10/13 11:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
PRC - [2008/10/24 09:14:36 | 00,206,112 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
PRC - [2004/08/04 02:56:48 | 00,180,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dwwin.exe
PRC - [2007/07/17 12:13:34 | 00,049,152 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
PRC - [2006/09/14 08:56:06 | 00,102,400 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
PRC - [2006/10/23 07:50:35 | 00,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
PRC - [2006/10/23 02:40:14 | 00,046,200 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe
PRC - [2007/12/20 22:05:00 | 00,593,920 | ---- | M] () -- C:\WINDOWS\System32\ati2sgag.exe
PRC - [2007/10/16 21:04:12 | 01,094,936 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
PRC - [2009/05/14 15:47:54 | 00,731,840 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2008/10/10 06:45:26 | 00,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2009/09/29 18:52:06 | 00,009,728 | ---- | M] () -- C:\WINDOWS\Temp\wpv371254169113.exe
PRC - [2007/12/06 23:20:52 | 00,362,992 | ---- | M] (Sonic Solutions) -- C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
PRC - [2009/04/11 14:17:46 | 00,313,840 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
PRC - [2009/09/29 18:47:18 | 00,518,144 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Larry\Desktop\OTL.exe
PRC - [2006/10/23 00:23:54 | 00,308,864 | ---- | M] (Adobe Systems Incorporated.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroDist.exe

========== Win32 Services (SafeList) ==========

SRV - [2006/09/14 08:56:06 | 00,102,400 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor5.0 [Auto | Running])
SRV - [2006/10/23 07:50:35 | 00,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS [Auto | Running])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2007/12/20 21:57:27 | 00,512,000 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
SRV - [2007/12/20 22:05:00 | 00,593,920 | ---- | M] () -- C:\WINDOWS\System32\ati2sgag.exe -- (ATI Smart [Auto | Stop_Pending])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2007/10/16 21:04:12 | 01,094,936 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper [Auto | Running])
SRV - [2009/05/14 15:54:22 | 00,020,680 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv [On_Demand | Stopped])
SRV - [2009/05/14 15:47:54 | 00,731,840 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn [Auto | Running])
SRV - [2008/01/19 16:15:36 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2004/08/04 02:56:44 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2004/10/22 03:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008/10/10 06:45:26 | 00,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService [Auto | Running])
SRV - File not found -- -- (MCVSRte [Auto | Stopped])
SRV - [2007/08/24 06:59:20 | 00,068,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [On_Demand | Stopped])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2001/08/06 15:41:48 | 00,028,672 | ---- | M] () -- C:\WINDOWS\Nhksrv.exe -- (Nhksrv [Disabled | Stopped])
SRV - [2007/08/24 03:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2007/12/06 23:20:56 | 00,088,560 | ---- | M] (Sonic Solutions) -- C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe -- (Roxio UPnP Renderer 9 [On_Demand | Stopped])
SRV - [2007/12/06 23:20:52 | 00,362,992 | ---- | M] (Sonic Solutions) -- C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe -- (Roxio Upnp Server 9 [Auto | Start_Pending])
SRV - [2009/04/11 14:17:46 | 00,313,840 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -- (RoxLiveShare9 [Auto | Start_Pending])
SRV - [2009/04/11 14:17:26 | 01,108,464 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9 [On_Demand | Stopped])
SRV - [2009/04/11 14:17:44 | 00,170,480 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -- (RoxWatch9 [Auto | Stopped])
SRV - [2001/05/01 17:06:22 | 00,053,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MsPMSPSv.exe -- (WMDM PMSP Service [Auto | Stopped])
SRV - [2007/03/14 17:03:40 | 00,975,400 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2004/04/30 10:37:02 | 00,160,640 | ---- | M] ( ) -- C:\WINDOWS\system32\DRIVERS\a347bus.sys -- (a347bus [Boot | Running])
DRV - [2004/04/30 10:33:00 | 00,005,248 | ---- | M] ( ) -- C:\WINDOWS\System32\Drivers\a347scsi.sys -- (a347scsi [Boot | Running])
DRV - [2005/02/05 18:44:46 | 00,008,552 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM [Auto | Running])
DRV - [2004/08/04 00:59:42 | 00,095,360 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\atapi.sys -- (atapi [Boot | Running])
DRV - [2007/12/20 22:53:20 | 02,843,136 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
DRV - [2007/10/11 06:20:56 | 00,024,960 | ---- | M] (America Online) -- C:\WINDOWS\System32\drivers\ATWPKT2.SYS -- (ATWPKT2 [On_Demand | Stopped])
DRV - [2003/08/29 06:59:24 | 01,101,696 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\System32\DRIVERS\BCMSM.sys -- (BCMModem [On_Demand | Running])
DRV - [2002/09/03 13:28:22 | 00,186,068 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ctac32k.sys -- (ctac32k [On_Demand | Running])
DRV - [2002/12/09 13:19:50 | 00,493,568 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ctaud2k.sys -- (ctaud2k [On_Demand | Running])
DRV - [2002/12/04 14:35:44 | 00,298,384 | ---- | M] () -- C:\WINDOWS\System32\drivers\ctdvda2k.sys -- (ctdvda2k [On_Demand | Stopped])
DRV - [2002/09/03 13:30:00 | 00,006,144 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ctprxy2k.sys -- (ctprxy2k [On_Demand | Running])
DRV - [2002/12/09 13:20:20 | 00,134,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ctsfm2k.sys -- (ctsfm2k [On_Demand | Running])
DRV - [2003/01/20 09:46:50 | 00,140,288 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys -- (E100B [On_Demand | Running])
DRV - [2009/05/14 15:41:10 | 00,114,472 | ---- | M] (ESET) -- C:\WINDOWS\System32\DRIVERS\eamon.sys -- (eamon [Auto | Running])
DRV - [2009/05/14 15:47:14 | 00,107,256 | ---- | M] (ESET) -- C:\WINDOWS\System32\DRIVERS\ehdrv.sys -- (ehdrv [System | Running])
DRV - [2009/09/25 14:25:56 | 00,021,760 | ---- | M] () -- C:\Documents and Settings\Larry\Local Settings\Temp\EMebDrv.sys -- (EMebDrv [On_Demand | Stopped])
DRV - [2002/12/09 13:20:32 | 00,115,936 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\emupia2k.sys -- (emupia [On_Demand | Running])
DRV - [2009/05/14 15:49:22 | 00,133,000 | ---- | M] (ESET) -- C:\WINDOWS\System32\DRIVERS\epfw.sys -- (epfw [Auto | Running])
DRV - [2009/05/14 15:49:26 | 00,033,096 | ---- | M] (ESET) -- C:\WINDOWS\System32\DRIVERS\Epfwndis.sys -- (Epfwndis [On_Demand | Running])
DRV - [2009/05/14 15:49:26 | 00,055,768 | ---- | M] (ESET) -- C:\WINDOWS\System32\DRIVERS\epfwtdi.sys -- (epfwtdi [System | Running])
DRV - [2002/11/26 14:31:36 | 00,816,576 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ha10kx2k.sys -- (ha10kx2k [On_Demand | Running])
DRV - [2002/11/26 14:30:32 | 00,135,728 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\hap16v2k.sys -- (hap16v2k [On_Demand | Running])
DRV - [2009/03/20 13:30:58 | 00,008,832 | ---- | M] (The Nielsen Company) -- C:\WINDOWS\System32\drivers\km_filter.sys -- (km_filter [On_Demand | Running])
DRV - [2001/08/17 08:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\MODEMCSA.sys -- (MODEMCSA [On_Demand | Running])
DRV - [2000/10/03 17:18:24 | 00,006,942 | ---- | M] (Netropa Corporation) -- C:\WINDOWS\System32\DRIVERS\msikbd2k.sys -- (Msikbd2k [On_Demand | Running])
DRV - [2004/10/30 16:45:40 | 00,028,352 | ---- | M] (MusicMatch, Inc.) -- C:\WINDOWS\System32\drivers\MxlW2k.sys -- (MxlW2k [On_Demand | Running])
DRV - [2009/03/20 13:37:06 | 00,009,088 | ---- | M] (The Nielsen Company) -- C:\WINDOWS\System32\drivers\nielgfx.sys -- (NielGfx [On_Demand | Running])
DRV - [2009/03/20 13:36:48 | 00,021,888 | ---- | M] (The Nielsen Company) -- C:\WINDOWS\system32\DRIVERS\nielprt.sys -- (nielprt [Boot | Running])
DRV - [2009/03/20 13:36:04 | 00,014,336 | ---- | M] (The Nielsen Company) -- C:\WINDOWS\System32\drivers\nnrnstdi.sys -- (nnrnstdi [System | Running])
DRV - [2001/08/22 10:42:58 | 00,013,632 | ---- | M] (Dell Computer Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI [System | Running])
DRV - [2002/12/09 13:20:02 | 00,117,120 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\ctoss2k.sys -- (ossrv [On_Demand | Running])
DRV - [2002/10/09 04:09:58 | 00,010,477 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\PfModNT.sys -- (PfModNT [Auto | Running])
DRV - [2004/05/13 06:19:36 | 00,079,488 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\prodrv06.sys -- (prodrv06 [System | Running])
DRV - [2004/05/13 08:00:04 | 00,111,808 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\prohlp02.sys -- (prohlp02 [Boot | Running])
DRV - [2003/09/06 07:22:08 | 00,006,944 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\prosync1.sys -- (prosync1 [Boot | Running])
DRV - [2002/09/03 11:53:10 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2007/05/01 03:00:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2008/05/20 18:33:50 | 00,022,784 | ---- | M] (Research In Motion Limited) -- C:\WINDOWS\System32\Drivers\RimUsb.sys -- (RimUsb [On_Demand | Stopped])
DRV - [2009/01/09 16:18:02 | 00,027,136 | R--- | M] (Research in Motion Ltd) -- C:\WINDOWS\System32\DRIVERS\RimSerial.sys -- (RimVSerPort [On_Demand | Running])
DRV - [2002/09/03 11:56:37 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\Drivers\RootMdm.sys -- (ROOTMODEM [On_Demand | Running])
DRV - [2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [Auto | Stopped])
DRV - [2005/03/03 12:53:57 | 00,048,640 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01 [Boot | Running])
DRV - [2003/12/01 10:20:52 | 00,004,832 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\sfhlp01.sys -- (sfhlp01 [Boot | Running])
DRV - [2005/02/23 10:59:54 | 00,006,656 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02 [Boot | Running])
DRV - [2004/12/03 05:20:41 | 00,020,544 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\sfsync02.sys -- (sfsync02 [Boot | Running])
DRV - [2004/08/04 01:04:32 | 00,012,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\usb8023.sys -- (USB_RNDIS [On_Demand | Stopped])
DRV - [2002/10/15 16:32:16 | 00,033,588 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys -- (wanatw [On_Demand | Running])
DRV - [2004/08/04 01:15:21 | 00,140,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ks.sys -- (Ws2_u3 [Disabled | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/en-us/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapps.yahoo.com/customize/.../search/ie.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-484763869-573735546-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-484763869-573735546-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-484763869-573735546-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-484763869-573735546-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/
IE - HKU\S-1-5-21-484763869-573735546-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-484763869-573735546-725345543-1004\S-1-5-21-484763869-573735546-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.affilorama.com/"
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.11

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/09 12:55:31 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/06/30 18:56:02 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/06/30 18:56:02 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

[2009/04/10 03:54:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\mozilla\Extensions
[2009/04/10 03:54:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/09/06 23:42:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\mozilla\Firefox\Profiles\zlsfajs9.default\extensions
[2009/08/09 13:06:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\mozilla\Firefox\Profiles\zlsfajs9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/04/10 03:53:17 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/06/30 18:56:02 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/06/30 18:55:43 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/06/30 18:55:43 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/06/03 16:31:04 | 00,180,224 | ---- | M] (The Nielsen Company) -- C:\Program Files\mozilla firefox\components\nsgkff30_meter2.dll
[2009/06/30 18:55:47 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2009/03/26 13:56:22 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/03/26 13:56:22 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/03/26 13:56:22 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/03/26 13:56:22 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/03/26 13:56:22 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/03/26 13:56:22 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/03/26 13:56:22 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (150 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 209.44.111.57 alarm-security.microsoft.com
O1 - Hosts: 209.44.111.57 inetantivirus.com
O1 - Hosts: 209.44.111.57 www.inetantivirus.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (AOL Toolbar BHO) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O2 - BHO: (IeMonitorBho Class) - {8170D7DC-BDD6-461e-88EB-F047257898C9} - C:\Program Files\Conceiva\DownloadStudio\DLMonitr.dll (Conceiva Pty Ltd)
O2 - BHO: (ST) - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll (Google Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (MSNToolBandBHO) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKU\S-1-5-21-484763869-573735546-725345543-1004\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-484763869-573735546-725345543-1004\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll (Google Inc.)
O3 - HKU\S-1-5-21-484763869-573735546-725345543-1004\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-484763869-573735546-725345543-1004\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems)
O3 - HKU\S-1-5-21-484763869-573735546-725345543-1004\..\Toolbar\WebBrowser: (MSN) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-484763869-573735546-725345543-1004\..\Toolbar\WebBrowser: (&DownloadStudio) - {CB789373-04D5-4EF4-9C16-871463FD0830} - C:\Program Files\Conceiva\DownloadStudio\WebDLBar.dll (Conceiva Pty Ltd)
O3 - HKU\S-1-5-21-484763869-573735546-725345543-1004\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe (AOL LLC)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1107754144\ee\AOLSoftware.exe (AOL LLC)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\tool1.exe File not found
O4 - HKLM..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe File not found
O4 - HKLM..\Run: [NielsenOnline] C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe (The Nielsen Company)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe File not found
O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKU\S-1-5-21-484763869-573735546-725345543-1004..\Run: [areslite] C:\Program Files\Ares Lite Edition\AresLite.exe File not found
O4 - HKU\S-1-5-21-484763869-573735546-725345543-1004..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKU\S-1-5-21-484763869-573735546-725345543-1004..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe (Kontiki Inc.)
O4 - HKU\S-1-5-21-484763869-573735546-725345543-1004..\Run: [mserv] C:\Documents and Settings\Larry\Application Data\svcst.exe File not found
O4 - HKU\S-1-5-21-484763869-573735546-725345543-1004..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe File not found
O4 - HKU\S-1-5-21-484763869-573735546-725345543-1004..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-484763869-573735546-725345543-1004..\Run: [NBJ] C:\Program Files\Ahead\Nero BackItUp\NBJ.exe (Ahead Software AG)
O4 - HKU\S-1-5-21-484763869-573735546-725345543-1004..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKU\S-1-5-21-484763869-573735546-725345543-1004..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe File not found
O4 - HKU\S-1-5-21-484763869-573735546-725345543-1004..\RunOnce: [DelayShred] C:\Program Files\McAfee\McAfee Shared Components\Shredder\SHRED32.EXE File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe File not found
O4 - Startup: C:\Documents and Settings\Larry\Start Menu\Programs\Startup\mhbupd32.exe (Htcyhay Hagwutjnwad)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-484763869-573735546-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-484763869-573735546-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableProfileQuota = 1
O8 - Extra context menu item: &AOL Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Download Image Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_img.htm ()
O8 - Extra context menu item: Download Page Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_all.htm ()
O8 - Extra context menu item: Download Selection Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_sel.htm ()
O8 - Extra context menu item: Download Target Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_file.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Show Page Links Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_link.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll File not found
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : &DownloadStudio - {4D0C4820-53F7-4d79-A2E1-5252683CF69C} - C:\Program Files\Conceiva\DownloadStudio\DownloadStudio.exe (Conceiva Pty. Ltd.)
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: DownloadStudio - {7FCA7BD7-8F4D-4a81-BE72-A470F4E517D5} - C:\Program Files\Conceiva\DownloadStudio\WebDLBar.dll (Conceiva Pty Ltd)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Expression\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-484763869-573735546-725345543-1004\..Trusted Domains: intuit.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-484763869-573735546-725345543-1004\..Trusted Domains: turbotax.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-484763869-573735546-725345543-1004\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft.com/fwlink/?linkid=67633 (Office Genuine Advantage Validation Tool)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {2DEF4530-8CE6-41C9-84B6-A54536C90213} https://sd1.ccisd.net/crystalreportviewers/...tivexviewer.cab (Crystal Report Viewer Control 9)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} http://aolcc.aol.com/computercheckup/qdiagcc.cab (Reg Error: Key error.)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} Reg Error: Key error. (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0)
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} https://portal.ccisd.net/tsweb/msrdp.cab (Microsoft RDP Client Control (redist))
O16 - DPF: {A7ECD556-D6F6-4F41-8C6B-14AB246801A0} http://cdn.digitalcity.com/video/kdx.cab (Secure Delivery)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcafee.com/molbin/shared/m...,21/mcgdmgr.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://mwmus.webex.com/mwmus/tool/systemcheck/ieatgpc.cab (GpcContainer Class)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\Ati2evxx.dll (ATI Technologies Inc.)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\Documents and Settings\Larry\Local Settings\Temp\shell32.dll ()
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop Components:1 (sneakerpimp.com - The most exclusive kicks worldwide) - http://www.sneakerpimp.com/jordan.shtml
O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\PROGRA~1\TALLEM~1\ONLINE~1\oaevent.dll File not found
O28 - HKLM ShellExecuteHooks: {57B86673-276A-48B2-BAE7-C6DBB3020EB8} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/12/23 10:35:53 | 00,000,040 | ---- | M] () - C:\AUTOEXEC.001 -- [ NTFS ]
O32 - AutoRun File - [2004/12/22 17:00:53 | 00,000,040 | ---- | M] () - C:\AUTOEXEC.BAK -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2067/02/24 17:21:18 | 00,079,947 | ---- | C] () -- C:\WINDOWS\fw20.vxd
[2009/09/29 18:53:11 | 00,518,144 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Larry\Desktop\OTL.exe
[2009/09/28 15:48:02 | 00,034,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\tatertot.scr.sys
[2009/09/28 15:44:46 | 00,034,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\rootrepeal.sys
[2009/09/27 04:08:02 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Larry\Desktop\HijackThis.lnk
[2009/09/27 04:08:01 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/09/27 02:50:46 | 00,000,725 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/09/27 01:22:43 | 00,001,548 | ---- | C] () -- C:\Documents and Settings\Larry\Desktop\CCleaner.lnk
[2009/09/27 01:22:42 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2009/09/25 12:27:08 | 00,000,000 | ---- | C] () -- C:\backup.reg
[2009/09/25 12:27:07 | 00,135,168 | ---- | C] () -- C:\zip.exe
[2009/09/25 12:27:07 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\amjhflrc.sys
[2009/09/25 12:27:07 | 00,019,286 | ---- | C] () -- C:\cleanup.exe
[2009/09/25 12:27:07 | 00,000,574 | ---- | C] () -- C:\cleanup.bat
[2009/09/25 09:34:34 | 00,206,256 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2009/09/25 09:34:34 | 00,086,888 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2009/09/25 09:34:34 | 00,007,396 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat
[2009/09/25 09:34:22 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2009/09/25 09:34:21 | 00,064,392 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2009/09/25 09:34:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Larry\Application Data\PC Tools
[2009/09/25 09:34:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2009/09/25 08:46:28 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/09/25 08:46:25 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/09/25 01:45:11 | 00,018,004 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\pogezixeli.bin
[2009/09/25 01:45:11 | 00,016,811 | ---- | C] () -- C:\Documents and Settings\Larry\Application Data\ipizyre.sys
[2009/09/25 01:45:11 | 00,016,199 | ---- | C] () -- C:\Documents and Settings\Larry\Application Data\aherafys.ban
[2009/09/25 01:45:11 | 00,015,433 | ---- | C] () -- C:\Documents and Settings\Larry\Local Settings\Application Data\gylaku.db
[2009/09/25 01:45:11 | 00,013,791 | ---- | C] () -- C:\Program Files\Common Files\hagyr.sys
[2009/09/25 01:45:10 | 00,019,509 | ---- | C] () -- C:\Program Files\Common Files\eqalyj._sy
[2009/09/25 01:45:10 | 00,019,450 | ---- | C] () -- C:\Documents and Settings\Larry\Application Data\ebem._sy
[2009/09/25 01:45:10 | 00,019,219 | ---- | C] () -- C:\Program Files\Common Files\asyqir.dl
[2009/09/25 01:45:10 | 00,018,559 | ---- | C] () -- C:\Program Files\Common Files\uxivyvina._dl
[2009/09/25 01:45:10 | 00,017,169 | ---- | C] () -- C:\WINDOWS\System32\daqo.lib
[2009/09/25 01:45:10 | 00,015,386 | ---- | C] () -- C:\WINDOWS\tepexovu.exe
[2009/09/25 01:45:10 | 00,014,472 | ---- | C] () -- C:\WINDOWS\System32\kaqyg.com
[2009/09/25 01:45:10 | 00,014,346 | ---- | C] () -- C:\WINDOWS\System32\ebititaka.vbs
[2009/09/25 01:45:10 | 00,012,142 | ---- | C] () -- C:\WINDOWS\ubiladylig.pif
[2009/09/25 01:45:10 | 00,011,692 | ---- | C] () -- C:\WINDOWS\System32\omunogo.inf
[2009/09/25 01:45:09 | 00,018,866 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\bizo.dl
[2009/09/25 01:45:09 | 00,018,600 | ---- | C] () -- C:\Documents and Settings\Larry\Application Data\ixyfukog.sys
[2009/09/25 01:45:09 | 00,016,536 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\zudenubyru.ban
[2009/09/25 01:45:09 | 00,011,444 | ---- | C] () -- C:\WINDOWS\ivaceba._dl
[2009/09/25 01:45:09 | 00,011,304 | ---- | C] () -- C:\WINDOWS\juvyfev.reg
[2009/09/25 01:45:08 | 00,017,994 | ---- | C] () -- C:\WINDOWS\ozyl.reg
[2009/09/25 01:45:08 | 00,011,670 | ---- | C] () -- C:\WINDOWS\System32\ybuwele.vbs
[2009/09/25 01:45:08 | 00,011,428 | ---- | C] () -- C:\Documents and Settings\Larry\Application Data\uqarybiqow.dll
[2009/09/25 01:43:25 | 00,230,000 | ---- | C] (TheBestSoft Corporation) -- C:\Documents and Settings\Larry\Application Data\lizkavd.exe
[2009/09/25 01:38:45 | 00,264,704 | ---- | C] () -- C:\Documents and Settings\Larry\Application Data\seres.exe
[2009/09/22 20:28:52 | 00,000,000 | -H-D | C] -- C:\Program Files\InstallJammer Registry
[2009/09/22 20:28:51 | 00,000,828 | ---- | C] () -- C:\Documents and Settings\Larry\Desktop\The Authority Loophole.lnk
[2009/09/22 20:28:20 | 00,000,000 | ---D | C] -- C:\Program Files\The Authority Loophole
[2009/09/17 16:17:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Larry\Desktop\ESET Trial
[2009/09/12 17:25:37 | 00,153,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\triedit.dll
[2009/09/07 01:17:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2009/09/07 01:16:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sonic
[2009/09/07 01:04:47 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Sonic Shared
[2009/09/07 01:04:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Roxio
[2009/09/07 01:04:30 | 00,000,000 | ---D | C] -- C:\Program Files\Roxio
[2009/09/07 00:42:01 | 00,027,136 | R--- | C] (Research in Motion Ltd) -- C:\WINDOWS\System32\drivers\RimSerial.sys
[2009/09/07 00:37:14 | 00,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Desktop Manager.lnk
[2009/09/07 00:36:48 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Roxio Shared
[2009/09/07 00:34:33 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Research In Motion
[2009/09/07 00:34:14 | 00,000,000 | ---D | C] -- C:\Program Files\Research In Motion
[2009/09/07 00:00:47 | 00,031,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbccgp.sys
[2009/09/07 00:00:47 | 00,031,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbccgp.sys
[2008/05/09 23:36:04 | 00,000,085 | ---- | C] () -- C:\WINDOWS\aebconfig.ini
[2008/05/03 16:19:40 | 00,000,223 | ---- | C] () -- C:\WINDOWS\EXEHtml.INI
[2008/04/19 17:21:15 | 00,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2008/02/04 19:23:10 | 00,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2008/01/18 14:13:07 | 00,011,164 | ---- | C] () -- C:\WINDOWS\msvrc20.dll
[2007/05/18 19:57:09 | 00,000,032 | ---- | C] () -- C:\WINDOWS\WebsiteHeadlineWizard.INI
[2007/05/18 19:28:02 | 00,000,077 | ---- | C] () -- C:\WINDOWS\WHLWizard.ini
[2007/04/06 11:38:03 | 00,001,156 | ---- | C] () -- C:\WINDOWS\WCWizard.INI
[2006/08/06 00:44:26 | 00,000,057 | ---- | C] () -- C:\WINDOWS\seoWSB-backup.ini
[2006/07/17 22:02:10 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2006/06/01 21:16:14 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2006/02/11 22:35:22 | 00,000,850 | ---- | C] () -- C:\WINDOWS\seoSiteBuilder.ini
[2006/01/27 22:06:19 | 00,000,319 | ---- | C] () -- C:\WINDOWS\wtanalyzer.ini
[2005/08/13 01:05:13 | 00,000,212 | ---- | C] () -- C:\WINDOWS\ANS2000.INI
[2005/08/13 01:05:13 | 00,000,020 | -H-- | C] () -- C:\WINDOWS\akebook.ini
[2005/08/13 01:05:13 | 00,000,004 | -H-- | C] () -- C:\WINDOWS\a3kebook.ini
[2005/06/20 18:03:02 | 00,000,004 | -H-- | C] () -- C:\WINDOWS\uccspecb.sys
[2005/02/23 11:57:35 | 00,971,776 | ---- | C] () -- C:\WINDOWS\System32\SSCProt.dll
[2005/02/18 23:18:30 | 00,010,856 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2005/02/18 23:15:06 | 00,000,056 | RHS- | C] () -- C:\WINDOWS\System32\E8197BF28A.sys
[2005/01/20 22:55:52 | 03,423,744 | ---- | C] () -- C:\WINDOWS\System32\libfilefmt-1.1.0.dll
[2005/01/20 22:55:52 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\libavi-dd-1.2.0.dll
[2005/01/20 22:55:51 | 00,706,048 | ---- | C] () -- C:\WINDOWS\System32\libmcl-3.1.1.dll
[2004/12/29 13:46:51 | 00,160,640 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\a347bus.sys
[2004/12/29 13:46:51 | 00,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\a347scsi.sys
[2004/12/23 20:09:22 | 00,000,456 | ---- | C] () -- C:\WINDOWS\scummvm.ini
[2004/12/23 18:22:23 | 00,056,320 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
[2004/12/21 10:09:53 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2004/12/19 03:25:03 | 00,511,488 | ---- | C] () -- C:\WINDOWS\System32\cwmdtl50a.dll
[2004/12/18 20:12:19 | 00,511,488 | ---- | C] () -- C:\WINDOWS\System32\pwmdtl37.dll
[2004/12/18 18:04:59 | 00,102,400 | ---- | C] () -- C:\WINDOWS\System32\cwsmaf40.dll
[2004/12/18 18:04:59 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\cwpwmd10.dll
[2004/12/18 18:04:58 | 00,511,488 | ---- | C] () -- C:\WINDOWS\System32\pwmdtl25a.dll
[2004/12/04 16:28:17 | 00,001,161 | ---- | C] () -- C:\WINDOWS\AZPR3.INI
[2004/12/01 19:17:36 | 00,000,101 | ---- | C] () -- C:\WINDOWS\upst.ini
[2004/11/30 20:15:26 | 00,069,632 | R--- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2004/11/30 20:15:26 | 00,036,864 | R--- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2004/11/24 16:11:00 | 00,000,032 | ---- | C] () -- C:\WINDOWS\pwcd.INI
[2004/11/24 16:10:14 | 00,000,073 | ---- | C] () -- C:\WINDOWS\PasswordTools.INI
[2004/11/15 20:57:07 | 00,000,644 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2004/11/04 21:06:47 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2004/11/03 22:00:38 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\dfxg13.dll.bak
[2004/09/30 16:39:50 | 00,003,082 | ---- | C] () -- C:\WINDOWS\System32\affv11300p3now.sys
[2004/08/19 18:38:20 | 00,000,480 | ---- | C] () -- C:\WINDOWS\WEBEDIT.INI
[2004/08/19 18:33:42 | 00,000,277 | ---- | C] () -- C:\WINDOWS\ssce.ini
[2004/08/15 03:06:32 | 00,129,080 | ---- | C] () -- C:\WINDOWS\logow.sys
[2004/08/15 03:06:32 | 00,129,078 | ---- | C] () -- C:\WINDOWS\logos.sys
[2004/06/16 20:25:12 | 00,270,718 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2004/06/13 23:41:33 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\dfxg13.dll
[2004/06/12 16:10:23 | 00,000,043 | ---- | C] () -- C:\WINDOWS\System32\AolIPInterfaceHistory.ini
[2004/06/12 14:13:09 | 00,000,026 | ---- | C] () -- C:\WINDOWS\UP9ASP.INI
[2004/06/12 14:10:49 | 00,000,049 | ---- | C] () -- C:\WINDOWS\upth.ini
[2004/06/12 14:10:49 | 00,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2004/06/12 12:20:05 | 00,000,020 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2004/06/12 05:22:01 | 00,000,737 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/06/12 05:02:00 | 00,000,000 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2004/06/12 05:01:59 | 00,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2004/06/12 05:01:18 | 00,060,034 | ---- | C] () -- C:\WINDOWS\System32\Emu10kx.ini
[2004/06/12 05:01:18 | 00,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2004/06/12 05:01:08 | 00,298,384 | ---- | C] () -- C:\WINDOWS\System32\drivers\ctdvda2k.sys
[2004/06/12 05:01:07 | 00,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2004/06/12 05:01:04 | 00,005,515 | ---- | C] () -- C:\WINDOWS\System32\ENSDEF.INI
[2004/06/12 05:01:04 | 00,000,180 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2004/06/12 04:40:19 | 00,000,301 | ---- | C] () -- C:\WINDOWS\MMKEYBD.INI
[2004/06/12 04:40:19 | 00,000,269 | ---- | C] () -- C:\WINDOWS\MSIOSD.INI
[2004/06/12 04:40:18 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\msiosd32.dll
[2004/06/12 04:40:18 | 00,005,606 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2004/06/12 03:48:13 | 00,000,073 | ---- | C] () -- C:\WINDOWS\System32\LM_SUPPORT.INI
[2004/06/12 03:47:49 | 00,135,104 | ---- | C] () -- C:\WINDOWS\Tab16d20.dll
[2004/06/12 03:47:49 | 00,048,176 | ---- | C] () -- C:\WINDOWS\Imp16d20.dll
[2004/06/12 03:47:49 | 00,012,800 | ---- | C] () -- C:\WINDOWS\SS16FT.DLL
[2004/06/12 03:47:49 | 00,004,256 | ---- | C] () -- C:\WINDOWS\System32\LMStatus.ini
[2004/06/12 03:47:49 | 00,002,554 | ---- | C] () -- C:\WINDOWS\SSDS16.INI
[2004/06/12 03:47:49 | 00,002,552 | ---- | C] () -- C:\WINDOWS\Ssds32.ini
[2004/06/12 03:47:49 | 00,002,371 | ---- | C] () -- C:\WINDOWS\ssnew05.ini
[2004/06/12 03:47:49 | 00,002,371 | ---- | C] () -- C:\WINDOWS\ssnew04.ini
[2004/06/12 03:47:49 | 00,002,371 | ---- | C] () -- C:\WINDOWS\ssnew03.ini
[2004/06/12 03:47:49 | 00,002,371 | ---- | C] () -- C:\WINDOWS\ssnew02.ini
[2004/06/12 03:47:49 | 00,002,371 | ---- | C] () -- C:\WINDOWS\ssnew01.ini
[2004/06/12 03:47:49 | 00,002,269 | ---- | C] () -- C:\WINDOWS\Ssdef32.ini
[2004/06/12 03:47:49 | 00,002,267 | ---- | C] () -- C:\WINDOWS\SSDEF16.INI
[2004/06/12 03:47:49 | 00,000,029 | ---- | C] () -- C:\WINDOWS\MyScan.ini
[2004/01/22 14:00:28 | 00,012,635 | ---- | C] () -- C:\WINDOWS\System32\DAntivirus.ini
[2002/09/03 12:11:56 | 00,000,826 | ---- | C] () -- C:\WINDOWS\win.ini
[2002/09/03 12:06:05 | 00,000,399 | ---- | C] () -- C:\WINDOWS\system.ini
[2002/09/03 11:27:33 | 00,095,360 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys
[1997/07/11 02:00:00 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1997/07/11 02:00:00 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

========== Files - Modified Within 30 Days ==========

[9 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2009/09/29 18:52:00 | 00,002,337 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2009/09/29 18:51:43 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/09/29 18:51:40 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/09/29 18:51:38 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/09/29 18:47:18 | 00,518,144 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Larry\Desktop\OTL.exe
[2009/09/28 15:48:02 | 00,034,816 | ---- | M] () -- C:\WINDOWS\System32\drivers\tatertot.scr.sys
[2009/09/28 15:44:46 | 00,034,816 | ---- | M] () -- C:\WINDOWS\System32\drivers\rootrepeal.sys
[2009/09/27 04:08:02 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Larry\Desktop\HijackThis.lnk
[2009/09/27 02:55:19 | 00,000,725 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/09/27 02:53:39 | 04,240,744 | -H-- | M] () -- C:\Documents and Settings\Larry\Local Settings\Application Data\IconCache.db
[2009/09/27 02:48:11 | 00,030,036 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000002-00000000-00000009-00001102-00000004-10031102}.rfx
[2009/09/27 02:48:11 | 00,030,036 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000002-00000000-00000009-00001102-00000004-10031102}.rfx
[2009/09/27 02:48:11 | 00,029,580 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000002-00000000-00000009-00001102-00000004-10031102}.rfx
[2009/09/27 02:48:11 | 00,029,580 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000002-00000000-00000009-00001102-00000004-10031102}.rfx
[2009/09/27 02:48:11 | 00,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2009/09/27 02:48:11 | 00,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2009/09/27 02:48:11 | 00,000,288 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000002-00000000-00000009-00001102-00000004-10031102}.dat
[2009/09/27 02:48:11 | 00,000,288 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-00000009-00001102-00000004-10031102}.dat
[2009/09/27 01:22:43 | 00,001,548 | ---- | M] () -- C:\Documents and Settings\Larry\Desktop\CCleaner.lnk
[2009/09/25 12:27:08 | 00,000,000 | ---- | M] () -- C:\backup.reg
[2009/09/25 12:27:07 | 00,135,168 | ---- | M] () -- C:\zip.exe
[2009/09/25 12:27:07 | 00,061,440 | ---- | M] () -- C:\WINDOWS\System32\drivers\amjhflrc.sys
[2009/09/25 12:27:07 | 00,019,286 | ---- | M] () -- C:\cleanup.exe
[2009/09/25 12:27:07 | 00,000,574 | ---- | M] () -- C:\cleanup.bat
[2009/09/25 01:45:11 | 00,018,004 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\pogezixeli.bin
[2009/09/25 01:45:11 | 00,016,811 | ---- | M] () -- C:\Documents and Settings\Larry\Application Data\ipizyre.sys
[2009/09/25 01:45:11 | 00,016,199 | ---- | M] () -- C:\Documents and Settings\Larry\Application Data\aherafys.ban
[2009/09/25 01:45:11 | 00,015,433 | ---- | M] () -- C:\Documents and Settings\Larry\Local Settings\Application Data\gylaku.db
[2009/09/25 01:45:11 | 00,013,791 | ---- | M] () -- C:\Program Files\Common Files\hagyr.sys
[2009/09/25 01:45:10 | 00,019,509 | ---- | M] () -- C:\Program Files\Common Files\eqalyj._sy
[2009/09/25 01:45:10 | 00,019,450 | ---- | M] () -- C:\Documents and Settings\Larry\Application Data\ebem._sy
[2009/09/25 01:45:10 | 00,019,219 | ---- | M] () -- C:\Program Files\Common Files\asyqir.dl
[2009/09/25 01:45:10 | 00,018,559 | ---- | M] () -- C:\Program Files\Common Files\uxivyvina._dl
[2009/09/25 01:45:10 | 00,017,169 | ---- | M] () -- C:\WINDOWS\System32\daqo.lib
[2009/09/25 01:45:10 | 00,015,386 | ---- | M] () -- C:\WINDOWS\tepexovu.exe
[2009/09/25 01:45:10 | 00,014,472 | ---- | M] () -- C:\WINDOWS\System32\kaqyg.com
[2009/09/25 01:45:10 | 00,014,346 | ---- | M] () -- C:\WINDOWS\System32\ebititaka.vbs
[2009/09/25 01:45:10 | 00,012,142 | ---- | M] () -- C:\WINDOWS\ubiladylig.pif
[2009/09/25 01:45:10 | 00,011,692 | ---- | M] () -- C:\WINDOWS\System32\omunogo.inf
[2009/09/25 01:45:09 | 00,018,866 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\bizo.dl
[2009/09/25 01:45:09 | 00,018,600 | ---- | M] () -- C:\Documents and Settings\Larry\Application Data\ixyfukog.sys
[2009/09/25 01:45:09 | 00,016,536 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\zudenubyru.ban
[2009/09/25 01:45:09 | 00,011,444 | ---- | M] () -- C:\WINDOWS\ivaceba._dl
[2009/09/25 01:45:09 | 00,011,304 | ---- | M] () -- C:\WINDOWS\juvyfev.reg
[2009/09/25 01:45:08 | 00,017,994 | ---- | M] () -- C:\WINDOWS\ozyl.reg
[2009/09/25 01:45:08 | 00,011,670 | ---- | M] () -- C:\WINDOWS\System32\ybuwele.vbs
[2009/09/25 01:45:08 | 00,011,428 | ---- | M] () -- C:\Documents and Settings\Larry\Application Data\uqarybiqow.dll
[2009/09/25 01:43:25 | 00,230,000 | ---- | M] (TheBestSoft Corporation) -- C:\Documents and Settings\Larry\Application Data\lizkavd.exe
[2009/09/25 01:38:42 | 00,264,704 | ---- | M] () -- C:\Documents and Settings\Larry\Application Data\seres.exe
[2009/09/22 20:28:52 | 00,000,828 | ---- | M] () -- C:\Documents and Settings\Larry\Desktop\The Authority Loophole.lnk
[2009/09/17 19:10:53 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/09/17 15:18:42 | 00,092,424 | ---- | M] () -- C:\Documents and Settings\Larry\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/09/17 15:01:37 | 00,334,664 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/09/10 14:54:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/09/10 14:53:50 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/09/07 00:37:15 | 00,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Desktop Manager.lnk

========== Alternate Data Streams ==========

@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >



------------------------------------------------------------------------------------------------



Extras.txt

OTL Extras logfile created on: 9/29/2009 6:54:00 PM - Run 1
OTL by OldTimer - Version 3.0.16.0 Folder = C:\Documents and Settings\Larry\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.98 Mb Total Physical Memory | 116.52 Mb Available Physical Memory | 22.80% Memory free
1.22 Gb Paging File | 0.81 Gb Available in Paging File | 66.80% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.70 Gb Total Space | 36.21 Gb Free Space | 32.42% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 1.87 Gb Total Space | 1.45 Gb Free Space | 77.76% Space Free | Partition Type: FAT
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BART
Current User Name: Larry
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.html [@ = aol_htm] -- C:\Program Files\AOL\Explorer\AOLExplorer.exe (AOL LLC)
.js [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-484763869-573735546-725345543-1004\SOFTWARE\Classes\<extension>]
.html [@ = aol_htm] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Expression\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- C:\PROGRA~1\Yahoo!\browser\ybrowser.exe %1 File not found
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Expression\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\AOL\Explorer\AOLExplorer.exe" -u "%1" (AOL LLC)
https [open] -- "C:\Program Files\AOL\Explorer\AOLExplorer.exe" -u "%1" (AOL LLC)
jsfile [edit] -- Reg Error: Key error.
jsfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (AOL LLC)
"C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe:*:Enabled:AOL -- (AOL LLC)
"C:\Program Files\America Online 9.0b\waol.exe" = C:\Program Files\America Online 9.0b\waol.exe:*:Enabled:AOL -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\ABC\abc.exe" = C:\Program Files\ABC\abc.exe:*:Enabled:abc -- File not found
"C:\WINDOWS\system32\spool\drivers\w32x86\3\LMpdpsrv.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\LMpdpsrv.exe:*:Enabled:PDP RPC Server -- (DeviceGuys)
"C:\Program Files\eDonkey2000\EDONKEY2000_.EXE" = C:\Program Files\eDonkey2000\EDONKEY2000_.EXE:*:Enabled:EDONKEY2000_ -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- File not found
"C:\Program Files\BitLord\BitLord.exe" = C:\Program Files\BitLord\BitLord.exe:*:Enabled:BitLord -- (www.BitLord.com)
"C:\Program Files\Coding Workshop Polyphonic Wizard\cwpolywz.exe" = C:\Program Files\Coding Workshop Polyphonic Wizard\cwpolywz.exe:*:Enabled:Coding Workshop Polyphonic Wizard -- File not found
"C:\Program Files\Coding Workshop Ringtone Converter\cwtone.exe" = C:\Program Files\Coding Workshop Ringtone Converter\cwtone.exe:*:Enabled:Coding Workshop Ringtone Convertor -- File not found
"C:\Program Files\Conceiva\SurfStream\SurfStream.exe" = C:\Program Files\Conceiva\SurfStream\SurfStream.exe:*:Enabled:SurfStream -- File not found
"C:\Program Files\UBISOFT\Prince Of Persia - The Sands Of Time\POP.exe" = C:\Program Files\UBISOFT\Prince Of Persia - The Sands Of Time\POP.exe:*:Enabled:POP -- File not found
"C:\Program Files\Singles\singles.exe" = C:\Program Files\Singles\singles.exe:*:Enabled:singles -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (AOL LLC)
"C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe:*:Enabled:AOL -- (AOL LLC)
"C:\Program Files\America Online 8.0\waol.exe" = C:\Program Files\America Online 8.0\waol.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader -- (AOL LLC)
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon -- File not found
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed -- File not found
"C:\Program Files\Common Files\AOL\1107754144\EE\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1107754144\EE\AOLServiceHost.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\System Information\sinf.exe" = C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe" = C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL -- (Gteko Ltd.)
"C:\Program Files\Anti-Leech\ALIE\alhlp.exe" = C:\Program Files\Anti-Leech\ALIE\alhlp.exe:*:Enabled:Anti-Leech plugin helper program -- File not found
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Program Files\SEO Website Builder\SEOSiteBuilder.exe" = C:\Program Files\SEO Website Builder\SEOSiteBuilder.exe:*:Enabled:SEO Site Builder -- File not found
"C:\Program Files\Yahoo!\Messenger\YPager.exe" = C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger -- File not found
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- File not found
"C:\Program Files\America Online 9.0b\waol.exe" = C:\Program Files\America Online 9.0b\waol.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Support.com\bin\tgcmd.exe" = C:\Program Files\Support.com\bin\tgcmd.exe:*:Enabled:Support.com Scheduler and Command Dispatcher -- (SupportSoft, Inc.)
"C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe" = C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed -- File not found
"C:\Program Files\Common Files\AOL\1107754144\EE\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1107754144\EE\aolsoftware.exe:*:Enabled:AOL Services -- (AOL LLC)
"C:\Program Files\Common Files\AOL\1107754144\EE\AOLOpenRide.exe" = C:\Program Files\Common Files\AOL\1107754144\EE\AOLOpenRide.exe:*:Enabled:AOL OpenRide -- File not found
"C:\WINDOWS\kdx\khost.exe" = C:\WINDOWS\kdx\khost.exe:*:Enabled:Delivery Manager -- (Kontiki Inc.)
"C:\Program Files\TurboTax\Premier 2006\32bit\ttax.exe" = C:\Program Files\TurboTax\Premier 2006\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- File not found
"C:\Program Files\TurboTax\Premier 2006\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Premier 2006\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- File not found
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\AOL 9.0\waol.exe" = C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL -- File not found
"C:\Program Files\AOL 9.1\waol.exe" = C:\Program Files\AOL 9.1\waol.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\1107754144\EE\AOLDesktop.exe" = C:\Program Files\Common Files\AOL\1107754144\EE\AOLDesktop.exe:*:Enabled:AOL Desktop -- File not found
"C:\Program Files\TurboTax\Premier 2007\32bit\ttax.exe" = C:\Program Files\TurboTax\Premier 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- File not found
"C:\Program Files\TurboTax\Premier 2007\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Premier 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- File not found
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00D2E169-5307-4626-81BC-4A2B0BFBA3F4}" = Keyword Research Pro
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{0A06D517-BEE7-2D03-9792-CF1A30E29A70}" = Skins
"{11F1920A-56A2-4642-B6E0-3B31A12C9288}" = Dell Solution Center
"{1481D8E3-EA17-7697-3738-F5AA7784C902}" = ccc-utility
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{25569723-DC5A-4467-A639-79535BF01B71}" = Adobe Help Center 2.1
"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
"{3248F0A8-6813-11D6-A77B-00B0D0150000}" = J2SE Runtime Environment 5.0
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4C0F15CA-2032-5D72-F209-A89E02A5FE0F}" = CCC Help English
"{4D612FB2-1AE7-4E46-9377-35BB2F06A787}" = Roxio Media Manager
"{59A67AEF-CABF-32CA-5407-55049E899A11}" = Catalyst Control Center Graphics Light
"{67A48ED5-0B6A-470A-995C-B8F1942E8AB9}" = Diskeeper 2008 Pro Premier
"{706D5382-7381-4680-9DD0-161832578252}" = DellTouch
"{71CBF9BB-7E07-4A9D-BF30-84C11810B242}" = ESET Smart Security
"{72736F5F-520D-472A-88CC-7B02872FD34E}" = ATI Catalyst Registration
"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
"{88739060-F683-11D3-B761-00105AD153C1}" = Lexmark X125
"{89661B04-C646-4412-B6D3-5E19F02F1F37}" = EAX4 Unified Redist
"{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}" = Musicmatch® Jukebox
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}_WebDesigner_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}_WebDesigner_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}_WebDesigner_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0026-0000-0000-0000000FF1CE}" = Microsoft Expression Web
"{90120000-0026-0000-0000-0000000FF1CE}_WebDesigner_{9037FDA8-8383-4B6F-859D-D49C3C625225}" = Microsoft Expression Web Service Pack 1 (SP1)
"{90120000-0026-0409-0000-0000000FF1CE}" = Microsoft Expression Web MUI (English)
"{90120000-0026-0409-0000-0000000FF1CE}_WebDesigner_{DA3B8FC6-8B1D-447A-A5EE-B226DCC10662}" = Microsoft Expression Web Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0409-0000-0000000FF1CE}_WebDesigner_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00B0-0409-0000-0000000FF1CE}" = Microsoft Save as PDF Add-in for 2007 Microsoft Office programs
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}_WebDesigner_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{901A5511-070B-20DF-2F5A-5FA29C302C2A}" = Catalyst Control Center Graphics Full Existing
"{943803CB-20FA-F4EB-E4A6-A3B055A1DC2E}" = ccc-core-preinstall
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime
"{9EE5A621-A673-37C4-E31A-A7D5696B6F29}" = Catalyst Control Center Graphics Previews Common
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A7B609FB-83D8-4FC3-8477-1BC65ECFE85B}" = Adobe Photoshop Elements 5.0
"{AC76BA86-1033-F400-7760-000000000003}" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
"{B2F6B336-798D-77C2-21C9-392D4B0188F9}" = Catalyst Control Center Core Implementation
"{B474E72D-F65C-4CCD-BA5E-941DC43399A1}" = DownloadStudio
"{B78EAA23-2D9B-CD91-6ABF-B96EC49BBA37}" = ccc-core-static
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{D9758C4B-CDD0-536F-D90E-9D74AFC3A35E}" = Catalyst Control Center Graphics Full New
"{E1981A20-DA8A-11DB-6784-00378DDC18BE}" = WebsiteHeadlineWizard
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
"{E82BF103-904F-49C0-B77F-6EC110B71E87}" = Sound Blaster Audigy 2
"{E9F81423-211E-46B6-9AE0-38568BC5CF6F}" =
"{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}" = WexTech AnswerWorks
"{ED55BFEF-90F3-4926-9536-D94FDBBF65DC}" = Zune
"{F8C04C5B-8876-424D-B428-23626373D2A0}" = BlackBerry Desktop Software 5.0
"6F128087AFFFF5D4F4FEE6429736470CD5C1E4E2" = Windows Driver Package - Microsoft WPD (12/01/2006 1.2.0.0)
"Adobe Acrobat 8 Professional - English, Français, Deutsch" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"Adobe Atmosphere Player" = Adobe Atmosphere Player for Acrobat and Adobe Reader
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 5" = Adobe Photoshop Elements 5.0
"Adobe Shockwave Player" = Adobe Shockwave Player
"All ATI Software" = ATI - Software Uninstall Utility
"AOL Deskbar" = AOL Deskbar
"AOL Toolbar" = AOL Toolbar 5.0
"AOL Toolbar 5.0" =
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"AOL YGP Screensaver" = AOL You've Got Pictures Screensaver
"AolCoach2_en" = AOL Coach Version 2.0(Build:20041026.5 en)
"ATI Display Driver" = ATI Display Driver
"BCM V.92 56K Modem" = BCM V.92 56K Modem
"BitLord" = BitLord 1.1
"BlackBerry_{F8C04C5B-8876-424D-B428-23626373D2A0}" = BlackBerry Desktop Software 5.0
"ColorPic" = ColorPic
"dBpowerAMP Music Converter" = dBpowerAMP Music Converter
"dBpowerAMP Real Audio Codec" = dBpowerAMP Real Audio Codec
"dBPowerAMP Real Audio Encoder R3" = dBPowerAMP Real Audio Encoder R3
"DE273599-96B0-4836-97C2-B2025C625F81" = The Authority Loophole
"DFX for MUSICMATCH" = DFX for MUSICMATCH
"Domain Name Analyzer_is1" = Domain Name Analyzer v3.2.022303
"Easy Real Converter_is1" = Easy Real Converter V1.40
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FileZilla" = FileZilla (remove only)
"FileZilla Client" = FileZilla Client 3.0.9.1
"Grand Theft Auto" = Grand Theft Auto
"Indeo® Software" = Indeo® Software
"InstallShield_{95633EBE-216B-48B5-B103-0C9919787F46}" = Obscure
"kdx_aolhqvprod" = AOL Hi-Q Video
"Keyword Results Analyzer version 2 2.0.1.3." = Keyword Results Analyzer version 2 2.0.1.3.
"KRA Pro_is1" = KRA Pro v4
"KRA V4.0.0.33. manual upgrade_is1" = KRA v4
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.11)" = Mozilla Firefox (3.0.11)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Music Assistant" = MSN Music Assistant
"MSN Toolbar" = MSN Toolbar
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NetSight" = Nielsen//NetRatings
"NOD32 v3.x FiX 1.1 by TemDono_is1" = NOD32 v3.x FiX 1.1 by TemDono (Free Updates - Expire in 2050)
"PLR Dashboard_is1" = PLR Dashboard 1.0
"PROSet" = Intel® PRO Ethernet Adapter and Software
"QuickTime" = QuickTime
"RealPlayer 6.0" = RealPlayer Basic
"Search Automator Pro" = Search Automator Pro 2.0
"SEO Website Builder 1.6.19" = SEO Website Builder 1.6.19
"SoftICE" = NuMega SoftICE
"StreetPlugin" = Learn2 Player (Uninstall Only)
"SWF Opener" = SWF Opener
"TurboTax 2008" = TurboTax 2008
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WebDesigner" = Microsoft Expression Web
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xenu_is1" = Xenu's Link Sleuth
"YInstHelper" = Yahoo! Install Manager
"YNAB_Pro_is1" = YNAB Pro version 2.9.4.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-484763869-573735546-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"AI RoboForm" = AI RoboForm
"GoToMeeting" = GoToMeeting/GoToWebinar 3.0.0.190

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/28/2009 4:53:41 PM | Computer Name = BART | Source = Application Error | ID = 1000
Description = Faulting application khost.exe, version 4.22.60714.0, faulting module
khost.exe, version 4.22.60714.0, fault address 0x00007e10.

Error - 9/28/2009 5:31:29 PM | Computer Name = BART | Source = Application Error | ID = 1000
Description = Faulting application khost.exe, version 4.22.60714.0, faulting module
khost.exe, version 4.22.60714.0, fault address 0x00007e10.

Error - 9/28/2009 5:33:40 PM | Computer Name = BART | Source = Application Hang | ID = 1002
Description = Hanging application HijackThis.exe, version 2.0.0.2, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 9/28/2009 6:38:48 PM | Computer Name = BART | Source = Application Error | ID = 1000
Description = Faulting application khost.exe, version 4.22.60714.0, faulting module
khost.exe, version 4.22.60714.0, fault address 0x00007e10.

Error - 9/28/2009 6:41:12 PM | Computer Name = BART | Source = Application Hang | ID = 1002
Description = Hanging application HijackThis.exe, version 2.0.0.2, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 9/28/2009 6:47:31 PM | Computer Name = BART | Source = Application Hang | ID = 1002
Description = Hanging application HijackThis.exe, version 2.0.0.2, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 9/28/2009 7:35:50 PM | Computer Name = BART | Source = Application Hang | ID = 1002
Description = Hanging application HijackThis.exe, version 2.0.0.2, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 9/28/2009 10:02:23 PM | Computer Name = BART | Source = Application Error | ID = 1000
Description = Faulting application khost.exe, version 4.22.60714.0, faulting module
khost.exe, version 4.22.60714.0, fault address 0x00007e10.

Error - 9/28/2009 10:18:42 PM | Computer Name = BART | Source = Application Error | ID = 1000
Description = Faulting application khost.exe, version 4.22.60714.0, faulting module
khost.exe, version 4.22.60714.0, fault address 0x00007e10.

Error - 9/29/2009 7:52:03 PM | Computer Name = BART | Source = Application Error | ID = 1000
Description = Faulting application khost.exe, version 4.22.60714.0, faulting module
khost.exe, version 4.22.60714.0, fault address 0x00007e10.

[ OSession Events ]
Error - 11/29/2007 9:05:31 PM | Computer Name = BART | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6024.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 86
seconds with 0 seconds of active time. This session ended with a crash.

Error - 2/17/2008 2:52:20 PM | Computer Name = BART | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 20, Application Name: Microsoft Expression Web, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 2139
seconds with 1560 seconds of active time. This session ended with a crash.

Error - 3/9/2008 12:10:36 AM | Computer Name = BART | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6023.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 96
seconds with 60 seconds of active time. This session ended with a crash.

Error - 5/3/2008 1:48:35 PM | Computer Name = BART | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 20, Application Name: Microsoft Expression Web, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 199
seconds with 120 seconds of active time. This session ended with a crash.

Error - 7/12/2008 5:31:02 PM | Computer Name = BART | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6300.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 1378413
seconds with 4620 seconds of active time. This session ended with a crash.

Error - 7/13/2008 3:28:53 PM | Computer Name = BART | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 20, Application Name: Microsoft Expression Web, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 4
seconds with 0 seconds of active time. This session ended with a crash.

Error - 7/13/2008 3:29:20 PM | Computer Name = BART | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 20, Application Name: Microsoft Expression Web, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1
seconds with 0 seconds of active time. This session ended with a crash.

Error - 11/9/2008 5:34:38 PM | Computer Name = BART | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6324.5001, Microsoft Office Version: 12.0.6215.1000. This session lasted 83
seconds with 60 seconds of active time. This session ended with a crash.

Error - 12/5/2008 8:15:32 PM | Computer Name = BART | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 1151920
seconds with 6300 seconds of active time. This session ended with a crash.

Error - 6/13/2009 6:32:56 PM | Computer Name = BART | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 1053
seconds with 900 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 9/28/2009 6:32:47 PM | Computer Name = BART | Source = Print | ID = 23
Description = Printer Easy PDF Creator failed to initialize because a suitable Easy
PDF Creator driver could not be found.

Error - 9/28/2009 6:33:14 PM | Computer Name = BART | Source = ati2mtag | ID = 45062
Description = CRT invalid display type

Error - 9/28/2009 6:38:32 PM | Computer Name = BART | Source = Print | ID = 23
Description = Printer Easy PDF Creator failed to initialize because a suitable Easy
PDF Creator driver could not be found.

Error - 9/28/2009 6:39:00 PM | Computer Name = BART | Source = ati2mtag | ID = 45062
Description = CRT invalid display type

Error - 9/28/2009 10:02:12 PM | Computer Name = BART | Source = Print | ID = 23
Description = Printer Easy PDF Creator failed to initialize because a suitable Easy
PDF Creator driver could not be found.

Error - 9/28/2009 10:02:41 PM | Computer Name = BART | Source = ati2mtag | ID = 45062
Description = CRT invalid display type

Error - 9/28/2009 10:18:27 PM | Computer Name = BART | Source = Print | ID = 23
Description = Printer Easy PDF Creator failed to initialize because a suitable Easy
PDF Creator driver could not be found.

Error - 9/28/2009 10:18:54 PM | Computer Name = BART | Source = ati2mtag | ID = 45062
Description = CRT invalid display type

Error - 9/29/2009 7:51:44 PM | Computer Name = BART | Source = Print | ID = 23
Description = Printer Easy PDF Creator failed to initialize because a suitable Easy
PDF Creator driver could not be found.

Error - 9/29/2009 7:52:10 PM | Computer Name = BART | Source = ati2mtag | ID = 45062
Description = CRT invalid display type


< End of report >

#8 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:11:21 PM

Posted 30 September 2009 - 07:11 PM

Now that you were successful in creating a OTL log you need to post it in our HJT forum:
http://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-logs/
Give a brief description and tell them that this log was all you could get to run successfully
The HJT team is extremely busy, so be patient and good luck
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users