Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Trojan found by Norton - cannot be removed


  • Please log in to reply

#1
k_fed

k_fed

    Member

  • Member
  • PipPip
  • 53 posts
Hi,

I ran a virus scan on my computer (not the same one as the other thread I have in here) and Norton came up with the following message:

"Trojan horse cannot be removed from an unsupported file"


I ran a Malaware full scan and it found nothing. Is this trojan something to worry about?
  • 0

Advertisements


#2
k_fed

k_fed

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts
Sorry, here are my root repeal and OTL logs


ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/11/10 00:08
Program Version: Version 1.3.5.0
Windows Version: Windows Vista SP1
==================================================

Drivers
-------------------
Name: dump_iaStor.sys
Image Path: C:\Windows\System32\Drivers\dump_iaStor.sys
Address: 0x88B0B000 Size: 778240 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0xAA5BF000 Size: 49152 File Visible: No Signed: -
Status: -

Processes
-------------------
Path: System
PID: 4 Status: Locked to the Windows API!

Path: C:\Windows\System32\audiodg.exe
PID: 1100 Status: Locked to the Windows API!

SSDT
-------------------
#: 013 Function Name: NtAlertResumeThread
Status: Hooked by "<unknown>" at address 0x94773898

#: 014 Function Name: NtAlertThread
Status: Hooked by "<unknown>" at address 0x94773978

#: 018 Function Name: NtAllocateVirtualMemory
Status: Hooked by "<unknown>" at address 0x947709d8

#: 021 Function Name: NtAlpcConnectPort
Status: Hooked by "<unknown>" at address 0x94711e68

#: 067 Function Name: NtCreateMutant
Status: Hooked by "<unknown>" at address 0x947735e8

#: 078 Function Name: NtCreateThread
Status: Hooked by "<unknown>" at address 0x94770aa8

#: 116 Function Name: NtDebugActiveProcess
Status: Hooked by "<unknown>" at address 0x947d3f28

#: 147 Function Name: NtFreeVirtualMemory
Status: Hooked by "<unknown>" at address 0x947722c0

#: 156 Function Name: NtImpersonateAnonymousToken
Status: Hooked by "<unknown>" at address 0x947736d8

#: 158 Function Name: NtImpersonateThread
Status: Hooked by "<unknown>" at address 0x947737b8

#: 177 Function Name: NtMapViewOfSection
Status: Hooked by "<unknown>" at address 0x947721e0

#: 184 Function Name: NtOpenEvent
Status: Hooked by "<unknown>" at address 0x94773508

#: 195 Function Name: NtOpenProcessToken
Status: Hooked by "<unknown>" at address 0x92a5e738

#: 197 Function Name: NtOpenSection
Status: Hooked by "<unknown>" at address 0x94773348

#: 202 Function Name: NtOpenThreadToken
Status: Hooked by "<unknown>" at address 0x947d32e0

#: 282 Function Name: NtResumeThread
Status: Hooked by "<unknown>" at address 0x94771420

#: 289 Function Name: NtSetContextThread
Status: Hooked by "<unknown>" at address 0x947d3200

#: 305 Function Name: NtSetInformationProcess
Status: Hooked by "<unknown>" at address 0x947d33d0

#: 306 Function Name: NtSetInformationThread
Status: Hooked by "<unknown>" at address 0x947d3110

#: 330 Function Name: NtSuspendProcess
Status: Hooked by "<unknown>" at address 0x94773428

#: 331 Function Name: NtSuspendThread
Status: Hooked by "<unknown>" at address 0x94773ac0

#: 334 Function Name: NtTerminateProcess
Status: Hooked by "C:\Windows\system32\drivers\CO_Mon.sys" at address 0xa1f79760

#: 335 Function Name: NtTerminateThread
Status: Hooked by "<unknown>" at address 0x94773b80

#: 348 Function Name: NtUnmapViewOfSection
Status: Hooked by "<unknown>" at address 0x947cbbb8

#: 358 Function Name: NtWriteVirtualMemory
Status: Hooked by "<unknown>" at address 0x94770908

==EOF==




OTL logfile created on: 11/9/2009 11:49:10 PM - Run 1
OTL by OldTimer - Version 3.1.4.0 Folder = C:\Users\Kieran\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yyyy

2.00 Gb Total Physical Memory | 0.69 Gb Available Physical Memory | 34.67% Memory free
4.00 Gb Paging File | 2.12 Gb Available in Paging File | 53.07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111.69 Gb Total Space | 23.83 Gb Free Space | 21.34% Space Free | Partition Type: NTFS
Drive D: | 108.19 Gb Total Space | 88.22 Gb Free Space | 81.55% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KIERAN-PC
Current User Name: Kieran
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/11/09 23:48:19 | 00,528,896 | ---- | M] (OldTimer Tools) -- C:\Users\Kieran\Desktop\OTL.exe
PRC - [2009/11/09 22:52:48 | 00,139,264 | ---- | M] (Kaspersky Lab.) -- C:\Users\Kieran\AppData\Local\Temp\jkos-Kieran\binaries\ScanningProcess.exe
PRC - [2009/11/09 22:52:48 | 00,139,264 | ---- | M] (Kaspersky Lab.) -- C:\Users\Kieran\AppData\Local\Temp\jkos-Kieran\binaries\ScanningProcess.exe
PRC - [2009/11/08 19:58:13 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/11/07 11:30:27 | 00,323,392 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\DNA\btdna.exe
PRC - [2009/10/05 19:04:03 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/10/05 19:04:03 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\java.exe
PRC - [2009/10/05 19:04:03 | 00,022,816 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jp2launcher.exe
PRC - [2009/03/26 14:31:20 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/03/03 02:16:04 | 00,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\WmiPrvSE.exe
PRC - [2009/03/03 02:16:04 | 00,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\WmiPrvSE.exe
PRC - [2009/01/26 15:31:16 | 02,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/10/29 06:29:41 | 02,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/10/17 15:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE
PRC - [2008/10/17 15:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE
PRC - [2008/10/16 17:26:20 | 00,860,160 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2008/10/16 16:54:34 | 00,466,944 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2008/03/17 02:47:54 | 00,077,824 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
PRC - [2008/03/17 02:46:22 | 03,665,920 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
PRC - [2008/03/17 02:46:22 | 03,665,920 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
PRC - [2008/03/17 02:46:22 | 03,665,920 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
PRC - [2008/03/17 02:46:22 | 03,665,920 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
PRC - [2008/03/17 02:46:22 | 03,665,920 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
PRC - [2008/03/17 02:46:22 | 03,665,920 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
PRC - [2008/01/19 07:33:39 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe
PRC - [2008/01/19 07:33:39 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2008/01/19 07:33:33 | 00,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe
PRC - [2008/01/19 07:33:33 | 00,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe
PRC - [2008/01/19 07:33:09 | 00,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehrecvr.exe
PRC - [2008/01/19 07:33:09 | 00,125,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehtray.exe
PRC - [2008/01/19 07:33:09 | 00,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehmsas.exe
PRC - [2008/01/04 20:10:57 | 00,208,896 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Kieran\AppData\Local\Temp\RtkBtMnt.exe
PRC - [2007/10/18 11:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
PRC - [2007/09/04 10:39:00 | 04,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/08/31 11:49:50 | 00,243,064 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2007/08/29 10:35:38 | 00,323,584 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
PRC - [2007/08/23 21:19:26 | 00,200,704 | ---- | M] (Avid Technology, Inc.) -- C:\Windows\System32\M-AudioTaskBarIcon.exe
PRC - [2007/08/21 11:01:28 | 00,450,560 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2007/07/31 17:25:16 | 00,331,776 | ---- | M] (Avid Technology, Inc.) -- C:\Program Files\M-Audio\KeyStudio 49i\MAUSBKeyStudio49iInst.exe
PRC - [2007/07/31 01:36:00 | 00,707,080 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\QtZgAcer.EXE
PRC - [2007/07/03 17:40:10 | 00,053,248 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
PRC - [2007/06/29 01:50:52 | 00,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
PRC - [2007/06/26 07:33:00 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe
PRC - [2007/06/13 23:56:18 | 00,765,952 | R--- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNMTray.exe
PRC - [2007/06/13 23:54:36 | 00,135,168 | R--- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe
PRC - [2007/06/13 11:23:54 | 00,167,936 | ---- | M] (acer) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
PRC - [2007/06/11 21:54:58 | 01,286,144 | ---- | M] (CyberLink) -- C:\Acer\Empowering Technology\eAudio\eAudio.exe
PRC - [2007/05/09 05:09:20 | 00,865,840 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2007/04/27 21:08:28 | 01,208,320 | ---- | M] (Acer) -- C:\Program Files\Acer\Acer VCM\AcerVCM.exe
PRC - [2007/04/25 23:34:30 | 00,457,512 | ---- | M] (HiTRSUT) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
PRC - [2007/04/25 23:33:36 | 00,457,216 | ---- | M] (HiTRUST) -- C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
PRC - [2007/04/23 16:53:48 | 00,024,576 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
PRC - [2007/04/03 18:28:46 | 00,999,424 | ---- | M] (Acer) -- C:\Program Files\Acer\Acer VCM\VC.exe
PRC - [2007/03/27 19:00:32 | 00,196,608 | ---- | M] (Acer Inc.) -- C:\Program Files\Acer\Acer VCM\acp2HID.exe
PRC - [2007/02/12 14:38:04 | 00,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/02/12 14:37:58 | 00,174,872 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007/02/09 13:35:54 | 00,397,312 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
PRC - [2007/01/26 21:24:42 | 00,050,688 | ---- | M] () -- C:\Acer\ALaunch\ALaunchSvc.exe
PRC - [2007/01/23 13:48:12 | 00,266,343 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe
PRC - [2007/01/17 18:20:10 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2006/11/24 19:57:54 | 00,107,008 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe
PRC - [2006/11/02 12:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe


========== Modules (SafeList) ==========

MOD - [2009/11/09 23:48:19 | 00,528,896 | ---- | M] (OldTimer Tools) -- C:\Users\Kieran\Desktop\OTL.exe
MOD - [2008/07/27 18:03:14 | 00,635,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.3053_none_d08d7bba442a9b36\msvcr80.dll
MOD - [2008/07/27 18:03:14 | 00,558,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.3053_none_d08d7bba442a9b36\msvcp80.dll
MOD - [2008/01/19 07:34:02 | 00,798,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dbghelp.dll
MOD - [2008/01/19 07:26:34 | 01,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll
MOD - [2007/08/14 00:13:02 | 00,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf17831d131\mfc80ENU.dll
MOD - [2007/08/14 00:13:01 | 01,093,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed\mfc80u.dll
MOD - [2007/04/25 23:31:00 | 00,028,672 | ---- | M] () -- C:\Windows\System32\BatchCrypto.dll
MOD - [2007/04/25 23:30:44 | 00,063,488 | ---- | M] () -- C:\Windows\System32\ShowErrMsg.dll
MOD - [2007/04/25 23:30:40 | 00,286,720 | ---- | M] (HiTRUST) -- C:\Windows\System32\sysenv.dll
MOD - [2007/03/17 12:19:08 | 00,237,568 | ---- | M] (HiTRSUT) -- C:\Windows\System32\keyManager.dll
MOD - [2007/02/12 23:02:08 | 00,094,208 | ---- | M] (HiTRUST Inc.) -- C:\Windows\System32\MSNChatHook.dll
MOD - [2006/11/30 04:30:18 | 00,401,408 | ---- | M] (HiTRUST) -- C:\Windows\System32\CryptoAPI.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/03/26 14:31:20 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/11/04 00:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/10/17 15:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice)
SRV - [2008/10/17 15:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2008/10/17 15:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2008/10/17 15:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2008/10/16 17:26:20 | 00,860,160 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008/10/16 16:54:34 | 00,466,944 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2008/07/27 18:03:13 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/06/20 01:14:44 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2008/06/20 01:14:31 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2008/06/20 01:14:31 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008/03/17 02:47:54 | 00,077,824 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe -- (pgsql-8.3)
SRV - [2008/03/13 01:18:23 | 01,251,720 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2008/01/19 07:38:24 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/19 07:33:39 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008/01/19 07:33:09 | 00,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehrecvr.exe -- (ehRecvr)
SRV - [2007/10/25 15:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007/10/18 11:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc)
SRV - [2007/08/31 11:49:50 | 00,243,064 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007/08/23 20:35:22 | 03,192,184 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
SRV - [2007/08/22 07:21:30 | 00,055,640 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost)
SRV - [2007/07/31 17:25:16 | 00,331,776 | ---- | M] (Avid Technology, Inc.) -- C:\Program Files\M-Audio\KeyStudio 49i\MAUSBKeyStudio49iInst.exe -- (MAudioKeyStudio49iService)
SRV - [2007/07/03 17:40:10 | 00,053,248 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)
SRV - [2007/06/29 01:50:52 | 00,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService)
SRV - [2007/06/26 07:33:00 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe -- (XAudioService)
SRV - [2007/06/13 23:54:36 | 00,135,168 | R--- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service)
SRV - [2007/06/13 11:23:54 | 00,167,936 | ---- | M] (acer) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService)
SRV - [2007/04/25 23:34:30 | 00,457,512 | ---- | M] (HiTRSUT) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe -- (eDataSecurity Service)
SRV - [2007/04/23 16:53:48 | 00,024,576 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService)
SRV - [2007/02/12 14:38:04 | 00,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2007/01/26 21:24:42 | 00,050,688 | ---- | M] () -- C:\Acer\ALaunch\ALaunchSvc.exe -- (ALaunchService)
SRV - [2007/01/23 13:48:12 | 00,266,343 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe -- (RichVideo)
SRV - [2007/01/17 18:20:10 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2006/11/24 19:57:54 | 00,107,008 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)
SRV - [2006/11/02 12:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched)
SRV - [2006/11/02 12:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - [2006/10/26 21:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.uk.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://en.uk.acer.yahoo.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....e...-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,AutoSearch = http://ie.search.msn...autosearch.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "news.bbc.co.uk"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.3.0
FF - prefs.js..extensions.enabledItems: {e2c58150-9d72-11dd-ad8b-0800200c9a66}:1.2.2
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.5
FF - prefs.js..extensions.enabledItems: {de5809e0-2b07-11dd-bd0b-0800200c9a66}:1.1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.3.0

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/10/03 19:55:26 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/08 19:58:14 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/08 19:58:14 | 00,000,000 | ---D | M]

[2009/02/24 23:50:29 | 00,000,000 | ---D | M] -- C:\Users\Kieran\AppData\Roaming\Mozilla\Extensions
[2009/02/24 23:50:29 | 00,000,000 | ---D | M] -- C:\Users\Kieran\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/11/09 18:10:02 | 00,000,000 | ---D | M] -- C:\Users\Kieran\AppData\Roaming\Mozilla\Firefox\Profiles\lh50xem6.default\extensions
[2009/10/04 17:13:48 | 00,000,000 | ---D | M] -- C:\Users\Kieran\AppData\Roaming\Mozilla\Firefox\Profiles\lh50xem6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/10/14 23:04:32 | 00,000,000 | ---D | M] -- C:\Users\Kieran\AppData\Roaming\Mozilla\Firefox\Profiles\lh50xem6.default\extensions\{de5809e0-2b07-11dd-bd0b-0800200c9a66}
[2009/10/14 22:15:50 | 00,000,000 | ---D | M] -- C:\Users\Kieran\AppData\Roaming\Mozilla\Firefox\Profiles\lh50xem6.default\extensions\{e2c58150-9d72-11dd-ad8b-0800200c9a66}
[2009/06/11 00:21:18 | 00,000,000 | ---D | M] -- C:\Users\Kieran\AppData\Roaming\Mozilla\Firefox\Profiles\lh50xem6.default\extensions\[email protected]
[2009/10/14 23:05:42 | 00,000,000 | ---D | M] -- C:\Users\Kieran\AppData\Roaming\Mozilla\Firefox\Profiles\lh50xem6.default\extensions\[email protected]
[2009/10/14 23:05:43 | 00,000,000 | ---D | M] -- C:\Users\Kieran\AppData\Roaming\Mozilla\Firefox\Profiles\lh50xem6.default\extensions\[email protected]
[2009/11/09 18:05:55 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/11/08 19:58:14 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/10/05 19:18:08 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2009/10/05 19:04:27 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
[2009/11/08 19:58:13 | 00,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2009/11/08 19:58:13 | 00,137,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2007/04/10 17:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
[2009/10/05 19:04:03 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2009/11/08 19:58:13 | 00,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2009/05/18 17:41:05 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2009/05/18 17:41:05 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2009/05/18 17:41:05 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2009/05/18 17:41:05 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2009/05/18 17:41:05 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2009/05/18 17:41:05 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2009/05/18 17:41:05 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2009/07/19 19:15:12 | 00,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2009/07/19 19:15:12 | 00,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2009/07/19 19:15:12 | 00,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/07/19 19:15:12 | 00,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2009/07/19 19:15:12 | 00,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009/07/19 19:15:12 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2009/07/19 19:15:12 | 00,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: (292023 bytes) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 10057 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\System32\ActiveToolBand.dll (HiTRUST)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKCU\..\Toolbar\WebBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKCU\..\Toolbar\WebBrowser: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [Acer Tour] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [eAudio] C:\Acer\Empowering Technology\eAudio\eAudio.exe (CyberLink)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe (HiTRUST)
O4 - HKLM..\Run: [eRecoveryService] File not found
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IaNvSrv] C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [M-Audio Taskbar Icon] C:\Windows\System32\M-AudioTaskBarIcon.exe (Avid Technology, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [PLFSet] C:\Windows\PLFSet.DLL ( )
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [EPSON Stylus SX200 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIEFE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [EPSON Stylus SX200 Series (Copy 1)] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIEFE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [MsnMsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Kieran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Program Files\Juniper Networks\Secure Application Manager\samnsp.dll (Juniper Networks)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Juniper Networks\Secure Application Manager\samnsp.dll (Juniper Networks)
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5)
O16 - DPF: {44990B00-3C9D-426D-81DF-AAB636FA4345} https://www-secure.s...abs/tgctlcm.cab (Symantec Configuration Class)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail....NPUplden-gb.cab (MSN Photo Upload Tool)
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} http://upload.facebo...toUploader3.cab (Facebook Photo Uploader 4 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://www.shockwave...ploader_v10.cab (PopCapLoader Object)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://portal.ondem...SetupClient.cab (JuniperSetupClient Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 21:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{02a20cbc-67ff-11dc-b437-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{02a20cbc-67ff-11dc-b437-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2009/03/20 00:14:38 | 00,000,000 | ---D | M]
NetSvcs: Irmon - C:\Windows\System32\irmon.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

========== Files/Folders - Created Within 14 Days ==========

[2009/11/09 23:48:02 | 00,528,896 | ---- | C] (OldTimer Tools) -- C:\Users\Kieran\Desktop\OTL.exe
[2009/11/09 22:25:32 | 00,000,000 | -HSD | C] -- C:\Users\Public\Documents\MCE Logs
[2009/11/03 00:19:35 | 02,424,084 | R--- | C] (Avid Technology, Inc.) -- C:\Windows\System32\madiousb.dll
[2009/11/03 00:19:35 | 00,249,856 | ---- | C] (Avid Technology, Inc.) -- C:\Windows\System32\M-AudioKeyStudio49iControlPanelApplet.cpl
[2009/11/03 00:19:35 | 00,200,704 | ---- | C] (Avid Technology, Inc.) -- C:\Windows\System32\M-AudioTaskBarIcon.exe
[2009/11/03 00:19:35 | 00,131,712 | ---- | C] (Avid Technology, Inc.) -- C:\Windows\System32\drivers\mausbks.sys
[2009/11/03 00:19:35 | 00,016,512 | ---- | C] (M-Audio) -- C:\Windows\System32\drivers\M-AudioKeyStudio49iDFU.sys
[2009/11/03 00:19:34 | 00,000,000 | ---D | C] -- C:\Program Files\M-Audio
[2009/11/03 00:19:33 | 00,021,504 | ---- | C] (Avid Technology, Inc.) -- C:\Windows\System32\mausbasio.dll
[2009/10/30 11:06:27 | 00,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[2007/09/21 04:59:44 | 00,172,032 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll
[2007/09/21 04:59:44 | 00,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll
[2007/08/14 00:06:52 | 00,053,248 | ---- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll
[2007/08/13 22:49:41 | 00,045,056 | ---- | C] ( ) -- C:\Windows\PLFSet.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2009/11/09 23:48:39 | 06,029,312 | -HS- | M] () -- C:\Users\Kieran\ntuser.dat
[2009/11/09 23:48:19 | 00,528,896 | ---- | M] (OldTimer Tools) -- C:\Users\Kieran\Desktop\OTL.exe
[2009/11/09 23:45:25 | 00,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/11/09 23:45:25 | 00,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/11/09 23:36:27 | 00,000,548 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Run Full System Scan - Kieran.job
[2009/11/09 22:30:12 | 00,156,214 | ---- | M] () -- C:\Users\Kieran\AppData\Roaming\nvModes.001
[2009/11/09 22:30:11 | 00,156,214 | ---- | M] () -- C:\Users\Kieran\AppData\Roaming\nvModes.dat
[2009/11/09 19:50:35 | 00,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/11/09 19:50:35 | 00,600,378 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/11/09 19:50:35 | 00,105,852 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/11/09 19:45:07 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/11/09 19:45:05 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/11/09 19:45:04 | 21,458,20672 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/09 18:11:14 | 00,524,288 | -HS- | M] () -- C:\Users\Kieran\ntuser.dat{280de5e2-4859-11de-9092-f217fe42965c}.TMContainer00000000000000000001.regtrans-ms
[2009/11/09 18:11:14 | 00,065,536 | -HS- | M] () -- C:\Users\Kieran\ntuser.dat{280de5e2-4859-11de-9092-f217fe42965c}.TM.blf
[2009/11/09 18:11:03 | 00,000,268 | -H-- | M] () -- C:\sqmdata13.sqm
[2009/11/09 18:11:03 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2009/11/09 18:11:01 | 03,790,591 | -H-- | M] () -- C:\Users\Kieran\AppData\Local\IconCache.db
[2009/11/09 18:05:11 | 00,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{20A896B1-58CB-4CCF-B5C0-DFED82F32C60}.job
[2009/11/09 00:28:48 | 00,000,268 | -H-- | M] () -- C:\sqmdata12.sqm
[2009/11/09 00:28:48 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2009/11/08 20:17:21 | 00,048,640 | ---- | M] () -- C:\Users\Kieran\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/06 00:22:01 | 00,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
[2009/11/06 00:22:01 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2009/11/05 19:39:32 | 00,001,684 | ---- | M] () -- C:\Users\Kieran\Desktop\Cake Poker.lnk
[2009/11/05 19:37:50 | 00,000,724 | ---- | M] () -- C:\Users\Public\Desktop\William Hill Poker.lnk
[2009/11/05 19:36:02 | 00,344,093 | ---- | M] () -- C:\Users\Kieran\Desktop\SetupPoker.exe
[2009/11/05 00:05:29 | 00,000,268 | -H-- | M] () -- C:\sqmdata10.sqm
[2009/11/05 00:05:29 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2009/11/04 01:35:48 | 00,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2009/11/04 01:35:48 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2009/11/03 00:53:47 | 00,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
[2009/11/03 00:53:47 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2009/11/02 01:06:19 | 00,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
[2009/11/02 01:06:19 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2009/11/01 21:08:45 | 03,630,020 | ---- | M] () -- C:\Users\Kieran\Desktop\Mbuti1.mp3
[2009/11/01 19:26:54 | 01,498,950 | ---- | M] () -- C:\Users\Kieran\Desktop\Balonzig.mp3
[2009/11/01 19:24:26 | 03,139,963 | ---- | M] () -- C:\Users\Kieran\Desktop\mbuti2.mp3
[2009/11/01 01:24:08 | 00,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
[2009/11/01 01:24:08 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2009/10/31 01:57:10 | 00,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
[2009/10/31 01:57:10 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2009/10/30 23:55:23 | 00,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
[2009/10/30 23:55:23 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2009/10/30 18:21:57 | 00,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
[2009/10/30 18:21:57 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2009/10/29 00:09:07 | 00,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2009/10/29 00:09:07 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2009/10/29 00:08:30 | 01,650,983 | ---- | M] () -- C:\Users\Kieran\Desktop\Autumn.mp3
[2009/10/28 23:44:30 | 00,822,379 | ---- | M] () -- C:\Users\Kieran\Desktop\juxt.mp3
[2009/10/27 00:53:29 | 00,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2009/10/27 00:53:29 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/11/05 19:37:50 | 00,000,724 | ---- | C] () -- C:\Users\Public\Desktop\William Hill Poker.lnk
[2009/11/05 19:35:58 | 00,344,093 | ---- | C] () -- C:\Users\Kieran\Desktop\SetupPoker.exe
[2009/10/31 09:35:41 | 02,501,921 | ---- | C] () -- C:\Windows\System32\wlan.tmf
[2009/10/30 18:18:18 | 03,139,963 | ---- | C] () -- C:\Users\Kieran\Desktop\mbuti2.mp3
[2009/10/27 00:37:17 | 03,630,020 | ---- | C] () -- C:\Users\Kieran\Desktop\Mbuti1.mp3
[2009/10/27 00:37:17 | 01,650,983 | ---- | C] () -- C:\Users\Kieran\Desktop\Autumn.mp3
[2009/10/27 00:37:17 | 00,822,379 | ---- | C] () -- C:\Users\Kieran\Desktop\juxt.mp3
[2009/06/11 12:14:25 | 00,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2009/06/11 12:12:36 | 00,000,025 | ---- | C] () -- C:\Windows\CDE SX200DEFGIPS.ini
[2009/01/19 20:29:07 | 00,000,094 | ---- | C] () -- C:\Users\Kieran\AppData\Roaming\wklnhst.dat
[2008/09/30 23:02:26 | 00,000,000 | ---- | C] () -- C:\Windows\HMHud.INI
[2008/08/17 13:08:11 | 00,000,900 | ---- | C] () -- C:\Windows\PartyGrabber.ini
[2008/03/13 00:58:52 | 00,015,577 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2008/02/22 09:34:07 | 00,131,072 | ---- | C] () -- C:\Windows\winfsysrn.dll
[2008/02/22 09:34:05 | 00,002,413 | ---- | C] () -- C:\Windows\dep32ceg.dll
[2008/02/22 09:34:05 | 00,000,000 | ---- | C] () -- C:\Windows\spr32snl.dll
[2008/02/22 09:34:05 | 00,000,000 | ---- | C] () -- C:\Windows\iopb32ul.dll
[2008/02/22 09:34:05 | 00,000,000 | ---- | C] () -- C:\Windows\iopa32ul.dll
[2008/01/19 21:12:02 | 00,000,006 | -HS- | C] () -- C:\Users\Kieran\AppData\Roaming\desktop.ini
[2008/01/14 00:25:25 | 00,000,680 | ---- | C] () -- C:\Users\Kieran\AppData\Local\d3d9caps.dat
[2008/01/13 16:24:47 | 00,048,640 | ---- | C] () -- C:\Users\Kieran\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/01/05 14:56:09 | 00,156,214 | ---- | C] () -- C:\Users\Kieran\AppData\Roaming\nvModes.dat
[2008/01/05 14:56:09 | 00,156,214 | ---- | C] () -- C:\Users\Kieran\AppData\Roaming\nvModes.001
[2008/01/04 21:58:50 | 03,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/01/04 21:57:22 | 00,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest
[2008/01/04 21:57:22 | 00,000,416 | ---- | C] () -- C:\Windows\System32\dpl100.dll.manifest
[2008/01/04 21:56:24 | 00,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2008/01/04 20:06:51 | 00,163,840 | ---- | C] () -- C:\Windows\System32\nvccoin.dll
[2008/01/04 20:06:40 | 00,070,504 | ---- | C] () -- C:\Users\Kieran\AppData\Local\GDIPFONTCACHEV1.DAT
[2008/01/04 01:36:36 | 03,790,591 | -H-- | C] () -- C:\Users\Kieran\AppData\Local\IconCache.db
[2008/01/04 00:52:53 | 00,031,007 | ---- | C] () -- C:\Users\Kieran\AppData\Roaming\UserTile.png
[2007/09/21 05:55:30 | 00,000,030 | ---- | C] () -- C:\Windows\SetPanel.ini
[2007/09/21 05:55:09 | 00,000,092 | ---- | C] () -- C:\Windows\CLEANUP.INI
[2007/09/21 04:59:21 | 00,001,132 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2007/08/14 01:29:38 | 00,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll
[2007/08/14 01:14:52 | 00,005,495 | R--- | C] () -- C:\Windows\0x0409.ini
[2007/08/14 00:12:24 | 00,076,584 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys
[2007/08/14 00:12:24 | 00,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys
[2007/08/14 00:11:46 | 00,065,536 | ---- | C] () -- C:\Windows\System32\NATTraversal.dll
[2007/08/14 00:06:49 | 00,331,776 | ---- | C] () -- C:\Windows\System32\ScrollBarLib.dll
[2007/08/13 23:59:53 | 00,323,584 | ---- | C] () -- C:\Windows\AEITAddInRdr.dll
[2007/08/13 23:59:53 | 00,001,730 | ---- | C] () -- C:\Windows\Abcpy.ini
[2007/08/13 23:15:52 | 00,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2007/08/13 22:49:41 | 01,729,152 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2007/08/13 22:47:20 | 01,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007/04/25 23:33:22 | 00,266,240 | ---- | C] () -- C:\Windows\System32\NotesExtmngr.dll
[2007/04/25 23:32:50 | 00,204,800 | ---- | C] () -- C:\Windows\System32\NotesActnMenu.dll
[2007/04/25 23:32:46 | 00,086,016 | ---- | C] () -- C:\Windows\System32\MSNSpook.dll
[2007/04/25 23:31:00 | 00,028,672 | ---- | C] () -- C:\Windows\System32\BatchCrypto.dll
[2007/04/25 23:30:52 | 00,073,728 | ---- | C] () -- C:\Windows\System32\APISlice.dll
[2007/04/25 23:30:44 | 00,063,488 | ---- | C] () -- C:\Windows\System32\ShowErrMsg.dll
[2006/12/25 22:44:48 | 00,022,016 | ---- | C] () -- C:\Windows\System32\MailFormat_U.dll
[2006/11/02 12:50:50 | 00,000,174 | -HS- | C] () -- C:\Program Files\desktop.ini
[2006/11/02 12:37:35 | 00,030,808 | ---- | C] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
[2006/11/02 12:37:35 | 00,029,779 | ---- | C] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2006/11/02 12:37:35 | 00,026,489 | ---- | C] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 12:37:35 | 00,026,040 | ---- | C] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 12:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 10:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 10:23:31 | 00,000,144 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 07:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2001/12/26 23:12:30 | 00,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/09/04 06:46:38 | 00,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/30 23:33:56 | 00,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/24 05:04:36 | 00,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

========== LOP Check ==========

[2009/11/05 20:58:05 | 00,000,000 | ---D | M] -- C:\Users\Kieran\AppData\Roaming\Ableton
[2008/01/04 20:11:20 | 00,000,000 | ---D | M] -- C:\Users\Kieran\AppData\Roaming\Acer
[2008/09/22 20:30:53 | 00,000,000 | ---D | M] -- C:\Users\Kieran\AppData\Roaming\Betfair
[2009/11/09 00:28:37 | 00,000,000 | ---D | M] -- C:\Users\Kieran\AppData\Roaming\BitTorrent
[2009/11/09 23:46:50 | 00,000,000 | ---D | M] -- C:\Users\Kieran\AppData\Roaming\DNA
[2009/10/11 23:11:41 | 00,000,000 | ---D | M] -- C:\Users\Kieran\AppData\Roaming\EA
[2009/07/31 07:56:50 | 00,000,000 | ---D | M] -- C:\Users\Kieran\AppData\Roaming\Juniper Networks
[2008/01/13 23:22:50 | 00,000,000 | ---D | M] -- C:\Users\Kieran\AppData\Roaming\Opera
[2008/01/04 00:52:53 | 00,000,000 | ---D | M] -- C:\Users\Kieran\AppData\Roaming\PeerNetworking
[2009/10/22 18:35:48 | 00,000,000 | ---D | M] -- C:\Users\Kieran\AppData\Roaming\RhythmRascal
[2008/01/28 23:24:21 | 00,000,000 | ---D | M] -- C:\Users\Kieran\AppData\Roaming\Sony
[2009/01/19 20:29:09 | 00,000,000 | ---D | M] -- C:\Users\Kieran\AppData\Roaming\Template
[2008/04/21 18:29:07 | 00,000,000 | ---D | M] -- C:\Users\Kieran\AppData\Roaming\Waves Audio
[2008/04/21 19:04:22 | 00,000,000 | ---D | M] -- C:\Users\Kieran\AppData\Roaming\Waves Preferences
[2009/11/09 19:45:07 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT
[2009/11/09 18:11:07 | 00,032,644 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009/11/09 18:05:11 | 00,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{20A896B1-58CB-4CCF-B5C0-DFED82F32C60}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2005/08/16 15:49:12 | 00,040,960 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\junction.exe

< %SYSTEMDRIVE%\eventlog.dll /s /md5 >

< %SYSTEMDRIVE%\scecli.dll /s /md5 >
[2009/04/11 06:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
[2008/01/19 07:36:19 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll
[2006/11/02 09:46:12 | 00,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2008/01/19 07:36:19 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll

< %SYSTEMDRIVE%\netlogon.dll /s /md5 >
[2009/04/11 06:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/19 07:35:36 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll
[2006/11/02 09:46:11 | 00,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2008/01/19 07:35:36 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< %SYSTEMDRIVE%\cngaudit.dll /s /md5 >
[2006/11/02 09:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 09:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< %SYSTEMDRIVE%\sceclt.dll /s /md5 >

< %SYSTEMDRIVE%\ntelogon.dll /s /md5 >

< %SYSTEMDRIVE%\logevent.dll /s /md5 >

< %SYSTEMDRIVE%\iaStor.sys /s /md5 >
[2007/02/12 05:36:54 | 00,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\DRV\SATA\iastor.sys
[2007/02/12 14:36:54 | 00,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\iaStor.sys
[2007/02/12 14:37:22 | 00,537,368 | ---- | M] (Intel Corporation) MD5=2EE127D5407DA3957EE54711C9AED6EC -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2007/02/12 05:36:54 | 00,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Windows\System32\drivers\iaStor.sys
[2007/02/12 14:36:54 | 00,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_1cb29a96\iaStor.sys
[2007/02/12 05:36:54 | 00,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_8f0cb06b\iaStor.sys

< %SYSTEMDRIVE%\nvstor.sys /s /md5 >
[2006/11/02 09:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2008/01/19 07:42:09 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2006/11/02 09:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/19 07:42:09 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< %SYSTEMDRIVE%\atapi.sys /s /md5 >
[2009/04/11 06:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/19 07:41:30 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys
[2006/11/02 09:49:36 | 00,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/01/19 07:41:30 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/19 07:41:30 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys

< %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 >

< %SYSTEMDRIVE%\viasraid.sys /s /md5 >

< %SYSTEMDRIVE%\AGP440.sys /s /md5 >
[2006/11/02 09:49:52 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006/11/02 09:49:52 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
[2008/01/19 07:42:25 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/19 07:42:25 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/19 07:42:25 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys

< %SYSTEMDRIVE%\vaxscsi.sys /s /md5 >

========== Alternate Data Streams ==========

@Alternate Data Stream - 81 bytes -> C:\Program Files\Cake Poker:MID
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:C05A8628
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:B623B5B8
< End of report >


OTL Extras logfile created on: 11/9/2009 11:49:10 PM - Run 1
OTL by OldTimer - Version 3.1.4.0 Folder = C:\Users\Kieran\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yyyy

2.00 Gb Total Physical Memory | 0.69 Gb Available Physical Memory | 34.67% Memory free
4.00 Gb Paging File | 2.12 Gb Available in Paging File | 53.07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111.69 Gb Total Space | 23.83 Gb Free Space | 21.34% Space Free | Partition Type: NTFS
Drive D: | 108.19 Gb Total Space | 88.22 Gb Free Space | 81.55% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KIERAN-PC
Current User Name: Kieran
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SystemRoot%\hh.exe" %1 File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Opera\opera.exe" File not found
https [open] -- "C:\Program Files\Opera\opera.exe" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00AD9FA5-F99D-4477-9318-0AB475B04047}" = lport=2869 | protocol=6 | dir=in | app=system |
"{017B1DC0-85D1-4F00-A522-49840E0B9DC4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{05247E11-A623-46B2-9B07-3BA40B3775AA}" = lport=2869 | protocol=6 | dir=in | app=system |
"{068568DC-EC22-4560-89A5-462D49D17B33}" = lport=2869 | protocol=6 | dir=in | app=system |
"{0A29E66D-59F7-4D62-B439-F2272C9C000B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{0D0F13E8-ADFF-47C3-AD66-675AF38414DB}" = lport=2869 | protocol=6 | dir=in | app=system |
"{17743521-8174-4724-BEF4-3D0E4AE885EE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{19A990C7-C99E-46AA-86EC-C7BF2DF462BD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{1A4259A3-9441-497A-8265-8BD5AF921922}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{1FB58A3A-8973-4775-9018-B6533D2D51FB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{22954038-FE89-4A75-B3A6-943870906929}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{23C335A6-ED05-4CBC-86C2-FE4C07F8CE34}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{245C6B03-071D-44E6-BF0C-6EAAB4FF65B7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{2A3A078D-C719-46E3-B3A9-AFA9EF421825}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{2AC34905-B891-43EA-ADEB-6305A37A9FDC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{2DF12E63-EA21-40CF-82AD-E154E5646910}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2E07C013-5219-462C-834A-0F9EE81A8516}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{30CD0752-4247-41AC-B0FE-5FCE4901613F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{318A333E-F108-42FF-AE63-6D38D4E1EEDA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{384FED30-643D-47E3-A242-03331FA34003}" = lport=2869 | protocol=6 | dir=in | app=system |
"{38ED8188-9B93-47AB-9C9F-AFBD4C448879}" = lport=2869 | protocol=6 | dir=in | app=system |
"{3B697C81-7884-477E-8BDB-520A0D9CCE42}" = lport=2869 | protocol=6 | dir=in | app=system |
"{3D6AED46-F6C8-455F-90B0-73E03B976FC0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{413C0E52-E089-437F-884D-7C2E04A94E73}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{44A524FE-5873-491D-8857-0332345F8DCF}" = lport=2869 | protocol=6 | dir=in | app=system |
"{46B8F4C2-2E38-4F2B-BB1E-69346BA26AE6}" = lport=2869 | protocol=6 | dir=in | app=system |
"{4A07B5CF-02A2-4DAC-8AB4-28644EF001E0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{4AA23937-4894-48FF-9155-1D15CD6C8064}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{50BE1429-9331-4FD6-9200-A486A4575C4D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{535F3798-0B11-417E-BA31-F32A91E16E1A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5B5CCCC3-8ECC-4B92-930D-D9C4BBB1B9DF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{6C237D87-137A-4AC6-9DE2-7D082524BCA5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{6F89FBA0-3327-4984-8E21-DF37A249E6DD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{706D9FEE-A4D7-44A8-80C3-EAE35723B89D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7A07B369-78FF-455D-9F5A-4230325811C6}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7E8C4AF9-3CF8-4419-95C9-D0EB874BFEFB}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7F6C8829-23D6-4DF7-A37E-EF36F354222A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{844C26B3-1D3C-4970-B2D8-EF198E3C812A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{87FAA815-E5B8-4213-8CB9-EB4F41AF0AA1}" = lport=2869 | protocol=6 | dir=in | app=system |
"{884B8A49-B531-44EB-8727-B5D1B7EFA5C3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8A115109-37BA-489B-94C9-05505C20A474}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{8B2A7741-813B-4D80-BB42-EA1D267D700E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8CEB2B2D-EB94-4BCC-A88B-680ACB694F2A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9131D49A-A984-4AF8-88F2-498A12698DF8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{92D8E399-135E-4384-94A0-C36F0C1E98FB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{9BD55610-D13C-4AE9-9256-50D7B6CFD29E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A06E285B-12F8-44A2-BEC6-2156B925ADF0}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A29485ED-498D-4270-8C9A-6C67A55B8AA1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{A69DCB00-4C17-48D7-A668-EF56AAD96D59}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A95B68AB-877E-4525-B33C-98E93623E768}" = lport=2869 | protocol=6 | dir=in | app=system |
"{AA433C0B-25C4-45BD-B4FE-5E5648153BF7}" = lport=2869 | protocol=6 | dir=in | app=system |
"{ACFE0C04-A9FA-44ED-8CB8-A1CDFBC3F080}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{B9AC855F-055E-4DB9-B308-1237D32CEB73}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{BAC07921-82C5-41B6-9D46-25E9D09A89E5}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BBE0C3A0-8E15-4251-914C-3442AD6C04C4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{BF54AF16-A958-48C6-8D6E-E6F64E179BC0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{BF5F4B95-10FF-4302-AE4E-EE858E5E8228}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{C780F6B2-1E7E-4D56-8985-0A8D391F1F61}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{CD67D1BA-1E0C-4D88-8366-81C6800BC4E7}" = lport=2869 | protocol=6 | dir=in | app=system |
"{CFEE2B68-F294-4A9F-9E35-DF81B5839428}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{D253E99C-FA89-40BD-9345-E50D45A7BB80}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D3B88136-590F-40BF-8126-1D597BA2A73C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{D4B56C23-3975-4748-9778-B687E288F75E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{DB7A0642-926C-444B-A070-34E12B3E05CB}" = lport=2869 | protocol=6 | dir=in | app=system |
"{DEAAB781-28F8-4D5F-9459-06B626F1EFA3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{E0E76EC0-F035-470E-A328-99279E2D211E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{EB4DCF62-7ACD-413B-AB97-72AFAFDF7EC7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{EB759452-7A70-4355-83B1-B90EEF24B426}" = lport=2869 | protocol=6 | dir=in | app=system |
"{EBD8A21D-02D1-41EE-B01B-46342F7F3B7E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F0332A1C-BDC6-474C-BC62-383A1E78CAFD}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F76DDE6D-7418-48AA-9BA4-12B618D4116C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F8E329CF-E441-41DE-805D-39F71B917DBF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{FA29C104-1EF0-45F7-9328-2FAA2529B984}" = lport=2869 | protocol=6 | dir=in | app=system |
"{FB138D0E-6F56-43D5-A2AE-E599D6DE75FA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09B98102-829B-447E-B460-038E8FBFDE1C}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{0A79A44E-C639-4D8F-8AFD-B8AAACD304AC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0CF30545-3D3D-4668-800B-B3F7D024BDFF}" = dir=in | app=c:\program files\acer\acer vcm\vc.exe |
"{0E64164E-3356-40AB-B840-06ED7B7EA379}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{137835CF-2D65-4E84-8328-F36F26692976}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{1D0A6C04-6AE8-438B-8A26-7B9C1034BFFD}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{2A24AB00-DD32-4ED0-A1FF-E0EEDE3ED457}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2BAD45EE-C87B-436E-9433-F7D36B84EE54}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{2D012466-F20E-4E8A-A443-EDE828922193}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{2D2BF634-644C-488B-9F5B-FA39D4CF0ADE}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2D85EC38-7344-45BF-A633-49258CEA5611}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{3B5E101B-FC4D-4084-A4B2-5BFA0E08267D}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{3C374482-DFE1-4A15-83D3-1651F11A5CAC}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{3DD71AE8-1CE3-4DF3-A6D9-EBE218FCFA7A}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{4327829C-53E2-4708-B1F6-50A583BF5E6F}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe |
"{43A08778-AB57-494C-905B-9686E7EDF45A}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{4424EDFC-270F-4C07-AD77-123889010A56}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{464C50F4-E486-4E80-912D-D2AB98326F13}" = dir=in | app=c:\program files\acer arcade deluxe\dvdivine\dvdivine.exe |
"{48C25C3B-BE35-4A33-B633-C0FD80A6C1C1}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{4A1AEB95-DD02-4F65-B38D-D311A5CF3166}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{4A67DDC0-A1FC-499A-819D-DEE0E842161F}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{4B4BE4A3-9086-46C8-83B9-5FC5282D2DB5}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{4D360D6B-2E23-4E00-A514-AA4E747942D6}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{5018FCB6-0EFE-4465-A655-F588C6B2F4F9}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{51D0BB1E-FB83-4E95-B759-72351C9AA088}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{5260D5D7-383D-4C43-8B29-5A92EF7800C9}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{578FBC6F-39D2-44CD-B932-EC431B6A35CE}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{57E1B59F-6250-4A20-A0A1-9F574AAA01FC}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5E6DA946-48D9-4F28-9B2B-0B307563570F}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{5F18FA1E-880E-470F-9D83-A846EADB7CDF}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{612BDB80-7B78-4C6C-9987-15039F9A00CD}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{631A9182-D564-4EC4-8243-8710996D9D7D}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{646F8A11-52F4-4A92-8561-08752E167DA1}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{65FA4A4D-35DA-4FD9-8F7E-DF4E426982CF}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{68BC2670-3A3A-4C53-915F-B2D4B98D32C3}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{7102C182-56EF-4F12-939B-2FDCC97FCA69}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{7263A015-D4BB-40BD-A336-F450A518388A}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{7B64A9BC-9835-4245-A2DD-DC865D42D331}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{7BB985EB-F45F-4825-89E8-5E68FB87D670}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{7BC63F52-5CEC-4ED2-9719-46DD4EC63CCD}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{803B226E-6CF0-4EDB-9247-8A4365265582}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{83A22DBD-C088-44F7-AA01-744CC951C097}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{83E4050D-AABD-46B5-90E2-E03B28398267}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{8451B11E-A98D-4AA1-93C4-2A77CA5275F7}" = dir=in | app=c:\program files\acer arcade deluxe\videomagician\videomagician.exe |
"{84EE996E-C8FD-4070-8E3A-290AC361C5E1}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{87BF0191-77A4-440F-8CDD-D0CECE03D8C2}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{88C68490-F9A1-4184-AD5A-683FBBDBB014}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{88E16125-3575-4FD9-8920-ADE443A8D0FB}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{8C8730FE-8B92-4313-A7AB-DCD2F01D4EB2}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{8E779E74-75C3-4D2B-972B-B269125CB6FA}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{915FCA1B-31E6-446E-8D3D-96C721D03702}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{918ADE51-36E5-4F59-8B60-46CB18A490DA}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9408F122-4241-4620-B320-50CBB74D2CFC}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{9B82D6AF-85A8-40B6-B611-CAFC0FAF81E8}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{9C20928F-69FB-4A38-991E-B830E1885B7B}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{9EF9FF9F-4F3D-4101-8D95-D7BF24AE2D9D}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{A026E9AE-CBA8-44EC-AA66-939A05FA032B}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\sony ericsson media manager 1.0\mediamanager.exe |
"{A0E5AD24-F18A-4A08-A2E6-C7D42DFFC5C5}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{A2484A78-F0C4-4DB1-AA99-6A866CE6D167}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{A87BF2DE-0D73-4C77-A85F-F2D8316867F8}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{A9027268-A1FC-43E4-B8D2-37652E2A1B37}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{AA37EB5D-B1B2-4467-A8FE-6D8250DB7627}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{AA77CC08-D91A-47BF-82E1-745F7B1D2BC5}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{AE207333-4C3E-45EB-9D79-88F8070B07AF}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{AF1D87C5-3ABB-4875-B19A-0A25DBADAA46}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{B6C4D3B6-D866-4F8A-BD95-3F68EA80CD56}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
"{B7781F29-D92A-4D7F-9F1D-46E06BFD4728}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{B7847E76-0592-45E9-948D-62B1DF76F273}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{B785764A-1A6C-47C3-8E7D-AE32DE827AB4}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{B8253759-191C-4806-A44A-8E2209BF3FC6}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{B828E483-A1B0-454E-8B58-742B028FF854}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{B88FDFEB-6127-4A2C-AB7D-B400401684D0}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{BCC5AE02-AAF0-40D8-A0AB-699C9E0F2397}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{BE16DD0D-9D66-44F7-A6C2-6B0324B3A324}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{BF35F05E-5023-4939-802C-419ECEE32DE5}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C5D2CF0E-D045-4729-A027-6E0F2641E613}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{C8489AB3-6532-4EA7-B63D-17AFE1CC8595}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{CB57721A-FAFE-4224-8FE6-1202ADE9551F}" = dir=in | app=c:\program files\acer arcade deluxe\dv wizard\dv wizard.exe |
"{CCE31C7E-898B-4C25-B514-525FEEC6B133}" = dir=in | app=c:\program files\acer arcade deluxe\play movie\pmvservice.exe |
"{CDF75883-F7F3-4429-9251-80D0FFB5B670}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{CE1244CA-38F4-4D44-AC5A-92415C80BEB6}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{CE593F75-E15F-4355-AB1C-C8339CC5171F}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{D07214C5-04A8-4319-8951-750C27413859}" = dir=in | app=c:\program files\acer arcade deluxe\play movie\playmovie.exe |
"{D94F2F8A-B019-47E5-9D04-48B47E12C884}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{DA67B801-B42D-4C58-AAC0-3BE73A6819CA}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{DB5C44EC-9F5F-4281-84B3-BBCEFABC77D9}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{DB7B3154-2181-4507-A255-B9EE8659511B}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{DC4DCBFB-D1D3-4B44-82D4-5D78A4688902}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{DE50DE36-D449-4B16-83D3-8BB7CA0BCACB}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{DFCAA550-A277-4D77-B9FE-959C8DFB2DC6}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{E4959465-B87F-473F-8780-1F6CA7DF2311}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{E81374DD-46B2-4AA9-8B7D-D420DC922986}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\sony ericsson media manager 1.0\mediamanager.exe |
"{EC7F7BE3-84C7-443A-88BC-158D7B9D7B93}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{EF0F1950-3039-4045-BD41-18C527FC296F}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{EF3E22E9-49BD-44F4-AB67-7E11DAAAD3F8}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{EF827D00-E502-4A4B-B5B8-880453CEBF63}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{EFFFF173-8F3A-4863-8A40-141C059B114B}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{F174D568-25ED-4EE2-85C6-21A77C2543C3}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{F35978F0-8C6A-43AF-985C-2D06F1CD8CEC}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{F385B6D3-4B9F-427B-ADE0-8C02560F0499}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{F3D588BB-E31A-414B-9C7B-9BB5851ABC3C}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{F3EEAEB9-DF85-47C4-A297-E28D0DA4D3D1}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{FC9B2DB3-BC0F-452C-8967-8E7A7ED3D4DF}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{FEDC0E30-6A95-4640-A558-9916372308CB}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"TCP Query User{243522FF-540E-4B31-AA45-010B301B9EEE}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{25E0DF66-05C9-4C6A-BD1B-F85358CD7379}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{AA6BA07A-50D0-415B-A598-A059D8693337}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{F9D42A1F-5378-478D-A5E8-A225AA18D4F0}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{35C0DB5B-D6BE-40A6-8E39-FC9D8500D84B}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{462BCD6E-65A1-46A8-9C97-0334CAF731F2}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{54910E7A-623C-4DE2-86E2-06D71F0903B8}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{ED13FFE1-D8A6-47F4-9B4B-68E45743DD20}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{06AC45D1-CB9B-48CC-B5C8-1A55DEE26AD0}" = Sony Ericsson Media Manager 1.0
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management
"{133AC838-C38F-41B3-B7C2-42F92A93D72D}" = SymNet
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{26A24AE4-039D-4CA4-87B4-2F83216014F0}" = Java™ 6 Update 14
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 16
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 3.010.00
"{31478BE1-CDE5-4753-A8B2-F6D4BC1FBE09}" = Component Framework
"{35C0A1E4-D02A-412C-841F-266DBB116ABB}" = Intel® PROSet/Wireless WiFi Software
"{3672B097-EA69-4BFE-B92F-29AE6D9D2B34}" = Norton Internet Security
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Acer Crystal Eye webcam
"{3AE3B734-B03A-46B8-8D19-91D6F4907735}" = M-Audio KeyStudio 49i USB
"{427967BF-09F8-46D5-9275-37001CCBBA5D}" = Winbond CIR Drivers
"{42EDF895-158C-484E-A7F2-42B90759F281}" = Camera RAW Plug-In for EPSON Creativity Suite
"{44563206-8FAC-4859-9284-5FE90AF0CC47}" = Power Packet Utility
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{55A6283C-638A-4EE0-B491-51118554BDA2}" = Norton Confidential Core
"{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{5CD71929-24E8-40D0-86F0-6A941A917887}" = PokerEV
"{62120008-8E1E-4807-860D-A8B48F8552DB}" = Norton Protection Center
"{633D90C2-5105-4E17-9290-F9F7149E1070}" = General MIDI Module
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{67ADE9AF-5CD9-4089-8825-55DE4B366799}" = NTI Backup NOW! 4.7
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{761E498F-5865-40E7-8BDC-918D71B47317}" = Betfair Poker
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit
"{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}" = Norton AntiVirus
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C84E006-D044-4441-A294-E318B147476C}" = VLC iPhone Connection Utility
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe
"{89B38025-05A0-4958-92C3-70882AE8553A}" = Holdem Manager
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Turbo Memory and Intel Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{94389919-B0AA-4882-9BE8-9F0B004ECA35}" = Acer Tour
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0
"{AEEAE013-92F1-4515-B278-139F1A692A36}" = Acer eDataSecurity Management
"{AFA20D47-69C3-4030-8DF8-D37466E70F13}" = Apple Mobile Device Support
"{B0F438F6-51D9-45FC-B1C5-064250221EB8}" = International Cricket Captain 2009
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B24E05CC-46FF-4787-BBB8-5CD516AFB118}" = ccCommon
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer 3.72
"{B823632F-3B72-4514-8861-B961CE263224}" = PostgreSQL 8.3
"{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management
"{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management
"{C1C185CA-C531-49F5-A6FA-B838405A049D}" = Norton Internet Security
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{E31E2A9F-D76D-49DD-9851-930DD1B0A081}" = Poker Grapher
"{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}" = Norton AntiVirus Help
"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Deluxe
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F9C80FE8-DB25-4EE5-AE6D-4332FB0E8B83}" = Microsoft WorldWide Telescope
"{FD1D9EFB-3F15-4AA9-97AF-BA34D706B726}" = Symantec Real Time Storage Protection Component
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ASIO4ALL" = ASIO4ALL
"Audacity_is1" = Audacity 1.2.6
"Cake Poker(uninstall)" = Cake Poker
"CCleaner" = CCleaner (remove only)
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP
"EPSON Scanner" = EPSON Scan
"EPSON Stylus SX200 Series" = EPSON Stylus SX200 Series Printer Uninstall
"EPSON Stylus SX200_SX400_TX200_TX400 User’s Guide" = EPSON Stylus SX200_SX400_TX200_TX400 Manual
"GridVista" = Acer GridVista
"Guitar Pro 5_is1" = Guitar Pro 5.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"Live 6.0.1" = Live 6.0.1
"Live 7.0.3" = Live 7.0.3
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)
"Neoteris_Secure_Application_Manager" = Juniper Networks Secure Application Manager
"NVIDIA Drivers" = NVIDIA Drivers
"PKR" = PKR
"Poker Tracker Omaha Version 1.13.03_is1" = Poker Tracker Omaha Version 1.13.03
"PokerAce Hud" = PokerAce Hud (remove only)
"ProInst" = Intel PROSet Wireless
"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
"SopCast" = SopCast 2.0.4
"SymSetup.{C1C185CA-C531-49F5-A6FA-B838405A049D}" = Norton Internet Security (Symantec Corporation)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SystemsIntegration" = Systems Integration
"UnityWebPlayer" = Unity Web Player
"VLC media player" = VLC media player 0.9.9
"Waves API Collection" = Waves API Collection
"Waves Mercury Bundle" = Waves Mercury Bundle
"William Hill Poker" = William Hill Poker
"WinRAR archiver" = WinRAR archiver
"Zuma Deluxe 1.0" = Zuma Deluxe 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA
"Juniper_Term_Services" = Juniper Terminal Services Client
"JuniperSetupClient" = Juniper Networks Setup Client

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP