Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help! Adds Windows Admin Accounts and Disables Mine!


  • This topic is locked This topic is locked
10 replies to this topic

#1 JacksonTango

JacksonTango

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:48 AM

Posted 05 December 2009 - 09:18 PM

Hi!

Just as my topic states, someone is adding windows user accounts.
They are making admin accounts that are password protected and disabling my Normal Administrator account. I have symantec corporate edition. It has performed multiple full scans and returned no threats. I have windows firewall up and Comodo Firewall up. Nothing stops this from happening. I keep getting locked out of my own computer. Please help. I have attached my Hijackthis report. I hope it helps. Here are some specs:

Os: WinXP64
AV: Symantec Corporate
FW: Windows, Comodo

Attached Files



BC AdBot (Login to Remove)

 


#2 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:48 PM

Posted 19 December 2009 - 04:23 PM

Hi,

My name is Extremeboy (or EB for short), and I will be helping you with your log.

We apologize for the delay of response.

If you still require assistance we would like to see the current condition of your system so please post a new set of DDS Logs as well as a RootRepeal log and a description of any remaining problems or symptoms you may still have please.

If for any reason you did not post a DDS log or RootRepeal log please refer to this page and in step #6 and Step #7 for further instructions on downloading and running DDS & RootRepeal. If you have any problems just let me know in your next reply or simply post a Hijackthis log.


For your next reply I would like to see:
-The DDS logs
---DDS.txt and Attach logs
-RootRepeal logs
-Description of any remaining problems you may still have.


Thanks again and we apologize for the delay.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#3 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:48 PM

Posted 24 December 2009 - 12:09 PM

Hello.

Due to Lack of feedback, this topic is now Closed

If you need this topic reopened, please Send Me a Message. In your message please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#4 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:48 PM

Posted 24 December 2009 - 05:51 PM

Re-opened upon user's request.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#5 JacksonTango

JacksonTango
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:48 AM

Posted 24 December 2009 - 06:58 PM

I tried to use both the dds.scr and rootrepeale.exe but neither support 64bit XP. Now what?

#6 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:48 PM

Posted 24 December 2009 - 07:02 PM

DDS is 64bit compatible the last time I checked.

Anyways, let's try OTL then. Also give me an update of the condition of your machine. What problems/issues do you still have?

Download and run OTL
  • Download OTL by OldTimer and save it to your desktop.
  • Double click on the Posted Image icon on your desktop. If you are using Vista, please right-click and select run as administrator
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • It will now begin to scan, please be paitent while it scans.
  • Two reports will open once it's done.
  • Please copy and paste them in your next reply:
  • OTL.txt <-- Will be opened
  • Extras.txt <-- Will be minimized


Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#7 JacksonTango

JacksonTango
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:48 AM

Posted 24 December 2009 - 07:42 PM

OTL logfile created on: 12/24/2009 4:07:55 PM - Run 1
OTL by OldTimer - Version 3.1.20.0 Folder = C:\Documents and Settings\Administrator\Desktop
64bit-Windows Server 2003 Service Pack 2 (Version = 5.2.3790) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 5.00 Gb Available Physical Memory | 64.00% Memory free
10.00 Gb Paging File | 7.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 233.76 Gb Total Space | 93.22 Gb Free Space | 39.88% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 931.51 Gb Total Space | 179.68 Gb Free Space | 19.29% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ZER0MAIN
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - File not found -- C:\WINDOWS\SysWow64\fmmtimersvc.exe
PRC - [2009/12/24 16:07:25 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2009/12/16 20:12:42 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2009/12/14 08:44:08 | 00,145,408 | ---- | M] (Bean Factory) -- C:\Documents and Settings\Administrator\Desktop\ServerDoc\ServerDoc4\serverdoc4.exe
PRC - [2009/12/14 08:44:08 | 00,145,408 | ---- | M] (Bean Factory) -- C:\Documents and Settings\Administrator\Desktop\ServerDoc\ServerDoc3\serverdoc3.exe
PRC - [2009/12/14 08:44:08 | 00,145,408 | ---- | M] (Bean Factory) -- C:\Documents and Settings\Administrator\Desktop\ServerDoc\ServerDoc2\serverdoc2.exe
PRC - [2009/12/14 08:44:08 | 00,145,408 | ---- | M] (Bean Factory) -- C:\Documents and Settings\Administrator\Desktop\ServerDoc\ServerDoc\serverdoc.exe
PRC - [2009/12/11 16:03:32 | 00,289,584 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
PRC - [2009/12/03 16:14:02 | 00,276,816 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2009/11/27 16:16:50 | 00,132,344 | ---- | M] () -- C:\Srcds2\orangebox\srcds.exe
PRC - [2009/11/27 07:48:14 | 04,975,400 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer.exe
PRC - [2009/11/27 07:24:34 | 00,185,640 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
PRC - [2009/09/15 05:54:02 | 00,224,768 | ---- | M] (Pro²soft) -- C:\Program Files (x86)\Bandwidth Monitor Pro\Bandwidth Monitor Pro.exe
PRC - [2009/09/08 17:12:04 | 00,132,344 | ---- | M] () -- F:\Srcds4\orangebox\srcds.exe
PRC - [2009/08/13 20:59:31 | 00,467,240 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe
PRC - [2009/07/26 12:47:29 | 00,132,344 | ---- | M] () -- F:\Srcds3\orangebox\srcds.exe
PRC - [2009/06/11 21:05:57 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\bin\jqs.exe
PRC - [2009/06/11 21:05:57 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\bin\jusched.exe
PRC - [2009/04/07 14:34:40 | 00,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2009/04/07 14:34:40 | 00,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2009/03/24 18:10:42 | 17,567,744 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE
PRC - [2009/03/16 03:29:28 | 06,562,432 | ---- | M] () -- C:\xampp\mysql\bin\mysqld.exe
PRC - [2009/03/12 17:18:48 | 00,602,624 | ---- | M] () -- C:\Program Files (x86)\Everything\Everything.exe
PRC - [2009/03/09 07:50:48 | 01,433,952 | ---- | M] (Nullsoft) -- C:\Program Files (x86)\Winamp\winamp.exe
PRC - [2009/03/09 07:49:18 | 00,037,888 | ---- | M] () -- C:\Program Files (x86)\Winamp\winampa.exe
PRC - [2009/03/03 02:19:28 | 00,691,200 | ---- | M] (FileZilla Project) -- c:\xampp\FileZillaFTP\FileZillaServer.exe
PRC - [2009/02/18 10:41:34 | 00,147,456 | ---- | M] () -- C:\xampp\xampp-control.exe
PRC - [2008/12/09 15:10:14 | 00,024,636 | ---- | M] (Apache Software Foundation) -- C:\xampp\apache\bin\httpd.exe
PRC - [2008/09/24 13:32:48 | 00,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2008/06/15 14:08:08 | 17,357,312 | ---- | M] () -- C:\Program Files (x86)\Super_DVD_Creator_9.8\DVD_Creator.exe
PRC - [2008/04/30 18:54:14 | 00,243,200 | ---- | M] (Outertech) -- C:\Program Files (x86)\CachemanXP\CachemanXP.exe
PRC - [2008/01/19 19:01:08 | 04,388,192 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe
PRC - [2008/01/19 19:01:08 | 02,245,984 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Ghost\Agent\VProTray.exe
PRC - [2007/10/12 08:34:56 | 00,071,096 | ---- | M] () -- C:\Program Files (x86)\Super_DVD_Creator_9.8\NMSAccessU.exe
PRC - [2007/09/02 12:58:52 | 00,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe
PRC - [2007/05/28 08:57:54 | 00,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
PRC - [2007/04/27 01:56:19 | 01,582,864 | ---- | M] (ALTAP) -- C:\Program Files (x86)\Altap Salamander 2.5\SALAMAND.exe
PRC - [2007/04/24 18:19:54 | 03,581,680 | ---- | M] (Stardock) -- C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe
PRC - [2006/09/27 19:33:44 | 00,125,168 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec AntiVirus\VPTray.exe
PRC - [2006/09/27 19:33:32 | 01,813,232 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec AntiVirus\Rtvscan.exe
PRC - [2006/09/27 19:33:22 | 00,031,472 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec AntiVirus\DefWatch.exe
PRC - [2006/08/04 13:04:12 | 00,873,472 | ---- | M] (Virdi Software) -- C:\Program Files (x86)\EyeOnSite\EyeOnSite.exe
PRC - [2006/07/19 18:26:12 | 00,169,632 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2006/07/19 18:26:06 | 00,192,160 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2006/07/19 18:26:04 | 00,052,896 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
PRC - [2006/01/21 03:41:56 | 00,118,784 | ---- | M] () -- C:\Program Files (x86)\Vista Rainbar\Rainmeter.exe


========== Modules (SafeList) ==========

MOD - [2009/12/24 16:07:25 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
MOD - [2009/08/03 17:51:35 | 00,139,008 | ---- | M] () -- C:\WINDOWS\SysWOW64\guard32.dll
MOD - [2007/09/02 12:57:36 | 00,069,632 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.dll
MOD - [2007/04/24 14:22:12 | 00,112,400 | ---- | M] () -- C:\Program Files (x86)\Stardock\ObjectDock\DockShellHook.dll
MOD - [2007/02/18 10:24:12 | 01,051,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\wow64_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.3790.3959_x-ww_5FA17F4E\comctl32.dll
MOD - [2007/02/18 10:06:00 | 00,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\winsta.dll
MOD - [2007/02/18 10:05:38 | 00,177,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\msctfime.ime
MOD - [2007/02/18 10:05:22 | 00,797,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\comres.dll
MOD - [2006/05/03 21:53:54 | 00,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\framedyn.dll
MOD - [2005/03/25 04:00:00 | 00,017,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\fltlib.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/08/03 17:51:42 | 00,699,648 | ---- | M] (COMODO) [Auto | Stopped] -- C:\Program Files\Comodo\Firewall\cmdagent.exe -- (cmdAgent)
SRV:64bit: - [2009/05/20 13:35:40 | 01,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2007/11/07 09:11:22 | 04,466,688 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon90)
SRV:64bit: - [2007/05/21 13:38:12 | 00,832,512 | ---- | M] (Locktime Software) [Auto | Running] -- C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe -- (nlsvc)
SRV - [2009/12/03 16:14:02 | 00,276,816 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2009/11/27 07:24:34 | 00,185,640 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2009/09/15 05:54:02 | 00,224,768 | ---- | M] (Pro²soft) [Auto | Running] -- C:\Program Files (x86)\Bandwidth Monitor Pro\Bandwidth Monitor Pro.exe -- (Bandwidth Monitor Pro)
SRV - [2009/07/22 22:05:39 | 00,072,704 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2009/06/11 21:05:57 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/06/04 14:36:32 | 00,068,096 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service)
SRV - [2009/05/20 13:29:07 | 00,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/04/07 14:34:40 | 00,642,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2009/03/16 03:29:28 | 06,562,432 | ---- | M] () [Auto | Running] -- C:\xampp\mysql\bin\mysqld.exe -- (mysql)
SRV - [2009/03/03 02:19:28 | 00,691,200 | ---- | M] (FileZilla Project) [On_Demand | Running] -- c:\xampp\FileZillaFTP\FileZillaServer.exe -- (FileZilla Server)
SRV - [2008/12/09 15:10:14 | 00,024,636 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\xampp\apache\bin\httpd.exe -- (Apache2.2)
SRV - [2008/11/20 11:18:52 | 00,136,120 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2008/09/24 13:32:48 | 00,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2008/08/15 04:46:20 | 00,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
SRV - [2008/07/25 09:13:48 | 00,093,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2008/07/25 09:13:44 | 00,046,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\aspnet_state.exe -- (aspnet_state)
SRV - [2008/04/30 18:54:14 | 00,243,200 | ---- | M] (Outertech) [Auto | Running] -- C:\Program Files (x86)\CachemanXP\CachemanXP.exe -- (CachemanXPService)
SRV - [2008/01/19 19:01:08 | 04,388,192 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe -- (Norton Ghost)
SRV - [2007/12/20 18:01:02 | 00,060,928 | ---- | M] () [Auto | Stopped] -- C:\xampp\service.exe -- (XAMPP)
SRV - [2007/12/20 16:13:48 | 02,538,480 | ---- | M] (Symantec) [On_Demand | Running] -- C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe -- (SymSnapService)
SRV - [2007/10/12 08:34:56 | 00,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Super_DVD_Creator_9.8\NMSAccessU.exe -- (NMSAccessU)
SRV - [2007/09/12 17:27:24 | 02,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007/05/28 08:57:54 | 00,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2007/03/11 21:02:52 | 00,131,072 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2007/03/11 21:01:52 | 00,853,504 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2007/03/11 20:37:52 | 00,217,088 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2007/02/16 23:44:20 | 00,077,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\pchsvc.dll -- (helpsvc)
SRV - [2006/10/26 23:47:54 | 00,065,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2006/09/27 19:33:32 | 01,813,232 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2006/09/27 19:33:22 | 00,031,472 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2006/07/19 18:26:12 | 00,169,632 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2006/07/19 18:26:06 | 00,192,160 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2005/03/25 04:00:00 | 00,162,816 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\iasrecst.dll -- (IASJet)
SRV - [2005/03/25 04:00:00 | 00,039,424 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\wdfmgr.exe -- (UMWdf)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2006/09/18 16:55:36 | 00,156,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT64x86.SYS -- (SymEvent)
DRV - [2009/10/13 09:57:15 | 00,000,000 | ---D | M] [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Samsung\Samsung PC Studio 3\Update -- (Update)
DRV - [2009/08/27 10:07:30 | 01,742,896 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\VirusDefs\20091218.003\EX64.SYS -- (NAVEX15)
DRV - [2009/08/27 10:07:30 | 00,475,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2009/08/27 10:07:30 | 00,132,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/08/27 10:07:30 | 00,116,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\VirusDefs\20091218.003\ENG64.SYS -- (NAVENG)
DRV - [2009/07/15 11:04:21 | 00,004,096 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files (x86)\Common Files\Avnex\vcs64.sys -- (vcs)
DRV - [2008/08/14 06:57:42 | 00,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SysWOW64\Drivers\adfs.sys -- (adfs)
DRV - [2006/09/06 13:41:34 | 00,476,856 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Symantec AntiVirus\Savrt64x86.sys -- (SAVRT)
DRV - [2006/09/06 13:41:34 | 00,063,672 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Symantec AntiVirus\Savrtpel64x86.sys -- (SAVRTPEL)
DRV - [2005/03/25 04:00:00 | 00,033,792 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\SysWOW64\mnmdd.dll -- (mnmdd)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-4134131828-3585166198-1458744044-500\S-1-5-21-4134131828-3585166198-1458744044-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {b0e1b4a6-2c6f-4e99-94f2-8e625d7ae255}:3.0.4
FF - prefs.js..extensions.enabledItems: {4DC70064-89E2-4a55-8FC6-E8CDEAE3612C}:0.6.5
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.2
FF - prefs.js..extensions.enabledItems: {097d3191-e6fa-4728-9826-b533d755359d}:0.7.10
FF - prefs.js..extensions.enabledItems: anycolor.pavlos256@gmail.com:0.3.1
FF - prefs.js..extensions.enabledItems: {ca0849e8-2c76-42ae-9abe-34e14d337acf}:1.91
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.5
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.6.5
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.4.5
FF - prefs.js..extensions.enabledItems: firecookie@janodvarko.cz:0.9.1
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:3.3.19
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:0.9.10.1
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.2.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d}:0.8.19
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.2
FF - prefs.js..extensions.enabledItems: {68836a21-fc7d-4ea1-a065-7efabd99d414}:2.7
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20091028
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.8
FF - prefs.js..extensions.enabledItems: {37fa1426-b82d-11db-8314-0800200c9a66}:1.5.5
FF - prefs.js..extensions.enabledItems: yslow@yahoo-inc.com:2.0.2

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2009/12/16 20:13:20 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2009/12/16 20:13:20 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2009/05/20 11:38:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2009/12/21 15:50:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\435de41p.default\extensions
[2009/07/17 06:02:29 | 00,000,000 | ---D | M] (Forecastfox) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\435de41p.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2009/07/18 05:42:59 | 00,000,000 | ---D | M] (All-in-One Sidebar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\435de41p.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}
[2009/12/14 08:38:54 | 00,000,000 | ---D | M] (Flagfox) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\435de41p.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2009/07/17 07:26:19 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\435de41p.default\extensions\{27c60876-b5c9-4335-b4f3-52b26782220c}
[2009/12/04 08:18:35 | 00,000,000 | ---D | M] (WebMail Notifier) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\435de41p.default\extensions\{37fa1426-b82d-11db-8314-0800200c9a66}
[2009/12/14 08:38:56 | 00,000,000 | ---D | M] (ShowIP) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\435de41p.default\extensions\{3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d}
[2009/08/18 19:54:13 | 00,000,000 | ---D | M] (Ad blocker) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\435de41p.default\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3612C}
[2009/07/17 06:02:33 | 00,000,000 | ---D | M] (View Source Chart) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\435de41p.default\extensions\{68836a21-fc7d-4ea1-a065-7efabd99d414}
[2009/10/06 09:48:32 | 00,000,000 | ---D | M] (Firefox Showcase) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\435de41p.default\extensions\{89506680-e3f4-484c-a2c0-ed711d481eda}
[2009/11/07 09:57:17 | 00,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\435de41p.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2009/12/15 21:15:56 | 00,000,000 | ---D | M] (ReminderFox) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\435de41p.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2009/08/21 06:07:27 | 00,000,000 | ---D | M] (Abduction!) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\435de41p.default\extensions\{b0e1b4a6-2c6f-4e99-94f2-8e625d7ae255}
[2009/11/20 17:10:43 | 00,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\435de41p.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/07/04 16:24:47 | 00,000,000 | ---D | M] (Web Developer) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\435de41p.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2009/10/22 15:24:27 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\435de41p.default\extensions\{ca0849e8-2c76-42ae-9abe-34e14d337acf}
[2009/11/16 17:34:43 | 00,000,000 | ---D | M] (LinkExtend) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\435de41p.default\extensions\{cf47767d-5f3a-4e32-9fce-5d79565c9702}
[2009/12/14 08:38:52 | 00,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\435de41p.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/08/12 05:43:10 | 00,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\435de41p.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2009/10/14 06:17:52 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\435de41p.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2009/09/03 15:28:47 | 00,000,000 | ---D | M] (FoxTab) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\435de41p.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
[2009/07/18 11:37:33 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\435de41p.default\extensions\{F5DDF39C-9293-4d5e-9AA8-E04E6DD5E9B4}
[2009/12/14 09:39:59 | 00,000,000 | ---D | M] (New Tab King) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\435de41p.default\extensions\{FC5BAC7D-D696-4ba6-B913-CF8F000C33DF}
[2009/10/25 06:44:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\435de41p.default\extensions\anycolor.pavlos256@gmail.com
[2009/11/07 09:56:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\435de41p.default\extensions\firebug@software.joehewitt.com
[2009/10/06 15:06:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\435de41p.default\extensions\firecookie@janodvarko.cz
[2009/12/01 21:30:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\435de41p.default\extensions\foxyproxy@eric.h.jung
[2009/10/22 15:24:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\435de41p.default\extensions\piclens@cooliris.com
[2009/09/08 16:20:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\435de41p.default\extensions\sharing@addons.mozilla.org
[2009/11/16 17:34:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\435de41p.default\extensions\yslow@yahoo-inc.com
[2009/12/21 15:50:49 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions

Hosts file not found
O2:64bit: - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 9\DLLx64\SnagitBHO64.dll (TechSmith Corporation)
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 9\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files (x86)\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files (x86)\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found
O3:64bit: - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 9\DLLx64\SnagitIEAddin64.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 9\SnagitIEAddin.dll (TechSmith Corporation)
O3 - HKU\S-1-5-21-4134131828-3585166198-1458744044-500\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [AlcWzrd] C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)
O4:64bit: - HKLM..\Run: [COMODO Firewall Pro] C:\Program Files\Comodo\Firewall\cfp.exe (COMODO)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\SysNative\NvCpl.DLL File not found
O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\SysNative\NvMcTray.DLL File not found
O4:64bit: - HKLM..\Run: [nwiz] File not found
O4:64bit: - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ccApp] C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [EyeOnSite] C:\Program Files (x86)\EyeOnSite\EyeOnSite.exe (Virdi Software)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [nmapp] C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [Norton Ghost 14.0] C:\Program Files (x86)\Norton Ghost\Agent\VProTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [vptray] C:\Program Files (x86)\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe ()
O4 - HKU\.DEFAULT..\Run: [Bandwidth Monitor Pro] C:\Program Files (x86)\Bandwidth Monitor Pro\Bandwidth Monitor Pro.exe (Pro²soft)
O4 - HKU\S-1-5-18..\Run: [Bandwidth Monitor Pro] C:\Program Files (x86)\Bandwidth Monitor Pro\Bandwidth Monitor Pro.exe (Pro²soft)
O4 - HKU\S-1-5-21-4134131828-3585166198-1458744044-500..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-4134131828-3585166198-1458744044-500..\Run: [AlcoholAutomount] C:\Program Files (x86)\Alcohol Soft\Alcohol 120\axcmd.exe (Alcohol Soft Development Team)
O4 - HKU\S-1-5-21-4134131828-3585166198-1458744044-500..\Run: [Bandwidth Monitor Pro] C:\Program Files (x86)\Bandwidth Monitor Pro\Bandwidth Monitor Pro.exe (Pro²soft)
O4 - HKU\S-1-5-21-4134131828-3585166198-1458744044-500..\Run: [HijackThis startup scan] C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe (Trend Micro Inc.)
O4 - HKU\S-1-5-21-4134131828-3585166198-1458744044-500..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe ()
O4 - HKU\S-1-5-21-4134131828-3585166198-1458744044-500..\Run: [Vista Rainbar] C:\Program Files (x86)\Vista Rainbar\Rainmeter.exe ()
O4 - HKU\.DEFAULT..\RunOnce: [] File not found
O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall] C:\WINDOWS\SysWow64\tscupgrd.exe File not found
O4 - HKU\S-1-5-18..\RunOnce: [] File not found
O4 - HKU\S-1-5-18..\RunOnce: [tscuninstall] C:\WINDOWS\SysWow64\tscupgrd.exe File not found
O4 - HKU\S-1-5-19..\RunOnce: [] File not found
O4 - HKU\S-1-5-19..\RunOnce: [tscuninstall] C:\WINDOWS\SysWow64\tscupgrd.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [] File not found
O4 - HKU\S-1-5-20..\RunOnce: [tscuninstall] C:\WINDOWS\SysWow64\tscupgrd.exe File not found
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Shortcut to FileZillaFTP_start.lnk = C:\xampp\FileZillaFTP\FileZillaFTP_start.bat ()
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Shortcut to MassServerLaunch.lnk = C:\Documents and Settings\Administrator\Desktop\Batch\MassServerLaunch.bat ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 0
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 0
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 0
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 0
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-21-4134131828-3585166198-1458744044-500\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-21-4134131828-3585166198-1458744044-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-21-4134131828-3585166198-1458744044-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKU\S-1-5-21-4134131828-3585166198-1458744044-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 0
O7 - HKU\S-1-5-21-4134131828-3585166198-1458744044-500_Classes\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9:64bit: - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files (x86)\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files (x86)\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15:64bit: - ..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flash...ent/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll (Cisco Systems, Inc.)
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\SysNative\wiascr.dll File not found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O20:64bit: - AppInit_DLLs: (acaptuser64.dll) - File not found
O20:64bit: - AppInit_DLLs: (C:\WINDOWS\system32\guard64.dll) - C:\WINDOWS\SysNative\guard64.dll File not found
O20 - AppInit_DLLs: (acaptuser32.dll) - C:\WINDOWS\SysWow64\acaptuser32.dll (Adobe Systems, Inc.)
O20 - AppInit_DLLs: (C:\WINDOWS\SysWOW64\guard32.dll) - C:\WINDOWS\SysWOW64\guard32.dll ()
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UIHost - (%SystemRoot%\system32\logonui.exe) - C:\WINDOWS\SysNative\logonui.exe File not found
O20:64bit: - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: System - (lsass.exe) - File not found
O20:64bit: - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - File not found
O20:64bit: - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - File not found
O20:64bit: - Winlogon\Notify\cscdll: DllName - cscdll.dll - File not found
O20:64bit: - Winlogon\Notify\dimsntfy: DllName - dimsntfy.dll - File not found
O20:64bit: - Winlogon\Notify\fsp_lmwl: DllName - Reg Error: Key error. - Reg Error: Value error. File not found
O20:64bit: - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\SysWOW64\NavLogon.dll - File not found
O20:64bit: - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found
O20:64bit: - Winlogon\Notify\Schedule: DllName - wlnotify.dll - File not found
O20:64bit: - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - File not found
O20:64bit: - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - File not found
O20:64bit: - Winlogon\Notify\termsrv: DllName - Reg Error: Key error. - File not found
O20:64bit: - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\SysWOW64\NavLogon.dll - C:\WINDOWS\SysWOW64\NavLogon.dll (Symantec Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - File not found
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - File not found
O21:64bit: - SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files (x86)\Stardock\Object Desktop\IconPackager\iprepair64.dll File not found
O21:64bit: - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\SysNative\stobject.dll File not found
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/05/20 10:49:17 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{719b32ca-4570-11de-b6c0-9f19b8835420}\Shell - "" = AutoRun
O33 - MountPoints2\{719b32ca-4570-11de-b6c0-9f19b8835420}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{719b32ca-4570-11de-b6c0-9f19b8835420}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -- File not found
O33 - MountPoints2\{f7c45fd1-721b-11de-b47c-001fbc07a143}\Shell - "" = AutoRun
O33 - MountPoints2\{f7c45fd1-721b-11de-b47c-001fbc07a143}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f7c45fd1-721b-11de-b47c-001fbc07a143}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- File not found
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found
O33 - MountPoints2\K\Shell - "" = AutoRun
O33 - MountPoints2\K\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
64bit: O35 - comfile [open] -- "%1" %* File not found
64bit: O35 - exefile [open] -- "%1" %* File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2009/12/24 16:07:24 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2009/12/24 15:56:53 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Administrator\Desktop\RootRepeal.exe
[2009/12/23 21:46:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2009/12/22 19:53:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\DiskAid
[2009/12/22 19:49:28 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\DigiDNA
[2009/12/21 23:58:49 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2009/12/20 16:19:10 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\G-Programs
[2009/12/20 16:01:26 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\DiskSpeed
[2009/12/17 18:38:03 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft SDKs
[2009/12/17 18:36:26 | 00,000,000 | ---D | C] -- C:\Program Files\Business Objects
[2009/12/17 18:29:40 | 00,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\js
[2009/12/17 18:29:40 | 00,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\images
[2009/12/17 18:29:40 | 00,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\html
[2009/12/17 18:29:40 | 00,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\css
[2009/12/17 18:29:40 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Business Objects
[2009/12/17 18:23:19 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/12/17 17:48:05 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server
[2009/12/17 17:47:52 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server
[2009/12/17 17:45:22 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Device Emulator
[2009/12/17 17:41:38 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Mobile 5.0 SDK R2
[2009/12/17 17:38:28 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Synchronization Services
[2009/12/17 17:38:22 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2009/12/17 17:00:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PreEmptive Solutions
[2009/12/17 16:43:42 | 00,000,000 | ---D | C] -- C:\WINDOWS\symbols
[2009/12/17 16:36:08 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SDKs
[2009/12/17 16:36:08 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Merge Modules
[2009/12/17 16:36:08 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\HTML Help Workshop
[2009/12/17 16:36:08 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\CE Remote Tools
[2009/12/17 16:36:07 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2009/12/17 16:36:03 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 9.0
[2009/12/17 16:32:52 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Web Designer Tools
[2009/12/17 16:29:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Visual Studio 2008
[2009/12/17 16:25:51 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 9.0
[2009/12/14 14:12:33 | 00,000,000 | ---D | C] -- C:\test
[2009/12/13 02:33:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Echo Software
[2009/12/13 02:27:26 | 00,000,000 | ---D | C] -- C:\Program Files\G-Batch
[2009/12/13 02:27:26 | 00,000,000 | ---D | C] -- C:\Program Files\G-AddonPro
[2009/12/11 20:48:48 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Super_DVD_Creator_9.8
[2009/12/11 16:06:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2009/12/11 16:06:16 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\SysWow64\drivers\mbamswissarmy.sys
[2009/12/11 16:06:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/12/11 16:06:11 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2009/12/07 20:18:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\PKS Hosted
[2009/12/05 21:42:50 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Programmer's Notepad
[2009/12/05 17:44:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\WinFirewall Logs
[2009/12/04 08:23:29 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2009/12/04 08:08:10 | 00,212,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\RICHTX32.OCX
[2009/12/02 19:00:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\G-Addon
[2009/11/30 19:03:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\G-bleep
[2009/11/29 19:06:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Locktime
[2009/11/29 16:09:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Locktime
[2009/11/29 16:09:14 | 00,000,000 | ---D | C] -- C:\Program Files\NetLimiter 2 Monitor
[2009/05/20 10:49:16 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/05/20 10:49:16 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/05/20 10:49:16 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/12/24 16:30:03 | 00,000,422 | ---- | M] () -- C:\WINDOWS\tasks\Delete bleep.job
[2009/12/24 16:07:25 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2009/12/24 15:56:54 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Administrator\Desktop\RootRepeal.exe
[2009/12/24 15:56:33 | 00,524,288 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\dds.scr
[2009/12/24 12:33:22 | 00,000,450 | ---- | M] () -- C:\WINDOWS\tasks\byt.job
[2009/12/24 12:02:35 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\AutoWireUpdate.job
[2009/12/24 04:45:01 | 00,000,426 | ---- | M] () -- C:\WINDOWS\tasks\Server 4 Backup.job
[2009/12/24 04:30:02 | 00,000,426 | ---- | M] () -- C:\WINDOWS\tasks\Server 3 Backup.job
[2009/12/24 04:16:24 | 00,000,426 | ---- | M] () -- C:\WINDOWS\tasks\Server 2 Backup.job
[2009/12/24 04:06:47 | 00,000,426 | ---- | M] () -- C:\WINDOWS\tasks\Server 1 Backup.job
[2009/12/24 04:03:57 | 00,000,434 | ---- | M] () -- C:\WINDOWS\tasks\Whole Server Backup.job
[2009/12/24 03:56:08 | 00,000,434 | ---- | M] () -- C:\WINDOWS\tasks\RebuildServer4Cache.job
[2009/12/24 03:41:59 | 00,000,434 | ---- | M] () -- C:\WINDOWS\tasks\RebuildServer3Cache.job
[2009/12/24 03:27:58 | 00,000,434 | ---- | M] () -- C:\WINDOWS\tasks\RebuildServer2Cache.job
[2009/12/24 03:13:55 | 00,000,432 | ---- | M] () -- C:\WINDOWS\tasks\RebuildServerCache.job
[2009/12/24 02:16:41 | 00,000,420 | ---- | M] () -- C:\WINDOWS\tasks\Xampp Backup.job
[2009/12/24 02:05:59 | 00,000,414 | ---- | M] () -- C:\WINDOWS\tasks\UlxUpdate.job
[2009/12/24 01:05:12 | 00,000,416 | ---- | M] () -- C:\WINDOWS\tasks\Sql backup.job
[2009/12/23 23:30:16 | 00,000,420 | ---- | M] () -- C:\WINDOWS\tasks\SchoolBackup.job
[2009/12/23 23:03:54 | 00,000,418 | ---- | M] () -- C:\WINDOWS\tasks\Mass Update.job
[2009/12/23 23:00:02 | 00,000,422 | ---- | M] () -- C:\WINDOWS\tasks\AutoRegBackup.job
[2009/12/23 00:01:10 | 00,000,418 | ---- | M] () -- C:\WINDOWS\tasks\BatchBackup.job
[2009/12/22 20:05:34 | 00,109,568 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/21 22:46:34 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/12/21 01:16:56 | 00,000,420 | ---- | M] () -- C:\WINDOWS\tasks\GmodGcfTrans.job
[2009/12/20 17:05:08 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/12/20 17:04:52 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/12/20 16:17:18 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2009/12/20 07:15:57 | 00,000,438 | ---- | M] () -- C:\WINDOWS\tasks\Phoenix-Storms Update.job
[2009/12/19 08:38:08 | 01,845,912 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\GenPub.7z
[2009/12/18 11:40:12 | 00,001,503 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\smflogo.png
[2009/12/17 19:38:07 | 00,014,139 | ---- | M] () -- C:\FolderStates.dat
[2009/12/17 19:38:07 | 00,000,000 | ---- | M] () -- C:\Groups.dat
[2009/12/17 19:09:18 | 00,079,472 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/12/17 18:32:44 | 00,000,172 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2009/12/17 18:25:03 | 00,005,516 | ---- | M] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2009/12/16 20:00:31 | 13,631,488 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2009/12/15 22:02:20 | 00,000,027 | RH-- | M] () -- C:\WINDOWS\wini.cab
[2009/12/14 08:17:32 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2009/12/13 02:31:03 | 00,000,027 | ---- | M] () -- C:\Program1
[2009/12/11 19:41:32 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/12/11 16:23:29 | 00,000,638 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to eventvwr.exe.lnk
[2009/12/05 09:13:06 | 00,000,096 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Delete bleep.bat
[2009/12/03 16:14:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\SysWow64\drivers\mbamswissarmy.sys
[2009/12/02 19:42:32 | 01,251,630 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\DRONE.rar
[2009/12/01 22:28:20 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2009/12/01 15:41:31 | 00,000,578 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/11/26 20:37:30 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Shortcut to FileZillaFTP_start.lnk
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/12/24 15:56:32 | 00,524,288 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\dds.scr
[2009/12/18 10:46:56 | 00,001,503 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\smflogo.png
[2009/12/17 18:32:44 | 00,000,172 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/12/15 22:02:20 | 00,000,027 | RH-- | C] () -- C:\WINDOWS\wini.cab
[2009/12/14 21:38:32 | 01,845,912 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\GenPub.7z
[2009/12/13 02:31:03 | 00,000,027 | ---- | C] () -- C:\Program1
[2009/12/11 16:23:29 | 00,000,638 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to eventvwr.exe.lnk
[2009/12/05 09:13:43 | 00,000,422 | ---- | C] () -- C:\WINDOWS\tasks\Delete bleep.job
[2009/12/05 09:07:57 | 00,000,096 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Delete bleep.bat
[2009/12/02 19:42:00 | 01,251,630 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\DRONE.rar
[2009/12/01 22:28:20 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2009/12/01 22:28:20 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2009/11/26 20:37:30 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Shortcut to FileZillaFTP_start.lnk
[2009/11/13 10:38:55 | 00,000,990 | -HS- | C] () -- C:\Documents and Settings\Administrator\Application Data\systemfl.$dk
[2009/11/11 12:33:48 | 00,327,168 | ---- | C] () -- C:\WINDOWS\SysWow64\cutil32.dll
[2009/11/11 12:27:39 | 00,000,000 | ---- | C] () -- C:\WINDOWS\TMonitor64.INI
[2009/10/27 15:17:11 | 00,000,164 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\default.rss
[2009/10/25 19:26:57 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/10/25 09:51:37 | 00,000,334 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2009/10/25 06:45:08 | 00,323,584 | ---- | C] () -- C:\WINDOWS\SysWow64\FoxImager.dll
[2009/10/13 09:58:22 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2009/10/13 09:45:24 | 00,005,632 | ---- | C] () -- C:\WINDOWS\SysWow64\drivers\StarOpen.sys
[2009/10/09 20:59:04 | 00,094,208 | ---- | C] () -- C:\WINDOWS\SysWow64\zmbv.dll
[2009/09/27 06:51:34 | 00,000,292 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2009/09/25 09:14:17 | 00,003,241 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\glide_wrapper.zbag.ini
[2009/09/24 13:12:00 | 01,970,176 | ---- | C] () -- C:\WINDOWS\SysWow64\d3dx9.dll
[2009/09/17 15:02:43 | 00,129,024 | ---- | C] () -- C:\WINDOWS\SysWow64\AVERM.dll
[2009/09/17 15:02:42 | 00,028,672 | ---- | C] () -- C:\WINDOWS\SysWow64\AVEQT.dll
[2009/09/02 16:21:19 | 00,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2009/09/02 10:26:11 | 00,000,015 | ---- | C] () -- C:\WINDOWS\entpack.ini
[2009/08/13 20:55:02 | 08,892,928 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\atscie.msi
[2009/08/03 17:19:17 | 00,139,008 | ---- | C] () -- C:\WINDOWS\SysWow64\guard32.dll
[2009/07/28 07:47:25 | 00,215,144 | R--- | C] () -- C:\WINDOWS\pw32a.dll
[2009/07/27 21:06:24 | 00,009,853 | ---- | C] () -- C:\WINDOWS\SysWow64\mswmnrozem.dll
[2009/07/14 15:36:46 | 00,002,528 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\$_hpcst$.hpc
[2009/07/03 20:07:00 | 00,000,327 | ---- | C] () -- C:\WINDOWS\pdf2word.INI
[2009/06/16 18:36:19 | 00,000,320 | ---- | C] () -- C:\WINDOWS\acehtml6.ini
[2009/06/04 20:02:57 | 00,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2009/06/04 12:34:16 | 00,000,759 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/05/29 21:44:33 | 00,000,023 | ---- | C] () -- C:\WINDOWS\SWFDecompiler.INI
[2009/05/20 13:35:09 | 00,109,568 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/05/20 12:49:52 | 00,005,516 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2008/10/07 08:13:30 | 00,197,912 | ---- | C] () -- C:\WINDOWS\SysWow64\physxcudart_20.dll
[2008/10/07 08:13:22 | 00,058,648 | ---- | C] () -- C:\WINDOWS\SysWow64\AgCPanelTraditionalChinese.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\SysWow64\AgCPanelSwedish.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\SysWow64\AgCPanelSpanish.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\SysWow64\AgCPanelSimplifiedChinese.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\SysWow64\AgCPanelPortugese.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\SysWow64\AgCPanelKorean.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\SysWow64\AgCPanelJapanese.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\SysWow64\AgCPanelGerman.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\SysWow64\AgCPanelFrench.dll
[2005/03/25 04:00:00 | 01,277,952 | ---- | C] () -- C:\WINDOWS\SysWow64\quartz.dll
[2005/03/25 04:00:00 | 00,733,696 | ---- | C] () -- C:\WINDOWS\SysWow64\qedwipes.dll
[2005/03/25 04:00:00 | 00,512,512 | ---- | C] () -- C:\WINDOWS\SysWow64\qedit.dll
[2005/03/25 04:00:00 | 00,498,742 | ---- | C] () -- C:\WINDOWS\SysWow64\dxmasf.dll
[2005/03/25 04:00:00 | 00,396,288 | ---- | C] () -- C:\WINDOWS\SysWow64\encdec.dll
[2005/03/25 04:00:00 | 00,385,536 | ---- | C] () -- C:\WINDOWS\SysWow64\qdvd.dll
[2005/03/25 04:00:00 | 00,355,112 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
[2005/03/25 04:00:00 | 00,279,040 | ---- | C] () -- C:\WINDOWS\SysWow64\qdv.dll
[2005/03/25 04:00:00 | 00,276,992 | ---- | C] () -- C:\WINDOWS\SysWow64\sbe.dll
[2005/03/25 04:00:00 | 00,199,168 | ---- | C] () -- C:\WINDOWS\SysWow64\ir32_32.dll
[2005/03/25 04:00:00 | 00,192,512 | ---- | C] () -- C:\WINDOWS\SysWow64\qcap.dll
[2005/03/25 04:00:00 | 00,114,688 | ---- | C] () -- C:\WINDOWS\SysWow64\msencode.dll
[2005/03/25 04:00:00 | 00,072,704 | ---- | C] () -- C:\WINDOWS\SysWow64\amstream.dll
[2005/03/25 04:00:00 | 00,062,464 | ---- | C] () -- C:\WINDOWS\SysWow64\mciqtz32.dll
[2005/03/25 04:00:00 | 00,061,440 | ---- | C] () -- C:\WINDOWS\SysWow64\devenum.dll
[2005/03/25 04:00:00 | 00,016,896 | ---- | C] () -- C:\WINDOWS\SysWow64\tsd32.dll
[2005/03/25 04:00:00 | 00,014,336 | ---- | C] () -- C:\WINDOWS\SysWow64\msdmo.dll
[2005/03/25 04:00:00 | 00,004,126 | ---- | C] () -- C:\WINDOWS\SysWow64\msdxmlc.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 226 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B3D74A13
@Alternate Data Stream - 209 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E6E3D650
@Alternate Data Stream - 185 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:408F95E5
@Alternate Data Stream - 184 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4BF2F6B5
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A5FC8FA1
< End of report >

OTL Extras logfile created on: 12/24/2009 4:07:55 PM - Run 1
OTL by OldTimer - Version 3.1.20.0 Folder = C:\Documents and Settings\Administrator\Desktop
64bit-Windows Server 2003 Service Pack 2 (Version = 5.2.3790) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 5.00 Gb Available Physical Memory | 64.00% Memory free
10.00 Gb Paging File | 7.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 233.76 Gb Total Space | 93.22 Gb Free Space | 39.88% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 931.51 Gb Total Space | 179.68 Gb Free Space | 19.29% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ZER0MAIN
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-4134131828-3585166198-1458744044-500\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 File not found
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l File not found
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4
"3703:TCP" = 3703:TCP:*:Enabled:Adobe Version Cue CS4 Server
"3704:TCP" = 3704:TCP:*:Enabled:Adobe Version Cue CS4 Server
"51000:TCP" = 51000:TCP:*:Enabled:Adobe Version Cue CS4 Server
"51001:TCP" = 51001:TCP:*:Enabled:Adobe Version Cue CS4 Server
"80:TCP" = 80:TCP:*:Enabled:http
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"21:TCP" = 21:TCP:*:Enabled:FTP
"990:TCP" = 990:TCP:*:Enabled:SFTP
"22:TCP" = 22:TCP:*:Enabled:SFTP2
"23:TCP" = 23:TCP:*:Disabled:Telnet

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- File not found
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"F:\Srcds3\orangebox\srcds.exe" = F:\Srcds3\orangebox\srcds.exe:*:Enabled:srcds -- ()
"F:\Srcds4\orangebox\srcds.exe" = F:\Srcds4\orangebox\srcds.exe:*:Enabled:srcds -- ()
"C:\Program Files (x86)\uTorrent\uTorrent.exe" = C:\Program Files (x86)\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files (x86)\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files (x86)\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files (x86)\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\xampp\apache\bin\httpd.exe" = C:\xampp\apache\bin\httpd.exe:*:Enabled:Apache HTTP Server -- (Apache Software Foundation)
"C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
"C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe" = C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe:*:Enabled:Adobe Version Cue CS4 Server -- (Adobe Systems Incorporated)
"C:\Srcds\orangebox\srcds.exe" = C:\Srcds\orangebox\srcds.exe:*:Enabled:srcds -- ()
"C:\Srcds2\orangebox\srcds.exe" = C:\Srcds2\orangebox\srcds.exe:*:Enabled:srcds -- ()
"C:\Program Files (x86)\Steam\steamapps\spawnchildzer0420\garrysmod\hl2.exe" = C:\Program Files (x86)\Steam\steamapps\spawnchildzer0420\garrysmod\hl2.exe:*:Enabled:hl2 -- ()
"C:\Program Files (x86)\Steam\Steam.exe" = C:\Program Files (x86)\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Program Files (x86)\FileZilla FTP Client\filezilla.exe" = C:\Program Files (x86)\FileZilla FTP Client\filezilla.exe:*:Enabled:FileZilla FTP Client -- (FileZilla Project)
"D:\setup\HPZnui01.exe" = D:\setup\HPZnui01.exe:*:Enabled:hpznui01.exe -- File not found
"C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files (x86)\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe -- ()
"C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files (x86)\HP\Digital Imaging\bin\hpqnrs08.exe" = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe -- (Hewlett-Packard Co.)
"F:\Css\srcds.exe" = F:\Css\srcds.exe:*:Enabled:srcds -- File not found
"C:\Program Files (x86)\Steam\steamapps\spawnchildzer0420\counter-strike source\hl2.exe" = C:\Program Files (x86)\Steam\steamapps\spawnchildzer0420\counter-strike source\hl2.exe:*:Enabled:hl2 -- ()
"C:\Program Files (x86)\Java\jre6\bin\java.exe" = C:\Program Files (x86)\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files (x86)\mIRC\mirc.exe" = C:\Program Files (x86)\mIRC\mirc.exe:*:Enabled:mIRC -- File not found
"C:\Program Files (x86)\Google\Google Talk\googletalk.exe" = C:\Program Files (x86)\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google)
"C:\Program Files (x86)\Skype\Phone\Skype.exe" = C:\Program Files (x86)\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"F:\Games\Dos Games\LieroX v0.56 Pack 1.9\LieroX.exe" = F:\Games\Dos Games\LieroX v0.56 Pack 1.9\LieroX.exe:*:Enabled:LieroX -- ()
"C:\xampp\MercuryMail\mercury.exe" = C:\xampp\MercuryMail\mercury.exe:*:Enabled:Mercury/32 Core Processing Module v4.62 -- (David Harris)
"C:\Program Files\Wolfram Research\Mathematica\7.0\Mathematica.exe" = C:\Program Files\Wolfram Research\Mathematica\7.0\Mathematica.exe:*:Enabled:Wolfram Mathematica 7 -- (Wolfram Research, Inc.)
"C:\Program Files\Wolfram Research\Mathematica\7.0\MathKernel.exe" = C:\Program Files\Wolfram Research\Mathematica\7.0\MathKernel.exe:*:Enabled:Wolfram Mathematica 7 Kernel -- (Wolfram Research, Inc.)
"C:\Program Files\Wolfram Research\Mathematica\7.0\math.exe" = C:\Program Files\Wolfram Research\Mathematica\7.0\math.exe:*:Enabled:math.exe -- (Wolfram Research, Inc.)
"C:\Documents and Settings\Administrator\My Documents\Downloads\Finished\Full left4dead Full game 1013 patch madwiggyNLD\Left 4 Dead\left4dead.exe" = C:\Documents and Settings\Administrator\My Documents\Downloads\Finished\Full left4dead Full game 1013 patch madwiggyNLD\Left 4 Dead\left4dead.exe:*:Enabled:left4dead -- File not found
"F:\Games\Left 4 Dead\left4dead.exe" = F:\Games\Left 4 Dead\left4dead.exe:*:Enabled:left4dead -- File not found
"C:\Program Files (x86)\Xfire\Xfire.exe" = C:\Program Files (x86)\Xfire\Xfire.exe:*:Enabled:Xfire -- File not found
"F:\Srcds4\l4d\srcds.exe" = F:\Srcds4\l4d\srcds.exe:*:Enabled:srcds -- ()
"C:\Program Files (x86)\Steam\steamapps\spawnchildzer0420\team fortress 2\hl2.exe" = C:\Program Files (x86)\Steam\steamapps\spawnchildzer0420\team fortress 2\hl2.exe:*:Enabled:hl2 -- ()
"F:\l4dCracked\srcds.exe" = F:\l4dCracked\srcds.exe:*:Enabled:srcds -- File not found
"F:\Games\Left4Dead\left4dead.exe" = F:\Games\Left4Dead\left4dead.exe:*:Enabled:left4dead -- ()
"C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe" = C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe:*:Enabled:CinemaNow Media Manager -- File not found
"C:\Borderlands\Binaries\Borderlands.exe" = C:\Borderlands\Binaries\Borderlands.exe:*:Enabled:Borderlands -- File not found
"C:\Program Files (x86)\Steam\steamapps\common\left 4 dead 2 demo\left4dead2.exe" = C:\Program Files (x86)\Steam\steamapps\common\left 4 dead 2 demo\left4dead2.exe:*:Enabled:left4dead2 -- ()
"C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" = C:\Program Files (x86)\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()
"C:\WINDOWS\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019 -- File not found
"C:\Program Files (x86)\TeamViewer\Version5\TeamViewer.exe" = C:\Program Files (x86)\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Program Files (x86)\Steam\steamapps\common\borderlands\Binaries\Borderlands.exe" = C:\Program Files (x86)\Steam\steamapps\common\borderlands\Binaries\Borderlands.exe:*:Enabled:Borderlands -- (Take-Two Interactive Software, Inc.)
"C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe" = C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet,0.0.0.0/255.255.255.255:Enabled:Pure Networks Platform Service -- (Cisco Systems, Inc.)
"C:\Program Files (x86)\Steam\steamapps\common\defensegridtheawakening\DefenseGrid.exe" = C:\Program Files (x86)\Steam\steamapps\common\defensegridtheawakening\DefenseGrid.exe:*:Enabled:Defense Grid: The Awakening -- ()
"F:\Srcds3\orangebox\srcds.exe" = F:\Srcds3\orangebox\srcds.exe:*:Enabled:srcds -- ()
"F:\Srcds4\orangebox\srcds.exe" = F:\Srcds4\orangebox\srcds.exe:*:Enabled:srcds -- ()
"C:\Program Files (x86)\uTorrent\uTorrent.exe" = C:\Program Files (x86)\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files (x86)\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files (x86)\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files (x86)\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\xampp\apache\bin\httpd.exe" = C:\xampp\apache\bin\httpd.exe:*:Enabled:Apache HTTP Server -- (Apache Software Foundation)
"C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
"C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe" = C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe:*:Enabled:Adobe Version Cue CS4 Server -- (Adobe Systems Incorporated)
"C:\Srcds\orangebox\srcds.exe" = C:\Srcds\orangebox\srcds.exe:*:Enabled:srcds -- ()
"C:\Srcds2\orangebox\srcds.exe" = C:\Srcds2\orangebox\srcds.exe:*:Enabled:srcds -- ()
"C:\Program Files (x86)\Steam\steamapps\spawnchildzer0420\garrysmod\hl2.exe" = C:\Program Files (x86)\Steam\steamapps\spawnchildzer0420\garrysmod\hl2.exe:*:Enabled:hl2 -- ()
"C:\Program Files (x86)\Steam\Steam.exe" = C:\Program Files (x86)\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Program Files (x86)\FileZilla FTP Client\filezilla.exe" = C:\Program Files (x86)\FileZilla FTP Client\filezilla.exe:*:Enabled:FileZilla FTP Client -- (FileZilla Project)
"D:\setup\HPZnui01.exe" = D:\setup\HPZnui01.exe:*:Enabled:hpznui01.exe -- File not found
"C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files (x86)\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe -- ()
"C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files (x86)\HP\Digital Imaging\bin\hpqnrs08.exe" = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe -- (Hewlett-Packard Co.)
"F:\Css\srcds.exe" = F:\Css\srcds.exe:*:Enabled:srcds -- File not found
"C:\Program Files (x86)\Steam\steamapps\spawnchildzer0420\counter-strike source\hl2.exe" = C:\Program Files (x86)\Steam\steamapps\spawnchildzer0420\counter-strike source\hl2.exe:*:Enabled:hl2 -- ()
"C:\Program Files (x86)\Java\jre6\bin\java.exe" = C:\Program Files (x86)\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files (x86)\mIRC\mirc.exe" = C:\Program Files (x86)\mIRC\mirc.exe:*:Enabled:mIRC -- File not found
"C:\Program Files (x86)\Google\Google Talk\googletalk.exe" = C:\Program Files (x86)\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google)
"C:\Program Files (x86)\Skype\Phone\Skype.exe" = C:\Program Files (x86)\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"F:\Games\Dos Games\LieroX v0.56 Pack 1.9\LieroX.exe" = F:\Games\Dos Games\LieroX v0.56 Pack 1.9\LieroX.exe:*:Enabled:LieroX -- ()
"C:\xampp\MercuryMail\mercury.exe" = C:\xampp\MercuryMail\mercury.exe:*:Enabled:Mercury/32 Core Processing Module v4.62 -- (David Harris)
"C:\Program Files\Wolfram Research\Mathematica\7.0\Mathematica.exe" = C:\Program Files\Wolfram Research\Mathematica\7.0\Mathematica.exe:*:Enabled:Wolfram Mathematica 7 -- (Wolfram Research, Inc.)
"C:\Program Files\Wolfram Research\Mathematica\7.0\MathKernel.exe" = C:\Program Files\Wolfram Research\Mathematica\7.0\MathKernel.exe:*:Enabled:Wolfram Mathematica 7 Kernel -- (Wolfram Research, Inc.)
"C:\Program Files\Wolfram Research\Mathematica\7.0\math.exe" = C:\Program Files\Wolfram Research\Mathematica\7.0\math.exe:*:Enabled:math.exe -- (Wolfram Research, Inc.)
"C:\Documents and Settings\Administrator\My Documents\Downloads\Finished\Full left4dead Full game 1013 patch madwiggyNLD\Left 4 Dead\left4dead.exe" = C:\Documents and Settings\Administrator\My Documents\Downloads\Finished\Full left4dead Full game 1013 patch madwiggyNLD\Left 4 Dead\left4dead.exe:*:Enabled:left4dead -- File not found
"F:\Games\Left 4 Dead\left4dead.exe" = F:\Games\Left 4 Dead\left4dead.exe:*:Enabled:left4dead -- File not found
"C:\Program Files (x86)\Xfire\Xfire.exe" = C:\Program Files (x86)\Xfire\Xfire.exe:*:Enabled:Xfire -- File not found
"F:\Srcds4\l4d\srcds.exe" = F:\Srcds4\l4d\srcds.exe:*:Enabled:srcds -- ()
"C:\Program Files (x86)\Steam\steamapps\spawnchildzer0420\team fortress 2\hl2.exe" = C:\Program Files (x86)\Steam\steamapps\spawnchildzer0420\team fortress 2\hl2.exe:*:Enabled:hl2 -- ()
"F:\l4dCracked\srcds.exe" = F:\l4dCracked\srcds.exe:*:Enabled:srcds -- File not found
"F:\Games\Left4Dead\left4dead.exe" = F:\Games\Left4Dead\left4dead.exe:*:Enabled:left4dead -- ()
"C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe" = C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe:*:Enabled:CinemaNow Media Manager -- File not found
"C:\Borderlands\Binaries\Borderlands.exe" = C:\Borderlands\Binaries\Borderlands.exe:*:Enabled:Borderlands -- File not found
"C:\Program Files (x86)\Steam\steamapps\common\left 4 dead 2 demo\left4dead2.exe" = C:\Program Files (x86)\Steam\steamapps\common\left 4 dead 2 demo\left4dead2.exe:*:Enabled:left4dead2 -- ()
"C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" = C:\Program Files (x86)\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()
"C:\WINDOWS\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019 -- File not found
"C:\Program Files (x86)\TeamViewer\Version5\TeamViewer.exe" = C:\Program Files (x86)\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Program Files (x86)\Steam\steamapps\common\borderlands\Binaries\Borderlands.exe" = C:\Program Files (x86)\Steam\steamapps\common\borderlands\Binaries\Borderlands.exe:*:Enabled:Borderlands -- (Take-Two Interactive Software, Inc.)
"C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe" = C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet,0.0.0.0/255.255.255.255:Enabled:Pure Networks Platform Service -- (Cisco Systems, Inc.)
"C:\Program Files (x86)\Steam\steamapps\common\defensegridtheawakening\DefenseGrid.exe" = C:\Program Files (x86)\Steam\steamapps\common\defensegridtheawakening\DefenseGrid.exe:*:Enabled:Defense Grid: The Awakening -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{18BFB2AE-98A2-4544-881C-41D44C948C51}" = TortoiseSVN 1.6.2.16344 (64 bit)
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{243FAE07-C20D-46E0-9AE7-6FEE5E1EDAA4}" = Symantec AntiVirus Win64
"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
"{29C93182-34F6-3275-A18D-59326851CD57}" = Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
"{2BFA9B05-7418-4EDE-A6FC-620427BAAAA3}" = Crystal Reports Basic Runtime for Visual Studio 2008 (x64)
"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
"{50822200-2E95-4E62-A8D8-41C3B308DF5E}" = Microsoft SQL Server VSS Writer
"{5DE154DF-A55E-4FA5-BE59-32E78FCACF3E}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{62EED300-E841-4083-A1D6-60B906271804}" = Microsoft Windows SDK for Visual Studio 2008 Tools
"{64D5BBC6-5270-3711-AA39-31C1087AF4E6}" = Microsoft Visual Studio 2008 Remote Debugger - ENU
"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
"{6E740973-8E71-42F9-A910-C18452E60450}" = Microsoft SQL Server Native Client
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{78F697ED-EC97-4D8D-881D-838984EA9855}" = 64 Bit HP CIO Components Installer
"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
"{9aa5f39c-a8de-46b0-919a-0248f8bc8490}" = Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
"{9B1EF559-C401-4DC2-A456-F0C464F1C7E7}" = NetDeviceManager64
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{A992BBAA-723D-4574-A07F-983BF8FAA3E1}" = Microsoft Windows SDK for Visual Studio 2008 Win32 Tools
"{AC76BA86-1033-0000-0064-0003D0000004}" = Adobe Acrobat 9 Pro Extended 64-bit Add-On
"{B37A99DD-88E2-4ED0-80B4-1E054AB354BF}" = Adobe InDesign CS4 Icon Handler x64
"{B46AC30C-22D2-4610-B041-1DA7BB29EB57}" = HP Photosmart All-In-One Software 9.0
"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D3E39E77-0EB4-36FB-B97A-8C8AB21B9A45}" = Visual Studio .NET Prerequisites - English
"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
"53F13DB4D9611FD63BE580F06F0729BF236ABE68" = Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
"COMODO Firewall Pro" = COMODO Firewall Pro
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.52.2
"CPUID HWMonitor_is1" = CPUID HWMonitor 1.15
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"HPExtendedCapabilities" = HP Customer Participation Program 9.0
"HPOCR" = HP OCR Software 9.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Visual Studio 2008 Remote Debugger - ENU" = Microsoft Visual Studio 2008 Remote Debugger - ENU
"M-WIN-L 7.0.0 1148351_is1" = Wolfram Mathematica 7 (M-WIN-L 7.0.0 1148351)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"PeerGuardian_is1" = PeerGuardian 2.0
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"WIC" = Windows Imaging Component
"Windows x64 Service Pack" = Windows XP Service Pack 2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{001E7FB6-BB6B-4ED0-BEDC-B5404ED96D4E}" = DocProc
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{0711500B-9912-4D60-9A49-C577B4503D42}" = Nero Recode Help
"{07FF7593-9DEA-40B5-9F87-F557E65BBF60}" = Nero Recode
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{104A4F3B-FAE0-48C6-808B-77055B756E9D}" = Advanced Encryption Package 2009 Professional
"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
"{1122AAC4-AAAA-43BF-B2D4-3C8C12378952}" = Nero InfoTool
"{11A84FCA-C3C7-4AFD-A797-111DB8569DBC}" = Nero BurningROM
"{12345674-DE9A-677A-CCEE-666356D89777}" = Nero BurnRights
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{14F70205-1940-4000-88C7-BE799A6B2CAD}" = Adobe Soundbooth CS4
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1B040683-C390-4711-ABC7-DA8D85E470E7}" = NeroBurningROM
"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{1F61E0B1-1AB8-F15E-07C4-46D100A1D3F7}" = Borderlands
"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{241F2BF7-69EB-42A4-9156-96B2426C7504}" = Microsoft SQL Server Compact 3.5 for Devices ENU
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java™ 6 Update 14
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{291B3A3B-F808-45B8-8113-DF232FCB6C82}" = Microsoft .NET Compact Framework 3.5
"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{2BD5C305-1B27-4D41-B690-7A61172D2FEB}" = Macromedia Flash 8
"{2D3455A8-3B15-41A8-99F8-0D4215746463}" = Nero StartSmart
"{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}" = Microsoft SQL Server Compact 3.5 Design Tools ENU
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{2F353D44-73BB-4971-B31D-F7642E9E9531}" = Macromedia Flash MX 2004
"{3097B151-1F61-4211-A4CC-D70127B226AE}" = SoundTrax
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A6829EF-0791-4FDD-9382-C690DD0821B9}" = Adobe Flash Player 10 ActiveX
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3F30CC51-0788-487B-AA83-7214A239C0C0}" = Nero Disc Copy Gadget Help
"{415CDA53-9100-476F-A7B2-476691E117C7}" = HP Smart Web Printing
"{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{44B2E182-DD85-45FC-9F51-326B81D7C7F1}" = Fax
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{4D42353B-533F-4306-AD0B-7FEF292ADE04}" = Nero CoverDesigner Help
"{4E8C27C2-D727-4C00-A90E-C3F6376EEE70}" = Nero ControlCenter
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{52CF142B-7B0E-41E7-98F5-B834122523E7}_is1" = Programmer's Notepad 2
"{53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}" = Adobe Audition 3.0
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{548F99E0-14CC-4D53-A7D6-4A62A5F2C748}" = Nero PhotoSnap
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{56BE5CC9-95E6-4128-ABEA-968414CA9C80}" = DolbyFiles
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A62A775-A29A-4CE1-BBC2-4A9CD0B211EF}" = Nero Live Help
"{5AE12194-3EAA-40DF-B2BF-FE1D6B78BBF4}" = Nero Vision
"{5BA1D11C-B981-4CAA-B2B5-B8ADF413EBA5}" = Pure Networks Platform
"{5C2E8A0F-80E2-4C68-8CC0-D8D16E7196BF}" = Nero RescueAgent Help
"{5C42EAB8-54F9-423A-948C-1CBEF25F8DB4}" = Nero PhotoSnap Help
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.6
"{5C9BB0B3-E830-4814-BBA4-D93535E1C7B9}" = Nero Live
"{5EAD5443-7194-46CC-A055-428E6ABB1BAF}" = Adobe Encore CS4
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
"{6204218A-6422-4DD7-8636-93CD402FE2C6}" = FireDaemon Pro Setup
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6BBBF237-A114-48E6-BBD0-A52BEF9CCFB2}" = Cisco Network Magic
"{6C9F6D23-E9AD-43C9-B43A-011562AAF876}" = Windows Mobile 5.0 SDK R2 for Pocket PC
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{730837D4-FF5E-48DB-BA49-33E732DFF0B3}" = PanoStandAlone
"{73090A5A-E0C0-4E0B-A320-E183877061A5}" = ALLDATA for Windows
"{7406DF60-016D-476B-A2C7-55D997592047}" = Adobe OnLocation CS4
"{75321954-2589-11DC-DDCC-E98356D81493}" = Nero DriveSpeed
"{753973C4-B961-43BF-B2D4-3C8C92F7216E}" = Nero DriveSpeed
"{78523651-D8B1-11DC-CCEE-741589645873}" = Nero DiscSpeed
"{7CBD8A89-45F4-4203-9923-673F72603747}" = Adobe Photoshop Lightroom 2.3
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89b1364e-e63d-41bd-89b8-2dd38342a77e}" = Nero 9
"{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}" = Macromedia Flash 8 Video Encoder
"{8C654BD0-1949-43DE-84F2-EC2A1ABB0CB4}" = Nero ShowTime
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007
"{90120000-0021-0409-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (English) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{93F54611-2701-454e-94AB-623F458D9E6B}" = DeviceDiscovery
"{943CC0C0-2253-4FE0-9493-DD386F7857FD}" = Nero Express
"{948FFAAE-C57F-447B-9B07-3721E950BFDC}" = Nero ShowTime
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{9578C0CD-8108-4379-9026-4601F59859A0}" = Google Earth Pro
"{961D53EA-40DC-4156-AD74-25684CE05F81}" = Nero Installer
"{9656F3AC-6BA9-43F0-ABED-F214B5DAB27B}" = Windows Mobile 5.0 SDK R2 for Smartphone
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.2
"{9A875B56-A35C-46BA-A3AA-DF8D03EE9F2F}" = Nero ControlCenter
"{9F3523F8-DAD7-AE52-6DA7-45CDDDF33726}" = Advertising Center
"{A6EC82A0-1414-475D-8AFD-469089F3080D}" = Adobe Contribute CS4
"{A73BEC3C-40A0-480E-87EF-EFCD33629088}" = NeroExpress
"{A8399F58-234A-48C6-BA55-30C15738BF3C}" = Nero CoverDesigner
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AA467959-A1D6-4F45-90CD-11DC57733F32}" = Crystal Reports Basic for Visual Studio 2008
"{AAA12554-2589-11DC-92EF-E98356D81493}" = Nero InfoTool
"{AABBCC54-D8B1-11DC-92EF-E98356D81493}" = Nero DiscSpeed
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9 Lite
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B0255743-165B-4BD5-8DA8-37DFB9930014}" = Norton Ghost
"{B041ABD7-4A10-482a-A525-577A7AAD8EC7}" = C6200_Help
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2C12C8D-65DC-40BD-B309-5ADB0C6C8D8F}" = Nero WaveEditor
"{B32E7732-B2FB-3FD0-81AC-6025B1104C66}" = Microsoft Device Emulator version 3.0 - ENU
"{B34E4B72-37C6-4f79-A5B3-008EEFC6EA8B}" = PS_AIO_02_Software_min
"{B440D659-FECA-4BDD-A12B-5C9F05790FF3}" = Snagit 9.1.2
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B7E5D642-E74E-40a4-B5C7-6AB6EE916814}" = PS_AIO_02_ProductContext
"{B96C2601-52F5-4D5D-816A-63469EA311EF}" = "Nero SoundTrax Help
"{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BC10649A-983B-494e-AD1F-DE0BF717D701}" = PS_AIO_02_Software
"{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}" = Microsoft SQL Server Compact 3.5 ENU
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{BCD82AB5-670D-4242-90FA-1F97103C16CD}" = Movie Templates - Starter Kit
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C260343B-6282-42A2-939F-1FF7E503F608}" = Wolfram Notebook Indexer 2.0
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C79A37F3-C076-48BE-B290-F4C8676ABD74}" = Samsung PC Studio 3
"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{C99C89A3-119A-45E6-B26E-DD5643CAA0C5}" = Menu Templates - Starter Kit
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CD1826A5-CFCC-4C6E-9F9D-E181876162EA}" = Nero Rescue Agent
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4
"{D7C206B6-1A63-4389-A8B1-8F607D0BFF1F}" = Nero StartSmart Help
"{D7DAD1E4-45F4-3B2B-899A-EA728167EC4F}" = Microsoft Visual Studio 2008 Professional Edition - ENU
"{DE387A89-3BB2-4E88-AB01-0C110190A303}" = Speed Meter Pro
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E4A8DD87-A746-4443-BF25-CAF99CED6767}" = Nero Disc Copy Gadget
"{E86156E5-9859-440D-8876-26CED1349802}" = Nero WaveEditor Help
"{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{EA9FFE54-D8B1-11DC-92EF-E98356D81493}" = Nero BurnRights
"{EDDF99D9-9FE3-4871-A7DB-D1522C51EE9A}" = Microsoft .NET Compact Framework 2.0 SP2
"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F488F2B3-DE25-47FB-BD45-2272F3D7F603}_is1" = EyeOnSite v1.7.2
"{F53F6769-AC46-49E3-ABE3-2C8AFD39D0DD}" = Nero Vision
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{F73459A3-36B8-42e4-A982-AAF06A44D508}" = C6200_doccd
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
"{FE54D686-ACC0-42db-A46B-987A5B6D8325}" = C6200
"7-Zip" = 7-Zip 4.60 beta
"Adobe AIR" = Adobe AIR
"Adobe Audition 3.0" = Adobe Audition 3.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Flex Builder 3" = Adobe Flex Builder 3
"Adobe_b2d6abde968e6f277ddbfd501383e02" = Adobe Creative Suite 4 Master Collection
"Advanced Task Manager_is1" = Advanced Task Manager for Windows Vista & Windows XP
"Alarm Clock_is1" = Alarm Clock v1.0
"Altap Salamander 2.5" = Altap Salamander 2.5
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"Bandwidth Monitor Pro" = Bandwidth Monitor Pro
"Big Brain Wolf 1.00" = Big Brain Wolf 1.00
"CCleaner" = CCleaner
"Cheat Engine 5.5_is1" = Cheat Engine 5.5
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2)
"DiskAid_is1" = DiskAid 3.11
"dreamkiller_is1" = dreamkiller
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"FileZilla Client" = FileZilla Client 3.2.4.1
"Fraps" = Fraps (remove only)
"GCFScape_is1" = GCFScape 1.7.3
"GoldWave v5.25" = GoldWave v5.25
"HijackThis" = HijackThis 2.0.2
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Microsoft Visual Studio 2008 Professional Edition - ENU" = Microsoft Visual Studio 2008 Professional Edition - ENU
"Mozilla Firefox (3.5.6)" = Mozilla Firefox (3.5.6)
"NetLimiter 2 Monitor" = NetLimiter 2 Monitor (remove only)
"Network MagicUninstall" = Network Magic
"Notepad++" = Notepad++
"ObjectDock Plus" = ObjectDock Plus
"PC Wizard 2009_is1" = PC Wizard 2009.1.9111
"Picasa 3" = Picasa 3
"PowerISO" = PowerISO
"QuickTime" = QuickTime
"RocketDock_is1" = RocketDock 1.3.5
"Speed Meter ProUninstall" = Speed Meter Pro
"Steam App 18500" = Defense Grid: The Awakening
"Steam App 220" = Half-Life 2
"Steam App 240" = Counter-Strike: Source
"Steam App 4000" = Garry's Mod
"Steam App 590" = Left 4 Dead 2 Demo
"Steam App 8980" = Borderlands
"Super DVD Creator_is1" = Super DVD Creator 9.8 Full Version
"TeamViewer 5" = TeamViewer 5
"Universal Viewer" = Universal Viewer
"Vista Rainbar 4.3" = Vista Rainbar 4.3
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component
"VLC media player" = VLC media player 1.0.3
"Winamp" = Winamp
"WinRAR archiver" = WinRAR archiver
"xampp" = XAMPP 1.7.1
"Your Uninstaller! 2008_is1" = Your Uninstaller! 2008 Version 6.2
"zBzipper 1.00" = zBzipper 1.00

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-4134131828-3585166198-1458744044-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"FolderLock6" = Folder Lock
"Google Chrome" = Google Chrome
"uTorrent" = µTorrent
"Web Button Maker Deluxe" = Web Button Maker Deluxe

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/22/2009 3:17:16 AM | Computer Name = ZER0MAIN | Source = SQLWRITER | ID = 24583
Description = Sqllib error: OLEDB Error encountered calling ICommandText::Execute.
hr = 0x80040e14. SQLSTATE: 42000, Native Error: 3013 Error state: 1, Severity: 16
Source:
Microsoft SQL Native Client Error message: BACKUP DATABASE is terminating abnormally.
SQLSTATE:
42000, Native Error: 3271 Error state: 1, Severity: 16 Source: Microsoft SQL Native
Client Error message: A nonrecoverable I/O error occurred on file "{C37D10A3-554C-4481-84C7-7F6877283D64}1:"
995(The I/O operation has been aborted because of either a thread exit or an application
request.). SQLSTATE: 01000, Native Error: 4035 Error state: 1, Severity: 0 Source:
Microsoft SQL Native Client Error message: Processed 0 pages for database 'model',
file 'modeldev' on file 1.

Error - 12/22/2009 3:17:16 AM | Computer Name = ZER0MAIN | Source = SQLWRITER | ID = 24583
Description = Sqllib error: OLEDB Error encountered calling ICommandText::Execute.
hr = 0x80040e14. SQLSTATE: 42000, Native Error: 3013 Error state: 1, Severity: 16
Source:
Microsoft SQL Native Client Error message: BACKUP DATABASE is terminating abnormally.
SQLSTATE:
42000, Native Error: 3271 Error state: 1, Severity: 16 Source: Microsoft SQL Native
Client Error message: A nonrecoverable I/O error occurred on file "{C37D10A3-554C-4481-84C7-7F6877283D64}2:"
995(The I/O operation has been aborted because of either a thread exit or an application
request.). SQLSTATE: 01000, Native Error: 4035 Error state: 1, Severity: 0 Source:
Microsoft SQL Native Client Error message: Processed 0 pages for database 'msdb',
file 'MSDBData' on file 1.

Error - 12/22/2009 3:17:16 AM | Computer Name = ZER0MAIN | Source = SQLWRITER | ID = 24583
Description = Sqllib error: OLEDB Error encountered calling ICommandText::Execute.
hr = 0x80040e14. SQLSTATE: 42000, Native Error: 3013 Error state: 1, Severity: 16
Source:
Microsoft SQL Native Client Error message: BACKUP DATABASE is terminating abnormally.
SQLSTATE:
42000, Native Error: 3271 Error state: 1, Severity: 16 Source: Microsoft SQL Native
Client Error message: A nonrecoverable I/O error occurred on file "{C37D10A3-554C-4481-84C7-7F6877283D64}3:"
995(The I/O operation has been aborted because of either a thread exit or an application
request.). SQLSTATE: 01000, Native Error: 4035 Error state: 1, Severity: 0 Source:
Microsoft SQL Native Client Error message: Processed 0 pages for database 'master',
file 'master' on file 1.

Error - 12/22/2009 2:54:55 PM | Computer Name = ZER0MAIN | Source = Symantec AntiVirus | ID = 16711726
Description = Security Risk Found!Risk: Trojan Horse in File: L:\Programs\USB_Utilities.exe
by: Auto-Protect scan. Action: Quarantine succeeded. Action Description: The
file was quarantined successfully.

Error - 12/22/2009 2:54:59 PM | Computer Name = ZER0MAIN | Source = Symantec AntiVirus | ID = 16711685
Description = Risk Found!Risk: Trojan Horse in File: L:\Programs\USB_Utilities.exe
by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:
The file was quarantined successfully.

Error - 12/22/2009 2:55:02 PM | Computer Name = ZER0MAIN | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Risk: Trojan Horse in File: L:\Programs\USB_Utilities.exe
by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:
The file was quarantined successfully.

Error - 12/23/2009 9:59:42 PM | Computer Name = ZER0MAIN | Source = VsJITDebugger | ID = 4096
Description = An unhandled win32 exception occurred in cmdagent.exe [1656]. Just-In-Time
debugging this exception failed with the following error: The logged in user did
not have access to debug the crashing application. Check the documentation index
for 'Just-in-time debugging, errors' for more information.

Error - 12/24/2009 1:11:26 AM | Computer Name = ZER0MAIN | Source = MsiInstaller | ID = 11706
Description = Product: HP Smart Web Printing -- Error 1706.No valid source could
be found for product HP Smart Web Printing. The Windows Installer cannot continue.

Error - 12/24/2009 1:12:57 AM | Computer Name = ZER0MAIN | Source = MsiInstaller | ID = 11706
Description = Product: HP Smart Web Printing -- Error 1706.No valid source could
be found for product HP Smart Web Printing. The Windows Installer cannot continue.

Error - 12/24/2009 1:22:12 AM | Computer Name = ZER0MAIN | Source = MsiInstaller | ID = 11706
Description = Product: HP Smart Web Printing -- Error 1706.No valid source could
be found for product HP Smart Web Printing. The Windows Installer cannot continue.

[ System Events ]
Error - 12/22/2009 11:50:32 PM | Computer Name = ZER0MAIN | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {555F3418-D99E-4E51-800A-6E89CFD8B1D7}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.

Error - 12/22/2009 11:51:05 PM | Computer Name = ZER0MAIN | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {555F3418-D99E-4E51-800A-6E89CFD8B1D7}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.

Error - 12/22/2009 11:52:01 PM | Computer Name = ZER0MAIN | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {555F3418-D99E-4E51-800A-6E89CFD8B1D7}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.

Error - 12/22/2009 11:52:25 PM | Computer Name = ZER0MAIN | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {555F3418-D99E-4E51-800A-6E89CFD8B1D7}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.

Error - 12/23/2009 9:59:43 PM | Computer Name = ZER0MAIN | Source = Service Control Manager | ID = 7034
Description = The COMODO Firewall Pro Helper Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 12/23/2009 10:51:33 PM | Computer Name = ZER0MAIN | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 12/23/2009 10:54:33 PM | Computer Name = ZER0MAIN | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 12/24/2009 1:11:50 AM | Computer Name = ZER0MAIN | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 12/24/2009 2:10:46 AM | Computer Name = ZER0MAIN | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
JIM-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{AFE7FD64-43EC-4E3C-801D-5B2220BE58A1}.
The
master browser is stopping or an election is being forced.

Error - 12/24/2009 3:12:01 AM | Computer Name = ZER0MAIN | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
JIM-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{AFE7FD64-43EC-4E3C-801D-5B2220BE58A1}.
The
master browser is stopping or an election is being forced.


< End of report >

#8 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:48 PM

Posted 24 December 2009 - 09:40 PM

Also give me an update of the condition of your machine. What problems/issues do you still have?

Thanks.
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#9 JacksonTango

JacksonTango
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:48 AM

Posted 24 December 2009 - 11:35 PM

Oh, sorry. The one and only problem that I am aware of is that an administrator account under the name "cooldude" is created almost on a schedule. I have written a script that runs every 15 min to delete the newly created windows account but its obviously just a bandaid.

Edited by JacksonTango, 24 December 2009 - 11:37 PM.


#10 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:48 PM

Posted 25 December 2009 - 02:29 PM

Hello.

That indeed seems to be an awkward issue. Let's see what we can do.
Download and Run ATFCleaner

Please download ATF Cleaner by Atribune. This program will clear out temporary files and settings. You will likely be logged out of the forum where you are recieving help.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main Select Files to Delete choose: Select All.
  • Click the Empty Selected button.
If you use Firefox browser also...
  • Click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser also...
  • Click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Run Scan with Kaspersky

Please do a scan with Kaspersky Online Scanner. Please note: Kaspersky requires Java Runtime Environment (JRE) be installed before scanning for malware, as ActiveX is no longer being used.)

If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • Open the Kaspersky WebScanner
    page.
  • Click on the Posted Image button on the main page.
  • The program will launch and fill in the Information section on the left.
  • Read the "Requirements and Limitations" then press the Posted Image button.
  • The program will begin downloading the latest program and definition files. It may take a while so please be patient and let it finish.
  • Once the files have been downloaded, click on the Posted Image ...button.
    In the scan settings make sure the following are selected:
    • Detect malicious programs of the following categories:
      Viruses, Worms, Trojan Horses, Rootkits
      Spyware, Adware, Dialers and other potentially dangerous programs
    • Scan compound files (doesn't apply to the File scan area):
      Archives
      Mail databases
      By default the above items should already be checked.
    • Click the Posted Image button, if you made any changes.
  • Now under the Scan section on the left:

    Select My Computer
  • The program will now start and scan your system. This will run for a while, be patient and let it finish.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
You can refer to this animation by sundavis if needed.

Run a new OTL scan for me and post back with the logs.
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#11 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:48 PM

Posted 01 January 2010 - 01:20 PM

Hello.

Due to Lack of feedback, this topic is now Closed

If you need this topic reopened, please Send Me a Message. In your message please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users