Sorry, here are my root repeal and OTL logs
ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/11/10 00:08
Program Version: Version 1.3.5.0
Windows Version: Windows Vista SP1
==================================================
Drivers
-------------------
Name: dump_iaStor.sys
Image Path: C:\Windows\System32\Drivers\dump_iaStor.sys
Address: 0x88B0B000 Size: 778240 File Visible: No Signed: -
Status: -
Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0xAA5BF000 Size: 49152 File Visible: No Signed: -
Status: -
Processes
-------------------
Path: System
PID: 4 Status: Locked to the Windows API!
Path: C:\Windows\System32\audiodg.exe
PID: 1100 Status: Locked to the Windows API!
SSDT
-------------------
#: 013 Function Name: NtAlertResumeThread
Status: Hooked by "<unknown>" at address 0x94773898
#: 014 Function Name: NtAlertThread
Status: Hooked by "<unknown>" at address 0x94773978
#: 018 Function Name: NtAllocateVirtualMemory
Status: Hooked by "<unknown>" at address 0x947709d8
#: 021 Function Name: NtAlpcConnectPort
Status: Hooked by "<unknown>" at address 0x94711e68
#: 067 Function Name: NtCreateMutant
Status: Hooked by "<unknown>" at address 0x947735e8
#: 078 Function Name: NtCreateThread
Status: Hooked by "<unknown>" at address 0x94770aa8
#: 116 Function Name: NtDebugActiveProcess
Status: Hooked by "<unknown>" at address 0x947d3f28
#: 147 Function Name: NtFreeVirtualMemory
Status: Hooked by "<unknown>" at address 0x947722c0
#: 156 Function Name: NtImpersonateAnonymousToken
Status: Hooked by "<unknown>" at address 0x947736d8
#: 158 Function Name: NtImpersonateThread
Status: Hooked by "<unknown>" at address 0x947737b8
#: 177 Function Name: NtMapViewOfSection
Status: Hooked by "<unknown>" at address 0x947721e0
#: 184 Function Name: NtOpenEvent
Status: Hooked by "<unknown>" at address 0x94773508
#: 195 Function Name: NtOpenProcessToken
Status: Hooked by "<unknown>" at address 0x92a5e738
#: 197 Function Name: NtOpenSection
Status: Hooked by "<unknown>" at address 0x94773348
#: 202 Function Name: NtOpenThreadToken
Status: Hooked by "<unknown>" at address 0x947d32e0
#: 282 Function Name: NtResumeThread
Status: Hooked by "<unknown>" at address 0x94771420
#: 289 Function Name: NtSetContextThread
Status: Hooked by "<unknown>" at address 0x947d3200
#: 305 Function Name: NtSetInformationProcess
Status: Hooked by "<unknown>" at address 0x947d33d0
#: 306 Function Name: NtSetInformationThread
Status: Hooked by "<unknown>" at address 0x947d3110
#: 330 Function Name: NtSuspendProcess
Status: Hooked by "<unknown>" at address 0x94773428
#: 331 Function Name: NtSuspendThread
Status: Hooked by "<unknown>" at address 0x94773ac0
#: 334 Function Name: NtTerminateProcess
Status: Hooked by "C:\Windows\system32\drivers\CO_Mon.sys" at address 0xa1f79760
#: 335 Function Name: NtTerminateThread
Status: Hooked by "<unknown>" at address 0x94773b80
#: 348 Function Name: NtUnmapViewOfSection
Status: Hooked by "<unknown>" at address 0x947cbbb8
#: 358 Function Name: NtWriteVirtualMemory
Status: Hooked by "<unknown>" at address 0x94770908
==EOF==
OTL logfile created on: 11/9/2009 11:49:10 PM - Run 1
OTL by OldTimer - Version 3.1.4.0 Folder = C:\Users\Kieran\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yyyy
2.00 Gb Total Physical Memory | 0.69 Gb Available Physical Memory | 34.67% Memory free
4.00 Gb Paging File | 2.12 Gb Available in Paging File | 53.07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111.69 Gb Total Space | 23.83 Gb Free Space | 21.34% Space Free | Partition Type: NTFS
Drive D: | 108.19 Gb Total Space | 88.22 Gb Free Space | 81.55% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: KIERAN-PC
Current User Name: Kieran
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ========== PRC - [2009/11/09 23:48:19 | 00,528,896 | ---- | M] (OldTimer Tools) -- C:\Users\Kieran\Desktop\OTL.exe
PRC - [2009/11/09 22:52:48 | 00,139,264 | ---- | M] (Kaspersky Lab.) -- C:\Users\Kieran\AppData\Local\Temp\jkos-Kieran\binaries\ScanningProcess.exe
PRC - [2009/11/09 22:52:48 | 00,139,264 | ---- | M] (Kaspersky Lab.) -- C:\Users\Kieran\AppData\Local\Temp\jkos-Kieran\binaries\ScanningProcess.exe
PRC - [2009/11/08 19:58:13 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/11/07 11:30:27 | 00,323,392 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\DNA\btdna.exe
PRC - [2009/10/05 19:04:03 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/10/05 19:04:03 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\java.exe
PRC - [2009/10/05 19:04:03 | 00,022,816 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jp2launcher.exe
PRC - [2009/03/26 14:31:20 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/03/03 02:16:04 | 00,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\WmiPrvSE.exe
PRC - [2009/03/03 02:16:04 | 00,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\WmiPrvSE.exe
PRC - [2009/01/26 15:31:16 | 02,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/10/29 06:29:41 | 02,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/10/17 15:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE
PRC - [2008/10/17 15:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE
PRC - [2008/10/16 17:26:20 | 00,860,160 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2008/10/16 16:54:34 | 00,466,944 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2008/03/17 02:47:54 | 00,077,824 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
PRC - [2008/03/17 02:46:22 | 03,665,920 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
PRC - [2008/03/17 02:46:22 | 03,665,920 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
PRC - [2008/03/17 02:46:22 | 03,665,920 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
PRC - [2008/03/17 02:46:22 | 03,665,920 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
PRC - [2008/03/17 02:46:22 | 03,665,920 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
PRC - [2008/03/17 02:46:22 | 03,665,920 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
PRC - [2008/01/19 07:33:39 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe
PRC - [2008/01/19 07:33:39 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2008/01/19 07:33:33 | 00,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe
PRC - [2008/01/19 07:33:33 | 00,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe
PRC - [2008/01/19 07:33:09 | 00,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehrecvr.exe
PRC - [2008/01/19 07:33:09 | 00,125,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehtray.exe
PRC - [2008/01/19 07:33:09 | 00,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehmsas.exe
PRC - [2008/01/04 20:10:57 | 00,208,896 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Kieran\AppData\Local\Temp\RtkBtMnt.exe
PRC - [2007/10/18 11:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
PRC - [2007/09/04 10:39:00 | 04,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/08/31 11:49:50 | 00,243,064 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2007/08/29 10:35:38 | 00,323,584 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
PRC - [2007/08/23 21:19:26 | 00,200,704 | ---- | M] (Avid Technology, Inc.) -- C:\Windows\System32\M-AudioTaskBarIcon.exe
PRC - [2007/08/21 11:01:28 | 00,450,560 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2007/07/31 17:25:16 | 00,331,776 | ---- | M] (Avid Technology, Inc.) -- C:\Program Files\M-Audio\KeyStudio 49i\MAUSBKeyStudio49iInst.exe
PRC - [2007/07/31 01:36:00 | 00,707,080 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\QtZgAcer.EXE
PRC - [2007/07/03 17:40:10 | 00,053,248 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
PRC - [2007/06/29 01:50:52 | 00,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
PRC - [2007/06/26 07:33:00 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe
PRC - [2007/06/13 23:56:18 | 00,765,952 | R--- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNMTray.exe
PRC - [2007/06/13 23:54:36 | 00,135,168 | R--- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe
PRC - [2007/06/13 11:23:54 | 00,167,936 | ---- | M] (acer) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
PRC - [2007/06/11 21:54:58 | 01,286,144 | ---- | M] (CyberLink) -- C:\Acer\Empowering Technology\eAudio\eAudio.exe
PRC - [2007/05/09 05:09:20 | 00,865,840 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2007/04/27 21:08:28 | 01,208,320 | ---- | M] (Acer) -- C:\Program Files\Acer\Acer VCM\AcerVCM.exe
PRC - [2007/04/25 23:34:30 | 00,457,512 | ---- | M] (HiTRSUT) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
PRC - [2007/04/25 23:33:36 | 00,457,216 | ---- | M] (HiTRUST) -- C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
PRC - [2007/04/23 16:53:48 | 00,024,576 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
PRC - [2007/04/03 18:28:46 | 00,999,424 | ---- | M] (Acer) -- C:\Program Files\Acer\Acer VCM\VC.exe
PRC - [2007/03/27 19:00:32 | 00,196,608 | ---- | M] (Acer Inc.) -- C:\Program Files\Acer\Acer VCM\acp2HID.exe
PRC - [2007/02/12 14:38:04 | 00,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/02/12 14:37:58 | 00,174,872 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007/02/09 13:35:54 | 00,397,312 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
PRC - [2007/01/26 21:24:42 | 00,050,688 | ---- | M] () -- C:\Acer\ALaunch\ALaunchSvc.exe
PRC - [2007/01/23 13:48:12 | 00,266,343 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe
PRC - [2007/01/17 18:20:10 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2006/11/24 19:57:54 | 00,107,008 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe
PRC - [2006/11/02 12:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe
========== Modules (SafeList) ========== MOD - [2009/11/09 23:48:19 | 00,528,896 | ---- | M] (OldTimer Tools) -- C:\Users\Kieran\Desktop\OTL.exe
MOD - [2008/07/27 18:03:14 | 00,635,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.3053_none_d08d7bba442a9b36\msvcr80.dll
MOD - [2008/07/27 18:03:14 | 00,558,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.3053_none_d08d7bba442a9b36\msvcp80.dll
MOD - [2008/01/19 07:34:02 | 00,798,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dbghelp.dll
MOD - [2008/01/19 07:26:34 | 01,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll
MOD - [2007/08/14 00:13:02 | 00,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf17831d131\mfc80ENU.dll
MOD - [2007/08/14 00:13:01 | 01,093,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed\mfc80u.dll
MOD - [2007/04/25 23:31:00 | 00,028,672 | ---- | M] () -- C:\Windows\System32\BatchCrypto.dll
MOD - [2007/04/25 23:30:44 | 00,063,488 | ---- | M] () -- C:\Windows\System32\ShowErrMsg.dll
MOD - [2007/04/25 23:30:40 | 00,286,720 | ---- | M] (HiTRUST) -- C:\Windows\System32\sysenv.dll
MOD - [2007/03/17 12:19:08 | 00,237,568 | ---- | M] (HiTRSUT) -- C:\Windows\System32\keyManager.dll
MOD - [2007/02/12 23:02:08 | 00,094,208 | ---- | M] (HiTRUST Inc.) -- C:\Windows\System32\MSNChatHook.dll
MOD - [2006/11/30 04:30:18 | 00,401,408 | ---- | M] (HiTRUST) -- C:\Windows\System32\CryptoAPI.dll
========== Win32 Services (SafeList) ========== SRV - [2009/03/26 14:31:20 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/11/04 00:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/10/17 15:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice)
SRV - [2008/10/17 15:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2008/10/17 15:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2008/10/17 15:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2008/10/16 17:26:20 | 00,860,160 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008/10/16 16:54:34 | 00,466,944 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2008/07/27 18:03:13 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/06/20 01:14:44 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2008/06/20 01:14:31 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2008/06/20 01:14:31 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008/03/17 02:47:54 | 00,077,824 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe -- (pgsql-8.3)
SRV - [2008/03/13 01:18:23 | 01,251,720 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2008/01/19 07:38:24 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/19 07:33:39 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008/01/19 07:33:09 | 00,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehrecvr.exe -- (ehRecvr)
SRV - [2007/10/25 15:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007/10/18 11:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc)
SRV - [2007/08/31 11:49:50 | 00,243,064 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007/08/23 20:35:22 | 03,192,184 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
SRV - [2007/08/22 07:21:30 | 00,055,640 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost)
SRV - [2007/07/31 17:25:16 | 00,331,776 | ---- | M] (Avid Technology, Inc.) -- C:\Program Files\M-Audio\KeyStudio 49i\MAUSBKeyStudio49iInst.exe -- (MAudioKeyStudio49iService)
SRV - [2007/07/03 17:40:10 | 00,053,248 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)
SRV - [2007/06/29 01:50:52 | 00,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService)
SRV - [2007/06/26 07:33:00 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe -- (XAudioService)
SRV - [2007/06/13 23:54:36 | 00,135,168 | R--- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service)
SRV - [2007/06/13 11:23:54 | 00,167,936 | ---- | M] (acer) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService)
SRV - [2007/04/25 23:34:30 | 00,457,512 | ---- | M] (HiTRSUT) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe -- (eDataSecurity Service)
SRV - [2007/04/23 16:53:48 | 00,024,576 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService)
SRV - [2007/02/12 14:38:04 | 00,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2007/01/26 21:24:42 | 00,050,688 | ---- | M] () -- C:\Acer\ALaunch\ALaunchSvc.exe -- (ALaunchService)
SRV - [2007/01/23 13:48:12 | 00,266,343 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe -- (RichVideo)
SRV - [2007/01/17 18:20:10 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2006/11/24 19:57:54 | 00,107,008 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)
SRV - [2006/11/02 12:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched)
SRV - [2006/11/02 12:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - [2006/10/26 21:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://en.uk.acer.yahoo.comIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://en.uk.acer.yahoo.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE =
http://www.microsoft...amp;ar=iesearchIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL =
http://search.yahoo....e...-8&fr=b1ie7IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://news.bbc.co.uk/IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,AutoSearch =
http://ie.search.msn...autosearch.aspxIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch =
http://ie.search.msn...st/srchcust.htmIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
http://ie.search.msn...st/srchasst.htmIE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ========== FF - prefs.js..browser.startup.homepage: "news.bbc.co.uk"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems:
[email protected]:1.3.0
FF - prefs.js..extensions.enabledItems: {e2c58150-9d72-11dd-ad8b-0800200c9a66}:1.2.2
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.5
FF - prefs.js..extensions.enabledItems: {de5809e0-2b07-11dd-bd0b-0800200c9a66}:1.1.0
FF - prefs.js..extensions.enabledItems:
[email protected]:1.3.0
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/10/03 19:55:26 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/08 19:58:14 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/08 19:58:14 | 00,000,000 | ---D | M]
[2009/02/24 23:50:29 | 00,000,000 | ---D | M] -- C:\Users\Kieran\AppData\Roaming\Mozilla\Extensions
[2009/02/24 23:50:29 | 00,000,000 | ---D | M] -- C:\Users\Kieran\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/11/09 18:10:02 | 00,000,000 | ---D | M] -- C:\Users\Kieran\AppData\Roaming\Mozilla\Firefox\Profiles\lh50xem6.default\extensions
[2009/10/04 17:13:48 | 00,000,000 | ---D | M] -- C:\Users\Kieran\AppData\Roaming\Mozilla\Firefox\Profiles\lh50xem6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/10/14 23:04:32 | 00,000,000 | ---D | M] -- C:\Users\Kieran\AppData\Roaming\Mozilla\Firefox\Profiles\lh50xem6.default\extensions\{de5809e0-2b07-11dd-bd0b-0800200c9a66}
[2009/10/14 22:15:50 | 00,000,000 | ---D | M] -- C:\Users\Kieran\AppData\Roaming\Mozilla\Firefox\Profiles\lh50xem6.default\extensions\{e2c58150-9d72-11dd-ad8b-0800200c9a66}
[2009/06/11 00:21:18 | 00,000,000 | ---D | M] -- C:\Users\Kieran\AppData\Roaming\Mozilla\Firefox\Profiles\lh50xem6.default\extensions\
[email protected][2009/10/14 23:05:42 | 00,000,000 | ---D | M] -- C:\Users\Kieran\AppData\Roaming\Mozilla\Firefox\Profiles\lh50xem6.default\extensions\
[email protected][2009/10/14 23:05:43 | 00,000,000 | ---D | M] -- C:\Users\Kieran\AppData\Roaming\Mozilla\Firefox\Profiles\lh50xem6.default\extensions\
[email protected][2009/11/09 18:05:55 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/11/08 19:58:14 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/10/05 19:18:08 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2009/10/05 19:04:27 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
[2009/11/08 19:58:13 | 00,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2009/11/08 19:58:13 | 00,137,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2007/04/10 17:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
[2009/10/05 19:04:03 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2009/11/08 19:58:13 | 00,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2009/05/18 17:41:05 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2009/05/18 17:41:05 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2009/05/18 17:41:05 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2009/05/18 17:41:05 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2009/05/18 17:41:05 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2009/05/18 17:41:05 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2009/05/18 17:41:05 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2009/07/19 19:15:12 | 00,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2009/07/19 19:15:12 | 00,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2009/07/19 19:15:12 | 00,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/07/19 19:15:12 | 00,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2009/07/19 19:15:12 | 00,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009/07/19 19:15:12 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2009/07/19 19:15:12 | 00,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml
O1 HOSTS File: (292023 bytes) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 10057 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\System32\ActiveToolBand.dll (HiTRUST)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKCU\..\Toolbar\WebBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKCU\..\Toolbar\WebBrowser: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [Acer Tour] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [eAudio] C:\Acer\Empowering Technology\eAudio\eAudio.exe (CyberLink)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe (HiTRUST)
O4 - HKLM..\Run: [eRecoveryService] File not found
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IaNvSrv] C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [M-Audio Taskbar Icon] C:\Windows\System32\M-AudioTaskBarIcon.exe (Avid Technology, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [PLFSet] C:\Windows\PLFSet.DLL ( )
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [EPSON Stylus SX200 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIEFE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [EPSON Stylus SX200 Series (Copy 1)] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIEFE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [MsnMsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Kieran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Program Files\Juniper Networks\Secure Application Manager\samnsp.dll (Juniper Networks)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Juniper Networks\Secure Application Manager\samnsp.dll (Juniper Networks)
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83}
http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5)
O16 - DPF: {44990B00-3C9D-426D-81DF-AAB636FA4345}
https://www-secure.s...abs/tgctlcm.cab (Symantec Configuration Class)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537}
http://gfx1.hotmail....NPUplden-gb.cab (MSN Photo Upload Tool)
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0}
http://upload.facebo...toUploader3.cab (Facebook Photo Uploader 4 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
http://www.shockwave...ploader_v10.cab (PopCapLoader Object)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F}
https://portal.ondem...SetupClient.cab (JuniperSetupClient Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 21:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{02a20cbc-67ff-11dc-b437-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{02a20cbc-67ff-11dc-b437-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2009/03/20 00:14:38 | 00,000,000 | ---D | M]
NetSvcs: Irmon - C:\Windows\System32\irmon.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
========== Files/Folders - Created Within 14 Days ========== [2009/11/09 23:48:02 | 00,528,896 | ---- | C] (OldTimer Tools) -- C:\Users\Kieran\Desktop\OTL.exe
[2009/11/09 22:25:32 | 00,000,000 | -HSD | C] -- C:\Users\Public\Documents\MCE Logs
[2009/11/03 00:19:35 | 02,424,084 | R--- | C] (Avid Technology, Inc.) -- C:\Windows\System32\madiousb.dll
[2009/11/03 00:19:35 | 00,249,856 | ---- | C] (Avid Technology, Inc.) -- C:\Windows\System32\M-AudioKeyStudio49iControlPanelApplet.cpl
[2009/11/03 00:19:35 | 00,200,704 | ---- | C] (Avid Technology, Inc.) -- C:\Windows\System32\M-AudioTaskBarIcon.exe
[2009/11/03 00:19:35 | 00,131,712 | ---- | C] (Avid Technology, Inc.) -- C:\Windows\System32\drivers\mausbks.sys
[2009/11/03 00:19:35 | 00,016,512 | ---- | C] (M-Audio) -- C:\Windows\System32\drivers\M-AudioKeyStudio49iDFU.sys
[2009/11/03 00:19:34 | 00,000,000 | ---D | C] -- C:\Program Files\M-Audio
[2009/11/03 00:19:33 | 00,021,504 | ---- | C] (Avid Technology, Inc.) -- C:\Windows\System32\mausbasio.dll
[2009/10/30 11:06:27 | 00,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[2007/09/21 04:59:44 | 00,172,032 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll
[2007/09/21 04:59:44 | 00,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll
[2007/08/14 00:06:52 | 00,053,248 | ---- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll
[2007/08/13 22:49:41 | 00,045,056 | ---- | C] ( ) -- C:\Windows\PLFSet.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 14 Days ========== [2009/11/09 23:48:39 | 06,029,312 | -HS- | M] () -- C:\Users\Kieran\ntuser.dat
[2009/11/09 23:48:19 | 00,528,896 | ---- | M] (OldTimer Tools) -- C:\Users\Kieran\Desktop\OTL.exe
[2009/11/09 23:45:25 | 00,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/11/09 23:45:25 | 00,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/11/09 23:36:27 | 00,000,548 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Run Full System Scan - Kieran.job
[2009/11/09 22:30:12 | 00,156,214 | ---- | M] () -- C:\Users\Kieran\AppData\Roaming\nvModes.001
[2009/11/09 22:30:11 | 00,156,214 | ---- | M] () -- C:\Users\Kieran\AppData\Roaming\nvModes.dat
[2009/11/09 19:50:35 | 00,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/11/09 19:50:35 | 00,600,378 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/11/09 19:50:35 | 00,105,852 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/11/09 19:45:07 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/11/09 19:45:05 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/11/09 19:45:04 | 21,458,20672 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/09 18:11:14 | 00,524,288 | -HS- | M] () -- C:\Users\Kieran\ntuser.dat{280de5e2-4859-11de-9092-f217fe42965c}.TMContainer00000000000000000001.regtrans-ms
[2009/11/09 18:11:14 | 00,065,536 | -HS- | M] () -- C:\Users\Kieran\ntuser.dat{280de5e2-4859-11de-9092-f217fe42965c}.TM.blf
[2009/11/09 18:11:03 | 00,000,268 | -H-- | M] () -- C:\sqmdata13.sqm
[2009/11/09 18:11:03 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2009/11/09 18:11:01 | 03,790,591 | -H-- | M] () -- C:\Users\Kieran\AppData\Local\IconCache.db
[2009/11/09 18:05:11 | 00,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{20A896B1-58CB-4CCF-B5C0-DFED82F32C60}.job
[2009/11/09 00:28:48 | 00,000,268 | -H-- | M] () -- C:\sqmdata12.sqm
[2009/11/09 00:28:48 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2009/11/08 20:17:21 | 00,048,640 | ---- | M] () -- C:\Users\Kieran\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/06 00:22:01 | 00,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
[2009/11/06 00:22:01 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2009/11/05 19:39:32 | 00,001,684 | ---- | M] () -- C:\Users\Kieran\Desktop\Cake Poker.lnk
[2009/11/05 19:37:50 | 00,000,724 | ---- | M] () -- C:\Users\Public\Desktop\William Hill Poker.lnk
[2009/11/05 19:36:02 | 00,344,093 | ---- | M] () -- C:\Users\Kieran\Desktop\SetupPoker.exe
[2009/11/05 00:05:29 | 00,000,268 | -H-- | M] () -- C:\sqmdata10.sqm
[2009/11/05 00:05:29 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2009/11/04 01:35:48 | 00,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2009/11/04 01:35:48 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2009/11/03 00:53:47 | 00,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
[2009/11/03 00:53:47 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2009/11/02 01:06:19 | 00,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
[2009/11/02 01:06:19 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2009/11/01 21:08:45 | 03,630,020 | ---- | M] () -- C:\Users\Kieran\Desktop\Mbuti1.mp3
[2009/11/01 19:26:54 | 01,498,950 | ---- | M] () -- C:\Users\Kieran\Desktop\Balonzig.mp3
[2009/11/01 19:24:26 | 03,139,963 | ---- | M] () -- C:\Users\Kieran\Desktop\mbuti2.mp3
[2009/11/01 01:24:08 | 00,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
[2009/11/01 01:24:08 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2009/10/31 01:57:10 | 00,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
[2009/10/31 01:57:10 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2009/10/30 23:55:23 | 00,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
[2009/10/30 23:55:23 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2009/10/30 18:21:57 | 00,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
[2009/10/30 18:21:57 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2009/10/29 00:09:07 | 00,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2009/10/29 00:09:07 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2009/10/29 00:08:30 | 01,650,983 | ---- | M] () -- C:\Users\Kieran\Desktop\Autumn.mp3
[2009/10/28 23:44:30 | 00,822,379 | ---- | M] () -- C:\Users\Kieran\Desktop\juxt.mp3
[2009/10/27 00:53:29 | 00,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2009/10/27 00:53:29 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ========== [2009/11/05 19:37:50 | 00,000,724 | ---- | C] () -- C:\Users\Public\Desktop\William Hill Poker.lnk
[2009/11/05 19:35:58 | 00,344,093 | ---- | C] () -- C:\Users\Kieran\Desktop\SetupPoker.exe
[2009/10/31 09:35:41 | 02,501,921 | ---- | C] () -- C:\Windows\System32\wlan.tmf
[2009/10/30 18:18:18 | 03,139,963 | ---- | C] () -- C:\Users\Kieran\Desktop\mbuti2.mp3
[2009/10/27 00:37:17 | 03,630,020 | ---- | C] () -- C:\Users\Kieran\Desktop\Mbuti1.mp3
[2009/10/27 00:37:17 | 01,650,983 | ---- | C] () -- C:\Users\Kieran\Desktop\Autumn.mp3
[2009/10/27 00:37:17 | 00,822,379 | ---- | C] () -- C:\Users\Kieran\Desktop\juxt.mp3
[2009/06/11 12:14:25 | 00,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2009/06/11 12:12:36 | 00,000,025 | ---- | C] () -- C:\Windows\CDE SX200DEFGIPS.ini
[2009/01/19 20:29:07 | 00,000,094 | ---- | C] () -- C:\Users\Kieran\AppData\Roaming\wklnhst.dat
[2008/09/30 23:02:26 | 00,000,000 | ---- | C] () -- C:\Windows\HMHud.INI
[2008/08/17 13:08:11 | 00,000,900 | ---- | C] () -- C:\Windows\PartyGrabber.ini
[2008/03/13 00:58:52 | 00,015,577 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2008/02/22 09:34:07 | 00,131,072 | ---- | C] () -- C:\Windows\winfsysrn.dll
[2008/02/22 09:34:05 | 00,002,413 | ---- | C] () -- C:\Windows\dep32ceg.dll
[2008/02/22 09:34:05 | 00,000,000 | ---- | C] () -- C:\Windows\spr32snl.dll
[2008/02/22 09:34:05 | 00,000,000 | ---- | C] () -- C:\Windows\iopb32ul.dll
[2008/02/22 09:34:05 | 00,000,000 | ---- | C] () -- C:\Windows\iopa32ul.dll
[2008/01/19 21:12:02 | 00,000,006 | -HS- | C] () -- C:\Users\Kieran\AppData\Roaming\desktop.ini
[2008/01/14 00:25:25 | 00,000,680 | ---- | C] () -- C:\Users\Kieran\AppData\Local\d3d9caps.dat
[2008/01/13 16:24:47 | 00,048,640 | ---- | C] () -- C:\Users\Kieran\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/01/05 14:56:09 | 00,156,214 | ---- | C] () -- C:\Users\Kieran\AppData\Roaming\nvModes.dat
[2008/01/05 14:56:09 | 00,156,214 | ---- | C] () -- C:\Users\Kieran\AppData\Roaming\nvModes.001
[2008/01/04 21:58:50 | 03,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/01/04 21:57:22 | 00,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest
[2008/01/04 21:57:22 | 00,000,416 | ---- | C] () -- C:\Windows\System32\dpl100.dll.manifest
[2008/01/04 21:56:24 | 00,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2008/01/04 20:06:51 | 00,163,840 | ---- | C] () -- C:\Windows\System32\nvccoin.dll
[2008/01/04 20:06:40 | 00,070,504 | ---- | C] () -- C:\Users\Kieran\AppData\Local\GDIPFONTCACHEV1.DAT
[2008/01/04 01:36:36 | 03,790,591 | -H-- | C] () -- C:\Users\Kieran\AppData\Local\IconCache.db
[2008/01/04 00:52:53 | 00,031,007 | ---- | C] () -- C:\Users\Kieran\AppData\Roaming\UserTile.png
[2007/09/21 05:55:30 | 00,000,030 | ---- | C] () -- C:\Windows\SetPanel.ini
[2007/09/21 05:55:09 | 00,000,092 | ---- | C] () -- C:\Windows\CLEANUP.INI
[2007/09/21 04:59:21 | 00,001,132 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2007/08/14 01:29:38 | 00,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll
[2007/08/14 01:14:52 | 00,005,495 | R--- | C] () -- C:\Windows\0x0409.ini
[2007/08/14 00:12:24 | 00,076,584 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys
[2007/08/14 00:12:24 | 00,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys
[2007/08/14 00:11:46 | 00,065,536 | ---- | C] () -- C:\Windows\System32\NATTraversal.dll
[2007/08/14 00:06:49 | 00,331,776 | ---- | C] () -- C:\Windows\System32\ScrollBarLib.dll
[2007/08/13 23:59:53 | 00,323,584 | ---- | C] () -- C:\Windows\AEITAddInRdr.dll
[2007/08/13 23:59:53 | 00,001,730 | ---- | C] () -- C:\Windows\Abcpy.ini
[2007/08/13 23:15:52 | 00,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2007/08/13 22:49:41 | 01,729,152 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2007/08/13 22:47:20 | 01,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007/04/25 23:33:22 | 00,266,240 | ---- | C] () -- C:\Windows\System32\NotesExtmngr.dll
[2007/04/25 23:32:50 | 00,204,800 | ---- | C] () -- C:\Windows\System32\NotesActnMenu.dll
[2007/04/25 23:32:46 | 00,086,016 | ---- | C] () -- C:\Windows\System32\MSNSpook.dll
[2007/04/25 23:31:00 | 00,028,672 | ---- | C] () -- C:\Windows\System32\BatchCrypto.dll
[2007/04/25 23:30:52 | 00,073,728 | ---- | C] () -- C:\Windows\System32\APISlice.dll
[2007/04/25 23:30:44 | 00,063,488 | ---- | C] () -- C:\Windows\System32\ShowErrMsg.dll
[2006/12/25 22:44:48 | 00,022,016 | ---- | C] () -- C:\Windows\System32\MailFormat_U.dll
[2006/11/02 12:50:50 | 00,000,174 | -HS- | C] () -- C:\Program Files\desktop.ini
[2006/11/02 12:37:35 | 00,030,808 | ---- | C] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
[2006/11/02 12:37:35 | 00,029,779 | ---- | C] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2006/11/02 12:37:35 | 00,026,489 | ---- | C] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 12:37:35 | 00,026,040 | ---- | C] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 12:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 10:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 10:23:31 | 00,000,144 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 07:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2001/12/26 23:12:30 | 00,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/09/04 06:46:38 | 00,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/30 23:33:56 | 00,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/24 05:04:36 | 00,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
========== LOP Check ========== [2009/11/05 20:58:05 | 00,000,000 | ---D | M] -- C:\Users\Kieran\AppData\Roaming\Ableton
[2008/01/04 20:11:20 | 00,000,000 | ---D | M] -- C:\Users\Kieran\AppData\Roaming\Acer
[2008/09/22 20:30:53 | 00,000,000 | ---D | M] -- C:\Users\Kieran\AppData\Roaming\Betfair
[2009/11/09 00:28:37 | 00,000,000 | ---D | M] -- C:\Users\Kieran\AppData\Roaming\BitTorrent
[2009/11/09 23:46:50 | 00,000,000 | ---D | M] -- C:\Users\Kieran\AppData\Roaming\DNA
[2009/10/11 23:11:41 | 00,000,000 | ---D | M] -- C:\Users\Kieran\AppData\Roaming\EA
[2009/07/31 07:56:50 | 00,000,000 | ---D | M] -- C:\Users\Kieran\AppData\Roaming\Juniper Networks
[2008/01/13 23:22:50 | 00,000,000 | ---D | M] -- C:\Users\Kieran\AppData\Roaming\Opera
[2008/01/04 00:52:53 | 00,000,000 | ---D | M] -- C:\Users\Kieran\AppData\Roaming\PeerNetworking
[2009/10/22 18:35:48 | 00,000,000 | ---D | M] -- C:\Users\Kieran\AppData\Roaming\RhythmRascal
[2008/01/28 23:24:21 | 00,000,000 | ---D | M] -- C:\Users\Kieran\AppData\Roaming\Sony
[2009/01/19 20:29:09 | 00,000,000 | ---D | M] -- C:\Users\Kieran\AppData\Roaming\Template
[2008/04/21 18:29:07 | 00,000,000 | ---D | M] -- C:\Users\Kieran\AppData\Roaming\Waves Audio
[2008/04/21 19:04:22 | 00,000,000 | ---D | M] -- C:\Users\Kieran\AppData\Roaming\Waves Preferences
[2009/11/09 19:45:07 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT
[2009/11/09 18:11:07 | 00,032,644 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009/11/09 18:05:11 | 00,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{20A896B1-58CB-4CCF-B5C0-DFED82F32C60}.job
========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.exe >[2005/08/16 15:49:12 | 00,040,960 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\junction.exe
< %SYSTEMDRIVE%\eventlog.dll /s /md5 > < %SYSTEMDRIVE%\scecli.dll /s /md5 >[2009/04/11 06:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
[2008/01/19 07:36:19 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll
[2006/11/02 09:46:12 | 00,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2008/01/19 07:36:19 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
< %SYSTEMDRIVE%\netlogon.dll /s /md5 >[2009/04/11 06:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/19 07:35:36 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll
[2006/11/02 09:46:11 | 00,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2008/01/19 07:35:36 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
< %SYSTEMDRIVE%\cngaudit.dll /s /md5 >[2006/11/02 09:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 09:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
< %SYSTEMDRIVE%\sceclt.dll /s /md5 > < %SYSTEMDRIVE%\ntelogon.dll /s /md5 > < %SYSTEMDRIVE%\logevent.dll /s /md5 > < %SYSTEMDRIVE%\iaStor.sys /s /md5 >[2007/02/12 05:36:54 | 00,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\DRV\SATA\iastor.sys
[2007/02/12 14:36:54 | 00,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\iaStor.sys
[2007/02/12 14:37:22 | 00,537,368 | ---- | M] (Intel Corporation) MD5=2EE127D5407DA3957EE54711C9AED6EC -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2007/02/12 05:36:54 | 00,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Windows\System32\drivers\iaStor.sys
[2007/02/12 14:36:54 | 00,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_1cb29a96\iaStor.sys
[2007/02/12 05:36:54 | 00,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_8f0cb06b\iaStor.sys
< %SYSTEMDRIVE%\nvstor.sys /s /md5 >[2006/11/02 09:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2008/01/19 07:42:09 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2006/11/02 09:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/19 07:42:09 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
< %SYSTEMDRIVE%\atapi.sys /s /md5 >[2009/04/11 06:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/19 07:41:30 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys
[2006/11/02 09:49:36 | 00,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/01/19 07:41:30 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/19 07:41:30 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
< %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 > < %SYSTEMDRIVE%\viasraid.sys /s /md5 > < %SYSTEMDRIVE%\AGP440.sys /s /md5 >[2006/11/02 09:49:52 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006/11/02 09:49:52 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
[2008/01/19 07:42:25 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/19 07:42:25 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/19 07:42:25 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
< %SYSTEMDRIVE%\vaxscsi.sys /s /md5 > ========== Alternate Data Streams ========== @Alternate Data Stream - 81 bytes -> C:\Program Files\Cake Poker:MID
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:C05A8628
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:B623B5B8
< End of report >
OTL Extras logfile created on: 11/9/2009 11:49:10 PM - Run 1
OTL by OldTimer - Version 3.1.4.0 Folder = C:\Users\Kieran\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yyyy
2.00 Gb Total Physical Memory | 0.69 Gb Available Physical Memory | 34.67% Memory free
4.00 Gb Paging File | 2.12 Gb Available in Paging File | 53.07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111.69 Gb Total Space | 23.83 Gb Free Space | 21.34% Space Free | Partition Type: NTFS
Drive D: | 108.19 Gb Total Space | 88.22 Gb Free Space | 81.55% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: KIERAN-PC
Current User Name: Kieran
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- Reg Error: Key error. File not found
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SystemRoot%\hh.exe" %1 File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Opera\opera.exe" File not found
https [open] -- "C:\Program Files\Opera\opera.exe" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00AD9FA5-F99D-4477-9318-0AB475B04047}" = lport=2869 | protocol=6 | dir=in | app=system |
"{017B1DC0-85D1-4F00-A522-49840E0B9DC4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{05247E11-A623-46B2-9B07-3BA40B3775AA}" = lport=2869 | protocol=6 | dir=in | app=system |
"{068568DC-EC22-4560-89A5-462D49D17B33}" = lport=2869 | protocol=6 | dir=in | app=system |
"{0A29E66D-59F7-4D62-B439-F2272C9C000B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{0D0F13E8-ADFF-47C3-AD66-675AF38414DB}" = lport=2869 | protocol=6 | dir=in | app=system |
"{17743521-8174-4724-BEF4-3D0E4AE885EE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{19A990C7-C99E-46AA-86EC-C7BF2DF462BD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{1A4259A3-9441-497A-8265-8BD5AF921922}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{1FB58A3A-8973-4775-9018-B6533D2D51FB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{22954038-FE89-4A75-B3A6-943870906929}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{23C335A6-ED05-4CBC-86C2-FE4C07F8CE34}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{245C6B03-071D-44E6-BF0C-6EAAB4FF65B7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{2A3A078D-C719-46E3-B3A9-AFA9EF421825}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{2AC34905-B891-43EA-ADEB-6305A37A9FDC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{2DF12E63-EA21-40CF-82AD-E154E5646910}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2E07C013-5219-462C-834A-0F9EE81A8516}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{30CD0752-4247-41AC-B0FE-5FCE4901613F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{318A333E-F108-42FF-AE63-6D38D4E1EEDA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{384FED30-643D-47E3-A242-03331FA34003}" = lport=2869 | protocol=6 | dir=in | app=system |
"{38ED8188-9B93-47AB-9C9F-AFBD4C448879}" = lport=2869 | protocol=6 | dir=in | app=system |
"{3B697C81-7884-477E-8BDB-520A0D9CCE42}" = lport=2869 | protocol=6 | dir=in | app=system |
"{3D6AED46-F6C8-455F-90B0-73E03B976FC0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{413C0E52-E089-437F-884D-7C2E04A94E73}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{44A524FE-5873-491D-8857-0332345F8DCF}" = lport=2869 | protocol=6 | dir=in | app=system |
"{46B8F4C2-2E38-4F2B-BB1E-69346BA26AE6}" = lport=2869 | protocol=6 | dir=in | app=system |
"{4A07B5CF-02A2-4DAC-8AB4-28644EF001E0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{4AA23937-4894-48FF-9155-1D15CD6C8064}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{50BE1429-9331-4FD6-9200-A486A4575C4D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{535F3798-0B11-417E-BA31-F32A91E16E1A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5B5CCCC3-8ECC-4B92-930D-D9C4BBB1B9DF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{6C237D87-137A-4AC6-9DE2-7D082524BCA5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{6F89FBA0-3327-4984-8E21-DF37A249E6DD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{706D9FEE-A4D7-44A8-80C3-EAE35723B89D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7A07B369-78FF-455D-9F5A-4230325811C6}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7E8C4AF9-3CF8-4419-95C9-D0EB874BFEFB}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7F6C8829-23D6-4DF7-A37E-EF36F354222A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{844C26B3-1D3C-4970-B2D8-EF198E3C812A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{87FAA815-E5B8-4213-8CB9-EB4F41AF0AA1}" = lport=2869 | protocol=6 | dir=in | app=system |
"{884B8A49-B531-44EB-8727-B5D1B7EFA5C3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8A115109-37BA-489B-94C9-05505C20A474}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{8B2A7741-813B-4D80-BB42-EA1D267D700E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8CEB2B2D-EB94-4BCC-A88B-680ACB694F2A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9131D49A-A984-4AF8-88F2-498A12698DF8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{92D8E399-135E-4384-94A0-C36F0C1E98FB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{9BD55610-D13C-4AE9-9256-50D7B6CFD29E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A06E285B-12F8-44A2-BEC6-2156B925ADF0}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A29485ED-498D-4270-8C9A-6C67A55B8AA1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{A69DCB00-4C17-48D7-A668-EF56AAD96D59}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A95B68AB-877E-4525-B33C-98E93623E768}" = lport=2869 | protocol=6 | dir=in | app=system |
"{AA433C0B-25C4-45BD-B4FE-5E5648153BF7}" = lport=2869 | protocol=6 | dir=in | app=system |
"{ACFE0C04-A9FA-44ED-8CB8-A1CDFBC3F080}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{B9AC855F-055E-4DB9-B308-1237D32CEB73}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{BAC07921-82C5-41B6-9D46-25E9D09A89E5}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BBE0C3A0-8E15-4251-914C-3442AD6C04C4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{BF54AF16-A958-48C6-8D6E-E6F64E179BC0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{BF5F4B95-10FF-4302-AE4E-EE858E5E8228}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{C780F6B2-1E7E-4D56-8985-0A8D391F1F61}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{CD67D1BA-1E0C-4D88-8366-81C6800BC4E7}" = lport=2869 | protocol=6 | dir=in | app=system |
"{CFEE2B68-F294-4A9F-9E35-DF81B5839428}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{D253E99C-FA89-40BD-9345-E50D45A7BB80}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D3B88136-590F-40BF-8126-1D597BA2A73C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{D4B56C23-3975-4748-9778-B687E288F75E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{DB7A0642-926C-444B-A070-34E12B3E05CB}" = lport=2869 | protocol=6 | dir=in | app=system |
"{DEAAB781-28F8-4D5F-9459-06B626F1EFA3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{E0E76EC0-F035-470E-A328-99279E2D211E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{EB4DCF62-7ACD-413B-AB97-72AFAFDF7EC7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{EB759452-7A70-4355-83B1-B90EEF24B426}" = lport=2869 | protocol=6 | dir=in | app=system |
"{EBD8A21D-02D1-41EE-B01B-46342F7F3B7E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F0332A1C-BDC6-474C-BC62-383A1E78CAFD}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F76DDE6D-7418-48AA-9BA4-12B618D4116C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F8E329CF-E441-41DE-805D-39F71B917DBF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{FA29C104-1EF0-45F7-9328-2FAA2529B984}" = lport=2869 | protocol=6 | dir=in | app=system |
"{FB138D0E-6F56-43D5-A2AE-E599D6DE75FA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09B98102-829B-447E-B460-038E8FBFDE1C}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{0A79A44E-C639-4D8F-8AFD-B8AAACD304AC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0CF30545-3D3D-4668-800B-B3F7D024BDFF}" = dir=in | app=c:\program files\acer\acer vcm\vc.exe |
"{0E64164E-3356-40AB-B840-06ED7B7EA379}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{137835CF-2D65-4E84-8328-F36F26692976}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{1D0A6C04-6AE8-438B-8A26-7B9C1034BFFD}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{2A24AB00-DD32-4ED0-A1FF-E0EEDE3ED457}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2BAD45EE-C87B-436E-9433-F7D36B84EE54}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{2D012466-F20E-4E8A-A443-EDE828922193}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{2D2BF634-644C-488B-9F5B-FA39D4CF0ADE}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2D85EC38-7344-45BF-A633-49258CEA5611}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{3B5E101B-FC4D-4084-A4B2-5BFA0E08267D}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{3C374482-DFE1-4A15-83D3-1651F11A5CAC}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{3DD71AE8-1CE3-4DF3-A6D9-EBE218FCFA7A}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{4327829C-53E2-4708-B1F6-50A583BF5E6F}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe |
"{43A08778-AB57-494C-905B-9686E7EDF45A}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{4424EDFC-270F-4C07-AD77-123889010A56}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{464C50F4-E486-4E80-912D-D2AB98326F13}" = dir=in | app=c:\program files\acer arcade deluxe\dvdivine\dvdivine.exe |
"{48C25C3B-BE35-4A33-B633-C0FD80A6C1C1}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{4A1AEB95-DD02-4F65-B38D-D311A5CF3166}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{4A67DDC0-A1FC-499A-819D-DEE0E842161F}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{4B4BE4A3-9086-46C8-83B9-5FC5282D2DB5}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{4D360D6B-2E23-4E00-A514-AA4E747942D6}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{5018FCB6-0EFE-4465-A655-F588C6B2F4F9}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{51D0BB1E-FB83-4E95-B759-72351C9AA088}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{5260D5D7-383D-4C43-8B29-5A92EF7800C9}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{578FBC6F-39D2-44CD-B932-EC431B6A35CE}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{57E1B59F-6250-4A20-A0A1-9F574AAA01FC}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5E6DA946-48D9-4F28-9B2B-0B307563570F}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{5F18FA1E-880E-470F-9D83-A846EADB7CDF}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{612BDB80-7B78-4C6C-9987-15039F9A00CD}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{631A9182-D564-4EC4-8243-8710996D9D7D}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{646F8A11-52F4-4A92-8561-08752E167DA1}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{65FA4A4D-35DA-4FD9-8F7E-DF4E426982CF}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{68BC2670-3A3A-4C53-915F-B2D4B98D32C3}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{7102C182-56EF-4F12-939B-2FDCC97FCA69}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{7263A015-D4BB-40BD-A336-F450A518388A}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{7B64A9BC-9835-4245-A2DD-DC865D42D331}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{7BB985EB-F45F-4825-89E8-5E68FB87D670}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{7BC63F52-5CEC-4ED2-9719-46DD4EC63CCD}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{803B226E-6CF0-4EDB-9247-8A4365265582}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{83A22DBD-C088-44F7-AA01-744CC951C097}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{83E4050D-AABD-46B5-90E2-E03B28398267}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{8451B11E-A98D-4AA1-93C4-2A77CA5275F7}" = dir=in | app=c:\program files\acer arcade deluxe\videomagician\videomagician.exe |
"{84EE996E-C8FD-4070-8E3A-290AC361C5E1}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{87BF0191-77A4-440F-8CDD-D0CECE03D8C2}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{88C68490-F9A1-4184-AD5A-683FBBDBB014}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{88E16125-3575-4FD9-8920-ADE443A8D0FB}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{8C8730FE-8B92-4313-A7AB-DCD2F01D4EB2}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{8E779E74-75C3-4D2B-972B-B269125CB6FA}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{915FCA1B-31E6-446E-8D3D-96C721D03702}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{918ADE51-36E5-4F59-8B60-46CB18A490DA}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9408F122-4241-4620-B320-50CBB74D2CFC}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{9B82D6AF-85A8-40B6-B611-CAFC0FAF81E8}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{9C20928F-69FB-4A38-991E-B830E1885B7B}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{9EF9FF9F-4F3D-4101-8D95-D7BF24AE2D9D}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{A026E9AE-CBA8-44EC-AA66-939A05FA032B}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\sony ericsson media manager 1.0\mediamanager.exe |
"{A0E5AD24-F18A-4A08-A2E6-C7D42DFFC5C5}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{A2484A78-F0C4-4DB1-AA99-6A866CE6D167}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{A87BF2DE-0D73-4C77-A85F-F2D8316867F8}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{A9027268-A1FC-43E4-B8D2-37652E2A1B37}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{AA37EB5D-B1B2-4467-A8FE-6D8250DB7627}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{AA77CC08-D91A-47BF-82E1-745F7B1D2BC5}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{AE207333-4C3E-45EB-9D79-88F8070B07AF}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{AF1D87C5-3ABB-4875-B19A-0A25DBADAA46}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{B6C4D3B6-D866-4F8A-BD95-3F68EA80CD56}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
"{B7781F29-D92A-4D7F-9F1D-46E06BFD4728}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{B7847E76-0592-45E9-948D-62B1DF76F273}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{B785764A-1A6C-47C3-8E7D-AE32DE827AB4}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{B8253759-191C-4806-A44A-8E2209BF3FC6}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{B828E483-A1B0-454E-8B58-742B028FF854}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{B88FDFEB-6127-4A2C-AB7D-B400401684D0}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{BCC5AE02-AAF0-40D8-A0AB-699C9E0F2397}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{BE16DD0D-9D66-44F7-A6C2-6B0324B3A324}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{BF35F05E-5023-4939-802C-419ECEE32DE5}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C5D2CF0E-D045-4729-A027-6E0F2641E613}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{C8489AB3-6532-4EA7-B63D-17AFE1CC8595}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{CB57721A-FAFE-4224-8FE6-1202ADE9551F}" = dir=in | app=c:\program files\acer arcade deluxe\dv wizard\dv wizard.exe |
"{CCE31C7E-898B-4C25-B514-525FEEC6B133}" = dir=in | app=c:\program files\acer arcade deluxe\play movie\pmvservice.exe |
"{CDF75883-F7F3-4429-9251-80D0FFB5B670}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{CE1244CA-38F4-4D44-AC5A-92415C80BEB6}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{CE593F75-E15F-4355-AB1C-C8339CC5171F}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{D07214C5-04A8-4319-8951-750C27413859}" = dir=in | app=c:\program files\acer arcade deluxe\play movie\playmovie.exe |
"{D94F2F8A-B019-47E5-9D04-48B47E12C884}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{DA67B801-B42D-4C58-AAC0-3BE73A6819CA}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{DB5C44EC-9F5F-4281-84B3-BBCEFABC77D9}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{DB7B3154-2181-4507-A255-B9EE8659511B}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{DC4DCBFB-D1D3-4B44-82D4-5D78A4688902}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{DE50DE36-D449-4B16-83D3-8BB7CA0BCACB}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{DFCAA550-A277-4D77-B9FE-959C8DFB2DC6}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{E4959465-B87F-473F-8780-1F6CA7DF2311}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{E81374DD-46B2-4AA9-8B7D-D420DC922986}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\sony ericsson media manager 1.0\mediamanager.exe |
"{EC7F7BE3-84C7-443A-88BC-158D7B9D7B93}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{EF0F1950-3039-4045-BD41-18C527FC296F}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{EF3E22E9-49BD-44F4-AB67-7E11DAAAD3F8}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{EF827D00-E502-4A4B-B5B8-880453CEBF63}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{EFFFF173-8F3A-4863-8A40-141C059B114B}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{F174D568-25ED-4EE2-85C6-21A77C2543C3}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{F35978F0-8C6A-43AF-985C-2D06F1CD8CEC}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{F385B6D3-4B9F-427B-ADE0-8C02560F0499}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{F3D588BB-E31A-414B-9C7B-9BB5851ABC3C}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{F3EEAEB9-DF85-47C4-A297-E28D0DA4D3D1}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{FC9B2DB3-BC0F-452C-8967-8E7A7ED3D4DF}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{FEDC0E30-6A95-4640-A558-9916372308CB}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"TCP Query User{243522FF-540E-4B31-AA45-010B301B9EEE}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{25E0DF66-05C9-4C6A-BD1B-F85358CD7379}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{AA6BA07A-50D0-415B-A598-A059D8693337}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{F9D42A1F-5378-478D-A5E8-A225AA18D4F0}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{35C0DB5B-D6BE-40A6-8E39-FC9D8500D84B}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{462BCD6E-65A1-46A8-9C97-0334CAF731F2}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{54910E7A-623C-4DE2-86E2-06D71F0903B8}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{ED13FFE1-D8A6-47F4-9B4B-68E45743DD20}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{06AC45D1-CB9B-48CC-B5C8-1A55DEE26AD0}" = Sony Ericsson Media Manager 1.0
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management
"{133AC838-C38F-41B3-B7C2-42F92A93D72D}" = SymNet
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{26A24AE4-039D-4CA4-87B4-2F83216014F0}" = Java 6 Update 14
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java 6 Update 16
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 3.010.00
"{31478BE1-CDE5-4753-A8B2-F6D4BC1FBE09}" = Component Framework
"{35C0A1E4-D02A-412C-841F-266DBB116ABB}" = Intel® PROSet/Wireless WiFi Software
"{3672B097-EA69-4BFE-B92F-29AE6D9D2B34}" = Norton Internet Security
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Acer Crystal Eye webcam
"{3AE3B734-B03A-46B8-8D19-91D6F4907735}" = M-Audio KeyStudio 49i USB
"{427967BF-09F8-46D5-9275-37001CCBBA5D}" = Winbond CIR Drivers
"{42EDF895-158C-484E-A7F2-42B90759F281}" = Camera RAW Plug-In for EPSON Creativity Suite
"{44563206-8FAC-4859-9284-5FE90AF0CC47}" = Power Packet Utility
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{55A6283C-638A-4EE0-B491-51118554BDA2}" = Norton Confidential Core
"{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{5CD71929-24E8-40D0-86F0-6A941A917887}" = PokerEV
"{62120008-8E1E-4807-860D-A8B48F8552DB}" = Norton Protection Center
"{633D90C2-5105-4E17-9290-F9F7149E1070}" = General MIDI Module
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{67ADE9AF-5CD9-4089-8825-55DE4B366799}" = NTI Backup NOW! 4.7
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{761E498F-5865-40E7-8BDC-918D71B47317}" = Betfair Poker
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit
"{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}" = Norton AntiVirus
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C84E006-D044-4441-A294-E318B147476C}" = VLC iPhone Connection Utility
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe
"{89B38025-05A0-4958-92C3-70882AE8553A}" = Holdem Manager
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Turbo Memory and Intel Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{94389919-B0AA-4882-9BE8-9F0B004ECA35}" = Acer Tour
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0
"{AEEAE013-92F1-4515-B278-139F1A692A36}" = Acer eDataSecurity Management
"{AFA20D47-69C3-4030-8DF8-D37466E70F13}" = Apple Mobile Device Support
"{B0F438F6-51D9-45FC-B1C5-064250221EB8}" = International Cricket Captain 2009
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B24E05CC-46FF-4787-BBB8-5CD516AFB118}" = ccCommon
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer 3.72
"{B823632F-3B72-4514-8861-B961CE263224}" = PostgreSQL 8.3
"{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management
"{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management
"{C1C185CA-C531-49F5-A6FA-B838405A049D}" = Norton Internet Security
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{E31E2A9F-D76D-49DD-9851-930DD1B0A081}" = Poker Grapher
"{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}" = Norton AntiVirus Help
"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Deluxe
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F9C80FE8-DB25-4EE5-AE6D-4332FB0E8B83}" = Microsoft WorldWide Telescope
"{FD1D9EFB-3F15-4AA9-97AF-BA34D706B726}" = Symantec Real Time Storage Protection Component
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ASIO4ALL" = ASIO4ALL
"Audacity_is1" = Audacity 1.2.6
"Cake Poker(uninstall)" = Cake Poker
"CCleaner" = CCleaner (remove only)
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP
"EPSON Scanner" = EPSON Scan
"EPSON Stylus SX200 Series" = EPSON Stylus SX200 Series Printer Uninstall
"EPSON Stylus SX200_SX400_TX200_TX400 User’s Guide" = EPSON Stylus SX200_SX400_TX200_TX400 Manual
"GridVista" = Acer GridVista
"Guitar Pro 5_is1" = Guitar Pro 5.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"Live 6.0.1" = Live 6.0.1
"Live 7.0.3" = Live 7.0.3
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)
"Neoteris_Secure_Application_Manager" = Juniper Networks Secure Application Manager
"NVIDIA Drivers" = NVIDIA Drivers
"PKR" = PKR
"Poker Tracker Omaha Version 1.13.03_is1" = Poker Tracker Omaha Version 1.13.03
"PokerAce Hud" = PokerAce Hud (remove only)
"ProInst" = Intel PROSet Wireless
"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
"SopCast" = SopCast 2.0.4
"SymSetup.{C1C185CA-C531-49F5-A6FA-B838405A049D}" = Norton Internet Security (Symantec Corporation)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SystemsIntegration" = Systems Integration
"UnityWebPlayer" = Unity Web Player
"VLC media player" = VLC media player 0.9.9
"Waves API Collection" = Waves API Collection
"Waves Mercury Bundle" = Waves Mercury Bundle
"William Hill Poker" = William Hill Poker
"WinRAR archiver" = WinRAR archiver
"Zuma Deluxe 1.0" = Zuma Deluxe 1.0
========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA
"Juniper_Term_Services" = Juniper Terminal Services Client
"JuniperSetupClient" = Juniper Networks Setup Client
========== Last 10 Event Log Errors ========== Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >