How do I remove Trojan:Win32/Alureon.gen!U?

Need a geek? Geeks to Go offers free, quality tech support -- in terms anyone can understand. Volunteers are waiting to help, friendly, technology experts who have knowledge to share, and enjoy helping others. Feel free to browse the site as a guest. However, you must log in to reply to existing topics, or to start a new topic of your own. Other benefits of joining include richer forum features, and removal of all advertising. Learn more in our Welcome Guide Infected? Malware and Spyware Cleaning Guide. What are you waiting for? Click here to join for free today!

> Geeks to Go! » Security » Virus, Spyware and Trojan Removal

Reply to this topic

Start new topic

How do I remove Trojan:Win32/Alureon.gen!U?

hakimishere View Member Profile	Nov 4 2009, 02:32 AM Post #1
New Member Posts: 1 OS: Windows Vista	Hey. I've been having this problem whereby Windows Defender prompts me that it has found the abovementioned trojan in my system. Everytime I click on remove, Windows Defender proceeds to prompt me to reboot my computer which I follow suit. However, the problem stills persists. I've read in other threads of people experiencing the same problems, so I have decided to start a new topic in the hopes of finding a solution. I have followed in the instructions given in the 'New Topic' guidelines and the results are as follows. I've limited technical expertise in IT so I'm not really sure if the multitude of other problems I am facing are a result of the trojan above so I shall just go on and state the problems here. I'm currently running Windows Vista on an Acer Aspire 4920G. Intel Core 2 Duo processor T7500 (2.2GHz, 800 Mhz FSB, 4MB L2 Cache). 3GB DDR2 RAM. 250GB HDD. The problems I have been facing lately (I can't recall when I first encountered it unfortunately) are that every single time I open My Folder - the directory in which you find the Music, Picture, Documents, etc folders - Windows Explorer will simply stop running and restart. Afterwards, Windows's 'Problem Reports and Solutions' will appear suggesting some remedial steps to heed. I've tried all their suggestions and still the problem persists. Below is the chunk of text I see in the 'Problem Reports and Solutions' window. Anyway, I go about the problem by accessing Windows Explorer through My Computer and bypassing the My Folder screen by going straight to the folders within that folder using the side panel tabs. If this is in any way not related to the trojan, I suppose I'll take a one by one approach and solve the more pressing matter of the trojan first before starting a new thread to solve this problem. The other problem, to be honest, I'm not too sure of the effect it has on my computer. Basically, a pop-up window not unlike that which tells you that Windows Explorer has stopped working, appears on the screen to tell me that 'Pure Networks Platform Service stopped working and was closed. A problem caused the application to stop working correctly. Windows will notify you if a solution is available'. As I've said earlier I'm not too sure if these matters are in any way related to the trojan. I idea I get of trojans and their undoings involve taking up space thus slowing down the computer considerably but I am not too sure if they actually do screw up the computer by disabling its functions. I am actually resigned to reformatting my computer because I find that to be the panacea of all my computer woes. However, I stumbled across this site and decided to give it a try. Lastly, my sincerest apology if my explanations are long-winded or have included excessive amounts of unnecessary information. Troubleshoot a problem with Power Cinema Power Cinema has stopped working properly. Power Cinema is a codec. The file name of this codec is CLDemuxer.ax. To try to solve this problem, follow these steps. One step might solve the problem, but if it doesn't, then go on to the next step. Click to go to the CyberLink Corp. website to check for and install CLDemuxer.ax updates Use the regsvr32 command to unregister CLDemuxer.ax If you don't know which program is causing this problem, you can remove CLDemuxer.ax from the list of installed codecs by unregistering it. Warning Disabling CLDemuxer.ax will cause any programs that depend on the codec to stop working or lose functionality. Click the Start button , and then, in the Search box, type Command Prompt. From the list of results, right-click Command Prompt, and then click Run as administrator. If you are prompted for an administrator password or confirmation, type the password or provide confirmation. At the command prompt, type regsvr32 /u CLDemuxer.ax, and then press ENTER. CLDemuxer.ax is now unregistered. What should I do if the regsvr32 command fails or returns an error? If the steps to disable the CLDemuxer.ax did not work, you can try renaming the file to disable it. Click the Start button , and then, in the Search box, type CLDemuxer.ax. In the list of search results, right-click CLDemuxer.ax, and then click Open file location. Right click CLDemuxer.ax, and then click Rename. Rename the file (for example, change the name to CLDemuxer.ax.old). Remember the file name so you can enable it later if you need to. If these steps don't solve the problem and you continue to receive problem reports, please consider filling out the survey at the bottom of this page. To help us continue to investigate this error, include the names of the add-ons that are currently enabled in Internet Explorer in the comments area of the survey. What is a codec? A codec is software that is used to compress or decompress a digital media file, such as a song or video. Media players and other programs use codecs to play and create digital media files. Malwarebytes' Anti-Malware 1.41 Database version: 3097 Windows 6.0.6002 Service Pack 2 4/11/2009 3:10:07 PM mbam-log-2009-11-04 (15-09-58).txt Scan type: Quick Scan Objects scanned: 94546 Time elapsed: 4 minute(s), 47 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 2 Registry Values Infected: 1 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\CLSID\{d7ffd784-5276-42d1-887b-00267870a4c7} (Trojan.BHO) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\sysrun (Trojan.BHO) -> No action taken. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) ROOTREPEAL © AD, 2007-2009 ================================================== Scan Start Time: 2009/11/04 15:11 Program Version: Version 1.3.5.0 Windows Version: Windows Vista SP2 ================================================== Drivers ------------------- Name: dump_atapi.sys Image Path: C:\Windows\System32\Drivers\dump_atapi.sys Address: 0x9656D000 Size: 32768 File Visible: No Signed: - Status: - Name: dump_dumpata.sys Image Path: C:\Windows\System32\Drivers\dump_dumpata.sys Address: 0x96562000 Size: 45056 File Visible: No Signed: - Status: - Name: monitor Image Path: \Driver\monitor Address: 0x987DC000 Size: 61440 File Visible: No Signed: - Status: Hidden from the Windows API! Name: rootrepeal.sys Image Path: C:\Windows\system32\drivers\rootrepeal.sys Address: 0xA8FD2000 Size: 49152 File Visible: No Signed: - Status: - Name: Windows Communication Founda Image Path: mework\v3.0\Windows Communication Founda Address: 0x9320F000 Size: 2026880 File Visible: No Signed: - Status: Hidden from the Windows API! Processes ------------------- Path: System PID: 4 Status: Locked to the Windows API! SSDT ------------------- #: 013 Function Name: NtAlertResumeThread Status: Hooked by "<unknown>" at address 0x89937068 #: 014 Function Name: NtAlertThread Status: Hooked by "<unknown>" at address 0x89986358 #: 018 Function Name: NtAllocateVirtualMemory Status: Hooked by "<unknown>" at address 0x8996a188 #: 021 Function Name: NtAlpcConnectPort Status: Hooked by "<unknown>" at address 0x8916ab68 #: 042 Function Name: NtAssignProcessToJobObject Status: Hooked by "<unknown>" at address 0x899cc850 #: 067 Function Name: NtCreateMutant Status: Hooked by "<unknown>" at address 0x8996bf78 #: 077 Function Name: NtCreateSymbolicLinkObject Status: Hooked by "<unknown>" at address 0x8996b8c8 #: 078 Function Name: NtCreateThread Status: Hooked by "<unknown>" at address 0x899b9120 #: 116 Function Name: NtDebugActiveProcess Status: Hooked by "<unknown>" at address 0x899a22b8 #: 129 Function Name: NtDuplicateObject Status: Hooked by "<unknown>" at address 0x899cb3a8 #: 147 Function Name: NtFreeVirtualMemory Status: Hooked by "<unknown>" at address 0x89966680 #: 156 Function Name: NtImpersonateAnonymousToken Status: Hooked by "<unknown>" at address 0x89933718 #: 158 Function Name: NtImpersonateThread Status: Hooked by "<unknown>" at address 0x89914068 #: 165 Function Name: NtLoadDriver Status: Hooked by "<unknown>" at address 0x88dc8fd0 #: 177 Function Name: NtMapViewOfSection Status: Hooked by "<unknown>" at address 0x899d19a0 #: 184 Function Name: NtOpenEvent Status: Hooked by "<unknown>" at address 0x89907ec0 #: 194 Function Name: NtOpenProcess Status: Hooked by "<unknown>" at address 0x899a0e00 #: 195 Function Name: NtOpenProcessToken Status: Hooked by "<unknown>" at address 0x899194a8 #: 197 Function Name: NtOpenSection Status: Hooked by "<unknown>" at address 0x89922110 #: 201 Function Name: NtOpenThread Status: Hooked by "<unknown>" at address 0x899cd9c8 #: 210 Function Name: NtProtectVirtualMemory Status: Hooked by "<unknown>" at address 0x8996a958 #: 282 Function Name: NtResumeThread Status: Hooked by "<unknown>" at address 0x89912268 #: 289 Function Name: NtSetContextThread Status: Hooked by "<unknown>" at address 0x899c1108 #: 305 Function Name: NtSetInformationProcess Status: Hooked by "<unknown>" at address 0x8996c9f8 #: 317 Function Name: NtSetSystemInformation Status: Hooked by "<unknown>" at address 0x899a1068 #: 330 Function Name: NtSuspendProcess Status: Hooked by "<unknown>" at address 0x8991f108 #: 331 Function Name: NtSuspendThread Status: Hooked by "<unknown>" at address 0x8997b120 #: 334 Function Name: NtTerminateProcess Status: Hooked by "<unknown>" at address 0x89934ad0 #: 335 Function Name: NtTerminateThread Status: Hooked by "<unknown>" at address 0x89975068 #: 348 Function Name: NtUnmapViewOfSection Status: Hooked by "<unknown>" at address 0x899357e0 #: 358 Function Name: NtWriteVirtualMemory Status: Hooked by "<unknown>" at address 0x89966348 #: 382 Function Name: NtCreateThreadEx Status: Hooked by "<unknown>" at address 0x8996b958 ==EOF== OTL logfile created on: 4/11/2009 3:13:40 PM - Run 1 OTL by OldTimer - Version 3.1.3.3 Folder = C:\Users\hakim90\Downloads\Installers Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18828) Locale: 00004809 \| Country: Singapore \| Language: ENE \| Date Format: d/M/yyyy 2.00 Gb Total Physical Memory \| 1.68 Gb Available Physical Memory \| 84.21% Memory free 4.00 Gb Paging File \| 4.00 Gb Available in Paging File \| 100.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\Windows \| %ProgramFiles% = C:\Program Files Drive C: \| 110.05 Gb Total Space \| 13.91 Gb Free Space \| 12.64% Space Free \| Partition Type: NTFS Drive D: \| 110.07 Gb Total Space \| 9.12 Gb Free Space \| 8.28% Space Free \| Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: HAKIM Current User Name: hakim90 Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 14 Days Output = Standard Quick Scan ========== Processes (SafeList) ========== PRC - [2009/11/04 14:52:59 \| 00,208,896 \| ---- \| M] (Realtek Semiconductor Corp.) -- C:\Users\hakim90\AppData\Local\Temp\RtkBtMnt.exe PRC - [2009/11/04 14:29:43 \| 00,528,384 \| ---- \| M] (OldTimer Tools) -- C:\Users\hakim90\Downloads\Installers\OTL.exe PRC - [2009/11/04 14:29:43 \| 00,528,384 \| ---- \| M] (OldTimer Tools) -- C:\Users\hakim90\Downloads\Installers\OTL.exe PRC - [2009/10/28 20:21:26 \| 00,141,600 \| ---- \| M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe PRC - [2009/10/28 20:21:14 \| 00,545,568 \| ---- \| M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe PRC - [2009/08/22 15:28:17 \| 00,117,640 \| R--- \| M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe PRC - [2009/08/22 15:28:17 \| 00,117,640 \| R--- \| M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe PRC - [2009/07/31 15:23:21 \| 00,149,280 \| ---- \| M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe PRC - [2009/07/31 15:23:15 \| 00,145,184 \| ---- \| M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe PRC - [2009/05/29 13:41:26 \| 00,144,712 \| ---- \| M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe PRC - [2009/05/01 14:35:54 \| 00,181,544 \| ---- \| M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe PRC - [2009/04/11 14:28:15 \| 00,247,296 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\System32\wbem\WmiPrvSE.exe PRC - [2009/04/11 14:28:15 \| 00,247,296 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\System32\wbem\WmiPrvSE.exe PRC - [2009/04/11 14:28:08 \| 00,037,888 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe PRC - [2009/04/11 14:28:03 \| 01,233,920 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Windows Sidebar\sidebar.exe PRC - [2009/04/11 14:28:03 \| 01,233,920 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Windows Sidebar\sidebar.exe PRC - [2009/04/11 14:27:36 \| 02,926,592 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009/04/11 14:27:20 \| 00,088,576 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe PRC - [2009/03/30 16:28:36 \| 01,533,808 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2009/03/30 16:28:36 \| 00,183,152 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2009/03/08 19:34:00 \| 00,115,712 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\ielowutil.exe PRC - [2009/01/16 03:25:48 \| 00,729,088 \| ---- \| M] (ATI Technologies Inc.) -- C:\Windows\System32\Ati2evxx.exe PRC - [2009/01/16 03:25:48 \| 00,729,088 \| ---- \| M] (ATI Technologies Inc.) -- C:\Windows\System32\Ati2evxx.exe PRC - [2008/12/12 11:17:38 \| 00,238,888 \| ---- \| M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe PRC - [2008/11/10 04:48:14 \| 00,602,392 \| ---- \| M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe PRC - [2008/10/16 17:26:20 \| 00,860,160 \| ---- \| M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe PRC - [2008/10/16 16:54:34 \| 00,466,944 \| ---- \| M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe PRC - [2008/06/26 20:52:42 \| 00,204,800 \| ---- \| M] () -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe PRC - [2008/05/30 16:53:48 \| 00,303,104 \| ---- \| M] (Motive Communications, Inc.) -- C:\Program Files\Common Files\Motive\McciCMService.exe PRC - [2008/05/16 06:11:44 \| 00,648,504 \| ---- \| M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe PRC - [2008/05/16 06:11:44 \| 00,648,504 \| ---- \| M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe PRC - [2008/01/29 17:38:31 \| 00,583,048 \| ---- \| M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe PRC - [2008/01/29 17:38:31 \| 00,583,048 \| ---- \| M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe PRC - [2008/01/19 15:38:38 \| 01,008,184 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe PRC - [2008/01/19 15:33:39 \| 00,896,512 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe PRC - [2008/01/19 15:33:39 \| 00,202,240 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe PRC - [2007/12/18 03:02:28 \| 04,718,592 \| ---- \| M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2007/12/11 02:23:02 \| 00,024,576 \| ---- \| M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe PRC - [2007/12/06 17:25:58 \| 00,458,752 \| ---- \| M] (Acer Inc.) -- C:\Acer\Empowering Technology\ePower\ePower_DMC.exe PRC - [2007/10/31 10:45:48 \| 00,167,936 \| ---- \| M] (acer) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe PRC - [2007/10/20 08:15:50 \| 00,842,248 \| ---- \| M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe PRC - [2007/09/11 07:28:18 \| 00,057,344 \| ---- \| M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe PRC - [2007/09/08 03:56:32 \| 01,021,224 \| ---- \| M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe PRC - [2007/09/08 03:35:10 \| 00,102,400 \| ---- \| M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPStart.exe PRC - [2007/09/07 04:02:04 \| 00,393,216 \| ---- \| M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRAgent.exe PRC - [2007/06/14 08:54:36 \| 00,135,168 \| R--- \| M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe PRC - [2007/06/12 06:54:58 \| 01,286,144 \| ---- \| M] (CyberLink) -- C:\Acer\Empowering Technology\eAudio\eAudio.exe PRC - [2007/06/02 02:52:34 \| 00,049,152 \| ---- \| M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe PRC - [2007/06/02 02:52:10 \| 00,049,152 \| ---- \| M] (Advanced Micro Devices Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe PRC - [2007/05/25 05:38:22 \| 00,206,952 \| ---- \| M] (CyberLink Corp.) -- C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe PRC - [2007/04/26 08:34:30 \| 00,457,512 \| ---- \| M] (HiTRSUT) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe PRC - [2007/04/26 08:33:36 \| 00,457,216 \| ---- \| M] (HiTRUST) -- C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe PRC - [2007/04/26 02:35:56 \| 00,323,584 \| ---- \| M] (Acer Inc.) -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe PRC - [2007/03/22 04:00:04 \| 00,355,096 \| ---- \| M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2007/03/22 04:00:00 \| 00,174,872 \| ---- \| M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2007/03/15 02:52:30 \| 00,024,576 \| ---- \| M] (Acer Inc.) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe PRC - [2007/02/13 07:43:44 \| 00,065,536 \| ---- \| M] (O2Micro International) -- C:\Program Files\O2Micro Oz128 Driver\o2flash.exe PRC - [2007/01/24 13:48:12 \| 00,266,343 \| ---- \| M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe PRC - [2007/01/20 11:51:16 \| 00,711,472 \| ---- \| M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe PRC - [2007/01/18 02:20:10 \| 00,061,440 \| ---- \| M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe PRC - [2006/11/25 04:57:54 \| 00,107,008 \| ---- \| M] () -- C:\Acer\Mobility Center\MobilityService.exe PRC - [2006/10/06 02:10:12 \| 00,009,216 \| ---- \| M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe ========== Modules (SafeList) ========== MOD - [2009/11/04 14:29:43 \| 00,528,384 \| ---- \| M] (OldTimer Tools) -- C:\Users\hakim90\Downloads\Installers\OTL.exe MOD - [2009/04/11 14:21:38 \| 01,686,016 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - [2009/10/31 15:58:06 \| 00,320,760 \| ---- \| M] (Valve Corporation) -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2009/10/28 20:21:14 \| 00,545,568 \| ---- \| M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service) SRV - [2009/09/25 09:27:04 \| 00,793,088 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll -- (FontCache) SRV - [2009/08/22 15:28:17 \| 00,117,640 \| R--- \| M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe -- (Norton Internet Security) SRV - [2009/05/29 13:41:26 \| 00,144,712 \| ---- \| M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2009/05/01 14:35:54 \| 00,181,544 \| ---- \| M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service) SRV - [2009/03/30 16:28:36 \| 01,533,808 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009/03/30 12:42:14 \| 00,066,368 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009/03/27 19:15:40 \| 00,183,280 \| ---- \| M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc) SRV - [2009/02/19 02:39:20 \| 00,043,904 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0) SRV - [2009/02/19 02:38:43 \| 00,129,880 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing) SRV - [2009/02/19 02:38:42 \| 00,879,448 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc) SRV - [2009/01/16 03:25:48 \| 00,729,088 \| ---- \| M] (ATI Technologies Inc.) -- C:\Windows\System32\Ati2evxx.exe -- (Ati External Event Utility) SRV - [2008/12/12 11:17:38 \| 00,238,888 \| ---- \| M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service) SRV - [2008/11/10 04:48:14 \| 00,602,392 \| ---- \| M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService) SRV - [2008/11/04 01:06:28 \| 00,441,712 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2008/10/16 17:26:20 \| 00,860,160 \| ---- \| M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV - [2008/10/16 16:54:34 \| 00,466,944 \| ---- \| M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV - [2008/06/26 20:52:42 \| 00,204,800 \| ---- \| M] () -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe -- (LinksysUpdater) SRV - [2008/05/30 16:53:48 \| 00,303,104 \| ---- \| M] (Motive Communications, Inc.) -- C:\Program Files\Common Files\Motive\McciCMService.exe -- (McciCMService) SRV - [2008/05/16 06:11:44 \| 00,648,504 \| ---- \| M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice) SRV - [2008/01/29 17:38:31 \| 00,583,048 \| ---- \| M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service) SRV - [2008/01/19 15:38:24 \| 00,272,952 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008/01/19 15:33:39 \| 00,896,512 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2008/01/19 15:33:09 \| 00,292,352 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\ehome\ehrecvr.exe -- (ehRecvr) SRV - [2007/12/11 02:23:02 \| 00,024,576 \| ---- \| M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService) SRV - [2007/10/31 10:45:48 \| 00,167,936 \| ---- \| M] (acer) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService) SRV - [2007/09/11 07:28:18 \| 00,057,344 \| ---- \| M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService) SRV - [2007/06/14 08:54:36 \| 00,135,168 \| R--- \| M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service) SRV - [2007/04/26 08:34:30 \| 00,457,512 \| ---- \| M] (HiTRSUT) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe -- (eDataSecurity Service) SRV - [2007/03/22 04:00:04 \| 00,355,096 \| ---- \| M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) SRV - [2007/03/15 02:52:30 \| 00,024,576 \| ---- \| M] (Acer Inc.) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService) SRV - [2007/02/13 07:43:44 \| 00,065,536 \| ---- \| M] (O2Micro International) -- C:\Program Files\O2Micro Oz128 Driver\o2flash.exe -- (o2flash) SRV - [2007/02/05 10:11:18 \| 00,075,320 \| ---- \| M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV) SRV - [2007/02/05 10:11:16 \| 00,112,184 \| ---- \| M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe -- (SonicStage Back-End Service) SRV - [2007/01/24 13:48:12 \| 00,266,343 \| ---- \| M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe -- (RichVideo) SRV - [2007/01/18 02:20:10 \| 00,061,440 \| ---- \| M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService) SRV - [2006/12/14 02:21:20 \| 00,045,056 \| ---- \| M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV) SRV - [2006/12/14 02:02:08 \| 00,069,632 \| ---- \| M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV) SRV - [2006/12/14 01:46:16 \| 00,057,344 \| ---- \| M] () -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR) SRV - [2006/11/25 04:57:54 \| 00,107,008 \| ---- \| M] () -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService) SRV - [2006/11/02 20:35:29 \| 00,131,072 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched) SRV - [2006/11/02 20:35:29 \| 00,013,312 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart) SRV - [2006/10/27 05:03:08 \| 00,145,184 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2006/10/06 02:10:12 \| 00,009,216 \| ---- \| M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio) SRV - [2005/11/14 01:06:04 \| 00,069,632 \| ---- \| M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.sg.acer.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://en.sg.acer.yahoo.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = http://sg.rd.yahoo.com/customize/ycomp/def...://sg.yahoo.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTe...-8&fr=b1ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 119.62.128.38:80 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Dictionary.com" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/" FF - prefs.js..extensions.enabledItems: YoutubeDownloader@PeterOlayev.com:1.0 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1 FF - prefs.js..extensions.enabledItems: {CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}:2.7.6.0623 FF - prefs.js..extensions.enabledItems: facepad@lazyrussian.com:0.6.0 FF - prefs.js..extensions.enabledItems: firefox@facebook.com:1.4.2 FF - prefs.js..extensions.enabledItems: {6F0976E6-26F3-4AFE-BBEC-9E99E27E4DF3}:1.3 FF - prefs.js..extensions.enabledItems: {d37dc5d0-431d-44e5-8c91-49419370caa1}:2.5.35 FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:3.2.9 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16 FF - prefs.js..extensions.enabledItems: {6e764c17-863a-450f-bdd0-6772bd5aaa18}:1.0.3 FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1 FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071101000055 FF - prefs.js..extensions.enabledItems: {8545daff-ad1e-493f-a37e-eed1ac79682b}:1.0 FF - prefs.js..extensions.enabledItems: {7BA52691-1876-45ce-9EE6-54BCB3B04BBC}:3.7 FF - prefs.js..extensions.enabledItems: extension@priceadvance.com:1.5.2 FF - prefs.js..extensions.enabledItems: isreaditlater@ideashower.com:0.9948 FF - prefs.js..extensions.enabledItems: {ada4b710-8346-4b82-8199-5de2b400a6ae}:1.9.1 FF - prefs.js..extensions.enabledItems: enquiries@retailmenot.com:2.3 FF - prefs.js..extensions.enabledItems: tabscope@xuldev.org:0.2.2.13 FF - prefs.js..extensions.enabledItems: {274938F0-9E0B-11DE-A714-53A955D89593}:0.9.17 FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2 FF - prefs.js..extensions.enabledItems: 4 FF - prefs.js..extensions.enabledItems: 9 FF - prefs.js..extensions.enabledItems: 1 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.4 FF - prefs.js..extensions.enabledItems: {66871bd1-5ba2-4739-b485-2a15f5969bd8}:2.090608 FF - prefs.js..extensions.enabledItems: {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}:3.69 FF - prefs.js..extensions.enabledItems: {c1dffba0-628e-11d9-9669-0800200c9a66}:3.5.0 FF - prefs.js..extensions.enabledItems: {285da7e0-729d-11db-9fe1-0800200c9a66}:2.121408 FF - prefs.js..extensions.enabledItems: {07b2a769-ed19-4483-87ce-c643914c81bb}:3.0.0.75 FF - prefs.js..extensions.enabledItems: {5A170DD3-63CA-4c58-93B7-DE9FF536C2FF}:1.8.51 FF - prefs.js..network.proxy.autoconfig_url: "http://www.damaisec.moe.edu.sg/" FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/14 23:45:20 \| 00,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.4\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/10/29 12:23:49 \| 00,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.4\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/10/29 12:23:49 \| 00,000,000 \| ---D \| M] [2009/06/12 07:38:53 \| 00,000,000 \| ---D \| M] -- C:\Users\hakim90\AppData\Roaming\Mozilla\Extensions [2008/09/10 23:03:16 \| 00,000,000 \| ---D \| M] -- C:\Users\hakim90\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2009/06/12 07:38:53 \| 00,000,000 \| ---D \| M] -- C:\Users\hakim90\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org [2009/11/04 13:15:29 \| 00,000,000 \| ---D \| M] -- C:\Users\hakim90\AppData\Roaming\Mozilla\Firefox\Profiles\q6o9xeko.default\extensions [2009/07/04 13:39:04 \| 00,000,000 \| ---D \| M] -- C:\Users\hakim90\AppData\Roaming\Mozilla\Firefox\Profiles\q6o9xeko.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3} [2009/10/31 16:42:41 \| 00,000,000 \| ---D \| M] -- C:\Users\hakim90\AppData\Roaming\Mozilla\Firefox\Profiles\q6o9xeko.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe} [2009/10/31 16:42:29 \| 00,000,000 \| ---D \| M] -- C:\Users\hakim90\AppData\Roaming\Mozilla\Firefox\Profiles\q6o9xeko.default\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb} [2009/08/15 00:49:37 \| 00,000,000 \| ---D \| M] -- C:\Users\hakim90\AppData\Roaming\Mozilla\Firefox\Profiles\q6o9xeko.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009/10/24 23:42:37 \| 00,000,000 \| ---D \| M] -- C:\Users\hakim90\AppData\Roaming\Mozilla\Firefox\Profiles\q6o9xeko.default\extensions\{274938F0-9E0B-11DE-A714-53A955D89593} [2009/01/30 00:03:46 \| 00,000,000 \| ---D \| M] -- C:\Users\hakim90\AppData\Roaming\Mozilla\Firefox\Profiles\q6o9xeko.default\extensions\{285da7e0-729d-11db-9fe1-0800200c9a66} [2009/07/24 20:17:20 \| 00,000,000 \| ---D \| M] -- C:\Users\hakim90\AppData\Roaming\Mozilla\Firefox\Profiles\q6o9xeko.default\extensions\{398e77b8-2304-11dc-8314-0800200c9a66} [2009/08/21 22:37:40 \| 00,000,000 \| ---D \| M] -- C:\Users\hakim90\AppData\Roaming\Mozilla\Firefox\Profiles\q6o9xeko.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374} [2009/09/26 03:29:44 \| 00,000,000 \| ---D \| M] -- C:\Users\hakim90\AppData\Roaming\Mozilla\Firefox\Profiles\q6o9xeko.default\extensions\{5A170DD3-63CA-4c58-93B7-DE9FF536C2FF} [2008/10/17 20:52:15 \| 00,000,000 \| ---D \| M] -- C:\Users\hakim90\AppData\Roaming\Mozilla\Firefox\Profiles\q6o9xeko.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66} [2009/06/11 16:41:44 \| 00,000,000 \| ---D \| M] -- C:\Users\hakim90\AppData\Roaming\Mozilla\Firefox\Profiles\q6o9xeko.default\extensions\{66871bd1-5ba2-4739-b485-2a15f5969bd8} [2009/10/24 23:42:37 \| 00,000,000 \| ---D \| M] -- C:\Users\hakim90\AppData\Roaming\Mozilla\Firefox\Profiles\q6o9xeko.default\extensions\{6e764c17-863a-450f-bdd0-6772bd5aaa18} [2009/10/22 00:41:46 \| 00,000,000 \| ---D \| M] -- C:\Users\hakim90\AppData\Roaming\Mozilla\Firefox\Profiles\q6o9xeko.default\extensions\{6F0976E6-26F3-4AFE-BBEC-9E99E27E4DF3} [2008/10/17 20:52:16 \| 00,000,000 \| ---D \| M] -- C:\Users\hakim90\AppData\Roaming\Mozilla\Firefox\Profiles\q6o9xeko.default\extensions\{7694c49c-9fbd-11dc-8314-0800200c9a66} [2009/10/24 23:42:37 \| 00,000,000 \| ---D \| M] -- C:\Users\hakim90\AppData\Roaming\Mozilla\Firefox\Profiles\q6o9xeko.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE} [2009/09/26 03:30:04 \| 00,000,000 \| ---D \| M] -- C:\Users\hakim90\AppData\Roaming\Mozilla\Firefox\Profiles\q6o9xeko.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e} [2009/03/27 17:21:59 \| 00,000,000 \| ---D \| M] -- C:\Users\hakim90\AppData\Roaming\Mozilla\Firefox\Profiles\q6o9xeko.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae} [2009/07/11 13:25:58 \| 00,000,000 \| ---D \| M] -- C:\Users\hakim90\AppData\Roaming\Mozilla\Firefox\Profiles\q6o9xeko.default\extensions\{c1dffba0-628e-11d9-9669-0800200c9a66} [2009/10/24 23:42:37 \| 00,000,000 \| ---D \| M] -- C:\Users\hakim90\AppData\Roaming\Mozilla\Firefox\Profiles\q6o9xeko.default\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B} [2009/10/24 23:42:37 \| 00,000,000 \| ---D \| M] -- C:\Users\hakim90\AppData\Roaming\Mozilla\Firefox\Profiles\q6o9xeko.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2009/09/26 03:29:54 \| 00,000,000 \| ---D \| M] -- C:\Users\hakim90\AppData\Roaming\Mozilla\Firefox\Profiles\q6o9xeko.default\extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1} [2009/06/11 17:30:42 \| 00,000,000 \| ---D \| M] -- C:\Users\hakim90\AppData\Roaming\Mozilla\Firefox\Profiles\q6o9xeko.default\extensions\enquiries@retailmenot.com [2009/01/30 00:04:00 \| 00,000,000 \| ---D \| M] -- C:\Users\hakim90\AppData\Roaming\Mozilla\Firefox\Profiles\q6o9xeko.default\extensions\extension@priceadvance.com [2009/10/24 23:42:37 \| 00,000,000 \| ---D \| M] -- C:\Users\hakim90\AppData\Roaming\Mozilla\Firefox\Profiles\q6o9xeko.default\extensions\facepad@lazyrussian.com [2009/08/31 10:30:29 \| 00,000,000 \| ---D \| M] -- C:\Users\hakim90\AppData\Roaming\Mozilla\Firefox\Profiles\q6o9xeko.default\extensions\firefox@facebook.com [2009/11/04 13:15:20 \| 00,000,000 \| ---D \| M] -- C:\Users\hakim90\AppData\Roaming\Mozilla\Firefox\Profiles\q6o9xeko.default\extensions\firefox@tvunetworks.com [2009/07/24 20:17:22 \| 00,000,000 \| ---D \| M] -- C:\Users\hakim90\AppData\Roaming\Mozilla\Firefox\Profiles\q6o9xeko.default\extensions\firefox-tagger@yapta.com [2009/10/27 01:36:25 \| 00,000,000 \| ---D \| M] -- C:\Users\hakim90\AppData\Roaming\Mozilla\Firefox\Profiles\q6o9xeko.default\extensions\foxyproxy@eric.h.jung [2009/10/22 00:41:48 \| 00,000,000 \| ---D \| M] -- C:\Users\hakim90\AppData\Roaming\Mozilla\Firefox\Profiles\q6o9xeko.default\extensions\isreaditlater@ideashower.com [2008/11/22 00:00:25 \| 00,000,000 \| ---D \| M] -- C:\Users\hakim90\AppData\Roaming\Mozilla\Firefox\Profiles\q6o9xeko.default\extensions\moveplayer@movenetworks.com [2009/10/24 23:42:37 \| 00,000,000 \| ---D \| M] -- C:\Users\hakim90\AppData\Roaming\Mozilla\Firefox\Profiles\q6o9xeko.default\extensions\tabscope@xuldev.org [2009/10/24 23:42:37 \| 00,000,000 \| ---D \| M] -- C:\Users\hakim90\AppData\Roaming\Mozilla\Firefox\Profiles\q6o9xeko.default\extensions\YoutubeDownloader@PeterOlayev.com [2009/01/30 00:04:00 \| 00,000,000 \| ---D \| M] -- C:\Users\hakim90\AppData\Roaming\Mozilla\Firefox\Profiles\q6o9xeko.default\extensions\extension@priceadvance.com\chrome [2008/09/13 16:34:29 \| 00,002,207 \| ---- \| M] () -- C:\Users\hakim90\AppData\Roaming\Mozilla\Firefox\Profiles\q6o9xeko.default\searchplugins\askcom.xml [2009/10/30 12:42:40 \| 00,001,148 \| ---- \| M] () -- C:\Users\hakim90\AppData\Roaming\Mozilla\Firefox\Profiles\q6o9xeko.default\searchplugins\dictionarycom.xml [2008/09/13 16:34:30 \| 00,004,372 \| ---- \| M] () -- C:\Users\hakim90\AppData\Roaming\Mozilla\Firefox\Profiles\q6o9xeko.default\searchplugins\espn.xml [2008/09/13 16:34:40 \| 00,001,155 \| ---- \| M] () -- C:\Users\hakim90\AppData\Roaming\Mozilla\Firefox\Profiles\q6o9xeko.default\searchplugins\hollywoodcom.xml [2008/09/10 23:15:17 \| 00,001,504 \| ---- \| M] () -- C:\Users\hakim90\AppData\Roaming\Mozilla\Firefox\Profiles\q6o9xeko.default\searchplugins\imdb.xml [2008/09/13 16:35:31 \| 00,001,224 \| ---- \| M] () -- C:\Users\hakim90\AppData\Roaming\Mozilla\Firefox\Profiles\q6o9xeko.default\searchplugins\yahoo-answers.xml [2009/11/04 14:51:20 \| 00,000,000 \| ---D \| M] -- C:\Program Files\Mozilla Firefox\extensions [2009/10/29 12:23:49 \| 00,000,000 \| ---D \| M] -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2008/12/08 21:04:07 \| 00,000,000 \| ---D \| M] -- C:\Program Files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED} [2009/01/29 21:38:24 \| 00,000,000 \| ---D \| M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [2008/04/20 22:38:57 \| 00,000,000 \| ---D \| M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [2008/07/10 21:23:10 \| 00,000,000 \| ---D \| M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [2009/03/16 00:37:01 \| 00,000,000 \| ---D \| M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [2009/04/16 20:53:30 \| 00,000,000 \| ---D \| M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [2009/08/21 18:56:13 \| 00,000,000 \| ---D \| M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [2009/10/21 07:31:19 \| 00,000,000 \| ---D \| M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} [2008/09/10 23:03:10 \| 00,000,000 \| ---D \| M] -- C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org [2009/10/29 12:23:39 \| 00,023,544 \| ---- \| M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll [2009/10/29 12:23:39 \| 00,137,208 \| ---- \| M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll [2009/05/02 05:02:48 \| 01,044,480 \| ---- \| M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\Mozilla Firefox\plugins\libdivx.dll [2007/04/10 17:21:08 \| 00,163,256 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll [2008/01/23 13:48:42 \| 00,491,520 \| ---- \| M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll [2009/07/31 15:23:11 \| 00,411,368 \| ---- \| M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll [2009/05/13 02:46:20 \| 01,650,992 \| ---- \| M] (DivX,Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll [2009/09/26 00:41:34 \| 00,098,304 \| ---- \| M] (DivX, Inc) -- C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll [2009/10/29 12:23:40 \| 00,065,016 \| ---- \| M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll [2008/10/14 21:33:30 \| 00,095,600 \| ---- \| M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll [2008/09/23 23:44:10 \| 00,144,984 \| ---- \| M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll [2009/09/12 12:18:45 \| 00,159,744 \| ---- \| M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll [2009/09/12 12:18:45 \| 00,159,744 \| ---- \| M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll [2009/09/12 12:18:45 \| 00,159,744 \| ---- \| M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll [2009/09/12 12:18:46 \| 00,159,744 \| ---- \| M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll [2009/09/12 12:18:46 \| 00,159,744 \| ---- \| M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll [2009/09/12 12:18:46 \| 00,159,744 \| ---- \| M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll [2009/09/12 12:18:46 \| 00,159,744 \| ---- \| M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll [2008/09/23 23:44:20 \| 00,008,192 \| ---- \| M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll [2008/09/23 23:44:05 \| 00,094,208 \| ---- \| M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll [2009/05/02 05:02:48 \| 00,200,704 \| ---- \| M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\Mozilla Firefox\plugins\ssldivx.dll [2009/08/20 22:39:13 \| 00,001,538 \| ---- \| M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml [2009/08/20 22:39:13 \| 00,002,193 \| ---- \| M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml [2009/08/20 22:39:13 \| 00,000,947 \| ---- \| M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml [2009/08/20 22:39:13 \| 00,001,534 \| ---- \| M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml [2009/08/20 22:39:13 \| 00,000,769 \| ---- \| M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml [2009/08/20 22:39:13 \| 00,002,371 \| ---- \| M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml [2009/08/20 22:39:13 \| 00,001,178 \| ---- \| M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml [2009/08/20 22:39:13 \| 00,000,831 \| ---- \| M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml O1 HOSTS File: (335252 bytes) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 11489 more lines... O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\CoIEPlg.dll (Symantec Corporation) O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\IPSBHO.dll (Symantec Corporation) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.) O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\CoIEPlg.dll (Symantec Corporation) O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST) O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\CoIEPlg.dll (Symantec Corporation) O4 - HKLM..\Run: [Acer Tour] File not found O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe (HiTRUST) O4 - HKLM..\Run: [eRecoveryService] File not found O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation) O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC) O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Pure Networks, Inc.) O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe (CyberLink Corp.) O4 - HKLM..\Run: [PLFSetL] C:\Windows\PLFSetL.exe (sonix) O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SingTel_McciTrayApp] C:\Program Files\SingTel\McciTrayApp.exe (Motive Communications, Inc.) O4 - HKLM..\Run: [singtelRV_McciTrayApp] C:\Program Files\SmartFix\McciTrayApp.exe File not found O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe () O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation) O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.) O4 - HKLM..\Run: [Updater] C:\Windows\System32\updater\explorer.exe (Microsoft Corporation) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (Acer Inc.) O4 - HKCU..\Run: [MsnMsgr] C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe (Microsoft Corporation) O4 - HKCU..\Run: [odqoq] C:\Users\hakim90\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AQ5H0A1W\uyxjrqf.exe File not found O4 - HKCU..\Run: [Sidebar] C:\Program Files\windows sidebar\sidebar.exe (Microsoft Corporation) O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17 O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKLM\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone. O15 - HKCU\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} http://webeffective.keynote.com/applicatio...torLauncher.cab (Keynote Connector Launcher 2) O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/EN-SG/a-UNO1/GAME_UNO1.cab (UnoCtrl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {8FD07749-EFFA-48C6-947C-45A8D7BF422F} http://www.cyberlink.com/prog/vista/prog/CLVistaGenie.cab (CLVistaGenie Control) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_03) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.) O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab (Minesweeper Flags Class) O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} https://secure.gopetslive.com/dev/GoPetsWeb.cab (GoPetsWeb Control) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Pure Networks, Inc.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\CoIEPlg.dll (Symantec Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/19 05:43:36 \| 00,000,024 \| ---- \| M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: () - File not found O35 - comfile [open] -- "%1" % File not found O35 - exefile [open] -- "%1" %* File not found NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias [2008/06/29 12:36:34 \| 00,000,000 \| ---D \| M] NetSvcs: Irmon - C:\Windows\System32\irmon.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation) NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found ========== Files/Folders - Created Within 14 Days ========== [2009/11/04 15:03:23 \| 00,000,000 \| ---D \| C] -- C:\Users\hakim90\AppData\Roaming\Malwarebytes [2009/11/04 15:03:13 \| 00,038,224 \| ---- \| C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2009/11/04 15:03:11 \| 00,019,160 \| ---- \| C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2009/11/04 15:03:11 \| 00,000,000 \| ---D \| C] -- C:\ProgramData\Malwarebytes [2009/11/04 15:03:11 \| 00,000,000 \| ---D \| C] -- C:\ProgramData\Malwarebytes [2009/11/04 15:03:08 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Malwarebytes' Anti-Malware [2009/11/04 15:01:57 \| 00,000,000 \| ---D \| C] -- C:\Windows\ERDNT [2009/11/04 15:01:29 \| 00,000,000 \| ---D \| C] -- C:\Program Files\ERUNT [2009/11/04 14:14:53 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Windows Portable Devices [2009/11/04 05:08:25 \| 00,000,000 \| ---D \| C] -- C:\ProgramData\TVU Networks [2009/11/04 05:08:25 \| 00,000,000 \| ---D \| C] -- C:\Users\hakim90\AppData\Local\TVU Networks [2009/11/04 05:08:25 \| 00,000,000 \| ---D \| C] -- C:\ProgramData\TVU Networks [2009/11/04 05:07:52 \| 00,000,000 \| ---D \| C] -- C:\Program Files\TVUPlayer [2009/10/30 20:20:54 \| 00,000,000 \| ---D \| C] -- C:\Program Files\iPod [2009/10/30 20:20:52 \| 00,000,000 \| ---D \| C] -- C:\Program Files\iTunes [2009/10/30 13:21:13 \| 00,000,000 \| ---D \| C] -- C:\ProgramData\Media Center Programs [2009/10/30 13:21:13 \| 00,000,000 \| ---D \| C] -- C:\ProgramData\Media Center Programs [2009/10/29 15:24:21 \| 00,000,000 \| ---D \| C] -- C:\ProgramData\McAfee [2009/10/29 15:24:21 \| 00,000,000 \| ---D \| C] -- C:\ProgramData\McAfee [2009/10/27 15:24:10 \| 00,000,000 \| ---D \| C] -- C:\ProgramData\McAfee Security Scan [2009/10/27 15:24:10 \| 00,000,000 \| ---D \| C] -- C:\ProgramData\McAfee Security Scan [2008/03/04 08:37:19 \| 00,045,056 \| ---- \| C] ( ) -- C:\Windows\PLFSet.dll [2008/03/04 08:37:18 \| 00,172,032 \| ---- \| C] ( ) -- C:\Windows\System32\rsnp2uvc.dll [2008/03/04 08:37:18 \| 00,053,248 \| ---- \| C] ( ) -- C:\Windows\System32\csnp2uvc.dll [2007/08/15 19:48:13 \| 00,053,248 \| ---- \| C] ( ) -- C:\Windows\System32\Interop.Shell32.dll ========== Files - Modified Within 14 Days ========== [2009/11/04 15:13:37 \| 09,699,328 \| -HS- \| M] () -- C:\Users\hakim90\NTUSER.DAT [2009/11/04 15:13:05 \| 00,000,426 \| -H-- \| M] () -- C:\Windows\tasks\User_Feed_Synchronization-{F20AEC38-538E-4DEF-B83B-DA90B76304D0}.job [2009/11/04 15:00:37 \| 00,690,960 \| ---- \| M] () -- C:\Windows\System32\PerfStringBackup.INI [2009/11/04 15:00:37 \| 00,600,378 \| ---- \| M] () -- C:\Windows\System32\perfh009.dat [2009/11/04 15:00:37 \| 00,105,852 \| ---- \| M] () -- C:\Windows\System32\perfc009.dat [2009/11/04 14:57:51 \| 00,022,016 \| ---- \| M] () -- C:\Windows\System32\tdlwsp.dll [2009/11/04 14:57:12 \| 00,000,868 \| ---- \| M] () -- C:\Windows\tasks\Google Software Updater.job [2009/11/04 14:51:17 \| 00,065,536 \| ---- \| M] () -- C:\Windows\System32\Ikeext.etl [2009/11/04 14:51:14 \| 00,003,568 \| -H-- \| M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2009/11/04 14:51:14 \| 00,003,568 \| -H-- \| M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2009/11/04 14:51:13 \| 00,000,006 \| -H-- \| M] () -- C:\Windows\tasks\SA.DAT [2009/11/04 14:50:45 \| 00,067,584 \| --S- \| M] () -- C:\Windows\bootstat.dat [2009/11/04 14:50:01 \| 32,195,78880 \| -HS- \| M] () -- C:\hiberfil.sys [2009/11/04 14:46:11 \| 00,000,012 \| ---- \| M] () -- C:\Windows\bthservsdp.dat [2009/11/04 14:46:10 \| 00,524,288 \| -HS- \| M] () -- C:\Users\hakim90\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2009/11/04 14:46:10 \| 00,065,536 \| -HS- \| M] () -- C:\Users\hakim90\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2009/11/04 14:14:31 \| 00,000,000 \| -H-- \| M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf [2009/11/04 14:13:15 \| 00,000,000 \| -H-- \| M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf [2009/11/04 14:13:00 \| 02,940,680 \| -H-- \| M] () -- C:\Users\hakim90\AppData\Local\IconCache.db [2009/11/04 14:04:47 \| 00,041,258 \| ---- \| M] () -- C:\Users\hakim90\Desktop\HELP.docx [2009/11/04 05:08:01 \| 00,000,820 \| ---- \| M] () -- C:\Users\Public\Desktop\TVUPlayer.lnk [2009/11/03 15:32:11 \| 00,115,712 \| ---- \| M] () -- C:\Users\hakim90\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/10/31 23:33:00 \| 00,000,472 \| ---- \| M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job [2009/10/30 20:21:56 \| 00,001,804 \| ---- \| M] () -- C:\Users\Public\Desktop\iTunes.lnk [2009/10/30 14:55:11 \| 00,001,586 \| ---- \| M] () -- C:\Users\hakim90\Desktop\Football Manager 2010.lnk [2009/10/27 15:50:04 \| 00,011,603 \| ---- \| M] () -- C:\Users\hakim90\Desktop\doc11.docx [2009/10/26 17:34:38 \| 00,024,175 \| ---- \| M] () -- C:\Users\hakim90\Desktop\To-Read List.docx [2009/10/26 12:48:53 \| 00,019,553 \| ---- \| M] () -- C:\Users\hakim90\Desktop\Ice Cream Places.docx [2009/10/25 17:01:46 \| 00,012,836 \| ---- \| M] () -- C:\Users\hakim90\Desktop\17Again-Dedication-RockNRolla-ILoveYouMan.docx ========== Files Created - No Company Name ========== [2009/11/04 14:14:31 \| 00,000,000 \| -H-- \| C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf [2009/11/04 14:13:15 \| 00,000,000 \| -H-- \| C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf [2009/11/04 14:04:46 \| 00,041,258 \| ---- \| C] () -- C:\Users\hakim90\Desktop\HELP.docx [2009/11/04 05:08:00 \| 00,000,820 \| ---- \| C] () -- C:\Users\Public\Desktop\TVUPlayer.lnk [2009/11/03 09:17:19 \| 00,022,016 \| ---- \| C] () -- C:\Windows\System32\tdlwsp.dll [2009/10/30 20:21:56 \| 00,001,804 \| ---- \| C] () -- C:\Users\Public\Desktop\iTunes.lnk [2009/10/30 14:55:11 \| 00,001,586 \| ---- \| C] () -- C:\Users\hakim90\Desktop\Football Manager 2010.lnk [2009/10/26 17:34:38 \| 00,024,175 \| ---- \| C] () -- C:\Users\hakim90\Desktop\To-Read List.docx [2009/10/25 17:01:45 \| 00,012,836 \| ---- \| C] () -- C:\Users\hakim90\Desktop\17Again-Dedication-RockNRolla-ILoveYouMan.docx [2009/08/15 13:30:56 \| 00,117,248 \| ---- \| C] () -- C:\Windows\System32\EhStorAuthn.dll [2009/08/15 13:30:03 \| 00,019,944 \| ---- \| C] () -- C:\Windows\System32\drivers\atapi.sys [2009/07/09 13:30:50 \| 02,940,680 \| -H-- \| C] () -- C:\Users\hakim90\AppData\Local\IconCache.db [2009/06/19 22:54:55 \| 00,043,520 \| ---- \| C] () -- C:\Windows\System32\CmdLineExt03.dll [2009/01/16 03:27:26 \| 00,011,264 \| ---- \| C] () -- C:\Windows\System32\atimuixx.dll [2008/12/08 21:14:02 \| 00,000,056 \| -H-- \| C] () -- C:\ProgramData\ezsidmv.dat [2008/12/01 11:20:13 \| 01,749,376 \| ---- \| C] () -- C:\Windows\System32\snp2uvc.sys [2008/12/01 11:20:12 \| 00,028,032 \| ---- \| C] () -- C:\Windows\System32\sncduvc.sys [2008/12/01 11:20:12 \| 00,000,131 \| ---- \| C] () -- C:\Windows\System32\PidList.ini [2008/12/01 11:20:12 \| 00,000,131 \| ---- \| C] () -- C:\Windows\PidList.ini [2008/09/16 08:14:24 \| 03,596,288 \| ---- \| C] () -- C:\Windows\System32\qt-dx331.dll [2008/09/16 08:12:02 \| 00,000,416 \| ---- \| C] () -- C:\Windows\System32\dtu100.dll.manifest [2008/06/27 18:06:10 \| 00,023,888 \| ---- \| C] () -- C:\Users\hakim90\AppData\Roaming\UserTile.png [2008/06/13 23:08:52 \| 00,000,025 \| ---- \| C] () -- C:\Windows\CDE CX3900EC.ini [2008/05/01 19:43:29 \| 00,000,680 \| ---- \| C] () -- C:\Users\hakim90\AppData\Local\d3d9caps.dat [2008/03/22 01:33:42 \| 00,532,480 \| ---- \| C] () -- C:\Windows\System32\CddbPlaylist2Sony.dll [2008/03/10 21:41:37 \| 00,115,712 \| ---- \| C] () -- C:\Users\hakim90\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008/03/10 17:17:53 \| 00,071,032 \| ---- \| C] () -- C:\Users\hakim90\AppData\Local\GDIPFONTCACHEV1.DAT [2008/03/04 09:23:21 \| 01,060,424 \| ---- \| C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2008/03/04 09:22:57 \| 00,159,744 \| ---- \| C] () -- C:\Windows\System32\atitmmxx.dll [2008/03/04 09:12:27 \| 00,015,656 \| ---- \| C] () -- C:\Windows\System32\drivers\int15_64.sys [2008/03/04 09:07:56 \| 00,065,536 \| ---- \| C] () -- C:\Windows\System32\NATTraversal.dll [2008/03/04 08:37:19 \| 01,749,376 \| ---- \| C] () -- C:\Windows\System32\drivers\snp2uvc.sys [2008/03/04 08:37:18 \| 00,028,032 \| ---- \| C] () -- C:\Windows\System32\drivers\sncduvc.sys [2007/08/15 23:57:41 \| 00,001,024 \| RH-- \| C] () -- C:\Windows\System32\NTIBUN4.dll [2007/08/15 19:48:11 \| 00,331,776 \| ---- \| C] () -- C:\Windows\System32\ScrollBarLib.dll [2007/08/15 19:17:51 \| 00,000,796 \| ---- \| C] () -- C:\Windows\RtDefLvl.ini [2007/08/14 19:11:08 \| 00,872,448 \| ---- \| C] () -- C:\Windows\iconv.dll [2007/08/14 19:11:08 \| 00,743,424 \| ---- \| C] () -- C:\Windows\libxml2.dll [2007/08/14 19:11:08 \| 00,000,042 \| ---- \| C] () -- C:\Windows\PreLaunch.ini [2007/04/26 08:33:22 \| 00,266,240 \| ---- \| C] () -- C:\Windows\System32\NotesExtmngr.dll [2007/04/26 08:32:50 \| 00,204,800 \| ---- \| C] () -- C:\Windows\System32\NotesActnMenu.dll [2007/04/26 08:32:46 \| 00,086,016 \| ---- \| C] () -- C:\Windows\System32\MSNSpook.dll [2007/04/26 08:31:00 \| 00,028,672 \| ---- \| C] () -- C:\Windows\System32\BatchCrypto.dll [2007/04/26 08:30:52 \| 00,073,728 \| ---- \| C] () -- C:\Windows\System32\APISlice.dll [2007/04/26 08:30:44 \| 00,063,488 \| ---- \| C] () -- C:\Windows\System32\ShowErrMsg.dll [2007/01/20 11:11:16 \| 00,389,120 \| ---- \| C] () -- C:\Windows\System32\btwhidcs.dll [2006/12/26 07:44:48 \| 00,022,016 \| ---- \| C] () -- C:\Windows\System32\MailFormat_U.dll [2006/11/02 20:50:50 \| 00,000,174 \| -HS- \| C] () -- C:\Program Files\desktop.ini [2006/11/02 20:37:35 \| 00,037,665 \| ---- \| C] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont [2006/11/02 20:37:35 \| 00,029,779 \| ---- \| C] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont [2006/11/02 20:37:35 \| 00,026,489 \| ---- \| C] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont [2006/11/02 20:37:35 \| 00,026,040 \| ---- \| C] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont [2006/11/02 20:35:32 \| 00,005,632 \| ---- \| C] () -- C:\Windows\System32\sysprepMCE.dll [2006/11/02 18:25:21 \| 00,061,440 \| ---- \| C] () -- C:\Windows\System32\igfxTMM.dll [2006/11/02 18:23:31 \| 00,000,219 \| ---- \| C] () -- C:\Windows\system.ini [2006/11/02 18:23:31 \| 00,000,144 \| ---- \| C] () -- C:\Windows\win.ini [2006/11/02 15:40:29 \| 00,013,750 \| ---- \| C] () -- C:\Windows\System32\pacerprf.ini [2001/12/27 06:12:30 \| 00,065,536 \| ---- \| C] () -- C:\Windows\System32\multiplex_vcd.dll [2001/11/15 04:56:00 \| 01,802,240 \| ---- \| C] () -- C:\Windows\System32\lcppn21.dll [2001/09/04 13:46:38 \| 00,110,592 \| ---- \| C] () -- C:\Windows\System32\Hmpg12.dll [2001/07/31 06:33:56 \| 00,118,784 \| ---- \| C] () -- C:\Windows\System32\HMPV2_ENC.dll [2001/07/24 12:04:36 \| 00,118,784 \| ---- \| C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll ========== LOP Check ========== [2008/03/10 17:19:17 \| 00,000,000 \| ---D \| M] -- C:\Users\hakim90\AppData\Roaming\Acer [2008/03/10 17:18:45 \| 00,000,000 \| ---D \| M] -- C:\Users\hakim90\AppData\Roaming\ATI [2009/08/09 11:59:18 \| 00,000,000 \| ---D \| M] -- C:\Users\hakim90\AppData\Roaming\ImTOO Software Studio [2008/07/03 22:47:55 \| 00,000,000 \| ---D \| M] -- C:\Users\hakim90\AppData\Roaming\Keynote Systems [2009/09/13 22:01:06 \| 00,000,000 \| ---D \| M] -- C:\Users\hakim90\AppData\Roaming\Leadertech [2008/05/10 02:50:29 \| 00,000,000 \| ---D \| M] -- C:\Users\hakim90\AppData\Roaming\LegalSounds [2009/11/02 00:26:42 \| 00,000,000 \| ---D \| M] -- C:\Users\hakim90\AppData\Roaming\LimeWire [2008/06/27 18:06:10 \| 00,000,000 \| ---D \| M] -- C:\Users\hakim90\AppData\Roaming\PeerNetworking [2009/08/09 01:06:25 \| 00,000,000 \| ---D \| M] -- C:\Users\hakim90\AppData\Roaming\Regensoft [2008/03/10 20:24:03 \| 00,000,000 \| RH-D \| M] -- C:\Users\hakim90\AppData\Roaming\SecuROM [2008/07/28 22:28:08 \| 00,000,000 \| ---D \| M] -- C:\Users\hakim90\AppData\Roaming\Sony [2009/10/30 15:27:36 \| 00,000,000 \| ---D \| M] -- C:\Users\hakim90\AppData\Roaming\Sports Interactive [2009/02/01 13:23:44 \| 00,000,000 \| ---D \| M] -- C:\Users\hakim90\AppData\Roaming\Stardock [2008/05/17 18:52:38 \| 00,000,000 \| ---D \| M] -- C:\Users\hakim90\AppData\Roaming\TigerPlayer [2009/09/19 00:14:01 \| 00,000,000 \| ---D \| M] -- C:\Users\hakim90\AppData\Roaming\Uniblue [2009/10/31 23:33:00 \| 00,000,472 \| ---- \| M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job [2009/11/04 14:51:13 \| 00,000,006 \| -H-- \| M] () -- C:\Windows\Tasks\SA.DAT [2009/11/04 14:46:11 \| 00,032,540 \| ---- \| M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2009/11/04 15:13:05 \| 00,000,426 \| -H-- \| M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{F20AEC38-538E-4DEF-B83B-DA90B76304D0}.job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\.exe > [2005/08/17 00:49:12 \| 00,040,960 \| ---- \| M] (Sysinternals - www.sysinternals.com) -- C:\junction.exe < %SYSTEMDRIVE%\eventlog.dll /s /md5 > < %SYSTEMDRIVE%\scecli.dll /s /md5 > [2009/04/11 14:28:24 \| 00,177,152 \| ---- \| M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll [2006/11/02 17:46:12 \| 00,176,640 \| ---- \| M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll [2008/01/19 15:36:19 \| 00,177,152 \| ---- \| M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2009/04/11 14:28:24 \| 00,177,152 \| ---- \| M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < %SYSTEMDRIVE%\netlogon.dll /s /md5 > [2009/04/11 14:28:23 \| 00,592,896 \| ---- \| M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll [2006/11/02 17:46:11 \| 00,559,616 \| ---- \| M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll [2008/01/19 15:35:36 \| 00,592,384 \| ---- \| M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll [2009/04/11 14:28:23 \| 00,592,896 \| ---- \| M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll < %SYSTEMDRIVE%\cngaudit.dll /s /md5 > [2006/11/02 17:46:03 \| 00,011,776 \| ---- \| M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006/11/02 17:46:03 \| 00,011,776 \| ---- \| M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < %SYSTEMDRIVE%\sceclt.dll /s /md5 > < %SYSTEMDRIVE%\ntelogon.dll /s /md5 > < %SYSTEMDRIVE%\logevent.dll /s /md5 > < %SYSTEMDRIVE%\iaStor.sys /s /md5 > [2007/03/22 03:58:56 \| 00,304,920 \| ---- \| M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver\IaStor.sys [2007/03/22 03:59:30 \| 00,381,720 \| ---- \| M] (Intel Corporation) MD5=9D7ED4275702E2FC409F2CC563245740 -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver64\IaStor.sys [2007/03/22 03:58:56 \| 00,304,920 \| ---- \| M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Windows\System32\drivers\iaStor.sys [2007/03/22 03:58:56 \| 00,304,920 \| ---- \| M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_3a63e5a6\iaStor.sys < %SYSTEMDRIVE%\nvstor.sys /s /md5 > [2006/11/02 17:50:13 \| 00,040,040 \| ---- \| M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys [2008/01/19 15:42:09 \| 00,045,112 \| ---- \| M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2006/11/02 17:50:13 \| 00,040,040 \| ---- \| M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008/01/19 15:42:09 \| 00,045,112 \| ---- \| M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < %SYSTEMDRIVE%\atapi.sys /s /md5 > [2009/04/11 14:32:26 \| 00,019,944 \| ---- \| M] () MD5 -- C:\Windows\System32\drivers\atapi.sys [2007/08/14 19:34:04 \| 00,021,688 \| ---- \| M] (Microsoft Corporation) MD5=9E7E85EC61D1C9C3171CC08427108863 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_5a9555b4\atapi.sys [2008/03/10 19:02:32 \| 00,021,560 \| ---- \| M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_64dfd8ea\atapi.sys [2008/03/10 19:02:33 \| 00,021,560 \| ---- \| M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys [2009/04/11 14:32:26 \| 00,019,944 \| ---- \| M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2006/11/02 17:49:36 \| 00,019,048 \| ---- \| M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys [2008/01/19 15:41:30 \| 00,021,560 \| ---- \| M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008/03/10 19:02:33 \| 00,021,560 \| ---- \| M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys [2007/08/14 19:34:04 \| 00,021,688 \| ---- \| M] (Microsoft Corporation) MD5=9E7E85EC61D1C9C3171CC08427108863 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20509_none_dbe4850d3d78c736\atapi.sys [2008/03/10 19:02:32 \| 00,021,560 \| ---- \| M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys [2008/01/19 15:41:30 \| 00,021,560 \| ---- \| M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2009/04/11 14:32:26 \| 00,019,944 \| ---- \| M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys < %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 > < %SYSTEMDRIVE%\viasraid.sys /s /md5 > < %SYSTEMDRIVE%\AGP440.sys /s /md5 > [2006/11/02 17:49:52 \| 00,053,864 \| ---- \| M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys [2008/01/19 15:42:25 \| 00,056,376 \| ---- \| M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2007/08/14 19:33:04 \| 00,053,864 \| ---- \| M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_8ed06b47\AGP440.sys [2006/11/02 17:49:52 \| 00,053,864 \| ---- \| M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys [2008/01/19 15:42:25 \| 00,056,376 \| ---- \| M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2007/08/14 19:33:04 \| 00,053,864 \| ---- \| M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.16400_none_b82caac9c18a4e3b\AGP440.sys [2007/08/14 19:33:04 \| 00,053,864 \| ---- \| M] (Microsoft Corporation) MD5=BF34B4A0E0B64440C5389AA6B902F4AD -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20496_none_b85af81edaeb8461\AGP440.sys [2008/01/19 15:42:25 \| 00,056,376 \| ---- \| M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008/01/19 15:42:25 \| 00,056,376 \| ---- \| M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys < %SYSTEMDRIVE%\vaxscsi.sys /s /md5 > < End of report > OTL Extras logfile created on: 4/11/2009 3:13:40 PM - Run 1 OTL by OldTimer - Version 3.1.3.3 Folder = C:\Users\hakim90\Downloads\Installers Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18828) Locale: 00004809 \| Country: Singapore \| Language: ENE \| Date Format: d/M/yyyy 2.00 Gb Total Physical Memory \| 1.68 Gb Available Physical Memory \| 84.21% Memory free 4.00 Gb Paging File \| 4.00 Gb Available in Paging File \| 100.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\Windows \| %ProgramFiles% = C:\Program Files Drive C: \| 110.05 Gb Total Space \| 13.91 Gb Free Space \| 12.64% Space Free \| Partition Type: NTFS Drive D: \| 110.07 Gb Total Space \| 9.12 Gb Free Space \| 8.28% Space Free \| Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: HAKIM Current User Name: hakim90 Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 14 Days Output = Standard Quick Scan ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1 .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" % File not found chm.file [open] -- "%SystemRoot%\hh.exe" %1 File not found cmdfile [open] -- "%1" %* File not found comfile [open] -- "%1" %* File not found cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* File not found helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* File not found regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" File not found scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S File not found txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "UacDisableNotify" = 1 "InternetSettingsDisableNotify" = 1 "AutoUpdateDisableNotify" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe" = C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe::Enabled:eDSfsu -- (Acer Inc.) "C:\Acer\Empowering Technology\eDataSecurity\encryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\encryption.exe::Enabled:encryption -- (HiTRUST) "C:\Acer\Empowering Technology\eDataSecurity\decryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption -- (HiTRUST) ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{02F6EA5F-ADD5-432B-9376-408B6AB031DD}" = lport=10452 \| protocol=17 \| dir=in \| name=bitcometbeta 10452 udp \| "{18876D0E-4046-440F-B240-E226BF7C171C}" = lport=67 \| protocol=17 \| dir=in \| name=dhcp discovery service \| "{19138E09-DC06-4EDC-A7C1-E1F456B049C0}" = lport=1900 \| protocol=17 \| dir=in \| svc=ssdpsrv \| app=c:\windows\system32\svchost.exe \| "{3EC37E15-118D-449B-92B9-318478BBC462}" = lport=1900 \| protocol=17 \| dir=in \| svc=ssdpsrv \| app=svchost.exe \| "{46738D04-EADA-4B81-8843-ED7D22061BA4}" = lport=rpc \| protocol=6 \| dir=in \| svc=vds \| app=c:\windows\system32\vds.exe \| "{5891E152-9C1D-4997-8FE3-E96D85AC6338}" = lport=80 \| protocol=6 \| dir=in \| app=system \| "{7A49FC4B-21F8-4EE8-8A1B-4F40315F13DB}" = lport=rpc \| protocol=6 \| dir=in \| svc=policyagent \| app=c:\windows\system32\svchost.exe \| "{916D5D9C-A67E-46DB-BB68-B4360D1F366D}" = lport=rpc \| protocol=6 \| dir=in \| app=c:\windows\system32\vdsldr.exe \| "{987DD0DC-7CEA-4911-A03F-45C61044E480}" = lport=rpc-epmap \| protocol=6 \| dir=in \| svc=rpcss \| app=c:\windows\system32\svchost.exe \| "{AF16CD06-860F-49E5-BA7A-8F2BD6981F45}" = lport=10452 \| protocol=6 \| dir=in \| name=bitcometbeta 10452 tcp \| "{BF866CE4-A446-4049-9446-F9346B7A075E}" = lport=2869 \| protocol=6 \| dir=in \| app=system \| "{CC112697-8EDD-492C-A43E-0379E9BBDCCF}" = lport=rpc-epmap \| protocol=6 \| dir=in \| svc=rpcss \| app=c:\windows\system32\svchost.exe \| "{E49BD948-D5E1-4598-B50D-09C0A445C6AE}" = lport=67 \| protocol=17 \| dir=in \| name=dhcp discovery service \| ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{08C1F403-50C7-46B3-8D83-8FA86109B0D1}" = protocol=17 \| dir=out \| app=c:\program files\windows media player\wmplayer.exe \| "{09F6CCB3-027B-4638-92F6-7C14D1E49842}" = protocol=17 \| dir=in \| app=c:\program files\sony ericsson\sony ericsson media manager\mediamanager.exe \| "{122E4E6E-4708-4E94-80E0-D130A1B10A20}" = protocol=17 \| dir=in \| app=c:\program files\common files\pure networks shared\platform\nmsrvc.exe \| "{1E49D19C-67F1-47BC-823E-E12FE32836D8}" = protocol=17 \| dir=in \| app=c:\program files\firefly studios\stronghold 2\stronghold2.exe \| "{26EF555F-EDE4-4F42-A320-01859BAFA8E6}" = dir=in \| app=c:\program files\acer arcade deluxe\play movie\pmvservice.exe \| "{28D86DC1-C46F-4262-AE37-956557712AD4}" = dir=in \| app=c:\program files\acer arcade deluxe\play movie\playmovie.exe \| "{2917BCD6-6AEE-49A3-BEF0-9C424972AAB3}" = protocol=6 \| dir=in \| app=c:\program files\firefly studios\stronghold 2\stronghold2.exe \| "{31DB8DEA-3E48-4869-9DFA-725B47B5323A}" = protocol=6 \| dir=out \| app=c:\program files\windows media player\wmplayer.exe \| "{3478B315-FF4F-40B5-BF02-12A3C50E72A5}" = protocol=17 \| dir=in \| app=c:\program files\limewire\limewire.exe \| "{38EC29A3-D3F7-4DD1-849C-5E338FB1AECB}" = dir=in \| app=c:\program files\acer arcade deluxe\videomagician\videomagician.exe \| "{40923515-51B0-4C71-B5E2-E29FE836E1E0}" = dir=in \| app=c:\program files\windows live\messenger\msnmsgr.exe \| "{4A86BE85-6206-42C2-A030-FBF582449477}" = protocol=17 \| dir=in \| app=c:\program files\common files\pure networks shared\platform\nmsrvc.exe \| "{4C336CB7-1948-47BE-816D-D5AAB0DBF0C1}" = protocol=6 \| dir=in \| app=c:\program files\bonjour\mdnsresponder.exe \| "{4D128081-4747-42E2-B5BA-CF186F8DF27D}" = protocol=6 \| dir=in \| app=c:\valve\steam\steamapps\common\football manager 2010\fm.exe \| "{5229EDD7-63BA-459E-9D6F-456BEB2F2A76}" = protocol=6 \| dir=in \| app=c:\program files\itunes\itunes.exe \| "{543895F4-962A-4F8A-8788-38E6AAECC677}" = dir=in \| app=c:\program files\windows live\sync\windowslivesync.exe \| "{5AF5BBBE-EBE2-419B-80F6-B1B7CBF62622}" = protocol=17 \| dir=in \| app=c:\program files\windows media player\wmplayer.exe \| "{6724C5BB-3C93-4FE8-A26E-759BCCBD97D1}" = protocol=17 \| dir=in \| app=c:\program files\stardock games\the political machine 2008 express\polmachine2008express.exe \| "{684BCE73-5709-4D33-B6FE-E8A63DB03E78}" = dir=in \| app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe \| "{75B11620-1DB2-4034-811F-2B955530E80F}" = protocol=17 \| dir=in \| app=c:\program files\bonjour\mdnsresponder.exe \| "{7A17D011-219D-443E-B019-2E478AA22870}" = dir=in \| app=c:\program files\acer arcade deluxe\dv wizard\dv wizard.exe \| "{7F4A5270-8496-4B85-B4B5-23191342138F}" = dir=in \| app=c:\program files\acer arcade deluxe\dvdivine\dvdivine.exe \| "{87D0F04E-9698-4D8A-80B1-D8F38994E9EC}" = protocol=6 \| dir=in \| app=c:\program files\stardock games\the political machine 2008 express\polmachine2008express.exe \| "{88162416-9E03-4274-BA6A-35787175EF1F}" = protocol=6 \| dir=in \| app=c:\program files\limewire\limewire.exe \| "{89A8C285-628E-464D-8826-E2A09C4C2C0F}" = protocol=17 \| dir=in \| app=c:\program files\itunes\itunes.exe \| "{989A5537-D0CB-4DD3-A64E-D06C883A55F9}" = protocol=6 \| dir=in \| app=c:\program files\common files\pure networks shared\platform\nmsrvc.exe \| "{9F9FD877-8519-4B89-B3E3-FD126639BE4E}" = dir=in \| app=c:\program files\acer\acer vcm\vc.exe \| "{AAE534F9-E429-4DDA-95F5-30DD94239DAB}" = dir=in \| app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe \| "{AD65D01C-1684-469C-9551-30BD5D9330CD}" = protocol=17 \| dir=in \| app=c:\valve\steam\steamapps\common\football manager 2010\fm.exe \| "{B1EC2C2B-D4B4-47AD-93FF-BE7E7F31572A}" = dir=in \| app=c:\program files\skype\phone\skype.exe \| "{B9094160-8ADD-438E-95D9-C5061E710215}" = protocol=6 \| dir=in \| app=c:\program files\sony ericsson\sony ericsson media manager\mediamanager.exe \| "{BD455429-F564-4216-AB84-F9C6294F24EC}" = protocol=17 \| dir=in \| app=c:\program files\itunes\itunes.exe \| "{C6F14C71-96D2-49A6-8C8E-96B850E91CFB}" = protocol=17 \| dir=in \| app=c:\program files\sports interactive\football manager 2009\fm.exe \| "{C870919F-514E-42C4-92E5-8C3A04981F69}" = protocol=6 \| dir=in \| app=c:\program files\common files\pure networks shared\platform\nmsrvc.exe \| "{CF428810-4CC9-429B-B2CC-6FE05973D530}" = protocol=6 \| dir=in \| app=c:\program files\microsoft office\office12\onenote.exe \| "{D739CB6D-B2FA-47E2-9E3D-C2039E31A5E3}" = dir=in \| app=c:\program files\windows live\messenger\wlcsdk.exe \| "{D78C3461-9837-4842-A04A-113A35F4B52D}" = protocol=6 \| dir=in \| app=c:\program files\sports interactive\football manager 2009\fm.exe \| "{DFB55317-9717-4FDF-9444-948E7407B5B5}" = protocol=17 \| dir=in \| app=c:\program files\microsoft office\office12\onenote.exe \| "{EE2F0E78-CC53-49BF-984E-F0D98B924B0A}" = protocol=6 \| dir=in \| app=c:\program files\itunes\itunes.exe \| "TCP Query User{12BFD1EF-784F-4159-B5C7-46C0C3C693F8}C:\program files\mozilla firefox\firefox.exe" = protocol=6 \| dir=in \| app=c:\program files\mozilla firefox\firefox.exe \| "TCP Query User{33C436B9-1989-4D37-A746-53A90276835E}C:\program files\limewire\limewire.exe" = protocol=6 \| dir=in \| app=c:\program files\limewire\limewire.exe \| "TCP Query User{434A45BC-01E5-4D49-9031-087448BFC1BA}C:\valve\steam\steamapps\hakim90\condition zero\hl.exe" = protocol=6 \| dir=in \| app=c:\valve\steam\steamapps\hakim90\condition zero\hl.exe \| "TCP Query User{53E88864-4D48-485D-A2EA-6A38BBEE8330}C:\program files\mozilla firefox\firefox.exe" = protocol=6 \| dir=in \| app=c:\program files\mozilla firefox\firefox.exe \| "TCP Query User{5587F612-BCB8-49D8-8BE5-FD52BD38195E}C:\program files\bitcomet\bitcomet.exe" = protocol=6 \| dir=in \| app=c:\program files\bitcomet\bitcomet.exe \| "TCP Query User{7479B78F-25B0-4562-8288-6A9F5A1E3F11}C:\program files\real\realplayer\realplay.exe" = protocol=6 \| dir=in \| app=c:\program files\real\realplayer\realplay.exe \| "TCP Query User{959BF752-C239-4872-868A-0C83EA40A100}C:\program files\bitcomet\bitcomet.exe" = protocol=6 \| dir=in \| app=c:\program files\bitcomet\bitcomet.exe \| "TCP Query User{DA2476D6-A9DB-455C-9358-15757DB09575}C:\valve\steam\steamapps\hakim90\counter-strike\hl.exe" = protocol=6 \| dir=in \| app=c:\valve\steam\steamapps\hakim90\counter-strike\hl.exe \| "TCP Query User{FC77A57A-C5CC-4C03-8E84-FA114208B11C}C:\program files\internet explorer\iexplore.exe" = protocol=6 \| dir=in \| app=c:\program files\internet explorer\iexplore.exe \| "UDP Query User{43C5DA66-E867-4D19-A658-BCC588C5B1CB}C:\program files\limewire\limewire.exe" = protocol=17 \| dir=in \| app=c:\program files\limewire\limewire.exe \| "UDP Query User{6B6364F0-CDD5-40D6-B35B-6C0743DFA91D}C:\valve\steam\steamapps\hakim90\condition zero\hl.exe" = protocol=17 \| dir=in \| app=c:\valve\steam\steamapps\hakim90\condition zero\hl.exe \| "UDP Query User{786BBA39-2A61-48A4-B6C1-20FFB7E4539A}C:\program files\bitcomet\bitcomet.exe" = protocol=17 \| dir=in \| app=c:\program files\bitcomet\bitcomet.exe \| "UDP Query User{8F9B569A-D5E2-49EE-ACEC-6572579FCA55}C:\program files\mozilla firefox\firefox.exe" = protocol=17 \| dir=in \| app=c:\program files\mozilla firefox\firefox.exe \| "UDP Query User{931902FE-DB8C-4559-A138-8579725BF09E}C:\program files\internet explorer\iexplore.exe" = protocol=17 \| dir=in \| app=c:\program files\internet explorer\iexplore.exe \| "UDP Query User{956B41A1-3B38-4E17-A55E-0FA39C0CA0D4}C:\program files\mozilla firefox\firefox.exe" = protocol=17 \| dir=in \| app=c:\program files\mozilla firefox\firefox.exe \| "UDP Query User{AAB747CA-98F7-4DD7-80E4-2F696D0E1B4C}C:\program files\real\realplayer\realplay.exe" = protocol=17 \| dir=in \| app=c:\program files\real\realplayer\realplay.exe \| "UDP Query User{AFD00DF1-71EF-4871-95DA-C0FBF7822AF8}C:\valve\steam\steamapps\hakim90\counter-strike\hl.exe" = protocol=17 \| dir=in \| app=c:\valve\steam\steamapps\hakim90\counter-strike\hl.exe \| "UDP Query User{F575FC94-8D4F-4D12-983A-BB01DCC4C7EE}C:\program files\bitcomet\bitcomet.exe" = protocol=17 \| dir=in \| app=c:\program files\bitcomet\bitcomet.exe \| ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0096A731-71DB-4969-AF1A-651698B246A5}" = Sony Ericsson Media Manager 1.1 "{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM "{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour "{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID Sign-in Assistant "{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In "{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management "{120D9280-C7A0-F52B-0F0C-8F1DE9ACEAEE}" = Catalyst Control Center Localization Korean "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter "{15112D8C-D377-D1F9-3701-90E9CF9EC65B}" = Catalyst Control Center Localization Japanese "{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker "{163B1CF0-6C0C-D558-341E-BA1DE37F9FA1}" = Catalyst Control Center Localization Danish "{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth "{20071984-5EB1-4881-8EDB-082532ACEC6D}" = Heroes of Might and Magic V "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool "{20D08187-7192-A65D-4ABA-BB09BF315E4F}" = Catalyst Control Center Core Implementation "{226EF265-A4E4-4E10-BAA9-9C5D89F6EAF9}" = Catalyst Control Center Localization Turkish "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{231A1A09-FDF2-45F2-B3D1-964CECE372BC}" = Seagate Manager Installer "{238BA203-497D-16EA-8495-A42A37A1D1DC}" = Catalyst Control Center Localization Russian "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 16 "{284BD984-6E5C-4586-80A8-14D85E233497}" = Linksys EasyLink Advisor "{2D72ACF2-C3A9-A980-FB98-0062C1F4AABF}" = Catalyst Control Center Localization Chinese Standard "{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 4.010.00 "{3248F0A8-6813-11D6-A77B-00B0D0150030}" = J2SE Runtime Environment 5.0 Update 3 "{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3 "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5 "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7 "{34ED728D-ECE5-4A0D-9963-B54B318D0932}" = ccc-Branding "{35C0A1E4-D02A-412C-841F-266DBB116ABB}" = Intel® PROSet/Wireless WiFi Software "{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Acer Crystal Eye Webcam Video Class Camera "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}" = ATI Catalyst Install Manager "{4971AB6A-D3AF-4227-51BD-0165C56F35F6}" = Catalyst Control Center Localization Dutch "{4EB4978B-F18F-A9BF-114D-275F675CD9E7}" = Catalyst Control Center Localization Polish "{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management "{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management "{5A44BF79-7923-E7D4-C8A6-F93F81EF48B9}" = Catalyst Control Center Localization Finnish "{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype� 3.8 "{5DCE4F2F-427B-F3DA-AF1E-34FBFCF779ED}" = ccc-core-static "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{62F596B9-0DF7-AD7B-2D66-E6DC4BFB94C1}" = Catalyst Control Center Localization French "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail "{64B3A619-65FF-6AF5-ABF8-D7D17E20D8A1}" = Catalyst Control Center Localization German "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{67ADE9AF-5CD9-4089-8825-55DE4B366799}" = NTI Backup NOW! 4.7 "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{7616F372-AFF8-355C-582D-6EA9BE9445CF}" = Catalyst Control Center Graphics Light "{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{78764173-3805-4916-B3CE-B433702B8870}" = O2Micro Flash Memory Card Reader Driver Installer(x86) "{79B92639-4B90-CD61-6CB3-72C1977D7256}" = Catalyst Control Center Localization Portuguese "{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{7B8CFD39-A3EA-7469-344A-35715AA9DB10}" = Catalyst Control Center Localization Spanish "{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111263673}" = Treasures of the Deep "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111271497}" = Mystery Case Files - Prime Suspects "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111310630}" = Big Kahuna Reef 2 "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111473353}" = Dynasty "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11170417}" = Luxor 2 "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111730193}" = Star Defender 3 "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112179547}" = Mystery Case Files Ravenhearst "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync "{88637F72-B46E-43F9-B306-6DA1FF478D51}" = WIDCOMM Bluetooth Software 6.0.1.3900 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{94389919-B0AA-4882-9BE8-9F0B004ECA35}" = Acer Tour "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{99C2CE24-18E1-5779-642B-ED28AFBE912E}" = Catalyst Control Center Localization Thai "{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 4.3 "{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime "{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger "{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder "{AA047D7C-5E7C-4878-B75C-77589151B563}" = Acer Crystal Eye webcam "{AAA58088-CBEE-466C-F225-E6DC91A9A067}" = Catalyst Control Center Localization Norwegian "{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter "{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support "{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology "{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.5 "{AC76BA86-7AD7-1033-7B44-A81300000003}_814" = KB408682 "{AC76BA86-7AD7-5760-0000-800000000003}" = Japanese Fonts Support For Adobe Reader 8 "{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4 "{AEEAE013-92F1-4515-B278-139F1A692A36}" = Acer eDataSecurity Management "{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder "{B1286E7E-AAAF-955C-1C72-60C5EF8F5F2D}" = Catalyst Control Center Localization Italian "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B4A0EFC6-0933-6AE9-8EE0-7D6C5D5E28A8}" = Catalyst Control Center Localization Swedish "{B607C354-CD79-4D22-86D1-92DC94153F42}" = Apple Application Support "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer "{B8DC25AB-AEF8-264E-072D-62EB71D331B6}" = Catalyst Control Center Localization Hungarian "{BDFD03D4-CA66-36B1-41DE-F10059E248C4}" = Catalyst Control Center Localization Greek "{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management "{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management "{C34FAEF3-4241-4C4E-9CFF-7BBD8BCEABE7}" = WebEx Support Manager for Internet Explorer "{C9507D0D-1A9C-486E-91D6-33A71CCA55F2}" = Pure Networks Platform "{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1 "{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management "{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}" = iTunes "{D273D5F0-5868-358A-F5EE-77565BD6AAD4}" = Catalyst Control Center Localization Chinese Traditional "{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom Gigabit Integrated Controller "{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery "{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation) "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Deluxe "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729) "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01 "{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call "{F79E42D0-C1F2-C461-5E1A-3A169E25F2C2}" = ccc-utility "{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility "{FF9E6D14-CD96-B086-BF2B-1E5DE6A7780F}" = Catalyst Control Center Localization Czech "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Agere Systems Soft Modem" = Agere Systems HDA Modem "AviSynth" = AviSynth 2.5 "BitComet" = BitComet 1.15 "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "EPSON Printer and Utilities" = EPSON Printer Software "ERUNT_is1" = ERUNT 1.1j "Free iPod Video Converter_is1" = Free iPod Video Converter 1.34 "Google Updater" = Google Updater "GridVista" = Acer GridVista "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker "InstallShield_{231A1A09-FDF2-45F2-B3D1-964CECE372BC}" = Seagate Manager Installer "InstallShield_{284BD984-6E5C-4586-80A8-14D85E233497}" = Linksys EasyLink Advisor "InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00 "KeynoteConnector" = Keynote Connector "LegalSounds Music Downloader_is1" = LegalSounds Music Downloader 1.4 "LimeWire" = LimeWire PRO 5.1.2 "LManager" = Launch Manager "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox (3.5.4)" = Mozilla Firefox (3.5.4) "MpcStar" = MpcStar 2.9 "NIS" = Norton Internet Security "OpenMG HotFix4.7-07-13-22-01" = OpenMG Limited Patch 4.7-07-14-05-01 "ProInst" = Intel PROSet Wireless "RealPlayer 6.0" = RealPlayer "ShockwaveFlash" = Adobe Flash Player 9 ActiveX "ShotOnline International" = ShotOnline International "SmartFix" = SmartFix "Steam" = Steam "Steam App 10" = Counter-Strike "Steam App 100" = Condition Zero Deleted Scenes "Steam App 34000" = Football Manager 2010 "Steam App 80" = Condition Zero "SynTPDeinstKey" = Synaptics Pointing Device Driver "TVUPlayer" = TVUPlayer 2.4.9.1 "Update Service" = Update Service "VLC media player" = VLC media player 1.0.2 "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR archiver "Yahoo! Software Update" = Yahoo! Software Update "YouTube Downloader App" = YouTube Downloader App 1.03 ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 14/1/2009 11:30:58 AM \| Computer Name = Hakim \| Source = EventSystem \| ID = 4621 Description = Error - 15/1/2009 6:25:58 AM \| Computer Name = Hakim \| Source = RasClient \| ID = 20227 Description = Error - 15/1/2009 6:26:19 AM \| Computer Name = Hakim \| Source = RasClient \| ID = 20227 Description = Error - 15/1/2009 2:30:29 PM \| Computer Name = Hakim \| Source = EventSystem \| ID = 4621 Description = Error - 20/1/2009 4:10:29 AM \| Computer Name = Hakim \| Source = Application Hang \| ID = 1002 Description = The program firefox.exe version 1.9.0.3257 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: ac4 Start Time: 01c97ad5e6a217fc Termination Time: 9 Error - 22/1/2009 7:29:12 AM \| Computer Name = Hakim \| Source = EventSystem \| ID = 4621 Description = Error - 23/1/2009 12:07:45 PM \| Computer Name = Hakim \| Source = EventSystem \| ID = 4621 Description = Error - 26/1/2009 5:18:43 AM \| Computer Name = Hakim \| Source = RasClient \| ID = 20227 Description = Error - 26/1/2009 5:27:58 AM \| Computer Name = Hakim \| Source = RasClient \| ID = 20227 Description = Error - 26/1/2009 9:11:43 AM \| Computer Name = Hakim \| Source = Application Error \| ID = 1000 Description = Faulting application msnmsgr.exe, version 8.5.1302.1018, time stamp 0x4717a53b, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x28e05950, process id 0x13cc, application start time 0x01c97f93666cf87c. [ System Events ] Error - 4/11/2009 2:44:38 AM \| Computer Name = Hakim \| Source = Service Control Manager \| ID = 7031 Description = Error - 4/11/2009 2:44:38 AM \| Computer Name = Hakim \| Source = Service Control Manager \| ID = 7031 Description = Error - 4/11/2009 2:44:38 AM \| Computer Name = Hakim \| Source = Service Control Manager \| ID = 7034 Description = Error - 4/11/2009 2:44:38 AM \| Computer Name = Hakim \| Source = Service Control Manager \| ID = 7034 Description = Error - 4/11/2009 2:44:38 AM \| Computer Name = Hakim \| Source = Service Control Manager \| ID = 7031 Description = Error - 4/11/2009 2:44:38 AM \| Computer Name = Hakim \| Source = Service Control Manager \| ID = 7034 Description = Error - 4/11/2009 2:44:39 AM \| Computer Name = Hakim \| Source = Service Control Manager \| ID = 7031 Description = Error - 4/11/2009 2:44:39 AM \| Computer Name = Hakim \| Source = Service Control Manager \| ID = 7034 Description = Error - 4/11/2009 2:44:39 AM \| Computer Name = Hakim \| Source = Service Control Manager \| ID = 7034 Description = Error - 4/11/2009 2:51:33 AM \| Computer Name = Hakim \| Source = Service Control Manager \| ID = 7000 Description = < End of report >

« Next Oldest · Virus, Spyware and Trojan Removal · Next Newest »

Reply to this topic

Start new topic

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Similar Topics

Similar Topics

Similar Topics

		Topic Title	Replies / Views	Topic Information
		Virus, Spyware and Trojan Removal How to remove Trojan:Win32/Vundo.gen!AF [Solved] 12	22 / 4,419	24th February 2009 - 05:02 PM psm343 started - last by handhfan
		Virus, Spyware and Trojan Removal Trojan:Win32/Alureon.gen!U how to remove? [Solved] 123	32 / 4,497	16th August 2009 - 12:00 AM ag9723 started - last by fenzodahl512
		Virus, Spyware and Trojan Removal Can I remove Trojan:Win32/Alureon.gen!U? [Solved] 1234	58 / 1,014	11th November 2009 - 05:39 AM lefthandblack started - last by heir
		Virus, Spyware and Trojan Removal Trojan:Win32/Alureon.gen!U [Closed] 12	16 / 179	16th November 2009 - 12:07 PM bernardogoncalves started - last by Rorschach112

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

Time is now: 21st November 2009 - 02:57 AM

Advertisements do not imply our endorsement of that product or service. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks mentioned on this page are the property of their respective owners.

© Geeks to Go, Inc. | All Rights Reserved | Privacy Policy | Advertising

Powered By IP.Board © 2009 IPS, Inc.